Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:31-12-2015 Uruchomiony przez Łukasz (administrator) LUKASZ (06-01-2016 10:02:59) Uruchomiony z C:\Users\Łukasz\Downloads Załadowane profile: UpdatusUser & Łukasz (Dostępne profile: UpdatusUser & Łukasz) Platform: Windows 8 (X64) Język: Polski (Polska) Internet Explorer Wersja 10 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (EFD Software) D:\Program Files (x86)\HD Tune\HDTune.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.31\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.31\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.31\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.31\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.31\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.31\opera.exe () D:\Program Files\ScreenShooter5\ScreenShooter5.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.31\opera.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-03-27] (Atheros Communications) HKU\S-1-5-21-57611045-766367840-3988180731-1002\...\Run: [ScreenShooter] => D:\Program Files\ScreenShooter5\ScreenShooter5.exe [967680 2015-09-18] () AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-07-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-07-08] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Brak pliku ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Brak pliku ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Brak pliku ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Brak pliku ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Brak pliku ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Brak pliku ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{24E02092-F923-469D-A9D6-56B37A9D7506}: [DhcpNameServer] 127.0.0.1 Tcpip\..\Interfaces\{9D1A4CB6-7270-4F87-8E17-4696CAA719C3}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-57611045-766367840-3988180731-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKU\S-1-5-21-57611045-766367840-3988180731-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com HKU\S-1-5-21-57611045-766367840-3988180731-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} HKU\S-1-5-21-57611045-766367840-3988180731-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms} HKU\S-1-5-21-57611045-766367840-3988180731-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKU\S-1-5-21-57611045-766367840-3988180731-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com HKU\S-1-5-21-57611045-766367840-3988180731-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} HKU\S-1-5-21-57611045-766367840-3988180731-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-57611045-766367840-3988180731-1001 -> DefaultScope {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-57611045-766367840-3988180731-1001 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-57611045-766367840-3988180731-1002 -> DefaultScope {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-57611045-766367840-3988180731-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-57611045-766367840-3988180731-1002 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms} BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-03-27] (Qualcomm Atheros Commnucations) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated) FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] () FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R4 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Brak podpisu cyfrowego] R4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-03-27] (Qualcomm Atheros Commnucations) [Brak podpisu cyfrowego] R4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-05-01] (Microsoft Corporation) R4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-03-27] (Atheros) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-27] (Qualcomm Atheros) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-05-01] (Broadcom Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35232 2013-05-01] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [230904 2013-05-01] (Microsoft Corporation) U0 msahci; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-06 10:01 - 2016-01-06 10:01 - 00033426 _____ C:\Users\Łukasz\Downloads\Shortcut.txt 2016-01-06 09:56 - 2016-01-06 10:02 - 00014099 _____ C:\Users\Łukasz\Downloads\FRST.txt 2016-01-06 09:53 - 2016-01-06 10:02 - 00000000 ____D C:\FRST 2016-01-06 09:52 - 2016-01-06 09:53 - 02370560 _____ (Farbar) C:\Users\Łukasz\Downloads\FRST64.exe 2016-01-06 09:45 - 2016-01-06 09:45 - 00000686 _____ C:\Users\Łukasz\Desktop\Screen Shooter 5.lnk 2016-01-06 09:45 - 2016-01-06 09:45 - 00000686 _____ C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screen Shooter 5.lnk 2016-01-06 09:45 - 2016-01-06 09:45 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-06 09:44 - 2016-01-06 09:44 - 00164352 _____ (ScreenShooter.net) C:\Users\Łukasz\Downloads\ScreenShooter5-Setup.exe 2016-01-06 09:36 - 2016-01-06 10:02 - 00025246 _____ C:\Users\Łukasz\Downloads\Addition.txt 2016-01-06 09:17 - 2016-01-06 09:17 - 00003274 _____ C:\WINDOWS\System32\Tasks\psv_Finlam 2016-01-06 09:17 - 2016-01-06 09:17 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\Opera Software 2016-01-06 09:17 - 2016-01-06 09:17 - 00000000 ____D C:\Users\Łukasz\AppData\Local\Opera Software 2016-01-06 09:06 - 2016-01-06 09:06 - 00003876 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1452067584 2016-01-06 09:06 - 2016-01-06 09:06 - 00003252 _____ C:\WINDOWS\System32\Tasks\Opera N Sunday 2016-01-06 09:06 - 2016-01-06 09:06 - 00003252 _____ C:\WINDOWS\System32\Tasks\Opera N Saturday 2016-01-06 09:06 - 2016-01-06 09:06 - 00001914 _____ C:\Users\Łukasz\Desktop\Facebook.lnk 2016-01-06 09:06 - 2016-01-06 09:06 - 00001133 _____ C:\Users\Public\Desktop\Opera.lnk 2016-01-06 09:06 - 2016-01-06 09:06 - 00001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-01-06 09:06 - 2016-01-06 09:06 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\Shortcut 2016-01-06 09:03 - 2016-01-06 09:03 - 00003264 _____ C:\WINDOWS\System32\Tasks\psv_Tamtone 2016-01-06 09:03 - 2016-01-06 09:03 - 00002377 _____ C:\WINDOWS\SysWOW64\findit.xml 2016-01-06 09:03 - 2016-01-06 09:03 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\Mozilla 2016-01-06 09:02 - 2016-01-06 09:17 - 00000000 ____D C:\Program Files (x86)\Opera 2016-01-06 09:02 - 2016-01-06 09:02 - 00003262 _____ C:\WINDOWS\System32\Tasks\psv_Lotron 2016-01-06 09:02 - 2016-01-06 09:02 - 00003260 _____ C:\WINDOWS\System32\Tasks\psv_Treebam 2016-01-06 09:02 - 2016-01-06 09:02 - 00000649 _____ C:\Users\Łukasz\Desktop\HD Tune.lnk 2016-01-06 09:02 - 2016-01-06 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2016-01-06 09:01 - 2016-01-06 09:01 - 00951208 _____ (Installer program ) C:\Users\Łukasz\Downloads\HD-Tune-12177-dp.exe 2016-01-06 09:01 - 2016-01-06 09:01 - 00642632 _____ (EFD Software ) C:\Users\Łukasz\Downloads\hdtune_255.exe 2016-01-06 08:26 - 2016-01-06 08:26 - 00000000 ____D C:\Users\Łukasz\AppData\Local\CrashDumps 2016-01-06 08:20 - 2016-01-06 08:20 - 06885744 _____ (Microsoft Corporation) C:\Users\Łukasz\Downloads\WindowsUpdateAgent30-x64.exe 2016-01-05 04:34 - 2015-09-12 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2016-01-05 04:34 - 2015-09-12 14:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll 2016-01-05 04:34 - 2015-09-12 14:29 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appserverai.dll 2016-01-05 04:34 - 2015-09-12 14:29 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDWebAI.dll 2016-01-05 04:34 - 2015-09-12 14:29 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmHostAI.dll 2016-01-05 04:34 - 2012-11-10 05:23 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2016-01-05 03:45 - 2014-05-15 02:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-01-05 03:45 - 2014-05-14 23:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-01-05 03:45 - 2014-05-14 23:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2016-01-05 03:45 - 2014-05-14 23:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2016-01-05 03:45 - 2014-05-14 23:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2016-01-05 03:45 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-01-04 23:04 - 2016-01-04 23:04 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\Macromedia 2016-01-04 19:04 - 2016-01-04 19:04 - 00000000 ____D C:\Users\Łukasz\AppData\LocalLow\SKS 2016-01-04 19:03 - 2016-01-04 19:03 - 00000291 _____ C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Komputer.lnk 2016-01-04 18:59 - 2016-01-04 18:59 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\WinRAR 2016-01-04 18:59 - 2016-01-04 18:59 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-01-04 18:59 - 2016-01-04 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-01-04 18:58 - 2016-01-04 18:58 - 02113552 _____ C:\Users\Łukasz\Downloads\winrar-x64-521pl.exe 2016-01-04 18:54 - 2016-01-04 18:55 - 00000000 ____D C:\Users\Łukasz\Desktop\Nowy folder 2016-01-04 18:54 - 2016-01-04 18:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2016-01-04 18:49 - 2016-01-04 18:49 - 00000000 ____D C:\Users\Łukasz\Documents\Bluetooth Folder 2016-01-04 18:49 - 2016-01-04 18:49 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\Atheros 2016-01-04 18:49 - 2016-01-04 18:49 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\ASUS WebStorage 2016-01-04 18:49 - 2016-01-04 18:49 - 00000000 ____D C:\Users\Łukasz\AppData\Local\BMExplorer 2016-01-04 18:48 - 2016-01-06 09:17 - 00001448 _____ C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-04 18:48 - 2016-01-04 18:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2016-01-04 18:48 - 2016-01-04 18:48 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\Adobe 2016-01-04 18:46 - 2016-01-06 08:59 - 00000062 _____ C:\Users\Łukasz\AppData\Roaming\sp_data.sys 2016-01-04 18:45 - 2016-01-05 14:20 - 00000000 ____D C:\Users\Łukasz 2016-01-04 18:45 - 2016-01-04 18:48 - 00000000 ____D C:\Users\Łukasz\AppData\Local\Packages 2016-01-04 18:45 - 2016-01-04 18:46 - 00000000 ____D C:\Users\Łukasz\AppData\Local\ASUS 2016-01-04 18:45 - 2016-01-04 18:45 - 00000020 ___SH C:\Users\Łukasz\ntuser.ini 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 _SHDL C:\Users\Łukasz\Ustawienia lokalne 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 _SHDL C:\Users\Łukasz\Szablony 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 _SHDL C:\Users\Łukasz\Moje dokumenty 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 _SHDL C:\Users\Łukasz\Menu Start 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 _SHDL C:\Users\Łukasz\Documents\Moje wideo 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 _SHDL C:\Users\Łukasz\Documents\Moje obrazy 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 _SHDL C:\Users\Łukasz\Documents\Moja muzyka 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 _SHDL C:\Users\Łukasz\Dane aplikacji 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 _SHDL C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 _SHDL C:\Users\Łukasz\AppData\Local\Historia 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 _SHDL C:\Users\Łukasz\AppData\Local\Dane aplikacji 2016-01-04 18:45 - 2016-01-04 18:45 - 00000000 ____D C:\Users\Łukasz\AppData\Local\VirtualStore 2016-01-04 18:45 - 2013-05-01 12:16 - 00002098 _____ C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk 2016-01-04 17:59 - 2016-01-04 17:59 - 00000000 __RHD C:\Users\Public\AccountPictures ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-06 10:00 - 2012-07-26 06:37 - 00000000 ____D C:\Windows 2016-01-06 09:50 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-01-06 08:40 - 2013-05-01 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS 2016-01-06 08:40 - 2013-05-01 12:16 - 00000000 ____D C:\Program Files (x86)\ASUS 2016-01-05 14:16 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache 2016-01-05 14:13 - 2012-08-02 19:10 - 00730544 _____ C:\WINDOWS\system32\perfh00E.dat 2016-01-05 14:13 - 2012-08-02 19:10 - 00174018 _____ C:\WINDOWS\system32\perfc00E.dat 2016-01-05 14:13 - 2012-08-02 19:06 - 00718298 _____ C:\WINDOWS\system32\perfh005.dat 2016-01-05 14:13 - 2012-08-02 19:06 - 00147876 _____ C:\WINDOWS\system32\perfc005.dat 2016-01-05 14:13 - 2012-08-02 19:02 - 00794946 _____ C:\WINDOWS\system32\perfh015.dat 2016-01-05 14:13 - 2012-08-02 19:02 - 00159530 _____ C:\WINDOWS\system32\perfc015.dat 2016-01-05 14:13 - 2012-07-26 08:28 - 03564186 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-01-05 14:13 - 2012-07-26 06:37 - 00000000 ____D C:\WINDOWS\Inf 2016-01-05 14:05 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-01-05 14:05 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-01-05 14:04 - 2012-07-26 06:37 - 00000000 ____D C:\WINDOWS\servicing 2016-01-05 13:44 - 2013-05-01 12:18 - 00000000 ____D C:\ProgramData\McAfee 2016-01-05 08:13 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps 2016-01-05 05:15 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2016-01-04 18:54 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-01-04 18:49 - 2013-08-23 21:52 - 00000000 ____D C:\ProgramData\Atheros 2016-01-04 18:49 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2016-01-04 18:47 - 2012-08-02 14:33 - 00000000 ____D C:\WINDOWS\Log 2016-01-04 18:45 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-01-04 18:45 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore 2016-01-04 18:43 - 2013-05-01 12:07 - 00281544 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-01-04 17:58 - 2012-08-02 23:24 - 00000000 ____D C:\WINDOWS\Panther 2016-01-04 17:55 - 2012-07-26 09:13 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-01-04 18:46 - 2016-01-06 08:59 - 0000062 _____ () C:\Users\Łukasz\AppData\Roaming\sp_data.sys 2013-05-01 12:15 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2013-05-01 12:15 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2013-05-01 12:15 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Niektóre pliki w TEMP: ==================== C:\Users\Łukasz\AppData\Local\Temp\Freshlam.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo