Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:09-05-2016 Uruchomiony przez Asia (administrator) ASIA-PC (09-05-2016 23:31:56) Uruchomiony z C:\Users\Asia\Downloads Załadowane profile: Asia (Dostępne profile: Asia) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: "C:\Program Files\Slimjet\slimjet.exe" -- "%1") Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (HP) C:\Windows\System32\HPSIsvc.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe () C:\Windows\System32\srvany.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe () C:\Windows\KMService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TODO: <公司名>) C:\Program Files\SFK\SSFK.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TODO: <公司名>) C:\Program Files\SFK\SSFK.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-27] (Synaptics, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated) HKLM\...\Run: [winlogon] => C:\Users\Asia\AppData\Local\Temp\winlogon.bat [80 2016-05-01] () <===== UWAGA HKU\S-1-5-21-1931567941-3394926104-3286302997-1000\...\Run: [winlogon] => C:\Users\Asia\AppData\Local\Temp\winlogon.bat [80 2016-05-01] () <===== UWAGA HKU\S-1-5-21-1931567941-3394926104-3286302997-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1931567941-3394926104-3286302997-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-1931567941-3394926104-3286302997-1000\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-1931567941-3394926104-3286302997-1000\...\MountPoints2: E - E:\sldim\sldim.exe ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc.) Startup: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogon.bat [2015-09-24] () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{81862E54-D487-44AD-99E6-9404D6F01A67}: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{B48F849D-600B-4BA9-9C0E-70E18D031AE8}: [DhcpNameServer] 62.179.1.62 62.179.1.63 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450118190&z=c1ada6620acb52b19c8d4fagaz8wbe9g3g0b1o6o2t&from=wpm07173&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450118190&z=c1ada6620acb52b19c8d4fagaz8wbe9g3g0b1o6o2t&from=wpm07173&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450118190&z=c1ada6620acb52b19c8d4fagaz8wbe9g3g0b1o6o2t&from=wpm07173&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450118190&z=c1ada6620acb52b19c8d4fagaz8wbe9g3g0b1o6o2t&from=wpm07173&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT&q={searchTerms} HKU\S-1-5-21-1931567941-3394926104-3286302997-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447237251&z=27ce23626eb37582ecd29ccg1z9zfmfo2c0m6oeb4g&from=wpm07173&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT&q={searchTerms} HKU\S-1-5-21-1931567941-3394926104-3286302997-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450118190&z=c1ada6620acb52b19c8d4fagaz8wbe9g3g0b1o6o2t&from=wpm07173&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT HKU\S-1-5-21-1931567941-3394926104-3286302997-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450118190&z=c1ada6620acb52b19c8d4fagaz8wbe9g3g0b1o6o2t&from=wpm07173&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT HKU\S-1-5-21-1931567941-3394926104-3286302997-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447237251&z=27ce23626eb37582ecd29ccg1z9zfmfo2c0m6oeb4g&from=wpm07173&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1436203932&z=e5b5e800d00755adda873dcgdzdc4q4oeedc0t9cet&from=cmi&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1436203932&z=e5b5e800d00755adda873dcgdzdc4q4oeedc0t9cet&from=cmi&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT&q={searchTerms} SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1931567941-3394926104-3286302997-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447237251&z=27ce23626eb37582ecd29ccg1z9zfmfo2c0m6oeb4g&from=wpm07173&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT&q={searchTerms} SearchScopes: HKU\S-1-5-21-1931567941-3394926104-3286302997-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT&ts=1436204050&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1931567941-3394926104-3286302997-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT&ts=1436204050&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1931567941-3394926104-3286302997-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447237251&z=27ce23626eb37582ecd29ccg1z9zfmfo2c0m6oeb4g&from=wpm07173&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT&q={searchTerms} SearchScopes: HKU\S-1-5-21-1931567941-3394926104-3286302997-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT&ts=1436204050&type=default&q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-10] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-10] (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1436201156&z=2f12145e4892ea57f992afdg2z8ceqboee0gdgfqez&from=2sq1&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT FireFox: ======== FF ProfilePath: C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213 FF NewTab: hxxp://www.yoursites123.com/newtab/?type=nt&ts=1457727224&z=65b3731c4901137121bf7e3g4zaw6m1m7o4m9o5mfq&from=eve0311&uid=TOSHIBAXMK1234GSX_Y6DYT1IITXXY6DYT1IIT FF SelectedSearchEngine: delta-homes FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] () FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-10] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku] FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku] FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.) FF Extension: Flashblock - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-04] FF Extension: iMacros for Firefox - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2016-04-25] FF Extension: Default NewTab - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\1447237255_xpi [2015-11-11] [Brak podpisu cyfrowego] FF Extension: Default NewTab - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\1450118194_xpi [2015-12-14] [Brak podpisu cyfrowego] FF Extension: Default NewTab - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\1451321566_xpi [2015-12-28] [Brak podpisu cyfrowego] FF Extension: Default NewTab - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\1451328920_xpi [2015-12-28] [Brak podpisu cyfrowego] FF Extension: Default NewTab - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\1451336256_xpi [2015-12-28] [Brak podpisu cyfrowego] FF Extension: Default NewTab - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\1452763834_xpi [2016-01-14] [Brak podpisu cyfrowego] FF Extension: Default NewTab - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\1457715858_xpi [2016-03-11] [Brak podpisu cyfrowego] FF Extension: Default NewTab - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\1457727229_xpi [2016-03-11] [Brak podpisu cyfrowego] FF Extension: Default NewTab - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\default_newtabff@gmail.com [2015-10-21] [Brak podpisu cyfrowego] FF Extension: YahooToolsProtected - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\yahooprotected@gmail.com.xpi [2015-11-19] [Brak podpisu cyfrowego] FF Extension: YouTube High Definition - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-05-06] FF Extension: Adblock Plus - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-29] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\extensions\searchffv2@gmail.com => nie znaleziono FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\extensions\sweetsearch@gmail.com => nie znaleziono FF HKLM\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\extensions\default_newtabff@gmail.com FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\pird9yev.default-1401481494213\extensions\defsearchp@gmail.com => nie znaleziono ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.) S3 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [87336 2010-10-05] (Dassault Systèmes SolidWorks Corp.) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-07-09] (Flexera Software, Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego] S4 IhPul; C:\Users\Asia\AppData\Roaming\TSv\TSvr.exe [396944 2015-09-21] (tsvr.com) R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [121088 2013-02-23] (Intel Corporation) R2 KMService; C:\Windows\system32\srvany.exe [8192 2012-11-09] () [Brak podpisu cyfrowego] R2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation) S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-10-24] (SolidWorks) [Brak podpisu cyfrowego] R2 SSFK; C:\Program Files\SFK\SSFK.exe [169632 2015-10-10] (TODO: <公司名>) S4 vicoqudu; C:\Users\Asia\AppData\Roaming\899F12C0-1436201301-11D8-84B6-001636C8FE49\hnslEFDE.tmp [165376 2015-07-06] () [Brak podpisu cyfrowego] S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) S2 XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [386560 2006-08-05] (Conexant Systems, Inc.) [Brak podpisu cyfrowego] S4 zejytose; C:\Users\Asia\AppData\Roaming\899F12C0-1436201301-11D8-84B6-001636C8FE49\jnsqDA0B.tmp [199168 2015-07-06] () [Brak podpisu cyfrowego] S4 demeduco; C:\Users\Asia\AppData\Roaming\899F12C0-1436201301-11D8-84B6-001636C8FE49\knslC0EA.tmpfs [X] S4 wscsvc; %SystemRoot%\System32\wscsvc.dll [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S3 BoiHwsetup; C:\Windows\System32\drivers\BoiHwSetup.sys [7680 2006-10-12] (Quanta Computer Corp) R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-17] (Conexant Systems Inc.) S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [Brak podpisu cyfrowego] S4 KR10N; C:\Windows\system32\drivers\kr10n.sys [207104 2005-09-28] (TOSHIBA CORPORATION) [Brak podpisu cyfrowego] S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-28] (TOSHIBA CORPORATION) [Brak podpisu cyfrowego] R3 qkbfiltr; C:\Windows\System32\DRIVERS\qkbfiltr.sys [33792 2006-11-21] (TOSHIBA) S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [201104 2012-05-21] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2011-12-29] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [42728 2011-06-13] (Realtek) R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [60156 2011-06-15] (PowerISO Computing, Inc.) [Brak podpisu cyfrowego] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X] S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 Tosrfcom; Brak ImagePath S2 XAudio; system32\DRIVERS\xaudio.sys [X] U3 kwldrpow; \??\C:\Users\Asia\AppData\Local\Temp\kwldrpow.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-09 23:31 - 2016-05-09 23:32 - 00019381 _____ C:\Users\Asia\Downloads\FRST.txt 2016-05-09 23:30 - 2016-05-09 23:31 - 00000000 ____D C:\FRST 2016-05-09 23:29 - 2016-05-09 23:29 - 01732096 _____ (Farbar) C:\Users\Asia\Downloads\FRST.exe 2016-05-09 23:29 - 2016-05-09 23:29 - 00380928 _____ C:\Users\Asia\Downloads\9slf60zc.exe 2016-05-09 18:52 - 2016-05-09 19:12 - 00000000 ____D C:\Users\Asia\Downloads\Billions.S01E08.HDTV.x264-KILLERS[ettv] 2016-05-09 12:36 - 2016-05-09 12:36 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\zf3i4r6e6f5o4x.lnk 2016-05-09 01:03 - 2016-05-09 18:11 - 00000000 ____D C:\Users\Asia\Downloads\Better.Call.Saul.S02E10.HDTV.XviD-FUM[ettv] 2016-05-05 18:38 - 2016-05-05 18:38 - 00164720 _____ C:\Users\Asia\AppData\Local\GDIPFONTCACHEV1.DAT 2016-05-04 20:40 - 2016-05-04 20:48 - 00030720 _____ C:\Users\Asia\Desktop\wypłata - Kopia.xls 2016-05-04 00:09 - 2016-05-04 00:11 - 00000000 ____D C:\Program Files\Slimjet 2016-05-04 00:09 - 2016-05-04 00:09 - 00000792 _____ C:\Users\Public\Desktop\FlashPeak Slimjet.lnk 2016-05-04 00:09 - 2016-05-04 00:09 - 00000000 ____D C:\Users\Asia\AppData\Local\Slimjet 2016-05-04 00:09 - 2016-05-04 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak Slimjet 2016-05-04 00:08 - 2016-05-04 00:08 - 00353336 _____ C:\Users\Asia\Downloads\sjtwebsetup_x86.exe 2016-05-03 12:25 - 2016-05-03 12:27 - 00521896 _____ C:\Windows\system32\FNTCACHE.DAT 2016-04-25 22:52 - 2016-04-25 22:52 - 00111766 _____ C:\Users\Asia\Desktop\hhhhhhhhh.pdf 2016-04-25 22:50 - 2016-04-25 22:50 - 00112114 _____ C:\Users\Asia\Desktop\boarding-pass.pdf 2016-04-24 22:53 - 2016-04-24 22:53 - 00568336 _____ C:\Users\Asia\Desktop\abilet-print-152459-d0d118.pdf 2016-04-17 16:40 - 2016-04-17 16:40 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-09 23:02 - 2016-01-18 21:26 - 00043520 _____ C:\Users\Asia\Desktop\wypłata.xls 2016-05-09 23:02 - 2010-10-22 00:12 - 00076800 _____ C:\Users\Asia\Desktop\wydatki.xls 2016-05-09 19:12 - 2012-11-06 22:27 - 00000000 ____D C:\Users\Asia\AppData\Roaming\uTorrent 2016-05-09 19:11 - 2012-10-29 00:07 - 00078336 _____ C:\Users\Asia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-05-09 13:28 - 2016-01-17 23:24 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-05-09 12:40 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf 2016-05-09 12:40 - 2006-11-02 12:33 - 00838792 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-09 12:35 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-09 03:13 - 2006-11-02 15:01 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-05-05 18:52 - 2013-09-12 11:33 - 00000000 ____D C:\ProgramData\ipla 2016-05-05 18:39 - 2013-09-12 11:33 - 00000000 ____D C:\Users\Asia\AppData\Roaming\ipla 2016-05-05 18:39 - 2013-09-12 11:33 - 00000000 ____D C:\Program Files\ipla 2016-04-25 21:00 - 2014-05-16 09:28 - 00000000 ____D C:\Users\Asia\Desktop\ANIAA 2016-04-25 20:58 - 2012-11-06 22:32 - 00000000 ____D C:\Users\Asia\AppData\Roaming\foobar2000 2016-04-18 19:17 - 2015-11-11 13:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-04-17 19:53 - 2015-03-28 14:22 - 00000000 ____D C:\Users\Asia\Desktop\Vitalia 2016-04-17 16:40 - 2012-11-05 15:21 - 00000862 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-04-10 19:21 - 2016-01-04 19:43 - 00000000 ____D C:\Users\Asia\Downloads\Homeland.S05E02.HDTV.x264-FLEET[rarbg] ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-12-28 18:52 - 2016-03-11 22:10 - 2459593 _____ (tBank) C:\Program Files\SSFK.exe 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Asia\AppData\Roaming\50Sf88cpQXyp6YhFGhjMa5Op 2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Asia\AppData\Roaming\50Sf88cpQXyp6YhFGhjMa5Op.exe 2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 _____ () C:\Users\Asia\AppData\Roaming\BYAIAMUF 2015-07-06 18:45 - 2015-07-06 18:45 - 2035200 _____ (Cinema PlusV16.03) C:\Users\Asia\AppData\Roaming\BYAIAMUF.exe 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Asia\AppData\Roaming\efzomzX1xo393 2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Asia\AppData\Roaming\efzomzX1xo393.exe 2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Asia\AppData\Roaming\GNOK 2015-07-06 18:46 - 2015-07-06 18:46 - 1380352 _____ (Cinema PlusV16.03) C:\Users\Asia\AppData\Roaming\GNOK.exe 2012-10-29 00:07 - 2016-05-09 19:11 - 0078336 _____ () C:\Users\Asia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-10 00:24 - 2013-10-24 19:59 - 0000000 _____ () C:\Users\Asia\AppData\Local\Temptable.xml 2013-05-01 15:10 - 2013-05-01 16:03 - 0000041 ___SH () C:\ProgramData\.zreglib 2015-10-19 14:30 - 2016-03-11 22:13 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Pliki do przeniesienia lub usunięcia: ==================== C:\Users\Asia\AppData\Local\Temp\winlogon.bat C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Niektóre pliki w TEMP: ==================== C:\Users\Asia\AppData\Local\Temp\AskSLib.dll C:\Users\Asia\AppData\Local\Temp\ipl49BC.tmp.exe C:\Users\Asia\AppData\Local\Temp\sjt7z_x86_console.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-05-09 12:41 ==================== Koniec FRST.txt ============================