Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:27-02-2016 Uruchomiony przez natala (administrator) AKA (28-02-2016 23:23:00) Uruchomiony z D:\ Załadowane profile: natala (Dostępne profile: natala) Platform: Windows 8.1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (Winzipper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (tsvr.com) C:\Users\natala\AppData\Roaming\TSv\TSvr.exe (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe (TFuns LIMITED) C:\ProgramData\DWdMD\WdMan.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (XTab system) C:\Program Files (x86)\MiuiTab\ProtectService.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe () C:\ProgramData\Google\update\GoogleUpdate.exe () C:\ProgramData\Google\update\GoogleUpdate.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82\opera.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.18190_x64__8wekyb3d8bbwe\glcnd.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.) HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\Run: [Facebook Update] => C:\Users\natala\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-31] (Facebook Inc.) HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\Run: [IPLA!] => C:\Program Files (x86)\ipla\ipla.exe [21406496 2015-12-03] (Cyfrowy Polsat S.A.) HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\MountPoints2: {0b2b6ed6-ff75-11e3-be86-d850e6a012e0} - "F:\Setup.exe" HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\MountPoints2: {12013514-98e7-11e4-bea1-d850e6a012e0} - "G:\Setup.exe" HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\MountPoints2: {120136ad-98e7-11e4-bea1-d850e6a012e0} - "G:\AutoRun.exe" HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\MountPoints2: {6b686484-0d5a-11e5-bebc-d850e6a012e0} - "G:\LGAutoRun.exe" HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\MountPoints2: {9f6a4950-d8e5-11e3-be81-d850e6a012e0} - "F:\Setup.exe" HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\...\MountPoints2: {b4ed0ada-d4ce-11e4-beb2-d850e6a012e0} - "G:\AutoRun.exe" AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => Brak pliku AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => Brak pliku ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Brak pliku ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Brak pliku ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Brak pliku ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Brak pliku ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Brak pliku ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Brak pliku ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{A5A3D6F2-125D-413F-80CF-C9964A87DE41}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{A5A3D6F2-125D-413F-80CF-C9964A87DE41}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{DAA80020-DE4B-4935-A099-7B5B246B3CBA}: [DhcpNameServer] 40.52.1.201 40.52.1.203 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418377699&from=wpm12123&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418377699&from=wpm12123&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404286782&from=smt&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404286782&from=smt&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418377699&from=wpm12123&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418377699&from=wpm12123&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404286782&from=smt&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404286782&from=smt&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5&q={searchTerms} HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1418377699&from=wpm12123&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5&q={searchTerms} HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418377699&from=wpm12123&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5 HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418377699&from=wpm12123&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5 HKU\S-1-5-21-2750964564-3421185021-1369942512-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1418377699&from=wpm12123&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5&q={searchTerms} SearchScopes: HKU\S-1-5-21-2750964564-3421185021-1369942512-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1449097218&z=c9e5b8c9118f6df99065842g2zdz8t8e9t0m9o4o1w&from=ient07021&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5&q={searchTerms} SearchScopes: HKU\S-1-5-21-2750964564-3421185021-1369942512-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2750964564-3421185021-1369942512-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2750964564-3421185021-1369942512-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1449097218&z=c9e5b8c9118f6df99065842g2zdz8t8e9t0m9o4o1w&from=ient07021&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5&q={searchTerms} SearchScopes: HKU\S-1-5-21-2750964564-3421185021-1369942512-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] () FF Plugin HKU\S-1-5-21-2750964564-3421185021-1369942512-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\natala\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) Chrome: ======= CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1431104912&z=b1dd1d9422089a86b9aa35eg1z4c0g0g1e6zftbg5t&from=wpm05083&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5 CHR StartupUrls: Default -> "hxxp://www.delta-homes.com/?type=hp&ts=1431104912&z=b1dd1d9422089a86b9aa35eg1z4c0g0g1e6zftbg5t&from=wpm05083&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43LUFH5LUFH5" CHR DefaultSearchURL: Default -> hxxp://v9.com/web?type=ds&ts=1450287688&from=zzgbkk123&uid=wdcxwd5000lpvx-80v0tt0_wd-wxh1e43lufh5lufh5&z=801f327b351cb6adb40ebe7g3z1wceeo3b4m9qctaq&q={searchTerms} CHR DefaultSearchKeyword: Default -> v9 CHR Profile: C:\Users\natala\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\natala\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\natala\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS) R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Brak podpisu cyfrowego] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 gprotect; C:\ProgramData\Google\update\GoogleUpdate.exe [315008 2016-01-28] () R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [119808 2015-12-25] (XTab system) [Brak podpisu cyfrowego] R2 IhPul; C:\Users\natala\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [172192 2015-12-24] (TODO: <公司名>) R2 WdMan; C:\ProgramData\DWdMD\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [682240 2016-02-16] (Winzipper Pvt Ltd.) <==== UWAGA R2 WMModules; C:\ProgramData\Google\update\GoogleUpdate.exe [315008 2016-01-28] () S2 WSModules; C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe [505984 2016-01-28] () S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] () R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-02] (Disc Soft Ltd) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-02-28 23:21 - 2016-02-28 23:23 - 00000000 ____D C:\FRST 2016-02-28 23:02 - 2016-02-28 23:02 - 00003076 _____ C:\WINDOWS\System32\Tasks\{18E86190-39DA-4B95-A7F3-9D853326EC20} 2016-02-22 20:21 - 2016-02-22 20:21 - 06602164 _____ C:\Users\natala\Downloads\promocje zima 2016.pdf 2016-02-22 08:35 - 2016-02-22 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2016-02-18 22:51 - 2016-02-28 22:56 - 00002002 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-02-18 22:29 - 2016-02-18 22:30 - 00000000 ____D C:\Users\natala\Desktop\Nowy folder (3) 2016-02-10 16:09 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-02-10 16:09 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-02-10 16:09 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-02-10 16:09 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-02-10 16:09 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-02-10 16:09 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-02-10 16:09 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-02-10 16:09 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-02-09 23:40 - 2016-01-15 02:42 - 00033472 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-02-09 23:40 - 2016-01-14 21:44 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-02-09 23:40 - 2016-01-14 21:44 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-02-09 23:40 - 2016-01-14 21:44 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-02-09 23:40 - 2016-01-14 21:44 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-02-09 23:40 - 2016-01-14 21:44 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-02-09 23:40 - 2016-01-14 21:44 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-02-09 23:40 - 2016-01-10 20:37 - 00442720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-02-09 23:40 - 2016-01-10 19:39 - 00332640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-02-09 23:40 - 2016-01-10 19:15 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-02-09 23:40 - 2016-01-10 19:15 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-02-09 23:40 - 2016-01-10 18:43 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-02-09 23:40 - 2016-01-10 18:09 - 01442304 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-02-09 23:40 - 2016-01-10 18:09 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-02-09 23:40 - 2016-01-10 18:02 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-02-09 23:40 - 2016-01-10 17:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2016-02-09 23:40 - 2016-01-10 17:43 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-02-09 23:39 - 2016-01-22 09:01 - 22365992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-02-09 23:39 - 2016-01-22 08:11 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-02-09 23:39 - 2016-01-22 06:25 - 14467072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-02-09 23:39 - 2016-01-22 06:14 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-02-09 23:39 - 2016-01-22 06:07 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-02-09 23:39 - 2016-01-22 05:58 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-02-09 23:39 - 2016-01-10 20:37 - 00136912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-02-09 23:39 - 2016-01-10 17:51 - 03707392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-02-09 23:39 - 2016-01-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2016-02-09 23:39 - 2016-01-10 17:38 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2016-02-09 23:39 - 2016-01-10 17:36 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2016-02-09 23:39 - 2016-01-10 17:36 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2016-02-09 23:39 - 2016-01-10 17:35 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2016-02-09 23:39 - 2016-01-10 17:35 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-02-09 23:39 - 2016-01-10 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2016-02-09 23:39 - 2016-01-10 17:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2016-02-09 23:39 - 2016-01-10 17:27 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2016-02-09 23:39 - 2016-01-10 17:26 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-02-09 22:33 - 2016-01-19 20:14 - 07453024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-02-09 22:33 - 2016-01-19 20:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-02-09 22:33 - 2016-01-19 20:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-02-09 22:33 - 2016-01-19 20:12 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-02-09 22:33 - 2016-01-19 20:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-02-09 22:33 - 2016-01-19 19:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-02-09 22:33 - 2016-01-19 19:23 - 01501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-02-09 22:33 - 2016-01-19 19:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-02-09 22:33 - 2016-01-19 19:15 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-02-09 22:33 - 2016-01-19 18:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-02-09 22:33 - 2016-01-19 17:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-02-09 22:33 - 2016-01-10 18:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll 2016-02-09 22:33 - 2016-01-10 18:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-02-09 22:33 - 2016-01-10 18:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2016-02-09 22:33 - 2016-01-10 18:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll 2016-02-09 22:33 - 2016-01-10 18:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll 2016-02-09 22:33 - 2016-01-10 17:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-02-09 22:33 - 2016-01-10 17:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2016-02-09 22:33 - 2016-01-10 17:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll 2016-02-09 22:33 - 2016-01-10 17:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-02-09 22:33 - 2016-01-07 19:34 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-02-09 22:33 - 2016-01-06 19:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2016-02-09 22:33 - 2015-12-29 16:45 - 07783936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-02-09 22:33 - 2015-12-29 16:45 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-02-09 22:33 - 2015-12-29 16:43 - 05267968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-02-09 22:33 - 2015-12-29 16:42 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-02-09 22:33 - 2015-12-28 22:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll 2016-02-09 22:33 - 2015-12-28 21:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll 2016-02-09 22:32 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-02-09 22:32 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-02-09 22:32 - 2016-01-22 07:28 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-02-09 22:32 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-02-09 22:32 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-02-09 22:32 - 2016-01-22 06:55 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-02-09 22:32 - 2016-01-22 06:52 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-02-09 22:32 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-02-09 22:32 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-02-09 22:32 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-02-09 22:32 - 2016-01-22 06:48 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-02-09 22:32 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-02-09 22:32 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-02-09 22:32 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-02-09 22:32 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-02-09 22:32 - 2016-01-22 06:31 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-02-09 22:32 - 2016-01-22 06:28 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-02-09 22:32 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-02-09 22:32 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-02-09 22:32 - 2016-01-22 06:25 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-02-09 22:32 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-02-09 22:32 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-02-09 22:32 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-02-09 22:32 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-02-09 22:32 - 2015-12-17 19:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-02-09 22:32 - 2015-12-17 17:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-02-06 15:12 - 2016-02-06 15:12 - 00000000 ____D C:\ProgramData\Google ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-02-28 23:19 - 2014-03-31 19:50 - 08125952 ___SH C:\Users\natala\Downloads\Thumbs.db 2016-02-28 23:08 - 2014-03-25 22:22 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2750964564-3421185021-1369942512-1001 2016-02-28 23:02 - 2014-12-28 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2016-02-28 23:02 - 2014-12-28 19:33 - 00000000 ____D C:\Program Files (x86)\Origin 2016-02-28 23:01 - 2014-12-28 19:32 - 00000000 ____D C:\ProgramData\Origin 2016-02-28 22:59 - 2014-12-12 10:49 - 00000000 ____D C:\Program Files (x86)\WinZipper 2016-02-28 22:58 - 2014-03-25 14:44 - 00000062 _____ C:\Users\natala\AppData\Roaming\sp_data.sys 2016-02-28 22:56 - 2015-12-22 20:05 - 00000000 ____D C:\Program Files (x86)\crxbro Browser 2016-02-28 22:56 - 2014-12-28 17:06 - 00002014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-28 22:56 - 2014-03-25 15:18 - 00000000 ____D C:\Users\natala\AppData\Roaming\Skype 2016-02-28 22:56 - 2013-09-29 10:20 - 00003052 _____ C:\WINDOWS\System32\Tasks\ASUS P4G 2016-02-28 22:56 - 2013-09-29 10:19 - 00003268 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule 2016-02-28 22:56 - 2013-09-29 10:19 - 00003004 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU 2016-02-28 22:56 - 2013-09-29 10:19 - 00002988 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON 2016-02-28 22:56 - 2013-09-29 10:18 - 00003024 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus 2016-02-28 22:56 - 2013-09-29 10:11 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher 2016-02-28 22:54 - 2014-04-27 12:23 - 00000000 __RDO C:\Users\natala\OneDrive 2016-02-28 22:53 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-02-28 22:53 - 2013-08-22 15:44 - 00361728 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-02-28 22:48 - 2015-04-16 01:18 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-02-28 22:48 - 2014-03-18 10:40 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-28 22:48 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-02-28 22:48 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf 2016-02-28 22:48 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-02-28 22:40 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-02-28 22:38 - 2014-03-29 20:09 - 00000000 ____D C:\Program Files (x86)\Google 2016-02-28 22:36 - 2015-07-03 21:12 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-02-28 22:36 - 2014-12-28 17:04 - 00000000 __SHD C:\Users\natala\AppData\Local\EmieBrowserModeList 2016-02-28 22:36 - 2014-10-05 19:45 - 00000000 __SHD C:\Users\natala\AppData\Local\EmieUserList 2016-02-28 22:36 - 2014-10-05 19:45 - 00000000 __SHD C:\Users\natala\AppData\Local\EmieSiteList 2016-02-28 22:36 - 2014-03-27 20:20 - 02609152 ___SH C:\Users\natala\Desktop\Thumbs.db 2016-02-25 23:18 - 2015-09-28 11:02 - 00000000 ____D C:\Program Files (x86)\SFK 2016-02-25 22:49 - 2014-03-31 18:44 - 00000940 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2750964564-3421185021-1369942512-1001UA.job 2016-02-25 19:27 - 2015-02-12 01:41 - 00001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-02-25 19:27 - 2014-07-01 17:01 - 00003878 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1404230502 2016-02-25 19:27 - 2014-07-01 17:01 - 00000000 ____D C:\Program Files (x86)\Opera 2016-02-24 20:04 - 2015-02-19 19:29 - 00000000 ____D C:\ProgramData\ipla 2016-02-24 19:49 - 2014-03-31 18:44 - 00000918 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2750964564-3421185021-1369942512-1001Core.job 2016-02-21 13:47 - 2014-03-18 10:57 - 01825074 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-02-21 13:47 - 2014-03-18 10:28 - 00807160 _____ C:\WINDOWS\system32\perfh015.dat 2016-02-21 13:47 - 2014-03-18 10:28 - 00163478 _____ C:\WINDOWS\system32\perfc015.dat 2016-02-20 23:30 - 2015-07-03 21:12 - 00000992 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-02-19 23:13 - 2015-11-13 00:04 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2016-02-19 23:13 - 2013-09-29 10:16 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2016-02-13 00:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-12 08:33 - 2014-05-07 18:26 - 00003088 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2750964564-3421185021-1369942512-1001 2016-02-11 19:40 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-10 20:36 - 2015-07-03 21:12 - 00003948 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-02-10 20:36 - 2015-07-03 21:12 - 00003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-02-10 16:31 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-10 16:23 - 2014-03-28 07:05 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-02-10 16:14 - 2014-03-28 07:05 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-09 23:36 - 2015-11-11 09:56 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-02-09 23:36 - 2015-11-11 09:56 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-02-08 23:16 - 2015-02-19 19:29 - 00000000 ____D C:\Users\natala\AppData\Roaming\ipla 2016-02-07 20:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache 2016-02-06 15:04 - 2015-03-17 00:06 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2016-02-05 20:27 - 2014-12-28 20:02 - 00000000 ____D C:\ProgramData\Package Cache 2016-02-02 03:37 - 2015-07-25 21:45 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-02-02 03:37 - 2015-07-25 21:45 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-01 23:33 - 2014-04-27 11:55 - 00000000 ____D C:\Users\natala ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-12-25 14:26 - 2015-12-25 14:26 - 2770376 _____ (iBank) C:\Program Files (x86)\SSFK.exe 2014-03-25 14:44 - 2016-02-28 22:58 - 0000062 _____ () C:\Users\natala\AppData\Roaming\sp_data.sys 2014-11-03 18:16 - 2015-01-27 22:34 - 0004608 _____ () C:\Users\natala\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-05-01 12:15 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2013-05-01 12:15 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2013-05-01 12:15 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS 2015-10-30 20:56 - 2015-12-25 14:27 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2014-03-25 14:50 - 2014-03-25 14:52 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2014-03-25 14:49 - 2014-03-25 14:49 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-02-20 22:30 ==================== Koniec FRST.txt ============================