Anonim / 1 rok, 3 miesiące temu | Download | Plaintext | Odpowiedz |

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 11-01-2017
Uruchomiony przez ppp (administrator) PPP (12-01-2017 11:58:37)
Uruchomiony z C:\Users\ppp\Desktop
Załadowane profile: ppp (Dostępne profile: ppp & Blood & Przybysławscy)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Język: Polski (Polska)
Internet Explorer Wersja 9 (Domyślna przeglądarka: Opera)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Anvisoft) C:\Program Files\Anvisoft\Anvi Smart Defender\ASD2_Service.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(Ateksoft Company Ltd.) C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Last.fm) C:\Program Files\Last.fm\Last.fm Scrobbler.exe
() C:\Program Files\Autorun Organizer\StartupCheckingService.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe
(Opera Software) C:\Program Files\Opera\42.0.0.239320787\opera.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKU\S-1-5-21-3962199-2463911024-3041523983-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3962199-2463911024-3041523983-1000\...\MountPoints2: {00ddb33a-720d-11e4-a406-001999517b09} - F:\LGAutoRun.exe
HKU\S-1-5-21-3962199-2463911024-3041523983-1000\...\MountPoints2: {0a6ef668-85d2-11e4-a079-001999517b09} - F:\USBAutoRun.exe
HKU\S-1-5-21-3962199-2463911024-3041523983-1000\...\MountPoints2: {d9144a20-e29a-11e4-b8a1-001999517b09} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3962199-2463911024-3041523983-1000\...\MountPoints2: {d9144a34-e29a-11e4-b8a1-001999517b09} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3962199-2463911024-3041523983-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-11-20]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.251
Tcpip\..\Interfaces\{1A275C4B-38FC-420E-B76E-4FA7B5B74C8D}: [DhcpNameServer] 192.168.10.251

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3962199-2463911024-3041523983-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: w26dgwrk.default
FF ProfilePath: C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\w26dgwrk.default [2017-01-12]
FF Extension: (Fast search) - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\w26dgwrk.default\Extensions\amcontextmenu@loucypher [2017-01-12]
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3962199-2463911024-3041523983-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [2014-04-30] (Anvisoft)

Chrome: 
=======
CHR Profile: C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default [2017-01-12]
CHR Extension: (Prezentacje Google) - C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-03]
CHR Extension: (Dokumenty Google) - C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-03]
CHR Extension: (Dysk Google) - C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-03]
CHR Extension: (YouTube) - C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-03]
CHR Extension: (Arkusze Google) - C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-03]
CHR Extension: (Skype) - C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-03]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-03]
CHR Extension: (Fast search) - C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-12]
CHR Extension: (Gmail) - C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-03]
CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2014-04-30]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (uBlock Origin) - C:\Users\ppp\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-12-16]
OPR Extension: (SaveFrom.net helper) - C:\Users\ppp\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2017-01-10]
OPR Extension: (Fast search) - C:\Users\ppp\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-12]

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 ASD2Svc; C:\Program Files\Anvisoft\Anvi Smart Defender\ASD2_Service.exe [1125000 2015-09-17] (Anvisoft)
R2 Chemtable Startup Checking; C:\Program Files\Autorun Organizer\StartupCheckingService.exe [3472128 2016-03-21] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87768 2014-07-01] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [358104 2014-07-02] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722136 2013-10-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437464 2014-07-02] (VMware, Inc.)
R2 Webcamera Plus Service; C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe [46592 2009-07-26] (Ateksoft Company Ltd.) [Brak podpisu cyfrowego]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S1 asd2fsm; C:\Windows\System32\DRIVERS\asd2fsm.sys [38400 2015-09-17] (Anvisoft) [Brak podpisu cyfrowego]
R1 Asdids; C:\Windows\System32\DRIVERS\asdids.sys [32256 2015-09-17] (Anvisoft) [Brak podpisu cyfrowego]
R3 AteksoftAudio; C:\Windows\System32\drivers\ateksoftaudio.sys [12288 2009-07-26] (Ateksoft) [Brak podpisu cyfrowego]
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2012-10-18] (Atheros Communications, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-11-24] (Disc Soft Ltd)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [42968 2013-10-29] (VMware, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26712 2014-07-02] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2014-07-02] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2014-07-02] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26840 2014-07-02] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2013-10-29] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [63064 2014-07-02] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61464 2012-10-24] (VMware, Inc.)

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-12 11:58 - 2017-01-12 11:58 - 00011750 _____ C:\Users\ppp\Desktop\FRST.txt
2017-01-12 11:49 - 2017-01-12 11:53 - 00009293 _____ C:\Users\ppp\Desktop\Fixlog.txt
2017-01-12 10:45 - 2017-01-12 10:46 - 01761280 _____ (Farbar) C:\Users\ppp\Desktop\FRST.exe
2017-01-11 13:30 - 2017-01-12 11:52 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-11 13:30 - 2017-01-11 13:30 - 00001145 _____ C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2017-01-11 13:30 - 2017-01-11 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2017-01-11 13:30 - 2017-01-11 13:30 - 00000000 ____D C:\ProgramData\Anvisoft
2017-01-11 13:30 - 2017-01-11 13:30 - 00000000 ____D C:\Program Files\Anvisoft
2017-01-11 13:30 - 2015-09-17 03:25 - 00038400 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys
2017-01-11 13:29 - 2017-01-11 13:29 - 39269240 _____ (Anvisoft) C:\Users\ppp\Downloads\asdsetup.exe
2017-01-11 12:46 - 2017-01-11 12:46 - 00001089 _____ C:\Users\Public\Desktop\Opera 42.lnk
2017-01-11 12:46 - 2017-01-11 12:46 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 42.lnk
2017-01-10 21:52 - 2017-01-11 16:28 - 00000000 ____D C:\Users\ppp\AppData\LocalLow\uTorrent
2017-01-10 21:31 - 2017-01-11 17:17 - 735827968 _____ C:\Users\ppp\Desktop\[Roman Polanski] Cul-de-Sac.1966.DVDRip.XviD-MDX[CiN].avi
2017-01-10 21:27 - 2017-01-10 21:27 - 00001430 ___RS C:\Users\ppp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехplorеr.lnk
2017-01-10 21:27 - 2017-01-10 21:27 - 00000000 ____D C:\Users\ppp\AppData\Roaming\SPI
2017-01-10 21:21 - 2017-01-10 21:22 - 00000000 ____D C:\Users\ppp\Desktop\Timecrimes aka Los cronocrimenes [2007]-720p-BRrip-x264-StyLishSaLH (StyLish Release)
2017-01-10 20:04 - 2015-10-11 06:58 - 00000000 ____D C:\Users\ppp\Desktop\Division S - 2004 - Something To Drink 2 (CDr)
2017-01-10 19:59 - 2017-01-10 20:00 - 54169935 _____ C:\Users\ppp\Downloads\dmm01436.rar
2017-01-10 19:58 - 2017-01-10 20:06 - 120254387 _____ C:\Users\ppp\Downloads\dmm_140404_divs11std5.rar
2017-01-06 22:36 - 2017-01-06 22:36 - 00016064 _____ C:\Users\ppp\Desktop\Bullet Ballet.txt
2017-01-06 22:35 - 2016-12-29 18:05 - 1129893888 _____ C:\Users\ppp\Desktop\Bullet Ballet.avi
2017-01-06 13:31 - 2017-01-06 13:31 - 07514231 _____ C:\Users\ppp\Desktop\the-process-church-of-the-final-judgment-documents.pdf
2017-01-02 11:51 - 2008-10-06 21:54 - 00000000 ____D C:\Users\ppp\Desktop\Dj Cutlass - Playas Only
2017-01-02 11:43 - 2016-02-09 19:21 - 00000000 ____D C:\Users\ppp\Desktop\EVOL - the acid rapper 1994 - Satanic For Life (DatPiff.com)
2017-01-01 12:45 - 2017-01-01 12:45 - 00215189 _____ C:\Users\ppp\Desktop\WhatsApp Image 2016-12-04 at 14.04.36.jpeg
2017-01-01 12:19 - 2017-01-01 12:19 - 00173449 _____ C:\Users\ppp\Downloads\CV#.pdf
2017-01-01 11:39 - 2017-01-01 13:32 - 648680019 _____ C:\Users\ppp\Downloads\Applesauce.2015.PL.BDRip.x264-KiT.mkv
2016-12-31 14:40 - 2016-12-31 16:49 - 733075978 _____ C:\Users\ppp\Downloads\The.Survivalist.2015.PL.BDRip.XViD-NOiSE.avi
2016-12-29 19:58 - 2016-08-11 18:26 - 00000000 ____D C:\Users\ppp\Downloads\Dzika Banda (1969)
2016-12-29 16:44 - 2016-12-29 16:44 - 00028628 _____ C:\Users\ppp\Desktop\15727397_1818634185083792_3137833086445126162_n.jpg
2016-12-29 15:07 - 2016-12-29 15:08 - 10060807 _____ C:\Users\ppp\Downloads\youredeadfaggot.gif
2016-12-29 15:00 - 2016-12-29 15:01 - 04841875 _____ C:\Users\ppp\Downloads\ezgif.com-gif-maker.gif
2016-12-29 14:00 - 2016-12-29 14:01 - 26058733 _____ C:\Users\ppp\Downloads\BULLET BALLET New UK Trailer (バレット・バレエ - Shinya Tsukamoto, Japan 1998).mp4
2016-12-28 10:59 - 2016-12-28 15:17 - 1386567196 _____ C:\Users\ppp\Downloads\Star.Wars.Episode.VII.The.Force.Awakens.2015.PL.480p.BDRip.x264-KiKO.mkv
2016-12-19 15:05 - 2016-12-19 15:09 - 02534646 _____ C:\Users\ppp\Downloads\$UICIDEBOY$ - If You Were to Get What You Deserve, You Would Know What the Bottom of a Tire Tastes Like.mp3
2016-12-19 15:05 - 2016-12-19 15:07 - 02102895 _____ C:\Users\ppp\Downloads\$UICIDEBOY$ - SOUL DOUBT.mp3
2016-12-19 15:04 - 2016-12-19 15:58 - 02326596 _____ C:\Users\ppp\Downloads\$UICIDEBOY$ - All That Glitters Is Not Gold, But It's Still Damn Beautiful.mp3
2016-12-18 13:19 - 2014-11-09 19:53 - 00000000 ____D C:\Users\ppp\Downloads\Dsa Commando - Le Brigate Della Morte
2016-12-14 14:09 - 2016-12-14 14:12 - 01834595 _____ C:\Users\ppp\Downloads\$UICIDEBOY$ - KILL YOURSELF (PART IV).mp3
2016-12-14 12:11 - 2016-12-14 12:20 - 167172784 _____ C:\Users\ppp\Downloads\xhamster.com_6955045_abella_danger_hooks_up_with_random_guy_720p.mp4

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-12 11:59 - 2009-07-14 05:34 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-12 11:59 - 2009-07-14 05:34 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-12 11:58 - 2015-09-17 19:39 - 00000000 ____D C:\FRST
2017-01-12 11:58 - 2015-08-17 17:11 - 00000000 ____D C:\Users\ppp\AppData\Local\Last.fm
2017-01-12 11:52 - 2015-03-24 12:28 - 00000000 ____D C:\ProgramData\VMware
2017-01-12 11:52 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-12 11:50 - 2016-07-29 16:29 - 00000000 ___SD C:\Users\ppp\AppData\LocalLow\Temp
2017-01-12 11:29 - 2015-12-11 13:02 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-11 19:43 - 2016-12-06 20:13 - 1211299325 _____ C:\Users\ppp\Desktop\STAGE FRIGHT.1987.mkv
2017-01-11 19:43 - 2016-07-29 16:28 - 00000000 ____D C:\Users\ppp\AppData\Roaming\uTorrent
2017-01-11 19:42 - 2015-01-10 17:38 - 00000000 ____D C:\Users\Blood\Desktop\gts
2017-01-11 19:41 - 2015-08-21 18:39 - 00000000 ____D C:\Program Files\AviSynth 2.5
2017-01-11 13:30 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-01-11 13:19 - 2015-09-17 19:29 - 00000079 _____ C:\Windows\wininit.ini
2017-01-11 12:46 - 2014-11-24 14:53 - 00000000 ____D C:\Program Files\Opera
2017-01-11 12:36 - 2009-01-01 00:38 - 00001417 ____H C:\Users\ppp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-11 12:24 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\TAPI
2017-01-11 12:12 - 2015-01-10 12:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-11 11:43 - 2015-11-05 12:22 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-10 20:29 - 2015-09-17 20:41 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-10 20:29 - 2015-09-17 20:41 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-10 20:29 - 2014-11-20 07:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-09 18:33 - 2016-11-01 20:08 - 00000000 ____D C:\Users\ppp\Desktop\[2013] Patron Saint of Everything Totally Fucked
2017-01-01 11:42 - 2015-07-15 22:23 - 00000000 ____D C:\Users\ppp\AppData\Local\ElevatedDiagnostics
2016-12-29 21:09 - 2014-11-21 06:44 - 00786432 ___SH C:\Users\Przybysławscy\NTUSER.DAT
2016-12-19 17:14 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-19 16:26 - 2009-01-01 00:37 - 00000000 ___RD C:\Users\ppp\Documents
2016-12-15 17:10 - 2016-12-12 11:16 - 00000000 ____D C:\Users\ppp\Desktop\Berlin

==================== Pliki w katalogu głównym wybranych folderów =======

2014-12-29 07:19 - 2014-12-29 07:19 - 0160256 _____ () C:\Users\ppp\AppData\Roaming\rictuses.as
2015-01-07 15:36 - 2016-10-07 11:16 - 0011776 _____ () C:\Users\ppp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-03 16:34 - 2016-03-03 16:34 - 0000017 _____ () C:\Users\ppp\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2016-12-19 17:13

==================== Koniec FRST.txt ============================