Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 15.11.2018 Uruchomiony przez And-solar (administrator) DESKTOP-QMHNM09 (19-11-2018 08:48:05) Uruchomiony z C:\Users\And-solar\Downloads Załadowane profile: And-solar (Dostępne profile: defaultuser0 & And-solar) Platform: Windows 10 Home Wersja 1803 17134.345 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation) HKLM\...\Run: [DpmLiteEvent] => C:\Program Files\Dell\DpmLite\DpmLiteEvent.exe [2537776 2014-11-19] (Wistron Corporation) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-23] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-2197181866-4104514059-3983876984-1001\...\Run: [Viber] => C:\Users\And-solar\AppData\Local\Viber\Viber.exe [34720840 2018-01-12] (Viber Media S.à r.l.) HKU\S-1-5-21-2197181866-4104514059-3983876984-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Temp\scoped_dir10852_4699\old_chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session --flag-switches-begin --flag-switches-end --flag-switche (dane wartości zawierają 69 znaków więcej). <==== UWAGA HKU\S-1-5-21-2197181866-4104514059-3983876984-1001\...\MountPoints2: {1527c1b0-e30e-11e7-8b4e-e4029bf33648} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2197181866-4104514059-3983876984-1001\...\MountPoints2: {1527c1be-e30e-11e7-8b4e-e4029bf33648} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2197181866-4104514059-3983876984-1001\...\MountPoints2: {f2091fd4-6264-11e7-8b3b-e4029bf33648} - "F:\HiSuiteDownLoader.exe" ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{6080300a-77e3-4dd4-9c5b-37ddacd70041}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{e07c0c49-0632-4f9a-8b07-9469009d6f36}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{fac207a8-0361-4aa8-b8f8-d6f206113852}: [DhcpNameServer] 172.31.1.171 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2197181866-4104514059-3983876984-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-02] (Microsoft Corporation) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-09-27] (McAfee, Inc.) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-09-27] (McAfee, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-09-27] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-09-27] (McAfee, Inc.) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-10-18] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-07] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) Chrome: ======= CHR Session Restore: Default -> [funkcja włączona] CHR Profile: C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default [2018-11-19] CHR Extension: (Prezentacje) - C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-23] CHR Extension: (Dokumenty) - C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-23] CHR Extension: (Dysk Google) - C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-16] CHR Extension: (YouTube) - C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-06] CHR Extension: (Arkusze) - C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-23] CHR Extension: (McAfee® WebAdvisor) - C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-11-16] CHR Extension: (Dokumenty Google offline) - C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (fillUp Formularze - dodatek) - C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlnpeeaafijaebcdgkdeojkpnkfkjdnh [2017-07-20] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05] CHR Extension: (Gmail) - C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-06] CHR Extension: (Chrome Media Router) - C:\Users\And-solar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-17] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nlnpeeaafijaebcdgkdeojkpnkfkjdnh] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9669920 2018-11-02] (Microsoft Corporation) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51504 2017-01-18] (Dropbox, Inc.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373760 2016-06-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Brak podpisu cyfrowego] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Brak podpisu cyfrowego] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-09-27] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] () R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333296 2017-06-19] (Realtek Semiconductor) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265784 2017-12-19] (Synaptics Incorporated) R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Audio Ltd.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-23] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-23] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation) S2 0047051538198692mcinstcleanup; C:\WINDOWS\TEMP\004705~1.EXE -cleanup -nolog [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation) R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R2 DpmLiteDrv; C:\Program Files\Dell\DpmLite\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.) S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation) S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [113416 2015-06-15] (Intel Corporation) S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [155400 2015-06-15] (Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-31] (Malwarebytes) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.) R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3537672 2017-02-17] (Intel Corporation) S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek ) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66104 2017-12-19] (Synaptics Incorporated) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-23] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-23] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-23] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-11-19 08:48 - 2018-11-19 08:49 - 000020070 _____ C:\Users\And-solar\Downloads\FRST.txt 2018-11-19 08:46 - 2018-11-19 08:47 - 002416128 _____ (Farbar) C:\Users\And-solar\Downloads\FRST64.exe 2018-11-19 08:21 - 2018-11-19 08:21 - 003158480 _____ C:\Users\And-solar\Downloads\interactions.attachments.1.Cennik_samochodow_osobowych_Mercedes-Benz.pdf 2018-11-16 10:03 - 2018-11-16 10:03 - 000002515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-11-16 10:03 - 2018-11-16 10:03 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-11-16 10:03 - 2018-11-16 10:03 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-11-16 10:03 - 2018-11-16 10:03 - 000002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-11-16 10:03 - 2018-11-16 10:03 - 000002482 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-11-16 10:03 - 2018-11-16 10:03 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-11-16 10:03 - 2018-11-16 10:03 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-11-16 10:03 - 2018-11-16 10:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Narzędzia pakietu Microsoft Office 2018-11-16 09:39 - 2018-11-16 09:39 - 000401944 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-11-09 11:44 - 2018-11-09 11:44 - 000035489 _____ C:\Users\And-solar\Desktop\Pismo_2_2018_10_19.pdf 2018-11-09 11:36 - 2018-11-09 11:36 - 000415498 _____ C:\Users\And-solar\Downloads\ZALACZNIK_nr_2_do_Arkusza_Monitoringu_MSEF.PDF 2018-11-09 11:36 - 2018-11-09 11:36 - 000064274 _____ C:\Users\And-solar\Downloads\ZALACZNIK_nr_1_do_ARKUSZA_Monitoringu_MSEF.PDF 2018-11-09 11:35 - 2018-11-09 11:36 - 000000000 ____D C:\Users\And-solar\Desktop\do Jacka 2018-11-09 11:35 - 2018-11-09 11:35 - 000066710 _____ C:\Users\And-solar\Downloads\ArkuszMonitoringu.PDF 2018-11-07 07:33 - 2018-11-07 07:33 - 000013109 _____ C:\Users\And-solar\Downloads\list_przewozowy_6231337986833.pdf 2018-11-07 07:22 - 2018-11-07 07:22 - 000063235 _____ C:\Users\And-solar\Downloads\TR_DETAILS_20181107072224.pdf 2018-11-06 14:20 - 2018-11-06 14:20 - 000803434 _____ C:\Users\And-solar\Downloads\2803_tabela_wspolna_polaczen_lotniskowych__21.108.12.2018_oprocz_69.11_na_lotnisko.pdf 2018-11-06 12:44 - 2018-11-06 12:47 - 000000000 ____D C:\Users\And-solar\Desktop\travelplanet 2018-11-06 12:09 - 2018-11-06 12:09 - 000063846 _____ C:\Users\And-solar\Downloads\TR_DETAILS_20181106120859.pdf 2018-11-06 09:23 - 2018-11-06 09:23 - 000064049 _____ C:\Users\And-solar\Downloads\TR_DETAILS_20181106092309.pdf 2018-11-02 10:51 - 2018-11-02 10:51 - 000118763 _____ C:\Users\And-solar\Downloads\c9b4a9da-6a78-4b7f-be88-d6a77a9694f2.pdf 2018-11-02 09:45 - 2018-11-02 09:45 - 000118706 _____ C:\Users\And-solar\Downloads\84b44560-266d-4fc4-9e8b-5fb5ec076d33 (2).pdf 2018-11-01 08:04 - 2018-11-01 08:04 - 000027087 _____ C:\Users\And-solar\Downloads\PKR_IX-79164_potwierdzenie_ZG_ex.pdf 2018-10-30 07:46 - 2018-10-30 07:46 - 000030427 _____ C:\Users\And-solar\Downloads\potwierdzenia_nadania_201810300746.pdf 2018-10-30 07:45 - 2018-10-30 07:45 - 000016706 _____ C:\Users\And-solar\Downloads\list_przewozowy_1Z0VW7547997457059.pdf 2018-10-30 07:45 - 2018-10-30 07:45 - 000013129 _____ C:\Users\And-solar\Downloads\list_przewozowy_6231334971672.pdf 2018-10-30 07:44 - 2018-10-30 07:44 - 000013104 _____ C:\Users\And-solar\Downloads\list_przewozowy_6231334972631.pdf 2018-10-26 07:20 - 2018-10-26 07:20 - 000000000 ____D C:\Users\And-solar\Desktop\stafiki 2018-10-26 07:01 - 2018-10-26 14:05 - 000000000 ____D C:\Users\And-solar\Desktop\brazowy 2018-10-23 12:18 - 2018-10-23 12:23 - 000000000 ____D C:\Users\And-solar\Desktop\srebrne 23.10.18 ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-11-19 08:48 - 2017-07-05 17:10 - 000000000 ____D C:\FRST 2018-11-19 08:47 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-11-19 08:25 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-11-19 08:24 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps 2018-11-19 08:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-11-19 08:10 - 2017-01-18 10:37 - 000000000 __SHD C:\Users\And-solar\IntelGraphicsProfiles 2018-11-19 08:10 - 2017-01-18 10:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-11-17 08:08 - 2018-05-23 06:22 - 001766926 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-11-17 08:08 - 2018-04-12 16:51 - 000784614 _____ C:\WINDOWS\system32\perfh015.dat 2018-11-17 08:08 - 2018-04-12 16:51 - 000152238 _____ C:\WINDOWS\system32\perfc015.dat 2018-11-17 08:08 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF 2018-11-17 08:01 - 2018-05-23 06:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-11-17 08:01 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-11-16 10:57 - 2018-05-22 23:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-11-16 10:20 - 2017-01-22 11:54 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-11-16 10:20 - 2017-01-22 11:54 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-11-16 10:02 - 2016-11-11 16:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-11-16 09:21 - 2017-07-06 17:08 - 000002309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-11-16 09:21 - 2017-07-06 17:08 - 000002268 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-11-16 09:19 - 2017-09-29 09:09 - 000000000 ____D C:\Program Files\rempl 2018-11-16 09:14 - 2018-01-21 00:16 - 000000000 ____D C:\Users\And-solar\AppData\Local\Packages 2018-11-16 09:10 - 2018-05-11 07:13 - 000000000 ___DC C:\WINDOWS\Panther 2018-11-16 09:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-11-09 11:34 - 2017-07-24 17:28 - 000000000 ____D C:\Users\And-solar\AppData\LocalLow\Mozilla 2018-11-06 12:54 - 2017-03-15 07:41 - 000000000 ____D C:\Users\And-solar\Desktop\fotki 2018-11-06 12:52 - 2017-04-04 21:12 - 000000000 ____D C:\Users\And-solar\Desktop\psy 2018 2018-11-06 12:47 - 2017-02-09 11:01 - 000000000 ___RD C:\Users\And-solar\Documents\Scanned Documents 2018-11-06 12:38 - 2017-01-22 11:32 - 000000000 ____D C:\Users\And-solar\Desktop\wazne 2018-11-06 12:20 - 2018-07-10 07:59 - 000000000 ____D C:\Users\And-solar\Desktop\czarne pet 2018-11-05 18:34 - 2018-09-12 16:48 - 000835168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-11-05 18:34 - 2018-09-12 16:48 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-11-05 10:51 - 2018-03-07 15:31 - 000000000 ____D C:\Users\And-solar\Desktop\rodowody 2018-10-29 11:06 - 2018-08-16 15:00 - 000000000 ____D C:\Users\And-solar\Desktop\port 16.08.18 2018-10-26 07:17 - 2018-05-29 12:37 - 000000000 ____D C:\Users\And-solar\Desktop\dorosłe z wystaw 2018-10-23 06:28 - 2018-04-18 20:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-07-05 15:06 - 2017-07-05 15:06 - 000000036 _____ () C:\Users\And-solar\AppData\Local\housecall.guid.cache ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-05-22 23:00 ==================== Koniec FRST.txt ============================