Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 12-02-2017 Uruchomiony przez Admin (administrator) ADMIN-KOMPUTER (13-02-2017 23:59:45) Uruchomiony z E:\Download Załadowane profile: Admin (Dostępne profile: Admin) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files\Macrium\Reflect\ReflectService.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.) HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6346464 2013-01-04] (Realtek semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-21] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\...\MountPoints2: {46011717-8611-11e4-a2c7-9cd21eebfb98} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\...\MountPoints2: {4789a8fb-69b1-11e5-a102-9cd21eebfb98} - H:\autorun.exe HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\...\MountPoints2: {54ebdadb-9838-11e5-9870-00a0c6000000} - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\...\MountPoints2: {d8067d3a-d714-11e6-9808-9cd21eebfb98} - G:\HTC_Sync_Manager_PC.exe Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) AutoConfigURL: [S-1-5-21-1754145634-2526965675-1269536130-1000] => hxxp://no-block.biz/wpad.dat?e545a3a96472d0b709d1d435f517deda23419413 Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{2AAB89A4-EB52-48B1-9168-F20B294E1DE1}: [NameServer] 149.156.67.233,149.156.89.30 Tcpip\..\Interfaces\{DFD26FD3-82D4-485C-92B4-2CEFC78BEA4D}: [DhcpNameServer] 62.179.1.62 62.179.1.63 ManualProxies: 0hxxp://no-block.biz/wpad.dat?e545a3a96472d0b709d1d435f517deda23419413 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131133443925408218&GUID=F972C3A7-DF5B-456E-8184-92884DDAED7F HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131133443925408218&GUID=F972C3A7-DF5B-456E-8184-92884DDAED7F HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000lm024xhn-m101mbb_s30yj9ff304370 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000lm024xhn-m101mbb_s30yj9ff304370 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131133443925408218&GUID=F972C3A7-DF5B-456E-8184-92884DDAED7F HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000lm024xhn-m101mbb_s30yj9ff304370 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131133443925408218&GUID=F972C3A7-DF5B-456E-8184-92884DDAED7F HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000lm024xhn-m101mbb_s30yj9ff304370 HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000lm024xhn-m101mbb_s30yj9ff304370 HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000lm024xhn-m101mbb_s30yj9ff304370 SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-1754145634-2526965675-1269536130-1000 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st1000lm024xhn-m101mbb_s30yj9ff304370&ts=1464375494 SearchScopes: HKU\S-1-5-21-1754145634-2526965675-1269536130-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1754145634-2526965675-1269536130-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st1000lm024xhn-m101mbb_s30yj9ff304370&ts=1464375494 SearchScopes: HKU\S-1-5-21-1754145634-2526965675-1269536130-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-1754145634-2526965675-1269536130-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B0DF5C21-4EA5-408D-ACDF-F08715A6ED5B}&mid=027249b6159947cc83c24d9b580f126b-9840a93fa7523af0b15c8e6cd16e73fa794dd8a9&lang=pl&ds=AVG&coid=avgtbavg&cmpid=1116tb&pr=fr&d=2016-05-27 01:51:54&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.) DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - Brak pliku FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x0y3wxnh.default [2017-02-13] FF NewTab: Mozilla\Firefox\Profiles\x0y3wxnh.default -> hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000lm024xhn-m101mbb_s30yj9ff304370 FF SelectedSearchEngine: Mozilla\Firefox\Profiles\x0y3wxnh.default -> YAC Safe Search FF Homepage: Mozilla\Firefox\Profiles\x0y3wxnh.default -> hxxp://www.onet.pl FF Extension: (uBlock Origin) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x0y3wxnh.default\Extensions\uBlock0@raymondhill.net.xpi [2017-01-26] FF Extension: (Flashblock) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x0y3wxnh.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-07-25] FF Extension: (Adblock Plus) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x0y3wxnh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x0y3wxnh.default\searchplugins\yac-safe-search-.xml [2016-05-27] FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-02-27] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x0y3wxnh.default\extensions\arthurj8283@gmail.com => nie znaleziono FF HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-13] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-13] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1754145634-2526965675-1269536130-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-1754145634-2526965675-1269536130-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin HKU\S-1-5-21-1754145634-2526965675-1269536130-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\106101552.js [2017-01-09] <==== UWAGA (Linkuje do pliku *.cfg) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\106101552.cfg [2017-01-09] <==== UWAGA Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl CHR StartupUrls: Default -> "hxxps://www.google.pl/" CHR DefaultSearchURL: Default -> hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st1000lm024xhn-m101mbb_s30yj9ff304370&ts=1464375541 CHR DefaultSearchKeyword: Default -> yac safe search CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-02-08] CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-27] CHR Extension: (Dysk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-27] CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-27] CHR Extension: (AVG Secure Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-12-06] CHR Extension: (Adobe Acrobat) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-02] CHR Extension: (Bing) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-11-14] CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-27] CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-10] CHR HKU\S-1-5-21-1754145634-2526965675-1269536130-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1008344 2013-02-19] (Broadcom Corporation.) S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego] R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [301720 2011-07-01] () S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [40600 2011-07-01] (Macrium Software) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8239456 2013-01-04] (Realtek Semiconductor Corp.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-13 23:58 - 2017-02-13 23:59 - 00000000 ____D C:\FRST 2017-02-08 23:27 - 2017-02-08 23:27 - 00109272 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-08 23:21 - 2017-02-08 23:22 - 00420984 _____ C:\Windows\system32\FNTCACHE.DAT 2017-02-06 19:47 - 2017-02-06 19:46 - 00358832 _____ C:\Users\Admin\Desktop\boarding-pass(1).pdf 2017-02-06 19:47 - 2017-02-06 19:44 - 00358427 _____ C:\Users\Admin\Desktop\boarding-pass.pdf 2017-01-31 17:42 - 2017-01-31 18:36 - 00000000 ____D C:\Users\Admin\Desktop\dżihad 2017-01-28 17:24 - 2017-01-25 15:03 - 00190690 _____ C:\Users\Admin\Desktop\oswiadczenie_o_dochodach_nieopodatkowanych.pdf 2017-01-28 17:24 - 2017-01-25 15:01 - 00050709 _____ C:\Users\Admin\Desktop\oświadczenie_o_dochodach_2017-01-25.pdf 2017-01-15 14:04 - 2017-01-15 14:05 - 00000000 ____D C:\Users\Admin\Desktop\odmiana czas. arabic ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-13 23:55 - 2014-10-07 15:44 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-02-13 23:55 - 2014-10-07 15:44 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-13 23:55 - 2014-10-07 15:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe 2017-02-13 23:54 - 2014-10-07 15:44 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-02-13 23:54 - 2014-10-07 15:44 - 00000000 ____D C:\Windows\system32\Macromed 2017-02-13 23:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-02-13 23:21 - 2014-10-07 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-13 22:51 - 2009-07-14 05:45 - 00026288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-13 22:51 - 2009-07-14 05:45 - 00026288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-13 22:43 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-08 23:20 - 2015-09-27 10:50 - 00000000 ____D C:\Windows\Minidump 2017-02-08 23:19 - 2016-08-25 18:41 - 00004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-02-08 23:19 - 2016-07-29 19:39 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-02-08 23:19 - 2016-07-29 19:39 - 00003354 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-02-08 23:19 - 2014-10-07 18:02 - 00000000 ____D C:\Windows\pss 2017-02-08 23:07 - 2016-05-26 22:44 - 00000000 ____D C:\Program Files (x86)\AVG 2017-02-08 23:07 - 2016-05-26 22:43 - 00000000 ____D C:\ProgramData\Avg 2017-02-08 23:07 - 2016-05-26 22:42 - 00000000 ____D C:\Users\Admin\AppData\Local\AvgSetupLog 2017-02-08 23:03 - 2016-05-26 22:48 - 00000000 ____D C:\ProgramData\MFAData 2017-02-08 23:03 - 2016-05-26 22:42 - 00000000 ____D C:\Users\Admin\AppData\Local\Avg 2017-02-07 21:42 - 2014-10-07 18:51 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype 2017-02-07 20:11 - 2016-05-27 19:28 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 20:11 - 2016-05-27 19:28 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-01-30 10:50 - 2011-04-12 14:21 - 02574308 _____ C:\Windows\system32\perfh015.dat 2017-01-30 10:50 - 2011-04-12 14:21 - 00796790 _____ C:\Windows\system32\perfc015.dat 2017-01-30 10:50 - 2009-07-14 06:13 - 00006224 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-29 11:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2017-01-28 22:49 - 2017-01-04 16:54 - 00036021 _____ C:\Users\Admin\Desktop\dzihad - egzamin.odt 2017-01-27 20:48 - 2016-12-21 14:31 - 00000000 ____D C:\Users\Admin\Desktop\arabski kolos 2017-01-25 21:18 - 2016-11-18 16:44 - 00000000 ____D C:\Users\Admin\Desktop\Zdjecia do wywołania 2017-01-25 20:25 - 2016-12-21 14:18 - 00000000 ____D C:\Users\Admin\Desktop\wesele część 2017-01-25 15:35 - 2014-10-07 18:51 - 00000000 ____D C:\ProgramData\Skype 2017-01-20 23:05 - 2016-02-17 13:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-03-04 18:40 - 2016-03-04 18:40 - 8037888 _____ () C:\Users\Admin\AppData\Roaming\agent.dat 2016-03-04 18:40 - 2016-03-04 18:40 - 0065040 _____ () C:\Users\Admin\AppData\Roaming\Config.xml 2016-03-04 18:40 - 2016-03-04 18:40 - 1900654 _____ () C:\Users\Admin\AppData\Roaming\Green-Fresh.tst 2016-03-04 18:40 - 2016-03-04 18:40 - 0011424 _____ () C:\Users\Admin\AppData\Roaming\InstallationConfiguration.xml 2016-03-04 18:40 - 2016-03-04 18:40 - 0127488 _____ () C:\Users\Admin\AppData\Roaming\Installer.dat 2016-03-04 18:40 - 2016-03-04 18:40 - 0018432 _____ () C:\Users\Admin\AppData\Roaming\Main.dat 2016-03-04 18:40 - 2016-03-04 18:40 - 0005568 _____ () C:\Users\Admin\AppData\Roaming\md.xml 2016-03-04 18:40 - 2016-03-04 18:40 - 0126464 _____ () C:\Users\Admin\AppData\Roaming\noah.dat 2016-03-04 18:41 - 2016-03-04 18:41 - 0032038 _____ () C:\Users\Admin\AppData\Roaming\uninstall_temp.ico 2016-05-12 16:41 - 2016-05-21 23:41 - 0000107 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG 2016-06-09 18:12 - 2016-06-09 18:12 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg 2016-11-19 21:02 - 2016-11-19 21:02 - 0000000 _____ () C:\Users\Admin\AppData\Local\{B5A4A31A-25EC-4685-B5B0-2CFBBFE87217} 2014-09-23 21:34 - 2014-09-23 21:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-02-27 22:56 - 2016-06-21 22:02 - 0002267 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-03-09 11:53 ==================== Koniec FRST.txt ============================