Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20-09-2017
- Uruchomiony przez Bartek (administrator) BARTEK-KOMPUTER (22-09-2017 18:17:13)
- Uruchomiony z C:\Users\Bartek\Desktop
- Załadowane profile: Bartek (Dostępne profile: Bartek)
- Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska)
- Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
- Tryb startu: Normal
- Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Procesy (filtrowane) =================
- (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
- (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
- (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
- (TeamViewer GmbH) E:\Bartek\programy\teamviever\TeamViewer_Service.exe
- (Spotify Ltd) C:\Users\Bartek\AppData\Roaming\Spotify\SpotifyWebHelper.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
- (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
- (Disc Soft Ltd) D:\daemon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
- (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
- (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
- (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- ==================== Rejestr (filtrowane) ===========================
- (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
- HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
- HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
- HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
- HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
- HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
- HKLM-x32\...\RunOnce: [] => [X]
- HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [Spotify Web Helper] => C:\Users\Bartek\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-19] (Spotify Ltd)
- HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
- HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [GalaxyClient] => [X]
- HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
- HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [DAEMON Tools Lite Automount] => D:\daemon tools\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
- HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\MountPoints2: H - H:\Install.exe
- HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\MountPoints2: {f65367bc-6bb0-11e6-987e-90e6ba8602e5} - H:\autorun.exe
- HKLM\...\Providers\hizyzp25: C:\Program Files (x86)_\local64spl.dll <==== UWAGA
- HKLM\...\Providers\yn2ca30o: C:\Program Files (x86)\\local64spl.dll <==== UWAGA
- ==================== Internet (filtrowane) ====================
- (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
- AutoConfigURL: [S-1-5-21-360975752-3786565279-1083807947-1001] => hxxp://noblok.org/wpad.dat?62d592959958fac48a576e4e8f715da726940803
- Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt
- Tcpip\Parameters: [DhcpNameServer] 31.128.24.2 31.128.0.31
- Tcpip\..\Interfaces\{052B51D9-5069-4E2A-9FE4-5C97E012B954}: [NameServer] 8.8.8.8
- Tcpip\..\Interfaces\{052B51D9-5069-4E2A-9FE4-5C97E012B954}: [DhcpNameServer] 31.128.24.2 31.128.0.31
- ManualProxies: 0hxxp://noblok.org/wpad.dat?62d592959958fac48a576e4e8f715da726940803
- Internet Explorer:
- ==================
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX
- HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms}
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms}
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms}
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms}
- HKU\S-1-5-21-360975752-3786565279-1083807947-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131228475099067000&GUID=7AC3C52B-4561-4149-8F1C-D6D35F340265
- SearchScopes: HKU\S-1-5-21-360975752-3786565279-1083807947-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
- BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2017-06-22] (Oracle Corporation)
- BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2017-06-22] (Oracle Corporation)
- FireFox:
- ========
- FF DefaultProfile: caqsj3n9.default
- FF ProfilePath: C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\caqsj3n9.default [2017-09-22]
- FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono
- FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2017-06-22] (Oracle Corporation)
- FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2017-06-22] (Oracle Corporation)
- FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
- FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-12] (NVIDIA Corporation)
- FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-12] (NVIDIA Corporation)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
- FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\6416071.js [2017-03-26] <==== UWAGA (Linkuje do pliku *.cfg)
- FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\6416071.cfg [2017-03-26] <==== UWAGA
- Chrome:
- =======
- CHR StartupUrls: Default -> "search.mpc.am","hxxp://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX","hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX"
- CHR Profile: C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default [2017-09-22]
- CHR Extension: (Prezentacje Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-22]
- CHR Extension: (Dokumenty Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-22]
- CHR Extension: (Dysk Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-22]
- CHR Extension: (YouTube) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-22]
- CHR Extension: (Adblock Plus) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
- CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2017-01-22]
- CHR Extension: (Arkusze Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-22]
- CHR Extension: (Dokumenty Google offline) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-15]
- CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
- CHR Extension: (Gmail) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-22]
- CHR Extension: (Chrome Media Router) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
- CHR Profile: C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-14]
- ==================== Usługi (filtrowane) ====================
- (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
- S3 cfbackd; D:\Program Files (x86)\CleverFiles\Pandora Recovery\cfbackd.w32.exe [211520 2015-09-25] (CleverFiles)
- R3 Disc Soft Lite Bus Service; D:\daemon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
- S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [172488 2017-04-02] (Mozilla Foundation)
- R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
- S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
- R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
- R2 TeamViewer; E:\Bartek\programy\teamviever\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
- R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-04-19] (Microsoft Corporation)
- S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== UWAGA
- S2 IlS; C:\ProgramData\Tencent\QQ\dr\qmdr.dll [X]
- S2 InterHop; "C:\Program Files (x86)\InterHop\InterHop.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X]
- S3 OverwolfUpdater; "C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM [X]
- S2 UvConverter; "C:\Program Files (x86)\UvConverter\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X]
- ===================== Sterowniki (filtrowane) ======================
- (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
- R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-08-26] (Disc Soft Ltd)
- R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-08-26] (Disc Soft Ltd)
- S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-07] (Malwarebytes)
- S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
- R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
- R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-21] ()
- R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider)
- S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
- S3 VGPU; System32\drivers\rdvgkmd.sys [X]
- ==================== NetSvcs (filtrowane) ===================
- (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
- ==================== Jeden miesiąc - utworzone pliki i foldery ========
- (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
- 2017-09-22 18:17 - 2017-09-22 18:17 - 000015631 _____ C:\Users\Bartek\Desktop\FRST.txt
- 2017-09-22 18:16 - 2017-09-22 18:17 - 000000000 ____D C:\FRST
- 2017-09-22 18:15 - 2017-09-22 18:15 - 002399744 _____ (Farbar) C:\Users\Bartek\Desktop\FRST64.exe
- 2017-09-22 17:45 - 2017-09-22 17:46 - 087212422 _____ C:\Users\Bartek\Desktop\recovery.rar
- 2017-09-22 17:39 - 2017-09-22 17:39 - 000059455 _____ C:\Users\Bartek\Desktop\UsbFix [Listing 1] BARTEK-KOMPUTER.txt
- 2017-09-22 17:38 - 2017-09-22 17:38 - 000059452 _____ C:\Users\Bartek\Desktop\UsbFix_Report.txt
- 2017-09-22 17:36 - 2017-09-22 17:36 - 000071790 _____ C:\Users\Bartek\Desktop\UsbFix [Scan 1] BARTEK-KOMPUTER.txt
- 2017-09-22 17:33 - 2017-09-22 17:35 - 000001448 _____ C:\Users\Bartek\Desktop\UsbFix.lnk
- 2017-09-22 17:33 - 2017-09-22 17:35 - 000000000 ____D C:\UsbFix
- 2017-09-22 17:32 - 2017-09-22 17:32 - 003823920 _____ (SOSVirus) C:\Users\Bartek\Downloads\UsbFix Free 9.065 [1].exe
- 2017-09-21 22:16 - 2017-09-21 22:16 - 000000000 ____D C:\Users\Bartek\Desktop\recov
- 2017-09-21 21:56 - 2017-09-21 22:16 - 000000045 _____ C:\Windows\ddconfig.ini
- 2017-09-21 21:55 - 2017-09-21 21:56 - 000000000 ____D C:\Users\Bartek\AppData\Local\DiskDrill
- 2017-09-21 21:55 - 2017-09-21 21:55 - 000003071 _____ C:\Users\Bartek\Desktop\Pandora Recovery.lnk
- 2017-09-21 21:55 - 2017-09-21 21:55 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
- 2017-09-21 21:55 - 2017-09-21 21:55 - 000000000 ____D C:\Users\Bartek\AppData\Local\CrashRpt
- 2017-09-21 21:55 - 2017-09-21 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
- 2017-09-21 21:53 - 2017-09-21 21:53 - 016507392 _____ C:\Users\Bartek\Desktop\pandora-disk-drill.msi
- 2017-09-21 21:25 - 2017-09-21 21:37 - 261480448 _____ C:\Users\Bartek\Desktop\redobackup-livecd-1.0.4.iso
- 2017-09-20 00:21 - 2017-09-20 00:21 - 003818793 _____ C:\Users\Bartek\Desktop\2017_czerwiec_pp_odp.pdf
- 2017-09-20 00:06 - 2017-09-20 00:06 - 000455267 _____ C:\Users\Bartek\Desktop\2017_sierpien_pp.pdf
- 2017-09-20 00:06 - 2017-09-20 00:06 - 000436119 _____ C:\Users\Bartek\Desktop\2017_czerwiec_pp.pdf
- 2017-09-20 00:04 - 2017-09-20 00:04 - 000499938 _____ C:\Users\Bartek\Desktop\MMA-P1_1P-172.pdf
- 2017-09-18 20:23 - 2017-09-18 21:55 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\CoreFTP
- 2017-09-18 20:23 - 2017-09-18 20:23 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64)
- 2017-09-18 20:16 - 2017-09-18 20:16 - 000012992 _____ C:\Users\Bartek\AppData\Local\recently-used.xbel
- 2017-08-30 00:33 - 2017-08-30 02:31 - 1887700351 _____ C:\Users\Bartek\Desktop\Office.16.2016.Professional.Plus.Luty.16.x64.PL.rar
- ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
- (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
- 2017-09-22 17:36 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2017-09-22 17:36 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2017-09-22 17:34 - 2011-02-04 19:55 - 000155474 _____ C:\Windows\system32\perfc015.dat
- 2017-09-22 17:34 - 2011-02-04 19:55 - 000012470 _____ C:\Windows\system32\perfh015.dat
- 2017-09-22 17:34 - 2009-07-14 07:13 - 000936636 _____ C:\Windows\system32\PerfStringBackup.INI
- 2017-09-22 17:34 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
- 2017-09-22 17:28 - 2016-10-07 09:45 - 000000320 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
- 2017-09-22 17:28 - 2016-08-27 11:57 - 000000000 ____D C:\ProgramData\NVIDIA
- 2017-09-22 17:28 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
- 2017-09-21 21:23 - 2017-05-21 22:22 - 000000000 ____D C:\ProgramData\TEMP
- 2017-09-20 22:29 - 2016-08-26 20:26 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\TS3Client
- 2017-09-19 22:32 - 2016-09-20 11:45 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Spotify
- 2017-09-19 21:34 - 2016-09-20 11:47 - 000000000 ____D C:\Users\Bartek\AppData\Local\Spotify
- 2017-09-19 15:35 - 2016-11-22 22:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
- 2017-09-18 21:16 - 2016-11-22 22:32 - 000000000 ____D C:\Users\Bartek\AppData\LocalLow\Mozilla
- 2017-09-18 20:18 - 2016-09-12 00:38 - 000000000 ____D C:\Users\Bartek\.gimp-2.8
- 2017-09-18 20:14 - 2016-09-12 00:48 - 000000000 ____D C:\Users\Bartek\AppData\Local\gtk-2.0
- 2017-09-03 23:29 - 2017-06-19 23:04 - 000000000 ____D C:\Users\Bartek\AppData\Local\Microsoft Games
- 2017-09-03 18:07 - 2016-08-29 23:03 - 000000000 ____D C:\Users\Bartek\AppData\Local\CrashDumps
- 2017-09-02 21:13 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
- 2017-08-29 23:34 - 2017-03-21 23:42 - 000000000 ____D C:\Users\Bartek\Downloads\Telegram Desktop
- 2017-08-28 21:37 - 2017-01-22 22:24 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
- 2017-08-28 00:12 - 2016-08-31 00:15 - 000000000 ____D C:\Users\Bartek\AppData\Local\SHU
- ==================== Pliki w katalogu głównym wybranych folderów =======
- 2016-08-27 01:00 - 2016-08-27 01:00 - 000000020 ____H () C:\Program Files (x86)\local64spl.dll.ini
- 2017-04-23 17:00 - 2017-05-05 00:12 - 000000600 _____ () C:\Users\Bartek\AppData\Roaming\winscp.rnd
- 2017-09-18 20:16 - 2017-09-18 20:16 - 000012992 _____ () C:\Users\Bartek\AppData\Local\recently-used.xbel
- 2016-11-11 19:56 - 2016-11-11 19:56 - 000007605 _____ () C:\Users\Bartek\AppData\Local\Resmon.ResmonCfg
- 2017-03-24 22:40 - 2017-03-24 22:40 - 000000552 _____ () C:\Users\Bartek\AppData\Local\TroubleshooterConfig.json
- ==================== Bamital & volsnap ======================
- (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
- C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
- C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
- C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
- C:\Windows\explorer.exe => Plik podpisany cyfrowo
- C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
- C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
- C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
- C:\Windows\system32\services.exe => Plik podpisany cyfrowo
- C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
- C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
- C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
- C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
- C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
- C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
- C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
- C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo
- LastRegBack: 2017-09-20 20:19
- ==================== Koniec FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement