Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 29-01-2017 Uruchomiony przez Home Premium (administrator) HOMEPREMIUM (04-02-2017 12:45:31) Uruchomiony z C:\Users\Home Premium\Desktop\Nowy folder Załadowane profile: Home Premium (Dostępne profile: Home Premium) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [psastart] => C:\APP\ddc\bin\psaagent.exe [147456 2012-10-26] (PSA PEUGEOT CITROEN) HKLM\...\Run: [ediagStart] => C:\APP\ediag\eDiagStart.lnk [618 2016-06-08] () HKLM\...\Run: [SIM] => C:\APP\SIM\SIMBat.lnk [625 2016-06-08] () HKLM\...\Run: [V0770Mon.exe] => C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.) HKLM\...\Run: [C:\Windows\system32\V0770Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0770Ext.ax HKLM\...\Run: [331BigDog] => C:\Program Files\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro) HKU\S-1-5-21-1697358837-294415581-2140137246-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1697358837-294415581-2140137246-1000\...\Run: [diediih] => C:\Users\Home Premium\diediih.exe [57344 2016-08-25] () HKU\S-1-5-21-1697358837-294415581-2140137246-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.) HKU\S-1-5-21-1697358837-294415581-2140137246-1000\...\MountPoints2: G - G:\LaunchU3.exe -a HKU\S-1-5-21-1697358837-294415581-2140137246-1000\...\MountPoints2: {522623c0-6449-11e6-b2bd-485ab6cb772a} - G:\LaunchU3.exe -a HKU\S-1-5-21-1697358837-294415581-2140137246-1000\...\MountPoints2: {eb287e8e-fc9e-11e5-881c-485ab6cb772a} - E:\autorun.exe AppInit_DLLs: C:\ProgramData\AppnormanetouQ\HoldDonsing.dll => C:\ProgramData\AppnormanetouQ\HoldDonsing.dll [248320 2016-08-31] () Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-04-07] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{779FA159-4DAB-4FF1-A4EC-6C6ED0FF7009}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKU\S-1-5-21-1697358837-294415581-2140137246-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dPdTgOhLERq_2kIbkAWulE-wn6xrSMtAjOAlvEgR_iJH9cjtl3sWjiSXEIsuoOuN5BeKoFeAxqcfVYO08wLfgU1wuCokUluCyrhYl10aR1NUOkLqIGhje5y3GRHWCo6iDQHxNT6trQkxkbG_0Gil43-yhrOScOk&q={searchTerms} SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dPdTgOhLERq_2kIbkAWulE-wn6xrSMtAjOAlvEgR_iJH9cjtl3sWjiSXEIsuoOuN5BeKoFeAxqcfVYO08wLfgU1wuCokUluCyrhYl10aR1NUOkLqIGhje5y3GRHWCo6iDQHxNT6trQkxkbG_0Gil43-yhrOScOk&q={searchTerms} SearchScopes: HKU\S-1-5-21-1697358837-294415581-2140137246-1000 -> DefaultScope {24C59C8A-3196-4214-93CB-876380CF3C8F} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1697358837-294415581-2140137246-1000 -> ielnksrch URL = SearchScopes: HKU\S-1-5-21-1697358837-294415581-2140137246-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1697358837-294415581-2140137246-1000 -> {24C59C8A-3196-4214-93CB-876380CF3C8F} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-04-12] (Oracle Corporation) BHO: Psa DDC SingleSignOn BHO -> {CFCCB454-80CF-481f-B50A-29112EBB0F85} -> C:\APP\ddc\bin\DdcSingleSignOnBHOu.dll [2012-10-26] () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-04-12] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Home Premium\AppData\Roaming\Actia\diagnostic2.3.4.3\Profiles\gvq4zk1o.default [2016-06-08] FF ProfilePath: C:\Users\Home Premium\AppData\Roaming\Actia\diagnostic2.3.30.0\Profiles\44lj6zec.default [2017-02-03] FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2016-04-12] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-04-12] (Oracle Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dPdTgOhLERq_2kIbkAWulE-wn6xrSMtAjOAlvEgR_iJH9cjtl3sWjiSXEIsuoOuN5BeMUrakJr-ZG9WvcHzGfzKr4I6kB7yWy09e7bxyBJmVZvZ-BfUuzvzzJWIDcFL3JcQktj3aC74zciBgF5JdhtYU2bN281h CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dPdTgOhLERq_2kIbkAWulE-wn6xrSMtAjOAlvEgR_iJH9cjtl3sWjiSXEIsuoOuN5BePcVL28XDB8ljky8jh02cZStQKNySJPBWkzIdeURZ-HV-PwJoF6x_m4Gwszi7L-RJrdVXsXL6HTU7MMUJ0ydGvYzPYri9&q={searchTerms} CHR DefaultSearchKeyword: Default -> feed.sonic-search.com CHR Profile: C:\Users\Home Premium\AppData\Local\Google\Chrome\User Data\Default [2017-02-03] CHR Extension: (Flaming Guitar) - C:\Users\Home Premium\AppData\Local\Google\Chrome\User Data\Default\Extensions\finklnkldpijbigmpinmomaefjcanpea [2017-02-03] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Home Premium\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27] CHR Extension: (Chrome Media Router) - C:\Users\Home Premium\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27] CHR HKLM\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 AppnormanetouQ; C:\ProgramData\\AppnormanetouQ\\AppnormanetouQ.exe [400384 2016-08-31] () [Brak podpisu cyfrowego] R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [827696 2013-05-21] (Broadcom Corporation.) S2 DCHP; C:\ProgramData\\DCHP\\DCHP.exe [400384 2016-04-12] () [Brak podpisu cyfrowego] S2 FirebirdGuardianDefaultInstance; C:\AWRoot\bin\lib\firebird\bin\fbguard.exe [65536 2008-07-03] (The Firebird Project) [Brak podpisu cyfrowego] S3 FirebirdServerDefaultInstance; C:\AWRoot\bin\lib\firebird\bin\fbserver.exe [1527893 2008-07-03] (The Firebird Project) [Brak podpisu cyfrowego] S2 ftspssrv; C:\Windows\system32\ftspssrv.exe [708608 2011-03-11] (FabulaTech) [Brak podpisu cyfrowego] S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [694272 2016-07-13] (Lenovo.) S2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-11] (SafeNet, Inc.) S2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [226592 2008-07-11] (SafeNet, Inc) S2 StartImePrograms; C:\Program Files\I+ME Actia GmbH\Virtual Keyboard\StartImePrograms.exe [143360 2011-09-30] () [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 adatadrv; C:\Windows\System32\DRIVERS\adatadrv.sys [762112 2009-07-01] (none) [Brak podpisu cyfrowego] R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [174552 2013-03-27] (Broadcom Corporation.) R3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [508184 2012-12-04] (Broadcom Corporation.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2016-04-07] (Disc Soft Ltd) S3 edicusb; C:\Windows\System32\DRIVERS\edicusb7.sys [30032 2012-04-12] (Softing Automotive Electronics GmbH) R3 ftvspenum; C:\Windows\System32\DRIVERS\ftvspenum.sys [36856 2011-01-12] (FabulaTech) S3 ftvsport; C:\Windows\system32\drivers\ftvsport.sys [45560 2011-01-12] (FabulaTech) R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15640 2012-03-27] (Intel Corporation) R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [349976 2012-03-27] (Intel Corporation) R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-03-27] (Intel Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation) R3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [37088 2008-07-11] (SafeNet, Inc.) S3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [325376 2012-06-01] (Creative Technology Ltd.) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1002368 2013-04-17] (Vimicro Corporation) S3 AmUStor; system32\drivers\AmUStor.SYS [X] S3 DSODEV; System32\Drivers\Hantek1008X86.SYS [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-04 12:41 - 2017-02-04 12:45 - 00000000 ____D C:\FRST 2017-02-04 12:29 - 2017-02-04 12:45 - 00000000 ____D C:\Users\Home Premium\Desktop\Nowy folder 2017-02-04 11:20 - 2017-02-04 11:20 - 00000000 ____D C:\Users\Home Premium\Desktop\Fiat ecuscan (OK) 2017-01-27 16:52 - 2017-01-27 22:03 - 00000000 ____D C:\Program Files\Multiecuscan 2017-01-26 18:07 - 2017-01-27 16:51 - 00000000 ____D C:\Program Files\FiatECUScan 2017-01-11 10:07 - 2017-01-05 18:46 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-01-11 10:07 - 2017-01-05 18:46 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-01-11 10:07 - 2017-01-05 18:43 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-01-11 10:07 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-01-11 10:07 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-01-11 10:07 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-01-11 10:07 - 2017-01-05 18:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-01-11 10:07 - 2017-01-05 18:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-01-11 10:07 - 2017-01-05 18:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-01-11 10:07 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-01-11 10:07 - 2017-01-05 18:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-01-11 10:07 - 2017-01-05 18:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-01-09 19:06 - 2017-01-09 19:06 - 00000000 ____D C:\Program Files\USB Camera 2017-01-09 19:06 - 2013-04-17 11:02 - 01002368 _____ (Vimicro Corporation) C:\Windows\system32\Drivers\vm331avs.sys 2017-01-09 19:06 - 2013-04-17 10:33 - 00001704 _____ C:\Windows\vm331Rmv.ini 2017-01-09 19:06 - 2013-04-17 10:33 - 00001704 _____ C:\Windows\system32\vm331Rmv.ini 2017-01-09 19:06 - 2013-04-15 16:25 - 00217088 _____ (Vimicro Corporation) C:\Windows\system32\VmCoinst.dll 2017-01-09 19:06 - 2012-01-11 11:12 - 00663552 _____ C:\Windows\system32\vmprp331.ax 2017-01-09 19:06 - 2010-06-30 17:38 - 00000356 _____ C:\Windows\system\vm331avs.rsf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-04 11:35 - 2016-04-07 09:35 - 00000000 ____D C:\Users\Home Premium\AppData\Local\Deployment 2017-02-04 11:21 - 2009-07-14 05:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-04 11:21 - 2009-07-14 05:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-04 11:20 - 2016-04-07 10:27 - 00000000 ____D C:\ADCDA2 2017-02-04 11:18 - 2016-04-12 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HANTEK1008 2017-02-04 11:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2017-02-04 11:15 - 2011-04-12 06:08 - 00740348 _____ C:\Windows\system32\perfh015.dat 2017-02-04 11:15 - 2011-04-12 06:08 - 00155890 _____ C:\Windows\system32\perfc015.dat 2017-02-04 11:15 - 2010-11-20 22:01 - 01669190 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-04 11:14 - 2016-08-31 12:41 - 00000000 ____D C:\ProgramData\AppnormanetouQ 2017-02-04 11:13 - 2016-12-07 00:11 - 00000000 ____D C:\Users\Home Premium\AppData\Roaming\Skype 2017-02-04 11:11 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-04 10:47 - 2016-04-12 13:54 - 00000000 ____D C:\Program Files\Java 2017-02-03 16:18 - 2016-04-12 12:04 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin 2017-02-03 16:18 - 2016-04-12 12:03 - 00000000 ____D C:\ODIS-DIAG-MODULES 2017-02-03 15:57 - 2016-04-07 09:36 - 00000000 ____D C:\Program Files\Google 2017-02-02 13:37 - 2016-09-03 12:41 - 00002395 _____ C:\Windows\system32\findit.xml 2017-02-02 13:37 - 2016-04-07 08:54 - 00001433 _____ C:\Users\Home Premium\Desktop\Internet Explorer.lnk 2017-01-16 16:16 - 2016-08-31 12:41 - 00000000 ____D C:\ProgramData\AppnormanetouQs 2017-01-09 19:06 - 2016-04-07 09:15 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2017-01-09 19:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-04-12 12:33 - 2016-04-12 12:33 - 6504960 _____ () C:\Users\Home Premium\AppData\Roaming\agent.dat 2016-04-12 12:33 - 2016-04-12 12:33 - 0065232 _____ () C:\Users\Home Premium\AppData\Roaming\Config.xml 2016-04-12 12:32 - 2016-04-12 12:32 - 0274508 _____ () C:\Users\Home Premium\AppData\Roaming\inst.lat 2016-04-12 12:32 - 2016-04-12 12:32 - 0014208 _____ () C:\Users\Home Premium\AppData\Roaming\InstallationConfiguration.xml 2016-04-12 12:32 - 2016-04-12 12:32 - 0127488 _____ () C:\Users\Home Premium\AppData\Roaming\Installer.dat 2016-04-12 12:33 - 2016-04-12 12:33 - 0018432 _____ () C:\Users\Home Premium\AppData\Roaming\Main.dat 2016-04-12 12:33 - 2016-04-12 12:33 - 0005568 _____ () C:\Users\Home Premium\AppData\Roaming\md.xml 2016-04-12 12:33 - 2016-04-12 12:33 - 0126464 _____ () C:\Users\Home Premium\AppData\Roaming\noah.dat 2016-04-12 12:34 - 2016-04-12 12:34 - 0032038 _____ () C:\Users\Home Premium\AppData\Roaming\uninstall_temp.ico 2016-04-12 12:33 - 2016-04-12 12:33 - 1932216 _____ () C:\Users\Home Premium\AppData\Roaming\Unophase.bin 2016-06-02 10:33 - 2016-06-30 07:33 - 0000107 _____ () C:\Users\Home Premium\AppData\Roaming\WB.CFG 2016-04-12 12:33 - 2016-04-12 12:32 - 1211904 _____ () C:\Users\Home Premium\AppData\Roaming\Zathlab.exe 2016-04-12 12:33 - 2016-04-12 12:33 - 1626339 _____ () C:\Users\Home Premium\AppData\Roaming\Zathlab.tst Pliki do przeniesienia lub usunięcia: ==================== C:\Users\Home Premium\diediih.exe Niektóre pliki w TEMP: ==================== 2017-02-04 11:18 - 2007-04-21 07:32 - 0153088 _____ () C:\Users\Home Premium\AppData\Local\Temp\GLB1A2B.EXE ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-09-05 08:56 ==================== Koniec FRST.txt ============================