Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:27-09-2015 01 Uruchomiony przez Magdalena (administrator) LENA (28-09-2015 20:24:40) Uruchomiony z C:\Users\Magdalena\Downloads Załadowane profile: Magdalena (Dostępne profile: Magdalena) Platform: Windows 10 Home (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Edge) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (GridinSoft LLC) C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe Brak dostępu do procesu -> SmartAudio.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.922.11070.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (OldTimer Tools) C:\Users\Magdalena\Downloads\OTL.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-08-09] (ELAN Microelectronics Corp.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [920280 2015-04-17] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1545690670-3743458166-3130793004-1001\...\Run: [Facebook Update] => C:\Users\Magdalena\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-12-06] (Facebook Inc.) HKU\S-1-5-21-1545690670-3743458166-3130793004-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" HKU\S-1-5-21-1545690670-3743458166-3130793004-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-07-10] (Microsoft Corporation) HKU\S-1-5-21-1545690670-3743458166-3130793004-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd) HKU\S-1-5-21-1545690670-3743458166-3130793004-1001\...\RunOnce: [Uninstall C:\Users\Magdalena\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Magdalena\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" HKU\S-1-5-21-1545690670-3743458166-3130793004-1001\...\RunOnce: [Uninstall C:\Users\Magdalena\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Magdalena\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-1545690670-3743458166-3130793004-1001\...\MountPoints2: {88057e4f-053c-11e5-8296-382c4a1aa4d4} - "F:\AutoRun.exe" HKU\S-1-5-21-1545690670-3743458166-3130793004-1001\...\MountPoints2: {96dd2aaf-8217-11e4-826a-382c4a1aa4d4} - "F:\AutoRun.exe" ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-12-04] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk [2015-02-01] ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.) GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{087d7481-d210-4456-b722-85c7a960dd72}: [NameServer] 213.158.199.1 213.158.199.5 Tcpip\..\Interfaces\{0fa79880-e091-4d40-9a9d-5cdd11bff5dc}: [NameServer] 213.158.199.1 213.158.199.5 Tcpip\..\Interfaces\{1225f886-53ad-4330-a5ed-6b8a4cafa104}: [NameServer] 213.158.199.1 213.158.199.5 Tcpip\..\Interfaces\{dca276b8-5b0d-48fe-9140-032d836c8899}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{fe0161c5-1694-45af-83bd-79ff02928f62}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKU\S-1-5-21-1545690670-3743458166-3130793004-1001 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 SearchScopes: HKU\S-1-5-21-1545690670-3743458166-3130793004-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1545690670-3743458166-3130793004-1001 -> {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-1545690670-3743458166-3130793004-1001 -> Brak nazwy - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Brak pliku FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Brak pliku] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-09-23] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-09-23] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1545690670-3743458166-3130793004-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Magdalena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-09-23] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-09-23] Chrome: ======= CHR Profile: C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKU\S-1-5-21-1545690670-3743458166-3130793004-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho Opera: ======= OPR StartupUrls: "hxxp://www.viceice.com/" ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [Brak podpisu cyfrowego] R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [194000 2015-06-29] (Kaspersky Lab ZAO) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-08-09] (ELAN Microelectronics Corp.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359056 2015-08-09] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation) S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2011-06-17] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation) S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-29] (Kaspersky Lab UK Ltd) S3 huawei_wwanecm; C:\Windows\System32\drivers\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-29] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-06-29] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-06-29] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-06-29] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-06-29] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-06-29] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-06-29] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-06-29] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-29] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-06-29] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-06-29] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-06-29] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] () R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation) R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-02-11] (Windows (R) Win 7 DDK provider) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-08-09] (Realtek ) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-08-08] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4527872 2015-08-09] (Realtek Semiconductor Corporation ) R3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [17568 2015-09-22] (Windows (R) Win 7 DDK provider) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 CnxtHdAudService; \SystemRoot\system32\drivers\CHDRT64.sys [X] U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-09-28 20:26 - 2015-09-28 20:26 - 00380416 _____ C:\Users\Magdalena\Downloads\3ghufycl.exe 2015-09-28 20:24 - 2015-09-28 20:25 - 00025430 _____ C:\Users\Magdalena\Downloads\FRST.txt 2015-09-28 20:24 - 2015-09-28 20:24 - 02192384 _____ (Farbar) C:\Users\Magdalena\Downloads\FRST64.exe 2015-09-28 20:24 - 2015-09-28 20:24 - 00000000 ____D C:\FRST 2015-09-28 19:57 - 2015-09-28 19:57 - 00016148 _____ C:\WINDOWS\system32\LENA_Magdalena_HistoryPrediction.bin 2015-09-28 19:37 - 2015-09-28 19:37 - 00602112 _____ (OldTimer Tools) C:\Users\Magdalena\Downloads\OTL.exe 2015-09-28 19:31 - 2015-09-28 19:31 - 02222080 _____ (AGORA S.A.) C:\Users\Magdalena\Downloads\OTL_Sciagnij.pl.exe 2015-09-28 19:28 - 2015-09-28 20:00 - 03629998 _____ C:\Users\Magdalena\Downloads\OTL.Txt 2015-09-28 19:27 - 2015-09-28 20:01 - 00112818 _____ C:\Users\Magdalena\Downloads\Extras.Txt 2015-09-28 04:53 - 2015-09-28 04:53 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-28 04:50 - 2015-09-28 04:50 - 00016206 _____ C:\WINDOWS\PFRO.log 2015-09-27 22:49 - 2015-09-28 04:48 - 00000903 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-09-27 22:49 - 2015-09-27 22:49 - 00002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-09-27 22:49 - 2015-09-27 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-09-27 22:49 - 2015-09-27 22:49 - 00000000 ____D C:\Program Files\CCleaner 2015-09-27 22:46 - 2015-09-27 22:46 - 06677440 _____ (Piriform Ltd) C:\Users\Magdalena\Downloads\ccsetup510.exe 2015-09-27 22:45 - 2015-09-28 04:48 - 00000998 _____ C:\Users\Magdalena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk 2015-09-27 22:45 - 2015-09-27 22:51 - 00000000 ____D C:\Users\Magdalena\AppData\Roaming\WarThunder 2015-09-27 19:43 - 2015-09-28 04:53 - 00003308 _____ C:\WINDOWS\System32\Tasks\Trojan Killer 2015-09-27 19:42 - 2015-09-28 04:48 - 00001025 _____ C:\Users\Public\Desktop\Trojan Killer.lnk 2015-09-27 19:42 - 2015-09-27 19:42 - 03451344 _____ (Gridinsoft LLC) C:\Users\Magdalena\Downloads\Setup-TrojanKiller-VRGC.exe 2015-09-27 19:42 - 2015-09-27 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer 2015-09-27 19:42 - 2015-09-27 19:42 - 00000000 ____D C:\ProgramData\GridinSoft 2015-09-27 19:42 - 2015-09-27 19:42 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer 2015-09-27 19:34 - 2015-09-27 19:34 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2015-09-27 19:13 - 2015-09-27 19:13 - 00003934 _____ C:\WINDOWS\system32\.crusader 2015-09-27 19:04 - 2015-09-27 19:14 - 00000000 ____D C:\ProgramData\HitmanPro 2015-09-27 18:51 - 2015-09-27 22:31 - 00000000 ____D C:\AdwCleaner 2015-09-27 18:51 - 2015-09-27 18:51 - 01670656 _____ C:\Users\Magdalena\Downloads\adwcleaner_5.009.exe 2015-09-27 17:53 - 2015-09-28 19:34 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-09-27 17:53 - 2015-09-28 04:48 - 00001963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk 2015-09-27 17:53 - 2015-09-28 04:48 - 00001131 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-27 17:53 - 2015-09-27 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-27 17:53 - 2015-09-27 17:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-09-27 17:53 - 2015-09-27 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant 2015-09-27 17:53 - 2015-09-27 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-27 17:53 - 2015-06-18 09:48 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-09-27 17:53 - 2015-06-18 09:47 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-09-27 17:53 - 2015-06-18 09:47 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-09-27 17:52 - 2015-09-28 04:48 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk 2015-09-27 17:52 - 2015-09-28 04:48 - 00002150 _____ C:\Users\Public\Desktop\AudioWizard.lnk 2015-09-27 17:52 - 2015-09-27 17:52 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Magdalena\Downloads\mbam-setup-sem-2.1.6.1022 (1).exe 2015-09-27 17:52 - 2011-09-01 00:23 - 00447104 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe 2015-09-27 17:51 - 2015-09-27 17:52 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Magdalena\Downloads\mbam-setup-sem-2.1.6.1022.exe 2015-09-27 17:51 - 2014-10-20 14:54 - 00207576 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe 2015-09-27 17:51 - 2014-04-28 14:45 - 00319042 _____ C:\WINDOWS\system32\MA4Preset.mps 2015-09-27 17:51 - 2014-01-27 10:56 - 00006786 _____ C:\WINDOWS\system32\Maxx_Render_EFX_Asus.mps 2015-09-27 17:51 - 2014-01-27 10:53 - 00002626 _____ C:\WINDOWS\system32\Maxx_Render_MFX_Asus.mps 2015-09-27 17:49 - 2015-09-27 17:50 - 02952720 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64A93.dll 2015-09-27 17:49 - 2015-09-27 17:49 - 01156160 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll 2015-09-27 17:49 - 2015-09-27 17:49 - 01078680 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll 2015-09-27 17:49 - 2015-09-27 17:49 - 00961960 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64BP11.dll 2015-09-27 17:49 - 2015-09-27 17:49 - 00442280 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\ASpkExt64.dll 2015-09-27 17:49 - 2015-09-27 17:49 - 00332832 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll 2015-09-27 17:49 - 2015-09-27 17:49 - 00306325 _____ C:\WINDOWS\system32\Drivers\MicEQ.ini 2015-09-27 17:49 - 2015-09-27 17:49 - 00120214 _____ C:\WINDOWS\system32\Drivers\SoftEQ.ini 2015-09-27 17:49 - 2015-09-27 17:49 - 00104000 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\FMPropPageExt64.dll 2015-09-27 17:49 - 2015-09-27 17:49 - 00053360 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxPageMaster64.dll 2015-09-27 17:49 - 2015-09-27 17:49 - 00034832 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CXHDMI64.dll 2015-09-27 17:49 - 2015-09-27 17:49 - 00030893 _____ C:\WINDOWS\system32\Drivers\Mixer.ini 2015-09-27 17:49 - 2015-09-27 17:49 - 00030781 _____ C:\WINDOWS\system32\Drivers\MicGain.ini 2015-09-27 17:49 - 2015-09-27 17:49 - 00027477 _____ C:\WINDOWS\system32\Drivers\MicMinMax.ini 2015-09-27 17:49 - 2015-09-27 17:49 - 00006449 _____ C:\WINDOWS\system32\Drivers\HeadsetCtrl.ini 2015-09-27 17:49 - 2015-09-27 17:49 - 00003245 _____ C:\WINDOWS\system32\Drivers\FXMisc.ini 2015-09-27 17:49 - 2015-09-27 17:49 - 00002912 _____ C:\WINDOWS\system32\Drivers\OrVerbs.ini 2015-09-27 17:49 - 2015-09-27 17:49 - 00001816 _____ C:\WINDOWS\system32\Drivers\altmixer.ini 2015-09-27 16:25 - 2015-09-27 15:11 - 37103381 _____ C:\Users\Magdalena\Desktop\20150927_151118.mp4 2015-09-27 16:25 - 2015-09-27 15:01 - 29489179 _____ C:\Users\Magdalena\Desktop\20150927_150102.mp4 2015-09-27 16:25 - 2015-09-27 14:27 - 03392912 _____ C:\Users\Magdalena\Desktop\20150927_142731.mp4 2015-09-27 16:24 - 2015-09-27 16:51 - 00000000 ____D C:\Users\Magdalena\Desktop\10 dst 2015-09-23 22:08 - 2015-09-28 04:48 - 00002250 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk 2015-09-23 22:08 - 2015-09-23 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2015-09-23 22:08 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll 2015-09-23 22:07 - 2015-09-28 17:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-09-23 22:07 - 2015-09-23 22:07 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2015-09-23 22:07 - 2015-06-29 21:15 - 00831664 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys 2015-09-23 22:07 - 2015-06-29 21:15 - 00226480 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys 2015-09-23 22:07 - 2015-06-29 21:15 - 00159960 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys 2015-09-23 21:19 - 2015-09-23 21:20 - 00000000 ____D C:\Users\Magdalena\Downloads\Kaspersky.Antivirus.15.0.1.415.PL 2015-09-23 20:40 - 2015-09-23 20:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-09-23 20:05 - 2015-09-23 20:42 - 225080445 _____ C:\Users\Magdalena\Downloads\Kaspersky.Antivirus.15.0.1.415.PL.rar 2015-09-23 18:54 - 2015-09-23 19:13 - 182233624 _____ C:\Users\Magdalena\Downloads\Kaspersky.Anti.Virus.2013.13.0.1.4190.PL.rar 2015-09-22 18:14 - 2015-09-22 18:14 - 00017568 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\gtkdrv.sys 2015-09-17 13:37 - 2015-09-17 13:37 - 00143414 _____ C:\Users\Magdalena\Downloads\Funkcja_produkcji.pptx 2015-09-16 21:37 - 2015-09-16 21:37 - 03609412 _____ C:\Users\Magdalena\Downloads\fwd_matma (1).zip 2015-09-15 15:05 - 2015-09-15 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-09-15 15:05 - 2015-09-15 15:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-09-15 15:05 - 2015-09-15 15:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-09-15 15:04 - 2015-09-15 15:04 - 13155552 _____ (Microsoft Corporation) C:\Users\Magdalena\Downloads\Silverlight_x64.exe 2015-09-14 19:20 - 2015-09-14 19:20 - 00929360 _____ (Google Inc.) C:\Users\Magdalena\Downloads\ChromeSetup (1).exe 2015-09-14 19:00 - 2015-09-14 19:00 - 00087203 _____ C:\Users\Magdalena\Downloads\EdgeAdblock_10.zip 2015-09-14 18:59 - 2015-09-14 18:59 - 00242840 _____ C:\Users\Magdalena\Downloads\Firefox Setup Stub 40.0.3.exe 2015-09-14 17:56 - 2015-09-14 17:56 - 00000000 ____D C:\Users\Magdalena\AppData\Roaming\WildTangent 2015-09-09 15:47 - 2015-09-09 16:38 - 00000000 ____D C:\Users\Magdalena\AppData\Local\MicrosoftEdge 2015-09-07 11:12 - 2015-09-07 11:12 - 00000000 ____D C:\Users\Magdalena\AppData\Local\Clarus 2015-08-30 09:21 - 2015-08-30 09:28 - 00000540 _____ C:\Users\Magdalena\Downloads\debug.log ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-09-28 20:25 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru 2015-09-28 18:11 - 2015-01-02 19:11 - 00001362 _____ C:\WINDOWS\Tasks\PTQQF.job 2015-09-28 18:11 - 2015-01-02 19:11 - 00001360 _____ C:\WINDOWS\Tasks\QGPO.job 2015-09-28 15:23 - 2014-12-06 22:18 - 00000954 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1545690670-3743458166-3130793004-1001UA.job 2015-09-28 12:02 - 2015-05-13 15:13 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2015-09-28 12:02 - 2015-05-13 15:13 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2015-09-28 04:53 - 2014-12-01 20:53 - 00000093 _____ C:\Users\Magdalena\AppData\Roaming\sp_data.sys 2015-09-28 04:52 - 2014-12-01 20:51 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-09-28 04:52 - 2014-09-14 12:12 - 06764972 _____ C:\Users\Public\CAFADEBUG.log 2015-09-28 04:51 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-09-28 04:51 - 2015-07-10 14:20 - 00349832 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-09-28 04:50 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Branding 2015-09-28 04:50 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-09-28 04:48 - 2015-08-09 11:45 - 00002396 _____ C:\Users\Magdalena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-09-28 04:48 - 2015-08-07 23:10 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-09-28 04:48 - 2015-06-05 12:26 - 00000702 _____ C:\Users\Public\Desktop\Ocena Opisowa.lnk 2015-09-28 04:48 - 2015-05-25 16:23 - 00000736 _____ C:\Users\Public\Desktop\StarCraft II.lnk 2015-09-28 04:48 - 2015-05-25 16:00 - 00000818 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk 2015-09-28 04:48 - 2015-05-25 15:49 - 00000885 _____ C:\Users\Public\Desktop\Battle.net.lnk 2015-09-28 04:48 - 2015-02-01 20:25 - 00001844 _____ C:\Users\Magdalena\Desktop\Samsung Drive Manager.lnk 2015-09-28 04:48 - 2014-12-14 16:02 - 00000823 _____ C:\Users\Magdalena\Desktop\GG dysk.lnk 2015-09-28 04:48 - 2014-12-13 00:25 - 00001257 _____ C:\Users\Public\Desktop\Internet Manager.lnk 2015-09-28 04:48 - 2014-12-04 18:21 - 00001409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Centrum obsługi HP.lnk 2015-09-28 04:48 - 2014-12-04 18:21 - 00001397 _____ C:\Users\Public\Desktop\Centrum obsługi HP.lnk 2015-09-28 04:48 - 2014-12-04 18:21 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rejestracja programu I.R.I.S. OCR.lnk 2015-09-27 22:56 - 2015-08-12 08:35 - 00000000 ____D C:\WINDOWS\Minidump 2015-09-27 22:56 - 2015-08-07 23:55 - 00000000 ___DC C:\WINDOWS\Panther 2015-09-27 22:51 - 2014-12-02 11:40 - 00000000 ____D C:\Users\Magdalena\AppData\Local\Google 2015-09-27 22:51 - 2014-12-02 11:40 - 00000000 ____D C:\Program Files (x86)\Google 2015-09-27 22:05 - 2015-04-24 22:34 - 00000000 ____D C:\ProgramData\Adobe 2015-09-27 22:00 - 2014-12-05 18:29 - 00000000 ____D C:\Users\Magdalena\AppData\Local\ABBYY 2015-09-27 21:54 - 2014-12-09 21:10 - 00000000 ____D C:\ProgramData\Skype 2015-09-27 19:35 - 2015-08-07 23:03 - 00000000 ____D C:\Users\Magdalena 2015-09-27 19:34 - 2015-04-15 01:08 - 00000000 ____D C:\Users\Magdalena\Downloads\MS Office 2010 Profesional [PL] 2015-09-27 18:58 - 2015-04-03 15:44 - 00000000 ____D C:\Users\Magdalena\AppData\Local\Battle.net 2015-09-27 18:37 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Cursors 2015-09-27 17:53 - 2015-08-07 23:00 - 00000000 ____D C:\Program Files\CONEXANT 2015-09-27 17:45 - 2015-08-07 23:00 - 00000000 ____D C:\ProgramData\Conexant 2015-09-25 17:24 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-09-24 21:23 - 2014-12-06 22:18 - 00000932 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1545690670-3743458166-3130793004-1001Core.job 2015-09-23 22:08 - 2015-07-10 11:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-09-23 22:07 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-09-23 22:07 - 2013-08-22 15:36 - 00000000 ____D C:\Users\Default.migrated 2015-09-23 15:06 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-09-23 08:35 - 2015-07-24 17:14 - 00000009 _____ C:\Users\Magdalena\AppData\Roaming\update.dat 2015-09-16 23:39 - 2015-08-07 23:22 - 01836100 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-09-16 23:39 - 2015-07-10 18:30 - 00813762 _____ C:\WINDOWS\system32\perfh015.dat 2015-09-16 23:39 - 2015-07-10 18:30 - 00156260 _____ C:\WINDOWS\system32\perfc015.dat 2015-09-16 12:07 - 2014-12-01 20:51 - 00000000 ____D C:\Users\Magdalena\AppData\Local\Packages 2015-09-15 18:12 - 2015-08-12 08:44 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-09-15 18:12 - 2015-08-12 08:44 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-15 15:59 - 2014-12-02 08:33 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-09-15 14:34 - 2014-12-09 21:11 - 00000000 ____D C:\Users\Magdalena\AppData\Roaming\Skype 2015-09-14 18:01 - 2015-08-09 11:45 - 00000000 ___RD C:\Users\Magdalena\OneDrive 2015-09-14 17:56 - 2014-05-15 19:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-09-14 17:56 - 2014-05-15 19:15 - 00000000 ____D C:\ProgramData\WildTangent 2015-09-14 17:56 - 2014-05-15 19:15 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2015-09-14 17:54 - 2014-12-01 14:11 - 00000000 __SHD C:\Users\Magdalena\AppData\Local\EmieUserList 2015-09-14 17:54 - 2014-12-01 14:11 - 00000000 __SHD C:\Users\Magdalena\AppData\Local\EmieSiteList 2015-08-29 20:52 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-12-01 20:53 - 2015-09-28 04:53 - 0000093 _____ () C:\Users\Magdalena\AppData\Roaming\sp_data.sys 2015-07-24 17:14 - 2015-09-23 08:35 - 0000009 _____ () C:\Users\Magdalena\AppData\Roaming\update.dat 2015-01-02 20:38 - 2015-01-02 20:38 - 0000043 _____ () C:\Users\Magdalena\AppData\Roaming\WB.CFG 2014-12-01 20:51 - 2015-08-07 22:33 - 0940825 _____ () C:\Users\Magdalena\AppData\Local\BTServer.log 2014-12-04 18:17 - 2015-01-02 21:16 - 0001821 _____ () C:\ProgramData\hpzinstall.log 2014-05-15 19:14 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-05-15 19:14 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-05-15 19:14 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\SetStretch.VBS Niektóre pliki w TEMP: ==================== C:\Users\Magdalena\AppData\Local\Temp\KUIU.EXE C:\Users\Magdalena\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-09-27 11:51 ==================== Koniec FRST.txt ============================