Anonim / 10 miesięcy, 4 tygodnie temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 19-02-2017
Uruchomiony przez VITAMED (administrator)  MATEUSZ (21-02-2017 18:50:48)
Uruchomiony z C:\Users\VITAMED\Pobrane_Łkm
Załadowane profile: VITAMED (Dostępne profile: VITAMED)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {04310fe6-59c5-11e3-9f6c-89f3411628ab} - F:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {4d2a9b6e-5168-11e1-b056-bb07a86ebeed} - J:\SISetup.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {50bf26bc-c36b-11e6-8210-bcaec5d4dc0f} - G:\setup.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {50f1de16-1239-11e2-b2ce-9916872f64ad} - G:\Startme.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {5808091e-a2d2-11e3-92f3-99d464bf6dc1} - H:\Autorun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {5cfdc7fb-f536-11e1-bf67-92719955fdbe} - F:\Autorun.EXE
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {6e9933a7-fb06-11e3-8ec4-9720b27ccfaf} - G:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {6e9933b9-fb06-11e3-8ec4-9720b27ccfaf} - G:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {6e9933d9-fb06-11e3-8ec4-9720b27ccfaf} - G:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {6e9933e5-fb06-11e3-8ec4-9720b27ccfaf} - G:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {6e9933f4-fb06-11e3-8ec4-9720b27ccfaf} - G:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {6e99340f-fb06-11e3-8ec4-9720b27ccfaf} - G:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {6f90d342-c211-11e1-9827-a8a5e274a6be} - G:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {82d7cb85-bd10-11e1-8c89-d4a77ff115bf} - G:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {855cdba3-0dc9-11e4-ace6-de0de78023cc} - F:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {855cdbef-0dc9-11e4-ace6-de0de78023cc} - F:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {b924308e-b077-11e3-86ec-a1e2b7d520aa} - F:\setup.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {c2c1457f-4e78-11e5-88bc-fac9a3b2f0af} - F:\Startme.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {c33bab6b-4479-11e4-970d-d96b06210caf} - F:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {ceae42f5-d10d-11e1-88b2-bbbd382e7404} - G:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {cf2c4490-945e-11e6-a9ab-bcaec5d4dc0f} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {cf2c4496-945e-11e6-a9ab-bcaec5d4dc0f} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {d342ae6f-fef5-11e0-8b4e-bcaec5d4dc0f} - F:\OriginInstaller.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {e04f625b-7192-11e1-bf39-baffe1ca11b8} - F:\SETUP.EXE
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {ea9685ac-6fb6-11e2-b76e-ce535aef19aa} - F:\SETUP.EXE
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {edc88960-caae-11e1-974f-c678517aebbe} - F:\iLinker.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {f2760776-3e34-11e4-827a-9f6bc2c776d4} - F:\AutoRun.exe
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\...\MountPoints2: {f53c7937-0d6b-11e4-9c63-c99ac347daaf} - F:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{72B8D208-D00D-4BD8-8886-B2E9E48E6DD3}: [DhcpNameServer] 212.51.192.2 212.51.192.5
Tcpip\..\Interfaces\{D4F4076C-7466-4784-AD7B-C451A77A92EE}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D82A70B9-82BE-476A-B072-20B98ED3AE38}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F0C67B5D-3007-4073-9C8E-161122BC1E8E}: [DhcpNameServer] 217.172.224.160 89.228.7.226

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-229507566-3034313125-4267522914-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-21] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: h1gxeiq7.default-1387993205474
FF ProfilePath: C:\Users\VITAMED\AppData\Roaming\Mozilla\Firefox\Profiles\h1gxeiq7.default-1387993205474 [2017-02-21]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\h1gxeiq7.default-1387993205474 -> Bing 
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\h1gxeiq7.default-1387993205474 -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\h1gxeiq7.default-1387993205474 -> Bing 
FF Homepage: Mozilla\Firefox\Profiles\h1gxeiq7.default-1387993205474 -> hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=pl-pl
FF Keyword.URL: Mozilla\Firefox\Profiles\h1gxeiq7.default-1387993205474 -> hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q=
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\VITAMED\AppData\Roaming\Mozilla\Firefox\Profiles\h1gxeiq7.default-1387993205474\features\{f6e47cd6-f9f8-462a-8287-2a7f1e884c5f}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon => nie znaleziono
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-21] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-04-30] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-04-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-01-01] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-01-01] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-229507566-3034313125-4267522914-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll [Brak pliku]
FF Plugin HKU\S-1-5-21-229507566-3034313125-4267522914-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\VITAMED\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2012-10-11] (Skype Limited)

Chrome: 
=======
CHR Profile: C:\Users\VITAMED\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Prezentacje Google) - C:\Users\VITAMED\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-21]
CHR Extension: (Dokumenty Google) - C:\Users\VITAMED\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-21]
CHR Extension: (Dysk Google) - C:\Users\VITAMED\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-21]
CHR Extension: (YouTube) - C:\Users\VITAMED\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-21]
CHR Extension: (Arkusze Google) - C:\Users\VITAMED\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\VITAMED\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-21]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\VITAMED\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-21]
CHR Extension: (Gmail) - C:\Users\VITAMED\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-21]
CHR Extension: (Chrome Media Router) - C:\Users\VITAMED\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-21]

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Brak podpisu cyfrowego]
S4 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1449664 2016-06-24] (Disc Soft Ltd)
S4 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2014-06-14] (Dassault Systèmes) [Brak podpisu cyfrowego]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-04-06] (Macrovision Europe Ltd.) [Brak podpisu cyfrowego]
S4 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Brak podpisu cyfrowego]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Brak podpisu cyfrowego]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [Brak podpisu cyfrowego]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego]
S4 ProtexisLicensing; C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () [Brak podpisu cyfrowego]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] () [Brak podpisu cyfrowego]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [Brak podpisu cyfrowego]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-05] (www.winchiphead.com)
R3 CypressSerial; C:\Windows\System32\DRIVERS\CypressUsbConsoleWindowsDriver64.sys [98552 2015-10-18] (Cypress Semiconductor.)
S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [73424 2015-09-08] (Cypress Semiconductor)
S3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30264 2016-12-15] (Disc Soft Ltd)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2016-12-16] (Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2016-12-16] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-10-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-10-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-10-10] (ESET)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [88752 2016-10-04] ()
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-07-09] (Sony Mobile Communications)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [63856 2008-08-08] (Your Corporation)
S3 h648101; C:\Windows\System32\drivers\h648101.sys [65776 2008-08-08] (Your Corporation)
S3 h648103; C:\Windows\System32\drivers\h648103.sys [62960 2008-08-08] (Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [53921 2006-07-04] (Compuware Corporation) [Brak podpisu cyfrowego]
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [43192 2008-08-08] (Your Corporation)
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [40856 2008-08-08] (Your Corporation)
S2 HOSTNT; C:\Windows\SysWow64\Drivers\HOSTNT.sys [4032 2013-08-09] () [Brak podpisu cyfrowego]
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [Brak podpisu cyfrowego]
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116992 2009-12-01] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego]
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2000-11-25] (DATOM Dariusz Cielebąk) [Brak podpisu cyfrowego]
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-14] (Marvell Semiconductor, Inc.)
S3 PSoCUSB3; C:\Windows\System32\Drivers\Cypress\KitProg\PSoCUSB3.sys [63224 2016-01-14] (Cypress Semiconductor)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-12] (Duplex Secure Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [Brak podpisu cyfrowego]
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [133064 2016-05-28] (BigNox Corporation)

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-02-21 18:50 - 2017-02-21 18:50 - 00000000 ____D C:\FRST
2017-02-21 18:41 - 2017-02-21 18:45 - 00000000 ____D C:\AdwCleaner
2017-02-21 18:30 - 2017-02-21 18:30 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-21 18:30 - 2017-02-21 18:30 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-21 18:30 - 2017-02-21 18:30 - 00002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-21 18:29 - 2017-02-21 18:29 - 01129376 _____ (Google Inc.) C:\Users\VITAMED\Downloads\ChromeSetup.exe
2017-02-21 18:25 - 2017-02-21 18:25 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-21 18:25 - 2017-02-21 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-21 18:23 - 2017-02-21 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-21 18:23 - 2017-02-21 18:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-02-21 18:23 - 2017-02-21 18:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-02-21 18:22 - 2017-02-21 18:27 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-21 18:22 - 2017-02-21 18:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-21 18:22 - 2017-02-21 18:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-21 18:22 - 2017-02-21 18:22 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-21 18:16 - 2017-02-21 18:16 - 56427072 _____ (Oracle Corporation) C:\Users\VITAMED\Downloads\jre-8u121-windows-i586.exe
2017-02-21 18:16 - 2017-02-21 18:16 - 20359768 _____ (Adobe Systems Incorporated) C:\Users\VITAMED\Downloads\install_flash_player.exe
2017-02-21 18:16 - 2017-02-21 18:16 - 19827800 _____ (Adobe Systems Incorporated) C:\Users\VITAMED\Downloads\install_flash_player_ax.exe
2017-02-21 18:16 - 2017-02-21 18:16 - 13165792 _____ (Microsoft Corporation) C:\Users\VITAMED\Downloads\Silverlight_x64.exe
2017-02-21 17:30 - 2017-02-21 17:42 - 00000000 ____D C:\Users\VITAMED\AppData\Roaming\Geek Uninstaller
2017-02-21 17:28 - 2017-01-26 09:08 - 06960664 _____ (Geek Unіnstaller) C:\Users\VITAMED\Desktop\geek.exe
2017-02-19 22:43 - 2017-02-19 22:43 - 400109794 _____ C:\Users\VITAMED\Desktop\backupfile.reg
2017-02-19 20:11 - 2017-02-21 17:29 - 00000000 ____D C:\PIT Format 2016
2017-02-19 17:39 - 2017-02-19 17:39 - 00017408 ____H C:\Users\VITAMED\Desktop\photothumb.db
2017-01-28 13:49 - 2017-01-28 13:49 - 00366661 _____ C:\Users\VITAMED\Downloads\Hygge. Duńska sztuka szczęścia - Tourell Soderberg Marie(1).pdf
2017-01-26 11:23 - 2017-01-26 11:23 - 00059043 _____ C:\Users\VITAMED\Downloads\tablet-pentagram-quadra-7-ultra-slim-CID99-IDjWOQP.pdf
2017-01-25 09:01 - 2017-01-25 09:01 - 04875133 _____ C:\Users\VITAMED\Downloads\fragmenty10999.pdf
2017-01-25 08:58 - 2017-01-25 08:58 - 00183709 _____ C:\Users\VITAMED\Desktop\Elektronika spinowa - Barnaś (NAUKA 2012).pdf

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-02-21 18:50 - 2016-04-03 10:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-21 18:50 - 2014-04-06 15:38 - 00000000 ____D C:\Users\VITAMED\Pobrane_Łkm
2017-02-21 18:48 - 2016-02-02 14:35 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15dbe83f90b10.job
2017-02-21 18:46 - 2016-06-15 09:05 - 00000000 ____D C:\Users\VITAMED\Desktop\Pulpit
2017-02-21 18:45 - 2011-10-01 21:04 - 00000000 ___RD C:\Users\VITAMED\Desktop\Programy
2017-02-21 18:44 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-21 18:44 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-21 18:40 - 2015-12-04 17:35 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12eb1baaa377d.job
2017-02-21 18:40 - 2015-09-16 22:35 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f0c79e04f6ab.job
2017-02-21 18:40 - 2014-11-14 00:29 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff99b9b6fdda.job
2017-02-21 18:37 - 2016-02-02 14:35 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15dbe83c80f48.job
2017-02-21 18:37 - 2015-12-04 17:35 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12eb1ba6df0eb.job
2017-02-21 18:37 - 2014-02-11 16:00 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2739f0ae894d.job
2017-02-21 18:37 - 2011-02-23 05:48 - 00000000 ____D C:\Program Files\P4G
2017-02-21 18:36 - 2016-11-15 21:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-21 18:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-21 18:35 - 2014-06-21 19:18 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7d43261dac.job
2017-02-21 18:34 - 2016-11-16 08:14 - 00000000 ____D C:\Users\VITAMED\AppData\LocalLow\Mozilla
2017-02-21 18:30 - 2011-04-19 17:12 - 00000000 ____D C:\Users\VITAMED\AppData\Local\Google
2017-02-21 18:30 - 2011-02-23 04:43 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-21 18:29 - 2011-10-01 21:24 - 00000000 ____D C:\Users\VITAMED\AppData\Roaming\foobar2000
2017-02-21 18:25 - 2013-09-17 09:01 - 00000000 ____D C:\ProgramData\Oracle
2017-02-21 18:24 - 2011-10-24 10:34 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-21 18:22 - 2011-10-25 17:01 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-21 18:22 - 2011-02-23 05:18 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-21 18:19 - 2016-05-10 21:43 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1aafc98a34ebb.job
2017-02-21 18:18 - 2015-05-25 21:20 - 00000000 ____D C:\Users\VITAMED\AppData\LocalLow\Temp
2017-02-21 17:33 - 2011-04-28 13:32 - 00000000 ____D C:\Users\VITAMED\AppData\Roaming\Adobe
2017-02-19 21:30 - 2016-12-08 23:33 - 00003348 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade  Refresh settings
2017-02-19 09:21 - 2009-08-03 20:55 - 00752178 _____ C:\Windows\system32\perfh015.dat
2017-02-19 09:21 - 2009-08-03 20:55 - 00162068 _____ C:\Windows\system32\perfc015.dat
2017-02-19 09:21 - 2009-07-14 06:13 - 01703600 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-19 09:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-16 17:04 - 2011-11-07 16:40 - 00000000 ____D C:\Users\VITAMED\AppData\Roaming\uTorrent
2017-02-15 21:20 - 2011-10-01 19:35 - 00000000 ____D C:\Users\VITAMED\Documents\VirtualDJ
2017-02-11 19:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-05 12:49 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Pliki w katalogu głównym wybranych folderów =======

2014-12-08 17:11 - 2014-12-08 17:15 - 0065588 _____ () C:\Users\VITAMED\AppData\Roaming\Camdata.ini
2014-12-08 17:11 - 2014-12-08 17:15 - 0000408 _____ () C:\Users\VITAMED\AppData\Roaming\CamLayout.ini
2014-12-08 17:11 - 2014-12-08 17:15 - 0000408 _____ () C:\Users\VITAMED\AppData\Roaming\CamShapes.ini
2014-12-08 17:11 - 2014-12-08 17:15 - 0004513 _____ () C:\Users\VITAMED\AppData\Roaming\CamStudio.cfg
2014-10-16 21:14 - 2014-10-16 21:14 - 0022395 _____ () C:\Users\VITAMED\AppData\Roaming\UserTile.png
2012-09-22 18:42 - 2012-09-22 18:42 - 0014336 _____ () C:\Users\VITAMED\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-01 15:29 - 2016-07-01 08:11 - 0000600 _____ () C:\Users\VITAMED\AppData\Local\PUTTY.RND
2011-10-27 10:59 - 2016-12-18 23:44 - 0007602 _____ () C:\Users\VITAMED\AppData\Local\resmon.resmoncfg
2011-08-03 07:38 - 2011-08-03 07:38 - 0000000 _____ () C:\Users\VITAMED\AppData\Local\{DF31F9B1-7BFC-4F1C-9340-C6C8298EDA30}
2011-02-23 05:17 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2014-03-18 20:06 - 2014-03-18 20:06 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2017-02-12 20:09

==================== Koniec  FRST.txt ============================