Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:04-10-2015 Uruchomiony przez MAGDA (administrator) MAGDA (06-10-2015 00:17:34) Uruchomiony z C:\Users\MAGDA\Downloads Załadowane profile: MAGDA (Dostępne profile: MAGDA) Platform: Windows 8.1 Connected (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe (Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QAEvent.exe (Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMTray.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerWinMonitor.exe (Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe (Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QAMsg.exe (Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QuickAccess.exe (acer) C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications) HKU\S-1-5-21-3679323292-2381456270-572968583-1001\...\MountPoints2: {d9142666-5d60-11e5-8289-f8a963da75f8} - "D:\AutoRun.exe" AppInit_DLLs: C:\ProgramData\Saophase\Keytom.dll => Brak pliku AppInit_DLLs-x32: C:\ProgramData\Saophase\Coffax.dll => Brak pliku GroupPolicy: Ograniczenia - Chrome <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{F311A10E-B441-4A4C-B45D-CCDB3B7F5E00}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54V4419_WDCWD5000LPVX-22V0TT0&tm=1443701668 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54V4419_WDCWD5000LPVX-22V0TT0&tm=1443701668 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54V4419_WDCWD5000LPVX-22V0TT0&tm=1443701668 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54V4419_WDCWD5000LPVX-22V0TT0&tm=1443701668 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3679323292-2381456270-572968583-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54V4419_WDCWD5000LPVX-22V0TT0&tm=1443701668 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3679323292-2381456270-572968583-1001 -> {98B4F0C1-E3B7-45CA-845E-48519D6FCDED} URL = BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\MAGDA\AppData\Roaming\Mozilla\Firefox\Profiles\5oulrr1n.default-1444077844866 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 LMSvc; C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate) R3 QASvc; C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R3 RMSvc; C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate) R3 UEIPSvc; C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 Saophase; C:\ProgramData\\Saophase\\Saophase.exe -f "C:\ProgramData\\Saophase\\Saophase.dat" -l -a ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 ETDI2C; C:\Windows\system32\DRIVERS\ETDI2C.sys [173384 2014-04-09] (ELAN Microelectronic Corp.) S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation) R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X] S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-10-06 00:17 - 2015-10-06 00:18 - 00011199 _____ C:\Users\MAGDA\Downloads\FRST.txt 2015-10-06 00:17 - 2015-10-06 00:17 - 00000000 ____D C:\Users\MAGDA\Downloads\FRST-OlderVersion 2015-10-06 00:14 - 2015-10-06 00:14 - 01681408 _____ C:\Users\MAGDA\Downloads\AdwCleaner.pl 5.010.exe 2015-10-06 00:10 - 2015-10-06 00:10 - 00001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-10-06 00:10 - 2015-10-06 00:10 - 00001131 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-10-06 00:09 - 2015-10-06 00:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-06 00:09 - 2015-10-06 00:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-10-05 23:49 - 2015-10-05 23:50 - 00001369 _____ C:\AdwCleaner[S14].txt 2015-10-05 23:44 - 2015-10-05 23:44 - 00001349 _____ C:\AdwCleaner[C13].txt 2015-10-05 23:42 - 2015-10-05 23:43 - 00001243 _____ C:\AdwCleaner[S13].txt 2015-10-05 23:37 - 2015-10-05 23:37 - 00001876 _____ C:\AdwCleaner[C12].txt 2015-10-05 23:35 - 2015-10-05 23:36 - 00001696 _____ C:\AdwCleaner[S12].txt 2015-10-05 22:08 - 2015-10-05 23:35 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-10-05 22:08 - 2015-10-05 22:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-05 22:08 - 2015-10-05 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-05 22:07 - 2015-10-05 22:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-10-05 22:07 - 2015-10-05 22:07 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-10-05 22:07 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-05 22:07 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-05 22:07 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-10-05 22:01 - 2015-10-06 00:17 - 00000000 ____D C:\FRST 2015-10-05 21:53 - 2015-10-05 21:54 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\MAGDA\Downloads\mbam-setup-2.1.4.1018.exe 2015-10-05 16:38 - 2015-10-05 23:40 - 00059950 _____ C:\Windows\PFRO.log 2015-10-03 15:41 - 2015-10-03 21:49 - 00003804 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-10-03 15:40 - 2015-10-05 16:39 - 00000000 ____D C:\Users\MAGDA\AppData\Local\Google 2015-10-03 15:40 - 2015-10-05 10:24 - 00000000 ____D C:\Program Files (x86)\Google 2015-10-03 10:40 - 2015-10-03 10:40 - 00000000 ____D C:\Users\MAGDA\PicStream 2015-10-03 10:39 - 2015-10-03 10:39 - 00000000 ____D C:\Users\MAGDA\AppData\Local\BMExplorer 2015-10-02 12:49 - 2015-10-06 00:15 - 01284096 ___SH C:\Users\MAGDA\Downloads\Thumbs.db 2015-10-02 11:57 - 2015-10-02 11:57 - 00003242 _____ C:\Windows\System32\Tasks\netupodtep 2015-10-01 19:40 - 2015-10-01 19:40 - 04875861 _____ C:\Program Files\Common Files\2efgtdgq.exe 2015-10-01 19:40 - 2015-10-01 19:40 - 00000000 ____D C:\Program Files\Common Files\i0veoalc 2015-10-01 19:28 - 2015-10-01 19:28 - 00000000 ____D C:\Users\MAGDA\AppData\Roaming\MPC-HC 2015-10-01 19:11 - 2015-10-01 19:11 - 00000000 ____D C:\Users\MAGDA\AppData\Local\Macromedia 2015-10-01 17:13 - 2015-10-05 16:39 - 00000266 __RSH C:\ProgramData\ntuser.pol 2015-10-01 14:14 - 2015-10-01 14:14 - 00000000 ____D C:\Users\MAGDA\AppData\Roaming\shortCutStore 2015-10-01 13:51 - 2015-10-01 18:00 - 00000000 ____D C:\Users\MAGDA\AppData\Local\Tempfolder 2015-10-01 13:51 - 2015-10-01 13:51 - 00000000 ____D C:\Users\MAGDA\AppData\LocalLow\Company 2015-10-01 11:57 - 2015-10-01 14:14 - 00000000 ____D C:\Users\MAGDA\AppData\Roaming\RunDir 2015-10-01 11:39 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-10-01 11:37 - 2015-10-05 23:10 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-10-01 11:35 - 2015-10-01 18:14 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-09-28 13:06 - 2015-09-28 13:06 - 00000000 ____D C:\Users\MAGDA\AppData\Roaming\YouSendIt 2015-09-28 13:01 - 2015-09-30 21:27 - 00000000 ____D C:\Windows\Downloaded Installations 2015-09-27 14:41 - 2015-10-05 23:45 - 00003634 _____ C:\Windows\setupact.log 2015-09-27 14:41 - 2015-09-27 14:41 - 00000000 _____ C:\Windows\setuperr.log 2015-09-27 14:35 - 2015-10-05 22:00 - 00000000 ____D C:\Users\MAGDA\Desktop\domóvka 2015-09-27 14:32 - 2015-09-27 14:32 - 00000000 ____D C:\Users\MAGDA\AppData\LocalLow\BitTorrent 2015-09-09 16:54 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-09 16:54 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-09 16:54 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-09 16:54 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-09 16:54 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-09 16:54 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-09 16:54 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-09 16:54 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-09 16:54 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-09 16:54 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-09 16:54 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-09 16:54 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-09 16:54 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-09-09 16:54 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-09 16:54 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-09 16:54 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-09 16:54 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-09 16:54 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-09 16:54 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-09 16:54 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-09 16:54 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-09-09 16:54 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-09-09 16:54 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-09 16:54 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-09 16:54 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-09 16:53 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-09 16:53 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-09 16:53 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-09 16:53 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-09 16:53 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-09 16:53 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-09 16:53 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-09-09 16:53 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-09 16:53 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-09-09 16:53 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-09 16:53 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-09 16:53 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-09 16:53 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-09 16:53 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-09 16:53 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-09 16:53 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-09 16:53 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-09-09 16:53 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-09 16:53 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-09-09 16:53 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-09 16:53 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-09 16:53 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-09 16:53 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-09 16:53 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-09 16:53 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-09 16:53 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-09 16:53 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-09 16:52 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-09 16:52 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-09 16:52 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-09 16:52 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-09 16:52 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-09 16:52 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-09 16:52 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-09 16:52 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-09 16:52 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2015-09-09 16:52 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe 2015-09-09 16:52 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-09 16:52 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2015-09-09 16:52 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe 2015-09-09 16:52 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-09 16:52 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2015-09-09 16:52 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-09 16:52 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2015-09-09 16:52 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll 2015-09-09 16:52 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2015-09-09 16:52 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll 2015-09-09 16:52 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2015-09-09 16:52 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe 2015-09-09 16:52 - 2015-07-13 21:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml 2015-09-09 16:52 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-09-09 16:52 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-09-09 16:52 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-09-09 16:52 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2015-09-09 16:51 - 2015-07-10 21:06 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2021-10-21 15:36 - 2014-07-16 12:14 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.DAT 2021-10-04 09:34 - 2014-07-16 12:14 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.DAT 2015-10-06 00:17 - 2014-12-25 14:31 - 02193920 _____ (Farbar) C:\Users\MAGDA\Downloads\FRST64.exe 2015-10-06 00:15 - 2015-02-10 22:59 - 00000000 ____D C:\Users\MAGDA\Downloads\Bogowie 2014 PL.WEBRip.XviD Film polski 2015-10-06 00:07 - 2014-11-30 22:50 - 01289163 _____ C:\Windows\WindowsUpdate.log 2015-10-06 00:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-10-05 23:58 - 2014-10-11 14:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3679323292-2381456270-572968583-1001 2015-10-05 23:56 - 2014-07-16 12:35 - 00000000 ____D C:\Program Files (x86)\Acer 2015-10-05 23:54 - 2014-07-16 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-10-05 23:50 - 2014-07-16 21:32 - 00807160 _____ C:\Windows\system32\perfh015.dat 2015-10-05 23:50 - 2014-07-16 21:32 - 00163478 _____ C:\Windows\system32\perfc015.dat 2015-10-05 23:50 - 2014-03-18 11:47 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-05 23:48 - 2014-10-11 14:25 - 00000000 __RDO C:\Users\MAGDA\OneDrive 2015-10-05 23:45 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-05 23:40 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-10-05 23:37 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\schemas 2015-10-05 23:35 - 2015-06-16 18:25 - 00001350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-10-05 23:35 - 2015-06-16 18:25 - 00001281 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-10-05 23:35 - 2014-10-18 14:47 - 00001862 _____ C:\Users\Public\Desktop\Canon My Printer.lnk 2015-10-05 23:35 - 2014-07-16 12:49 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2015-10-05 23:35 - 2014-05-06 05:42 - 00002475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-10-05 23:35 - 2013-12-29 12:05 - 00002237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-10-05 23:34 - 2015-06-26 20:19 - 00001043 _____ C:\Users\MAGDA\Desktop\Odkurzacz.lnk 2015-10-05 23:34 - 2014-12-13 14:05 - 00000561 _____ C:\Users\MAGDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panel sterowania.lnk 2015-10-05 23:34 - 2014-11-12 20:17 - 00000379 _____ C:\Users\MAGDA\Desktop\Panel sterowania.lnk 2015-10-05 23:34 - 2014-10-18 14:47 - 00002189 _____ C:\Users\MAGDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canon My Printer.lnk 2015-10-05 23:34 - 2014-10-11 15:08 - 00000890 _____ C:\Users\MAGDA\Desktop\Dokumenty.lnk 2015-10-05 23:34 - 2014-10-11 15:08 - 00000448 _____ C:\Users\MAGDA\Desktop\Ten komputer.lnk 2015-10-05 23:34 - 2014-10-11 15:07 - 00000886 _____ C:\Users\MAGDA\Desktop\Downloads.lnk 2015-10-05 23:34 - 2014-10-11 14:22 - 00002239 _____ C:\Users\MAGDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-10-05 23:34 - 2014-10-11 14:20 - 00001284 _____ C:\Users\MAGDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Menedżer HD Audio.lnk 2015-10-05 23:34 - 2014-10-11 14:18 - 00000973 _____ C:\Users\MAGDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-10-05 23:34 - 2014-10-11 14:16 - 00000469 _____ C:\Users\MAGDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-10-05 23:34 - 2014-10-11 14:16 - 00000467 _____ C:\Users\MAGDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-10-05 23:29 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-10-05 23:20 - 2014-10-11 14:49 - 00003972 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A69A9F7C-FF63-4E2B-A267-4DA4E8412726} 2015-10-05 22:59 - 2014-07-16 12:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-10-05 22:36 - 2014-12-19 21:35 - 00000000 ____D C:\Windows\PCHEALTH 2015-10-05 22:00 - 2015-08-07 21:00 - 00000000 ____D C:\Users\MAGDA\Desktop\moje moje moje 2015-10-05 21:35 - 2015-08-26 18:29 - 00000000 ____D C:\Users\MAGDA\AppData\Local\CrashDumps 2015-10-05 16:51 - 2014-10-11 14:17 - 00000000 ____D C:\Users\MAGDA\AppData\Local\Packages 2015-10-04 19:35 - 2014-12-26 22:37 - 00000000 ____D C:\Users\MAGDA\Documents\Bluetooth Folder 2015-10-03 13:15 - 2015-06-16 18:19 - 00000000 ____D C:\Users\MAGDA\AppData\Local\Windows Live 2015-10-03 13:13 - 2015-06-12 12:29 - 00000000 ____D C:\Users\MAGDA\Desktop\filmiki dzieci 2015-10-03 13:10 - 2014-12-13 20:30 - 00000000 ____D C:\Users\MAGDA\Desktop\FILMY VANESSA I SAMANA 2015-10-03 12:47 - 2015-01-09 21:49 - 00000000 ____D C:\Users\MAGDA\Desktop\ZDJĘCIA 2015-10-03 10:40 - 2014-10-11 14:16 - 00000000 ____D C:\Users\MAGDA 2015-10-01 15:39 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-10-01 14:39 - 2013-08-22 15:25 - 00000269 _____ C:\Windows\win.ini 2015-09-30 21:40 - 2014-12-12 18:38 - 00000000 ____D C:\Users\MAGDA\AppData\Roaming\BitTorrent 2015-09-30 21:30 - 2014-07-16 12:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-09-29 13:58 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF 2015-09-28 21:39 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2015-09-27 21:17 - 2015-06-26 20:19 - 00003356 _____ C:\Windows\System32\Tasks\Odkurzacz 2015-09-26 11:09 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-09-17 19:25 - 2014-12-14 20:47 - 00493120 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-17 19:21 - 2014-03-18 11:33 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-17 19:21 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-17 19:14 - 2014-11-13 19:03 - 00000000 ____D C:\Windows\system32\MRT 2015-09-17 19:06 - 2014-12-19 21:33 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-15 03:18 - 2015-04-20 18:18 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-09-15 03:18 - 2015-04-20 18:18 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-10-01 19:40 - 2015-10-01 19:40 - 4875861 _____ () C:\Program Files\Common Files\2efgtdgq.exe 2015-10-01 18:40 - 2015-10-01 18:40 - 0000187 _____ () C:\Users\MAGDA\AppData\Local\Unodox.exe.config 2014-07-16 12:14 - 2014-07-16 12:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-10-01 11:37 - 2015-10-05 23:10 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Niektóre pliki w TEMP: ==================== C:\Users\MAGDA\AppData\Local\Temp\bdzshl64.dll C:\Users\MAGDA\AppData\Local\Temp\nsr2805.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-09-28 21:07 ==================== Koniec FRST.txt ============================