Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 23.04.2018 Uruchomiony przez Przemek (administrator) SUNRISE (23-04-2018 23:31:13) Uruchomiony z D:\Nowy folder Załadowane profile: Przemek & UpdatusUser (Dostępne profile: Przemek & UpdatusUser) Platform: Windows 8.1 Pro (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () E:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe (HP) C:\Windows\System32\HPSIsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) E:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe (Mentor Graphics Corporation) E:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe (Mentor Graphics Corporation) E:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe (Flexera Software LLC) E:\! Pobrane\SW2016_SP1.0_Full-SSQ\SW2016_SP1.0_Full-SSQ\_SolidSQUAD_\_SolidSQUAD_\SolidWorksPDM\LicenseServer\lmgrd.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Flexera Software LLC) E:\! Pobrane\SW2016_SP1.0_Full-SSQ\SW2016_SP1.0_Full-SSQ\_SolidSQUAD_\_SolidSQUAD_\SolidWorksPDM\LicenseServer\lmgrd.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ESET) C:\Program Files\ESET\ESET Security\egui.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Filipe Lourenço) E:\Program Files (x86)\BatteryCare\BatteryCare.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe () C:\Program Files (x86)\GXStandard16-in-1\GXStandard16in1.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Disc Soft Ltd) E:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Dassault Systèmes SolidWorks Corp.) E:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Disc Soft Ltd) E:\Program Files\DAEMON Tools Lite\DTShellHlp.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178496 2018-03-15] (ESET) HKLM-x32\...\Run: [GrooveMonitor] => E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-68152954-301041272-862687155-1001\...\Run: [BatteryCare] => E:\Program Files (x86)\BatteryCare\BatteryCare.exe [827904 2017-10-06] (Filipe Lourenço) HKU\S-1-5-21-68152954-301041272-862687155-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\GXStandard16-in-1\GXStandard16in1.exe [3343360 2011-09-02] () HKU\S-1-5-21-68152954-301041272-862687155-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG) HKU\S-1-5-21-68152954-301041272-862687155-1001\...\Run: [DAEMON Tools Lite Automount] => E:\Program Files\DAEMON Tools Lite\DTAgent.exe [5230784 2017-12-15] (Disc Soft Ltd) HKU\S-1-5-21-68152954-301041272-862687155-1001\...\MountPoints2: {562030e0-0193-11e7-8270-5cf9dd3fcbe0} - "G:\SISetup.exe" HKU\S-1-5-21-68152954-301041272-862687155-1001\...\MountPoints2: {81fcd296-c091-11e6-8257-685d4351ae59} - "G:\AutoRun.exe" HKU\S-1-5-21-68152954-301041272-862687155-1001\...\MountPoints2: {b7bf3db8-2934-11e8-82c8-5cf9dd3fcbe0} - "F:\Lenovo_Suite.exe" HKU\S-1-5-21-68152954-301041272-862687155-1001\...\MountPoints2: {c726c0da-8819-11e7-829a-5cf9dd3fcbe0} - "F:\Lenovo_Suite.exe" IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-04-18] ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Pobieracz w tle.lnk [2017-04-18] ShortcutTarget: SOLIDWORKS Pobieracz w tle.lnk -> C:\Program Files (x86)\Common Files\Menedżer instalacji SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{0D65194F-E169-43BD-B591-03D0E15F9FE8}: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8 Internet Explorer: ================== URLSearchHook: [S-1-5-21-68152954-301041272-862687155-1002] UWAGA => Brak domyślnego URLSearchHook SearchScopes: HKU\S-1-5-21-68152954-301041272-862687155-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-19] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-19] (Oracle Corporation) Toolbar: HKLM - Brak nazwy - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - Brak pliku Toolbar: HKLM-x32 - Brak nazwy - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - Brak pliku FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-25] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-05-20] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-25] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-05-20] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-19] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-23] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-23] (Google Inc.) FF Plugin HKU\S-1-5-21-68152954-301041272-862687155-1001: jpl.nasa.gov/NASAEyes -> E:\Users\Przemek\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-12-14] (Jet Propulsion Laboratory) Chrome: ======= CHR HomePage: Default -> hxxp://google.pl/ CHR StartupUrls: Default -> "hxxp://google.pl/" CHR Profile: C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default [2018-04-23] CHR Extension: (Prezentacje) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-23] CHR Extension: (Tłumacz dla wszystkich języków) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk [2018-04-23] CHR Extension: (Dokumenty) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-23] CHR Extension: (Dysk Google) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-23] CHR Extension: (YouTube) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-23] CHR Extension: (Adblock Plus) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-23] CHR Extension: (Arkusze) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-23] CHR Extension: (Dokumenty Google offline) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-23] CHR Extension: (Sprawdzanie poczty Google) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2018-04-23] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-23] CHR Extension: (Gmail) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-23] CHR Extension: (Chrome Media Router) - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-23] CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 CoordinatorServiceHost; E:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [81400 2015-12-02] (Dassault Systèmes SolidWorks Corporation) R3 Disc Soft Lite Bus Service; E:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3128000 2017-12-15] (Disc Soft Ltd) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2213344 2018-03-15] (ESET) R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2213344 2018-03-15] (ESET) R2 ewserver; E:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [179208 2015-12-01] () R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Brak podpisu cyfrowego] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-08-01] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 Microsoft Office Groove Audit Service; E:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation) R2 MSSQL$TEW_SQLEXPRESS; E:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation) S3 NBService; E:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2008-04-08] (Nero AG) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG) R2 PDF Architect 5 Manager; C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985904 2017-02-01] (© pdfforge GmbH.) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Brak podpisu cyfrowego] R2 RemoteSolverDispatcher; E:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [238848 2015-12-01] (Mentor Graphics Corporation) R2 SolidNetSSQ Server; E:\! Pobrane\SW2016_SP1.0_Full-SSQ\SW2016_SP1.0_Full-SSQ\_SolidSQUAD_\_SolidSQUAD_\SolidWorksPDM\LicenseServer\lmgrd.exe [1448752 2015-06-12] (Flexera Software LLC) S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-04-18] (SolidWorks) [Brak podpisu cyfrowego] S4 SQLAgent$TEW_SQLEXPRESS; E:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation) R2 TeamViewer; E:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-09-23] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-09-23] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385784 2013-06-27] (Motorola Solutions, Inc.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-12-14] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-12-14] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-02-14] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [110432 2018-01-08] (ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-01-05] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [196112 2018-01-08] (ESET) R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50136 2018-01-08] (ESET) R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [82816 2018-01-08] (ESET) R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [108320 2018-01-08] (ESET) S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [181160 2018-04-23] (ESET) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-04-23] () R0 hitmanpro37duringboot; C:\Windows\System32\drivers\hitmanpro37.sys [55232 2018-04-23] () R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) S3 MpKslFakeKy; Brak ImagePath S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation) S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2016-09-23] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2016-09-23] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2016-09-23] (Microsoft Corporation) S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2016-12-12] (Basil Projects) S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X] S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfdx64.sys [X] S3 taphss6; \SystemRoot\system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-04-23 23:12 - 2018-04-23 23:12 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2018-04-23 23:10 - 2018-04-23 23:10 - 000000692 _____ C:\Windows\system32\.crusader 2018-04-23 22:52 - 2018-04-23 23:10 - 000000000 ____D C:\ProgramData\HitmanPro 2018-04-23 22:48 - 2018-04-23 22:48 - 000000000 ____D C:\KVRT_Data 2018-04-23 19:34 - 2018-04-23 19:34 - 000181160 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys 2018-04-23 18:24 - 2018-04-23 18:24 - 000001961 _____ C:\Users\Public\Desktop\ESET Ochrona bankowości internetowej.lnk 2018-04-23 18:24 - 2018-04-23 18:24 - 000000000 ____D C:\Users\Przemek\AppData\Local\ESET 2018-04-23 18:24 - 2018-04-23 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2018-04-23 18:24 - 2018-04-23 18:24 - 000000000 ____D C:\ProgramData\ESET 2018-04-23 18:24 - 2018-04-23 18:24 - 000000000 ____D C:\Program Files\ESET 2018-04-23 18:14 - 2018-04-23 18:14 - 000000000 ____D C:\Users\Public\Documents\Catch! 2018-04-23 16:58 - 2018-04-23 16:58 - 000003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-04-23 16:58 - 2018-04-23 16:58 - 000003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-04-23 16:58 - 2018-04-23 16:58 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-04-23 16:58 - 2018-04-23 16:58 - 000002279 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-04-23 16:35 - 2018-04-23 16:35 - 000316577 _____ C:\Users\Przemek\Documents\bookmarks_23.04.2018.html 2018-04-22 22:51 - 2018-04-23 23:26 - 000000000 ____D C:\FRST 2018-04-22 21:39 - 2018-04-22 21:39 - 000001113 _____ C:\Users\Przemek\Desktop\JRT.txt 2018-04-22 20:50 - 2018-04-22 20:50 - 000000000 _____ C:\autoexec.bat 2018-04-19 16:47 - 2018-04-19 16:48 - 000000000 ____D C:\Users\Przemek\Desktop\Nowy folder 2018-04-19 16:35 - 2018-04-19 16:35 - 000000000 ____D C:\Users\Przemek\Desktop\Windows 10 2018-04-16 21:52 - 2018-04-16 22:06 - 000000000 ____D C:\Users\Przemek\Desktop\123 2018-03-25 23:00 - 2018-03-27 20:34 - 000000000 ____D C:\Users\Przemek\Documents\LBZ ALPHA Game Data ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-04-23 23:27 - 2017-07-28 22:49 - 000023990 _____ C:\Users\Przemek\AppData\Roaming\Notepad2.ini 2018-04-23 23:27 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-04-23 23:26 - 2016-12-12 19:27 - 000003988 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5596508-00A6-4427-ADD8-F4C54FBD30A9} 2018-04-23 23:20 - 2014-11-21 06:46 - 002107204 _____ C:\Windows\system32\PerfStringBackup.INI 2018-04-23 23:20 - 2014-11-21 06:07 - 000905838 _____ C:\Windows\system32\perfh015.dat 2018-04-23 23:20 - 2014-11-21 06:07 - 000202884 _____ C:\Windows\system32\perfc015.dat 2018-04-23 23:20 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2018-04-23 22:48 - 2016-12-12 19:11 - 000003590 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-68152954-301041272-862687155-1001 2018-04-23 22:42 - 2016-12-28 18:38 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-04-23 19:49 - 2016-12-12 19:33 - 000000000 ____D C:\Program Files\KMSpico 2018-04-23 19:42 - 2016-12-09 01:14 - 000000000 ____D C:\Users\Przemek 2018-04-23 19:06 - 2017-05-11 19:45 - 000000000 ____D C:\Users\Przemek\AppData\Roaming\MPC-HC 2018-04-23 18:24 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\ELAMBKUP 2018-04-23 16:58 - 2016-12-12 19:28 - 000000000 ____D C:\Users\Przemek\AppData\Local\Google 2018-04-23 16:58 - 2016-12-12 19:28 - 000000000 ____D C:\Users\Przemek\AppData\Local\Deployment 2018-04-23 16:58 - 2016-12-12 19:28 - 000000000 ____D C:\Program Files (x86)\Google 2018-04-23 16:39 - 2017-09-19 18:29 - 000000000 ____D C:\Windows\Minidump 2018-04-23 16:39 - 2017-04-18 18:11 - 000000000 ____D C:\Program Files\PDFCreator 2018-04-23 16:39 - 2017-03-05 13:31 - 000000000 ____D C:\Users\Przemek\AppData\Roaming\TeamViewer 2018-04-23 16:39 - 2016-12-14 00:50 - 000000000 ____D C:\Users\Przemek\AppData\Roaming\DAEMON Tools Lite 2018-04-23 16:39 - 2016-12-08 23:51 - 000000000 ____D C:\Windows\Panther 2018-04-23 16:39 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\ModemLogs 2018-04-22 15:43 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2018-04-22 15:42 - 2016-12-28 18:21 - 000000000 ____D C:\AdwCleaner 2018-04-21 17:09 - 2018-01-04 21:00 - 000145920 _____ C:\Users\Przemek\Desktop\2018.xlsx 2018-04-21 00:12 - 2016-12-14 21:44 - 000000000 ____D C:\Users\Przemek\AppData\Roaming\AIMP 2018-04-19 23:24 - 2018-03-08 21:31 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2018-04-19 23:24 - 2018-03-08 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-04-19 23:24 - 2018-03-08 21:31 - 000000000 ____D C:\Program Files (x86)\Java 2018-04-12 21:46 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF 2018-04-06 23:13 - 2017-04-30 15:18 - 000000000 ____D C:\Users\Przemek\AppData\LocalLow\Mozilla 2018-04-05 22:59 - 2018-03-15 22:02 - 000021960 _____ C:\Users\Przemek\Desktop\Default.aimppl4 2018-03-27 22:24 - 2017-08-16 23:42 - 000000000 ____D C:\Users\Przemek\Desktop\Muzyka ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-07-28 22:49 - 2018-04-23 23:27 - 000023990 _____ () C:\Users\Przemek\AppData\Roaming\Notepad2.ini ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-04-19 23:00 ==================== Koniec FRST.txt ============================