Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 29-06-2017
Uruchomiony przez Biuro (administrator) BIURO-PC (01-07-2017 17:35:49)
Uruchomiony z G:\
Załadowane profile: Biuro (Dostępne profile: Biuro)
Platform: Windows Vista (TM) Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 7 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-f...utorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesy (filtrowane) =================
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Rejestr (filtrowane) ====================
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1734503970-980592973-3800441922-1000\...\Run: [eyeBeam SIP Client] => [X]
HKU\S-1-5-21-1734503970-980592973-3800441922-1000\...\MountPoints2: G - G:\SISetup.exe
Startup: C:\Users\Biuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 1050 J410 series.lnk [2017-07-01]
ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Ograniczenia <==== UWAGA
==================== Internet (filtrowane) ====================
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0BC31418-29AE-4CCC-8D33-BC1149ABAC6F}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://searchfunmoods.com/?f=1&a=iron2&am...CtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2027991663
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
hxxp://searchfunmoods.com/?f=1&a=iron2&am...CtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2027991663
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1734503970-980592973-3800441922-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://www.search.ask.com/?tpid=ORJ-SPE&o...1.0.114&doi=2014-11-26&psv=&pt=tb
URLSearchHook: HKU\S-1-5-21-1734503970-980592973-3800441922-1000 - (Brak nazwy) - {D8278076-BC68-4484-9233-6E7F1628B56C} - Brak pliku
SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtA0Ezz0EyD0EyCzyzy0AtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2027991663
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtA0Ezz0EyD0EyCzyzy0AtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2027991663
SearchScopes: HKLM-x32 -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtA0Ezz0EyD0EyCzyzy0AtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2027991663
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtA0Ezz0EyD0EyCzyzy0AtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2027991663
SearchScopes: HKU\S-1-5-21-1734503970-980592973-3800441922-1000 -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtA0Ezz0EyD0EyCzyzy0AtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2027991663
SearchScopes: HKU\S-1-5-21-1734503970-980592973-3800441922-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-1734503970-980592973-3800441922-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=14310022431E8475&affID=119357&tsp=4967
SearchScopes: HKU\S-1-5-21-1734503970-980592973-3800441922-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^PL&gct=sb&itbv=12.21.0.114&apn_uid=82B7A2CA-343A-45BA-8DC8-50C829431F00&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^PL&apn_dbr=ie&doi=2014-11-26&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1734503970-980592973-3800441922-1000 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtA0Ezz0EyD0EyCzyzy0AtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2027991663
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-28] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-28] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-28] (Oracle Corporation)
BHO-x32: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-28] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1734503970-980592973-3800441922-1000 -> Brak nazwy - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Brak pliku
Toolbar: HKU\S-1-5-21-1734503970-980592973-3800441922-1000 -> Brak nazwy - {4F524A2D-5350-4500-76A7-7A786E7484D7} - Brak pliku
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000}
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Brak pliku
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-21] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: qo0k3seu.default
FF ProfilePath: C:\Users\Biuro\AppData\Roaming\Mozilla\Firefox\Profiles\qo0k3seu.default [2017-06-16]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-06] [Brak podpisu cyfrowego]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-26] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-28] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [2013-02-05] (McAfee, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> D:\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Biuro\AppData\Local\Google\Chrome\User Data\Default [2017-07-01]
CHR Extension: (Tłumacz Google) - C:\Users\Biuro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-02-22]
CHR Extension: (Funmoods) - C:\Users\Biuro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2015-07-30] [UpdateUrl:
hxxp://funmoods.com/public/download/chrome/update.xml] <==== UWAGA
CHR Extension: (Nowa karta) - C:\Users\Biuro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2015-07-30] [UpdateUrl:
hxxp://update.funmoods.com/speeddial/update.xml?bu=sf] <==== UWAGA
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Biuro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Biuro\AppData\Local\funmoods.crx [2012-10-23]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Biuro\AppData\Local\funmoods-speeddial_sf.crx [2012-10-23]
CHR HKU\S-1-5-21-1734503970-980592973-3800441922-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Biuro\AppData\Local\funmoods.crx [2012-10-23]
CHR HKU\S-1-5-21-1734503970-980592973-3800441922-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Biuro\AppData\Local\funmoods-speeddial_sf.crx [2012-10-23]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Biuro\AppData\Local\funmoods.crx [2012-10-23]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Biuro\AppData\Local\funmoods-speeddial_sf.crx [2012-10-23]
==================== Usługi (filtrowane) ====================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-06-26] (Adobe Systems Incorporated) [Brak podpisu cyfrowego]
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
===================== Sterowniki (filtrowane) ======================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [1698880 2008-04-08] (Atheros Communications, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2006-10-27] ()
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 EverestDriver; \??\H:\! SOFT\[diagnostics]\EVEREST Ultimate Edition\kerneld.amd64 [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
==================== Jeden miesiąc - utworzone pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2017-07-01 17:35 - 2017-07-01 17:35 - 00000000 ____D C:\FRST
2017-07-01 16:11 - 2017-07-01 16:08 - 00000029 _____ C:\Users\Biuro\Desktop\INSTALL.txt
2017-07-01 16:04 - 2017-07-01 16:08 - 00000000 ____D C:\Users\Biuro\AppData\Local\AvgSetupLog
2017-07-01 16:02 - 2017-07-01 16:03 - 253335184 _____ (G DATA Software AG) C:\Users\Biuro\Desktop\setup_is.exe
2017-06-14 11:32 - 2017-06-14 11:32 - 00000162 ____H C:\Users\Biuro\Desktop\~$rmonogram od lipca.htm
2017-06-14 09:20 - 2017-06-16 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-02 10:26 - 2017-06-13 09:45 - 00031232 _____ C:\Users\Biuro\Desktop\05-majTP z VAT.xls
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2017-07-01 17:33 - 2013-06-03 07:31 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-07-01 17:33 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-01 17:33 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-01 17:33 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-01 17:20 - 2006-11-02 17:42 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-01 17:03 - 2016-02-08 09:35 - 00000000 ____D C:\Users\Biuro\Desktop\ZRZUT
2017-07-01 16:58 - 2016-12-17 12:20 - 00000000 ____D C:\Users\Biuro\AppData\LocalLow\Mozilla
2017-07-01 16:22 - 2008-01-21 11:36 - 01495264 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-01 16:22 - 2008-01-21 11:35 - 00672140 _____ C:\Windows\system32\perfh015.dat
2017-07-01 16:22 - 2008-01-21 11:35 - 00130516 _____ C:\Windows\system32\perfc015.dat
2017-07-01 16:22 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\inf
2017-07-01 16:09 - 2015-07-03 08:39 - 00000000 ____D C:\Users\Biuro\AppData\Local\Avg
2017-07-01 16:09 - 2012-07-06 14:28 - 00000000 ____D C:\ProgramData\MFAData
2017-07-01 16:07 - 2012-07-06 14:32 - 00000000 ___HD C:\$AVG
2017-07-01 16:03 - 2012-01-08 17:40 - 00002321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Nowy dokument Office.lnk
2017-06-29 08:06 - 2012-01-08 17:40 - 00002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2017-06-28 07:11 - 2012-04-26 08:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-27 07:21 - 2016-11-22 10:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-06-26 07:28 - 2012-10-26 11:03 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-26 07:28 - 2012-10-26 11:03 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-26 07:28 - 2012-10-26 11:03 - 00004414 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-26 07:28 - 2012-10-22 07:45 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-26 07:28 - 2010-06-14 08:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-16 10:55 - 2017-04-18 09:12 - 00030720 _____ C:\Users\Biuro\Desktop\05-Maj AB.xls
2017-06-05 10:59 - 2016-10-04 11:35 - 00014848 _____ C:\Users\Biuro\Desktop\Rozliczone gotówki.xls
2017-06-01 11:40 - 2015-08-12 08:14 - 00000000 ____D C:\Users\Biuro\Desktop\Uznania
==================== Pliki w katalogu głównym wybranych folderów =======
2013-06-27 11:30 - 2014-06-23 07:40 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-03-03 15:46 - 2010-10-05 13:59 - 0000680 _____ () C:\Users\Biuro\AppData\Local\d3d9caps.dat
2010-03-03 15:40 - 2010-03-12 10:36 - 0000732 _____ () C:\Users\Biuro\AppData\Local\d3d9caps64.dat
2011-01-25 12:09 - 2015-12-23 08:22 - 0015360 _____ () C:\Users\Biuro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-11-09 14:30 - 2010-11-09 14:51 - 0874904 _____ () C:\Users\Biuro\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2010-11-09 14:29 - 2010-11-09 14:42 - 0004418 _____ () C:\Users\Biuro\AppData\Local\dd_dotnetfx35error.txt
2010-11-09 14:46 - 2010-11-09 14:46 - 0000002 _____ () C:\Users\Biuro\AppData\Local\dd_dotnetfx35error_lp.txt
2010-11-09 14:29 - 2010-11-09 14:52 - 0672744 _____ () C:\Users\Biuro\AppData\Local\dd_dotnetfx35install.txt
2010-11-09 14:46 - 2010-11-09 14:47 - 0075658 _____ () C:\Users\Biuro\AppData\Local\dd_dotnetfx35install_lp.txt
2010-11-09 14:47 - 2010-11-09 14:47 - 0596144 _____ () C:\Users\Biuro\AppData\Local\dd_NET_Framework35_LangPack_MSI17B9.txt
2010-11-09 14:46 - 2010-11-09 14:46 - 1851318 _____ () C:\Users\Biuro\AppData\Local\dd_NET_Framework35_x64_MSI1706.txt
2010-11-09 14:38 - 2010-11-09 14:38 - 0419464 _____ () C:\Users\Biuro\AppData\Local\dd_vcredistMSI1107.txt
2013-02-04 09:26 - 2013-02-04 09:26 - 0002438 _____ () C:\Users\Biuro\AppData\Local\dd_vcredistMSI4B0E.txt
2012-10-31 11:39 - 2012-10-31 11:39 - 0373192 _____ () C:\Users\Biuro\AppData\Local\dd_vcredistMSI6463.txt
2010-06-15 07:40 - 2010-06-15 07:41 - 0429160 _____ () C:\Users\Biuro\AppData\Local\dd_vcredistMSI73C2.txt
2010-11-09 14:38 - 2010-11-09 14:38 - 0011398 _____ () C:\Users\Biuro\AppData\Local\dd_vcredistUI1107.txt
2013-02-04 09:26 - 2013-02-04 09:26 - 0011864 _____ () C:\Users\Biuro\AppData\Local\dd_vcredistUI4B0E.txt
2012-10-31 11:39 - 2012-10-31 11:39 - 0011210 _____ () C:\Users\Biuro\AppData\Local\dd_vcredistUI6463.txt
2010-06-15 07:40 - 2010-06-15 07:41 - 0013002 _____ () C:\Users\Biuro\AppData\Local\dd_vcredistUI73C2.txt
2012-10-23 09:05 - 2012-10-23 09:08 - 0290500 _____ () C:\Users\Biuro\AppData\Local\funmoods-speeddial_sf.crx
2012-10-23 09:05 - 2012-10-23 09:08 - 0031465 _____ () C:\Users\Biuro\AppData\Local\funmoods.crx
2010-11-09 14:29 - 2010-11-09 14:52 - 0012322 _____ () C:\Users\Biuro\AppData\Local\uxeventlog.txt
2010-11-09 14:42 - 2010-11-09 14:42 - 0001466 _____ () C:\Users\Biuro\AppData\Local\VWL6289.tmp
2010-11-09 14:42 - 2010-11-09 14:42 - 0001900 _____ () C:\Users\Biuro\AppData\Local\VWL67EB.tmp
2014-03-17 13:42 - 2014-03-17 13:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-06-14 10:35 - 2010-06-14 10:38 - 0000385 _____ () C:\ProgramData\hpzinstall.log
Pliki do przeniesienia lub usunięcia:
====================
C:\Users\Biuro\cc_20150824_144944.reg
C:\Users\Biuro\cc_20150824_145041.reg
C:\Users\Biuro\cc_20160122_101345.reg
C:\Users\Biuro\cc_20160223_133353.reg
C:\Users\Biuro\cc_20160627_090511.reg
C:\Users\Biuro\cc_20170315_093912.reg
==================== Bamital & volsnap ======================
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo
LastRegBack: 2017-07-01 16:23
==================== Koniec FRST.txt ============================