Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2017 Ran by justynka (administrator) on KOMPUTERJUSTYNY (10-08-2017 20:30:05) Running from C:\Users\justynka\Downloads Loaded Profiles: justynka (Available Profiles: justynka) Platform: Windows 8.1 (Update) (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA Corporation) HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179040 2013-10-15] (TOSHIBA Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2535683076-3279026183-770477073-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd) HKU\S-1-5-21-2535683076-3279026183-770477073-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2535683076-3279026183-770477073-1001\...\MountPoints2: {0561d67f-0d5b-11e6-82c4-008cfa9d6244} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2535683076-3279026183-770477073-1001\...\MountPoints2: {481de2f1-4344-11e7-8306-40f02fd9c3da} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2535683076-3279026183-770477073-1001\...\MountPoints2: {61c51b19-5e4f-11e5-82a0-008cfa9d6244} - "E:\.\Driver\DriverInstaller.exe" -eject HKU\S-1-5-21-2535683076-3279026183-770477073-1001\...\MountPoints2: {c3faf57a-da4d-11e5-82b1-008cfa9d6244} - "E:\autorun.exe" HKU\S-1-5-21-2535683076-3279026183-770477073-1001\...\MountPoints2: {f19919cf-bee3-11e5-82b0-008cfa9d6244} - "E:\autorun.exe" HKU\S-1-5-21-2535683076-3279026183-770477073-1001\...\MountPoints2: {f1991a02-bee3-11e5-82b0-008cfa9d6244} - "E:\autorun.exe" HKU\S-1-5-21-2535683076-3279026183-770477073-1001\...\MountPoints2: {f385456a-7029-11e6-82cc-008cfa9d6244} - "E:\autorun.exe" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{A2D1D4AB-B0CC-4D4B-842B-7CC4B6A18952}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{FC5487D9-C325-4BAA-9C77-A7F35B2E7235}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2535683076-3279026183-770477073-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2535683076-3279026183-770477073-1001 -> {EFC0AAC0-0D53-4499-A0E6-C37FBCEF3E55} URL = BHO: No Name -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\justynka\AppData\Roaming\Mozilla\Firefox\Profiles\efdtb99d.default-1486665472318 [2017-08-10] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-11-06] () R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-04-26] (ESET) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132848 2017-05-04] (ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14880 2017-05-04] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178056 2017-05-04] (ESET) R1 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [77224 2017-05-04] (ESET) S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2017-05-28] (ESET) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-19] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-10 20:30 - 2017-08-10 20:31 - 000008562 _____ C:\Users\justynka\Downloads\FRST.txt 2017-08-10 20:27 - 2017-08-10 20:27 - 002381824 _____ (Farbar) C:\Users\justynka\Downloads\FRST64.exe 2017-07-15 15:12 - 2017-07-15 15:12 - 000287351 _____ C:\Users\justynka\Downloads\2692556_2017-07-13_14-40-55.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-10 20:30 - 2015-04-07 16:48 - 000000000 ____D C:\FRST 2017-08-10 20:11 - 2014-05-30 03:21 - 000003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{53F91236-90B3-426B-B46E-D36D9FEB7645} 2017-08-10 20:10 - 2016-11-18 15:36 - 000000000 ____D C:\Users\justynka\AppData\LocalLow\Mozilla 2017-08-09 21:34 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache 2017-08-09 20:23 - 2015-01-05 22:20 - 000004388 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-08-09 20:23 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-08-09 20:23 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed ==================== Files in the root of some directories ======= 2015-03-15 23:12 - 2015-03-21 00:45 - 000000100 _____ () C:\Users\justynka\AppData\Roaming\WB.CFG 2014-03-31 20:32 - 2014-03-31 20:32 - 000000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-04 20:09 ==================== End of FRST.txt ============================