Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:25-08-2015 Uruchomiony przez bok (administrator) BASCO-DELL (25-08-2015 19:42:00) Uruchomiony z C:\Users\bok\Desktop\Pobierane\dezynekcja Załadowane profile: bok (Dostępne profile: bok & Oem) Platform: Windows 8.1 Pro (Update 1) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe () C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\srvany.exe (TODO: <公司名>) C:\Windows\SysWOW64\SDIOAssist.exe () C:\Program Files (x86)\ZyXEL\ZyWALL SecuExtender\SecuExtenderHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (OldTimer Tools) C:\Users\bok\Desktop\Pobierane\dezynekcja\OTL.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4148664 2014-04-04] (ESET) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-28] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== UWAGA HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== UWAGA HKU\S-1-5-21-312285223-1735466544-1751200684-1129 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== UWAGA HKU\S-1-5-21-312285223-1735466544-1751200684-1129 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== UWAGA HKU\S-1-5-21-312285223-1735466544-1751200684-1129 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== UWAGA HKU\S-1-5-21-312285223-1735466544-1751200684-1129 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== UWAGA HKU\S-1-5-21-312285223-1735466544-1751200684-1129\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci..) HKU\S-1-5-21-312285223-1735466544-1751200684-1129\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA HKU\S-1-5-21-312285223-1735466544-1751200684-1129\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKU\S-1-5-21-312285223-1735466544-1751200684-1129\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKU\S-1-5-21-312285223-1735466544-1751200684-1129 -> DefaultScope {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = SearchScopes: HKU\S-1-5-21-312285223-1735466544-1751200684-1129 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-04-09] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-04-09] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft) DPF: HKLM-x32 {5B84B165-F6DE-4126-B3F8-5EDCD447EFF4} hxxps://zy.basco.pl/ext-js/web-pages/portal/SecuExtender.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{0C6EB801-3B7B-4A4C-8895-3076718B47C8}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{163688A5-6FE1-44FA-81F1-E0D727A5FB7F}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{163688A5-6FE1-44FA-81F1-E0D727A5FB7F}: [DhcpNameServer] 192.168.1.1 192.168.1.97 8.8.4.4 Tcpip\..\Interfaces\{7E11BA28-D7F8-442E-9C92-30968192191D}: [NameServer] 192.168.1.1,8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\bok\AppData\Roaming\Mozilla\Firefox\Profiles\u9kgvua5.default FF Homepage: www.google.pl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: Gmail Notifier (restartless) - C:\Users\bok\AppData\Roaming\Mozilla\Firefox\Profiles\u9kgvua5.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-04-30] FF Extension: Video DownloadHelper - C:\Users\bok\AppData\Roaming\Mozilla\Firefox\Profiles\u9kgvua5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-04-30] FF Extension: Adblock Plus - C:\Users\bok\AppData\Roaming\Mozilla\Firefox\Profiles\u9kgvua5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-30] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2015-04-30] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\services-sync.js [2015-08-17] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox-branding.js [2015-08-17] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox-l10n.js [2015-08-17] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2015-08-17] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2015-08-17] <==== UWAGA ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe [66768 2014-11-14] () S2 ComarchAutomatSynchronizacji; C:\Program Files (x86)\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe [62984 2015-06-23] (Comarch S.A.) S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [42048 2014-04-04] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1029704 2014-04-04] (ESET) S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [191368 2014-04-04] (ESET) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation) S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [131312 2015-03-20] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-06] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation) R2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International) R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2012-03-09] () [Brak podpisu cyfrowego] S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-26] (Electronic Arts) S3 RBMS_OptimaBI; C:\Program Files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.BI.Mobile.Service.exe [310272 2015-06-12] (Comarch S.A.) [Brak podpisu cyfrowego] S3 RBSS_OptimaBI; C:\Program Files (x86)\Comarch ERP Optima\Analizy BI\bin\reports book\Comarch.Msp.ReportsBook.Subscriptions.Service.exe [122368 2015-06-12] (Comarch S.A.) [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) R2 ZyWALL SecuExtender Helper; C:\Program Files (x86)\ZyXEL\ZyWALL SecuExtender\SecuExtenderHelper.exe [44416 2013-12-27] () R2 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{EC6CB4A3-5147-43CB-9D45-88F4C02370D5} ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50896 2014-11-14] (Paragon Software Group) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [142136 2015-01-13] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2015-01-13] (Motorola Solutions, Inc.) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [219696 2014-04-10] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [185224 2013-09-09] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [155896 2013-09-09] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [147096 2013-09-09] (ESET) R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [61136 2014-11-14] (Paragon Software Group) S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [204496 2014-11-14] (Paragon Software Group) R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15568 2014-11-14] (Paragon Software Group) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [254192 2015-03-20] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation) R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [45776 2014-11-14] (Paragon Software Group) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation) R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2w8x64.sys [210616 2014-05-14] (BayHubTech/O2Micro ) R3 tap0901_zyxel; C:\Windows\system32\DRIVERS\tap0901_zyxel.sys [36920 2013-12-27] (The OpenVPN Project) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-08-25 19:40 - 2015-08-25 19:42 - 00000000 ____D C:\FRST 2015-08-25 14:13 - 2015-08-25 14:13 - 00007603 _____ C:\Users\bok\AppData\Local\Resmon.ResmonCfg 2015-08-21 15:28 - 2015-08-21 15:28 - 00010240 _____ C:\Users\bok\Desktop\wycena socjal-2.xls 2015-08-21 13:42 - 2015-08-21 13:47 - 00006957 _____ C:\Users\bok\Desktop\wodnik libiąż - sprzedaz jaspis b1 od stycznia.xlsx 2015-08-21 13:42 - 2015-08-21 13:37 - 00006058 _____ C:\Users\bok\Desktop\wodnik libiąż - sprzedaz kfa b od stycznia.xlsx 2015-08-19 09:13 - 2015-08-19 09:14 - 00000091 _____ C:\Users\bok\Desktop\konta bankowe.txt 2015-08-18 10:10 - 2015-08-18 10:23 - 00109568 _____ C:\Users\bok\Desktop\UDZIAŁOWCY - WH 25 05 2015 — kopia.xls 2015-08-17 13:03 - 2015-08-17 13:03 - 00004539 _____ C:\Users\bok\Desktop\xxx.xlsx 2015-08-17 09:41 - 2015-08-19 08:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-16 17:50 - 2015-08-16 17:50 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0} 2015-08-14 15:24 - 2015-08-14 15:24 - 00000000 ____D C:\Users\bok\AppData\Local\calibre-cache 2015-08-14 15:23 - 2015-08-21 11:41 - 00000000 ____D C:\Users\bok\Documents\Biblioteka calibre 2015-08-14 15:23 - 2015-08-14 22:34 - 00000000 ____D C:\Users\bok\AppData\Roaming\calibre 2015-08-14 15:22 - 2015-08-14 15:22 - 00000942 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2015-08-14 15:22 - 2015-08-14 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2015-08-14 15:22 - 2015-08-14 15:22 - 00000000 ____D C:\Program Files\Calibre2 2015-08-14 14:46 - 2015-08-17 10:05 - 00000000 ____D C:\Users\bok\AppData\Roaming\uTorrent 2015-08-14 11:44 - 2015-08-14 11:45 - 00000000 ____D C:\Users\bok\Desktop\basco meble 2015-08-12 19:57 - 2015-08-12 19:57 - 00002334 _____ C:\Users\bok\Desktop\Default.rdp 2015-08-12 19:23 - 2015-08-12 19:51 - 00000000 ____D C:\Users\bok\AppData\Local\mRemoteNG 2015-08-12 08:15 - 2015-08-12 08:15 - 00350228 _____ C:\Users\bok\Desktop\magazyn skanowanie.xml 2015-08-12 08:15 - 2015-08-12 08:15 - 00231640 _____ C:\Users\bok\Desktop\magazyn skanowanie.txt 2015-08-10 10:50 - 2015-08-10 10:50 - 00001548 _____ C:\Users\Public\Desktop\Optima Analizy BI.lnk 2015-08-10 10:50 - 2015-08-10 10:50 - 00001135 _____ C:\Users\Public\Desktop\Optima Biuro Rachunkowe.lnk 2015-08-10 10:50 - 2015-08-10 10:50 - 00001087 _____ C:\Users\Public\Desktop\Optima Przypominacz.lnk 2015-08-10 10:49 - 2015-08-10 10:49 - 00001103 _____ C:\Users\Public\Desktop\Comarch ERP Optima.lnk 2015-08-10 10:49 - 2015-08-10 10:49 - 00000000 ____D C:\Program Files (x86)\Comarch ERP Optima 2015-08-10 10:47 - 2015-08-10 10:49 - 00000000 __HDC C:\ProgramData\{7C417473-1414-42E0-8ACE-2D01BAC5AA85} 2015-08-10 10:46 - 2015-08-10 10:46 - 00000000 ____D C:\Users\bok\AppData\Local\III 2015-08-10 10:35 - 2015-08-10 10:36 - 03038408 _____ (TeamViewer) C:\Users\bok\Downloads\pomoc7.exe 2015-08-03 19:05 - 2015-08-03 19:05 - 13445408 _____ (Paragon Software ) C:\Users\bok\Downloads\HFS4WIN.exe 2015-08-03 18:55 - 2015-08-03 18:55 - 00000000 ____D C:\Users\bok\AppData\Local\ms-app 2015-08-03 18:45 - 2015-08-03 18:52 - 00000000 ____D C:\150629_1131 2015-08-03 18:34 - 2015-08-03 18:48 - 00000000 ____D C:\Users\bok\AppData\Local\node-webkit 2015-07-29 15:18 - 2015-07-30 09:33 - 00000000 ____D C:\Users\bok\Desktop\Elektromet 2015-07-29 08:01 - 2015-08-21 10:50 - 00000000 ____D C:\Users\bok\Desktop\basco 2 - faktury 2015-07-28 21:19 - 2015-07-28 21:19 - 00000000 ____D C:\Users\bok\Tracing 2015-07-26 23:04 - 2015-07-26 23:04 - 00000000 ____D C:\ProgramData\GG ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-08-25 19:38 - 2015-05-04 18:23 - 00000000 ____D C:\Users\bok\Desktop\Pobierane 2015-08-25 19:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-08-25 18:37 - 2015-07-15 20:59 - 00000000 ____D C:\Users\bok\AppData\Roaming\Skype 2015-08-25 18:37 - 2015-05-22 10:12 - 00000000 ____D C:\Users\bok\AppData\Roaming\GG 2015-08-25 18:36 - 2015-04-30 13:38 - 01308893 _____ C:\Windows\WindowsUpdate.log 2015-08-25 18:16 - 2015-04-30 15:24 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-312285223-1735466544-1751200684-1129 2015-08-25 18:09 - 2015-05-04 17:48 - 00000000 __RDO C:\Users\bok\SkyDrive 2015-08-25 18:07 - 2015-04-30 15:21 - 00003968 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A03BB341-B9C0-4AD2-BF2E-D9D268ECD864} 2015-08-25 18:02 - 2015-04-30 13:55 - 03757500 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-25 18:02 - 2014-03-06 09:05 - 00808198 _____ C:\Windows\system32\perfh015.dat 2015-08-25 18:02 - 2014-03-06 09:05 - 00164014 _____ C:\Windows\system32\perfc015.dat 2015-08-25 18:02 - 2014-03-06 08:33 - 00798450 _____ C:\Windows\system32\perfh013.dat 2015-08-25 18:02 - 2014-03-06 08:33 - 00162528 _____ C:\Windows\system32\perfc013.dat 2015-08-25 18:02 - 2014-03-06 06:59 - 00800858 _____ C:\Windows\system32\perfh00A.dat 2015-08-25 18:02 - 2014-03-06 06:59 - 00166748 _____ C:\Windows\system32\perfc00A.dat 2015-08-25 17:58 - 2015-05-04 18:29 - 00726629 _____ C:\SecuExtenderHelper.log 2015-08-25 17:58 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Registration 2015-08-25 17:57 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-25 17:09 - 2015-04-30 15:35 - 00000000 ____D C:\Users\bok\AppData\Local\ClassicShell 2015-08-25 12:57 - 2015-04-30 14:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-08-24 22:46 - 2015-05-04 18:30 - 01000713 _____ C:\Users\bok\SecuExtender.log 2015-08-24 22:36 - 2015-07-13 07:40 - 00000000 ____D C:\Users\bok\Desktop\Cenniki aktualne 2015-08-24 21:28 - 2015-05-04 18:35 - 00002334 ____H C:\Users\bok\Documents\Default.rdp 2015-08-21 11:35 - 2013-08-22 16:46 - 00024489 _____ C:\Windows\setupact.log 2015-08-21 07:37 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-08-19 13:53 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2015-08-19 08:10 - 2015-04-30 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-19 08:10 - 2015-04-30 13:34 - 00006084 _____ C:\Windows\PFRO.log 2015-08-16 17:50 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\migwiz 2015-08-15 09:18 - 2015-04-30 15:19 - 00000000 ____D C:\Users\bok\AppData\Local\Packages 2015-08-12 12:08 - 2015-06-29 00:09 - 00000000 ____D C:\Users\bok\Desktop\KeePass Password Safe 2015-08-10 10:50 - 2015-04-30 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comarch ERP Optima 2015-08-10 10:48 - 2015-04-30 15:40 - 00000000 ____D C:\Users\bok\AppData\Roaming\Comarch OPT!MA 2015-08-10 10:43 - 2015-04-30 14:50 - 00000000 ____D C:\Temp 2015-08-04 20:20 - 2015-06-12 14:32 - 00000000 ____D C:\Users\bok\Documents\FIFA 13 2015-08-04 20:01 - 2015-05-10 20:09 - 00000000 ____D C:\ProgramData\Origin 2015-07-30 08:52 - 2015-06-04 22:02 - 00000000 ____D C:\Users\bok\AppData\Roaming\TeamViewer 2015-07-30 08:44 - 2015-04-30 14:37 - 00000120 _____ C:\Windows\system32\config\netlogon.ftl 2015-07-28 21:19 - 2015-04-30 15:19 - 00000000 ____D C:\Users\bok 2015-07-26 23:09 - 2015-05-11 21:19 - 00000000 ____D C:\Program Files (x86)\Origin 2015-07-26 23:05 - 2015-05-22 10:12 - 00000000 ____D C:\Users\bok\AppData\Local\GG 2015-07-26 22:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-08-11 21:40 - 2015-08-11 21:40 - 0000530 _____ () C:\Users\bok\AppData\Local\rbUsersData_OptimaBI.config 2015-08-25 14:13 - 2015-08-25 14:13 - 0007603 _____ () C:\Users\bok\AppData\Local\Resmon.ResmonCfg Niektóre pliki w TEMP: ==================== C:\Users\bok\AppData\Local\Temp\ggdrive-menu.exe C:\Users\bok\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\bok\AppData\Local\Temp\installstats.exe C:\Users\bok\AppData\Local\Temp\JavaInstaller.dll C:\Users\bok\AppData\Local\Temp\SecuExtenderSetup.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-08-25 10:39 ==================== Koniec FRST.txt ============================