API tools faq
paste
Advertisement
Guest User

FRST

a guest
Sep 22nd, 2017
51
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.17 KB | None | 0 0
raw download clone embed print report
  1. Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20-09-2017
  2. Uruchomiony przez Bartek (administrator) BARTEK-KOMPUTER (22-09-2017 18:17:13)
  3. Uruchomiony z C:\Users\Bartek\Desktop
  4. Załadowane profile: Bartek (Dostępne profile: Bartek)
  5. Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska)
  6. Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
  7. Tryb startu: Normal
  8. Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  9.  
  10. ==================== Procesy (filtrowane) =================
  11.  
  12. (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
  13.  
  14. (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
  15. (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  16. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
  17. (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
  18. (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
  19. (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
  20. (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
  21. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
  22. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
  23. (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
  24. (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
  25. (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
  26. (TeamViewer GmbH) E:\Bartek\programy\teamviever\TeamViewer_Service.exe
  27. (Spotify Ltd) C:\Users\Bartek\AppData\Roaming\Spotify\SpotifyWebHelper.exe
  28. (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
  29. (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
  30. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
  31. (Disc Soft Ltd) D:\daemon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
  32. (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
  33. (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
  34. (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
  35. (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
  36. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  37. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  38. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  39. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  40. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  41. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  42. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  43. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  44. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  45. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  46.  
  47. ==================== Rejestr (filtrowane) ===========================
  48.  
  49. (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
  50.  
  51. HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
  52. HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
  53. HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
  54. HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
  55. HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
  56. HKLM-x32\...\RunOnce: [] => [X]
  57. HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [Spotify Web Helper] => C:\Users\Bartek\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-19] (Spotify Ltd)
  58. HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
  59. HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [GalaxyClient] => [X]
  60. HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
  61. HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [DAEMON Tools Lite Automount] => D:\daemon tools\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
  62. HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\MountPoints2: H - H:\Install.exe
  63. HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\MountPoints2: {f65367bc-6bb0-11e6-987e-90e6ba8602e5} - H:\autorun.exe
  64. HKLM\...\Providers\hizyzp25: C:\Program Files (x86)_\local64spl.dll <==== UWAGA
  65. HKLM\...\Providers\yn2ca30o: C:\Program Files (x86)\\local64spl.dll <==== UWAGA
  66.  
  67. ==================== Internet (filtrowane) ====================
  68.  
  69. (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
  70.  
  71. AutoConfigURL: [S-1-5-21-360975752-3786565279-1083807947-1001] => hxxp://noblok.org/wpad.dat?62d592959958fac48a576e4e8f715da726940803
  72. Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt
  73. Tcpip\Parameters: [DhcpNameServer] 31.128.24.2 31.128.0.31
  74. Tcpip\..\Interfaces\{052B51D9-5069-4E2A-9FE4-5C97E012B954}: [NameServer] 8.8.8.8
  75. Tcpip\..\Interfaces\{052B51D9-5069-4E2A-9FE4-5C97E012B954}: [DhcpNameServer] 31.128.24.2 31.128.0.31
  76. ManualProxies: 0hxxp://noblok.org/wpad.dat?62d592959958fac48a576e4e8f715da726940803
  77.  
  78. Internet Explorer:
  79. ==================
  80. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX
  81. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX
  82. HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms}
  83. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms}
  84. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX
  85. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX
  86. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms}
  87. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms}
  88. HKU\S-1-5-21-360975752-3786565279-1083807947-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131228475099067000&GUID=7AC3C52B-4561-4149-8F1C-D6D35F340265
  89. SearchScopes: HKU\S-1-5-21-360975752-3786565279-1083807947-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
  90. BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2017-06-22] (Oracle Corporation)
  91. BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2017-06-22] (Oracle Corporation)
  92.  
  93. FireFox:
  94. ========
  95. FF DefaultProfile: caqsj3n9.default
  96. FF ProfilePath: C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\caqsj3n9.default [2017-09-22]
  97. FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono
  98. FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2017-06-22] (Oracle Corporation)
  99. FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2017-06-22] (Oracle Corporation)
  100. FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
  101. FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-12] (NVIDIA Corporation)
  102. FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-12] (NVIDIA Corporation)
  103. FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
  104. FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
  105. FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\6416071.js [2017-03-26] <==== UWAGA (Linkuje do pliku *.cfg)
  106. FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\6416071.cfg [2017-03-26] <==== UWAGA
  107.  
  108. Chrome:
  109. =======
  110. CHR StartupUrls: Default -> "search.mpc.am","hxxp://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX","hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX"
  111. CHR Profile: C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default [2017-09-22]
  112. CHR Extension: (Prezentacje Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-22]
  113. CHR Extension: (Dokumenty Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-22]
  114. CHR Extension: (Dysk Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-22]
  115. CHR Extension: (YouTube) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-22]
  116. CHR Extension: (Adblock Plus) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
  117. CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2017-01-22]
  118. CHR Extension: (Arkusze Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-22]
  119. CHR Extension: (Dokumenty Google offline) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-15]
  120. CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
  121. CHR Extension: (Gmail) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-22]
  122. CHR Extension: (Chrome Media Router) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
  123. CHR Profile: C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-14]
  124.  
  125. ==================== Usługi (filtrowane) ====================
  126.  
  127. (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
  128.  
  129. S3 cfbackd; D:\Program Files (x86)\CleverFiles\Pandora Recovery\cfbackd.w32.exe [211520 2015-09-25] (CleverFiles)
  130. R3 Disc Soft Lite Bus Service; D:\daemon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
  131. S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [172488 2017-04-02] (Mozilla Foundation)
  132. R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
  133. S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
  134. R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
  135. R2 TeamViewer; E:\Bartek\programy\teamviever\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
  136. R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-04-19] (Microsoft Corporation)
  137. S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== UWAGA
  138. S2 IlS; C:\ProgramData\Tencent\QQ\dr\qmdr.dll [X]
  139. S2 InterHop; "C:\Program Files (x86)\InterHop\InterHop.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X]
  140. S3 OverwolfUpdater; "C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM [X]
  141. S2 UvConverter; "C:\Program Files (x86)\UvConverter\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X]
  142.  
  143. ===================== Sterowniki (filtrowane) ======================
  144.  
  145. (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
  146.  
  147. R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-08-26] (Disc Soft Ltd)
  148. R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-08-26] (Disc Soft Ltd)
  149. S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-07] (Malwarebytes)
  150. S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
  151. R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
  152. R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-21] ()
  153. R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider)
  154. S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
  155. S3 VGPU; System32\drivers\rdvgkmd.sys [X]
  156.  
  157. ==================== NetSvcs (filtrowane) ===================
  158.  
  159. (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
  160.  
  161.  
  162. ==================== Jeden miesiąc - utworzone pliki i foldery ========
  163.  
  164. (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
  165.  
  166. 2017-09-22 18:17 - 2017-09-22 18:17 - 000015631 _____ C:\Users\Bartek\Desktop\FRST.txt
  167. 2017-09-22 18:16 - 2017-09-22 18:17 - 000000000 ____D C:\FRST
  168. 2017-09-22 18:15 - 2017-09-22 18:15 - 002399744 _____ (Farbar) C:\Users\Bartek\Desktop\FRST64.exe
  169. 2017-09-22 17:45 - 2017-09-22 17:46 - 087212422 _____ C:\Users\Bartek\Desktop\recovery.rar
  170. 2017-09-22 17:39 - 2017-09-22 17:39 - 000059455 _____ C:\Users\Bartek\Desktop\UsbFix [Listing 1] BARTEK-KOMPUTER.txt
  171. 2017-09-22 17:38 - 2017-09-22 17:38 - 000059452 _____ C:\Users\Bartek\Desktop\UsbFix_Report.txt
  172. 2017-09-22 17:36 - 2017-09-22 17:36 - 000071790 _____ C:\Users\Bartek\Desktop\UsbFix [Scan 1] BARTEK-KOMPUTER.txt
  173. 2017-09-22 17:33 - 2017-09-22 17:35 - 000001448 _____ C:\Users\Bartek\Desktop\UsbFix.lnk
  174. 2017-09-22 17:33 - 2017-09-22 17:35 - 000000000 ____D C:\UsbFix
  175. 2017-09-22 17:32 - 2017-09-22 17:32 - 003823920 _____ (SOSVirus) C:\Users\Bartek\Downloads\UsbFix Free 9.065 [1].exe
  176. 2017-09-21 22:16 - 2017-09-21 22:16 - 000000000 ____D C:\Users\Bartek\Desktop\recov
  177. 2017-09-21 21:56 - 2017-09-21 22:16 - 000000045 _____ C:\Windows\ddconfig.ini
  178. 2017-09-21 21:55 - 2017-09-21 21:56 - 000000000 ____D C:\Users\Bartek\AppData\Local\DiskDrill
  179. 2017-09-21 21:55 - 2017-09-21 21:55 - 000003071 _____ C:\Users\Bartek\Desktop\Pandora Recovery.lnk
  180. 2017-09-21 21:55 - 2017-09-21 21:55 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
  181. 2017-09-21 21:55 - 2017-09-21 21:55 - 000000000 ____D C:\Users\Bartek\AppData\Local\CrashRpt
  182. 2017-09-21 21:55 - 2017-09-21 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
  183. 2017-09-21 21:53 - 2017-09-21 21:53 - 016507392 _____ C:\Users\Bartek\Desktop\pandora-disk-drill.msi
  184. 2017-09-21 21:25 - 2017-09-21 21:37 - 261480448 _____ C:\Users\Bartek\Desktop\redobackup-livecd-1.0.4.iso
  185. 2017-09-20 00:21 - 2017-09-20 00:21 - 003818793 _____ C:\Users\Bartek\Desktop\2017_czerwiec_pp_odp.pdf
  186. 2017-09-20 00:06 - 2017-09-20 00:06 - 000455267 _____ C:\Users\Bartek\Desktop\2017_sierpien_pp.pdf
  187. 2017-09-20 00:06 - 2017-09-20 00:06 - 000436119 _____ C:\Users\Bartek\Desktop\2017_czerwiec_pp.pdf
  188. 2017-09-20 00:04 - 2017-09-20 00:04 - 000499938 _____ C:\Users\Bartek\Desktop\MMA-P1_1P-172.pdf
  189. 2017-09-18 20:23 - 2017-09-18 21:55 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\CoreFTP
  190. 2017-09-18 20:23 - 2017-09-18 20:23 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64)
  191. 2017-09-18 20:16 - 2017-09-18 20:16 - 000012992 _____ C:\Users\Bartek\AppData\Local\recently-used.xbel
  192. 2017-08-30 00:33 - 2017-08-30 02:31 - 1887700351 _____ C:\Users\Bartek\Desktop\Office.16.2016.Professional.Plus.Luty.16.x64.PL.rar
  193.  
  194. ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
  195.  
  196. (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
  197.  
  198. 2017-09-22 17:36 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  199. 2017-09-22 17:36 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  200. 2017-09-22 17:34 - 2011-02-04 19:55 - 000155474 _____ C:\Windows\system32\perfc015.dat
  201. 2017-09-22 17:34 - 2011-02-04 19:55 - 000012470 _____ C:\Windows\system32\perfh015.dat
  202. 2017-09-22 17:34 - 2009-07-14 07:13 - 000936636 _____ C:\Windows\system32\PerfStringBackup.INI
  203. 2017-09-22 17:34 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
  204. 2017-09-22 17:28 - 2016-10-07 09:45 - 000000320 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
  205. 2017-09-22 17:28 - 2016-08-27 11:57 - 000000000 ____D C:\ProgramData\NVIDIA
  206. 2017-09-22 17:28 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
  207. 2017-09-21 21:23 - 2017-05-21 22:22 - 000000000 ____D C:\ProgramData\TEMP
  208. 2017-09-20 22:29 - 2016-08-26 20:26 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\TS3Client
  209. 2017-09-19 22:32 - 2016-09-20 11:45 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Spotify
  210. 2017-09-19 21:34 - 2016-09-20 11:47 - 000000000 ____D C:\Users\Bartek\AppData\Local\Spotify
  211. 2017-09-19 15:35 - 2016-11-22 22:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
  212. 2017-09-18 21:16 - 2016-11-22 22:32 - 000000000 ____D C:\Users\Bartek\AppData\LocalLow\Mozilla
  213. 2017-09-18 20:18 - 2016-09-12 00:38 - 000000000 ____D C:\Users\Bartek\.gimp-2.8
  214. 2017-09-18 20:14 - 2016-09-12 00:48 - 000000000 ____D C:\Users\Bartek\AppData\Local\gtk-2.0
  215. 2017-09-03 23:29 - 2017-06-19 23:04 - 000000000 ____D C:\Users\Bartek\AppData\Local\Microsoft Games
  216. 2017-09-03 18:07 - 2016-08-29 23:03 - 000000000 ____D C:\Users\Bartek\AppData\Local\CrashDumps
  217. 2017-09-02 21:13 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
  218. 2017-08-29 23:34 - 2017-03-21 23:42 - 000000000 ____D C:\Users\Bartek\Downloads\Telegram Desktop
  219. 2017-08-28 21:37 - 2017-01-22 22:24 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
  220. 2017-08-28 00:12 - 2016-08-31 00:15 - 000000000 ____D C:\Users\Bartek\AppData\Local\SHU
  221.  
  222. ==================== Pliki w katalogu głównym wybranych folderów =======
  223.  
  224. 2016-08-27 01:00 - 2016-08-27 01:00 - 000000020 ____H () C:\Program Files (x86)\local64spl.dll.ini
  225. 2017-04-23 17:00 - 2017-05-05 00:12 - 000000600 _____ () C:\Users\Bartek\AppData\Roaming\winscp.rnd
  226. 2017-09-18 20:16 - 2017-09-18 20:16 - 000012992 _____ () C:\Users\Bartek\AppData\Local\recently-used.xbel
  227. 2016-11-11 19:56 - 2016-11-11 19:56 - 000007605 _____ () C:\Users\Bartek\AppData\Local\Resmon.ResmonCfg
  228. 2017-03-24 22:40 - 2017-03-24 22:40 - 000000552 _____ () C:\Users\Bartek\AppData\Local\TroubleshooterConfig.json
  229.  
  230. ==================== Bamital & volsnap ======================
  231.  
  232. (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
  233.  
  234. C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
  235. C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
  236. C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
  237. C:\Windows\explorer.exe => Plik podpisany cyfrowo
  238. C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
  239. C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
  240. C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
  241. C:\Windows\system32\services.exe => Plik podpisany cyfrowo
  242. C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
  243. C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
  244. C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
  245. C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
  246. C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
  247. C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
  248. C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
  249. C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo
  250.  
  251. LastRegBack: 2017-09-20 20:19
  252.  
  253. ==================== Koniec FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!