Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:17-12-2015 Uruchomiony przez Marcin (administrator) LAPTOP (17-12-2015 21:58:00) Uruchomiony z C:\Users\Marcin\Downloads Załadowane profile: Marcin (Dostępne profile: Marcin) Platform: Windows 10 Home (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Doctor Web, Ltd.) C:\Program Files\DrWeb\dwservice.exe.delete-later-190828 () C:\ProgramData\MobileBrServ\mbbService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe () C:\Program Files\TrueColor\TrueColorALS.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Doctor Web, Ltd.) C:\Program Files\DrWeb\dwnetfilter.exe.delete-later-190468 (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (GG Network S.A.) C:\Users\Marcin\AppData\Local\GG\Application\gghub.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (GG Network S.A.) C:\Users\Marcin\AppData\Local\GG\Application\ggapp.exe (GG Network S.A.) C:\Users\Marcin\AppData\Local\GG\Application\ggdrive\ggdrive.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Audio Ltd.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-15] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19494352 2015-01-27] (Entertainment Experience) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKU\S-1-5-21-3148115178-2301685078-862424154-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-3148115178-2301685078-862424154-1001\...\MountPoints2: K - "K:\SETUP.EXE" HKU\S-1-5-21-3148115178-2301685078-862424154-1001\...\MountPoints2: {6d68199a-849f-11e5-8273-34e6ad009e79} - "F:\AutoRun.exe" HKU\S-1-5-21-3148115178-2301685078-862424154-1001\...\MountPoints2: {709abb66-982b-11e5-8278-00804815fdf5} - "G:\LGAutoRun.exe" HKU\S-1-5-21-3148115178-2301685078-862424154-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 79.139.16.1 8.8.8.8 Tcpip\..\Interfaces\{5b79b510-942e-4c7e-8001-4fef463a9ddd}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{7e1788fb-9c97-4579-852f-a3edadd9c59a}: [DhcpNameServer] 79.139.16.1 8.8.8.8 Tcpip\..\Interfaces\{debff6f0-8ef3-4102-8044-e996cb1b0369}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms} HKU\S-1-5-21-3148115178-2301685078-862424154-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3148115178-2301685078-862424154-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms} SearchScopes: HKU\S-1-5-21-3148115178-2301685078-862424154-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1446580349&z=16c7d313d9cc5dafe9e5e40g6z3z0q6w7b5e7e3m6o&from=cor&uid=ADATAXSP920SS_8E302000294120002941 Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-3148115178-2301685078-862424154-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941 FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.) Opera: ======= OPR StartupUrls: "hxxp://google.pl/" OPR Session Restore: -> [funkcja włączona] StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941 ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [94568 2015-12-03] (Dell) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-15] (NVIDIA Corporation) R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-12-14] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-15] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-15] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.) R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [94160 2015-01-08] () R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Audio Ltd.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 4F966B02736503C9; C:\WINDOWS\TEMP\160C40E.sys [165104 2015-12-16] () R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-01] (Disc Soft Ltd) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-16] () S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-11] (Intel Corporation) S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation) S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.) R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-06-18] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-15] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-13] (Realtek ) R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Windows (R) Win 7 DDK provider) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-17 21:58 - 2015-12-17 21:58 - 00021148 _____ C:\Users\Marcin\Downloads\FRST.txt 2015-12-17 21:56 - 2015-12-17 21:58 - 00000000 ____D C:\FRST 2015-12-17 21:53 - 2015-12-17 21:53 - 00016148 _____ C:\WINDOWS\system32\LAPTOP_Marcin_HistoryPrediction.bin 2015-12-17 18:34 - 2015-12-17 21:56 - 02370048 _____ (Farbar) C:\Users\Marcin\Downloads\FRST64.exe 2015-12-16 22:42 - 2015-12-16 22:42 - 00000000 ____D C:\Users\Marcin\Doctor Web 2015-12-16 22:38 - 2015-12-16 23:13 - 00000000 ____D C:\WINDOWS\System32\Tasks\Doctor Web 2015-12-16 22:37 - 2015-12-16 22:37 - 00084624 _____ (Doctor Web, Ltd.) C:\WINDOWS\system32\Drivers\dw_wfp.sys.delete-later-189796 2015-12-16 22:37 - 2015-12-16 22:37 - 00000000 ____D C:\Program Files\Common Files\Doctor Web 2015-12-16 22:36 - 2015-12-16 23:13 - 00000000 ____D C:\Program Files\DrWeb 2015-12-16 22:35 - 2015-12-16 23:13 - 00000000 ____D C:\ProgramData\Doctor Web 2015-12-16 22:33 - 2015-12-09 04:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-12-16 21:43 - 2015-12-16 21:43 - 00000000 _____ C:\autoexec.bat 2015-12-16 21:37 - 2015-12-16 21:37 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys 2015-12-15 17:36 - 2015-12-15 17:36 - 00014694 _____ C:\Users\Marcin\Documents\cc_20151215_173600.reg 2015-12-15 15:51 - 2015-12-16 22:41 - 00000001 _____ C:\WINDOWS\SysWOW64\pl.html 2015-12-14 19:21 - 2015-12-14 19:21 - 00003616 _____ C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 2015-12-14 09:35 - 2015-12-16 22:45 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\TSv 2015-12-14 09:35 - 2015-12-16 22:45 - 00000000 ____D C:\Program Files (x86)\SFK 2015-12-14 09:35 - 2015-12-14 09:35 - 00000368 _____ C:\WINDOWS\SysWOW64\data.bin 2015-12-10 17:05 - 2015-12-10 17:05 - 00072390 _____ C:\Users\Marcin\Downloads\Bilet_IA00110975_11_12_2015.pdf 2015-12-04 15:59 - 2015-12-04 16:00 - 00000000 __SHD C:\System Recovery 2015-12-02 22:39 - 2015-12-02 22:39 - 00000000 ____D C:\Program Files (x86)\LG Electronics 2015-12-02 19:02 - 2015-12-10 17:17 - 00000000 ____D C:\Users\Marcin\Downloads\moduł 3 - bhp 2015-11-27 20:56 - 2015-11-27 20:56 - 00000000 ____D C:\Users\Marcin\Documents\CyberLink 2015-11-27 20:56 - 2015-11-27 20:56 - 00000000 ____D C:\Users\Marcin\AppData\Local\CyberLink 2015-11-26 19:51 - 2015-11-26 19:51 - 00270980 _____ C:\Users\Marcin\Documents\cc_20151126_195123.reg 2015-11-22 21:05 - 2015-11-22 21:05 - 00000000 ____D C:\Users\Marcin\AppData\LocalLow\Temp 2015-11-19 23:20 - 2015-11-19 23:21 - 00000000 ____D C:\Users\Marcin\Downloads\moduł 2 - prawo pracy 2015-11-19 23:19 - 2015-12-02 19:02 - 00000000 ____D C:\Users\Marcin\Downloads\moduł 1 - warsztat 2015-11-19 19:03 - 2015-12-07 20:03 - 00000000 ____D C:\Users\Marcin\Downloads\ustawy i rozporządzenia 2015-11-18 16:29 - 2015-11-18 16:29 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-11-17 23:22 - 2015-11-17 23:22 - 00000000 ____D C:\ProgramData\GG ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-17 21:58 - 2015-05-06 02:45 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2015-12-17 21:56 - 2015-07-10 10:47 - 00000000 ____D C:\Windows 2015-12-17 21:53 - 2015-11-03 21:23 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\GG 2015-12-17 21:53 - 2015-11-01 08:02 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-12-17 21:53 - 2015-10-30 19:03 - 00000000 __SHD C:\Users\Marcin\IntelGraphicsProfiles 2015-12-17 18:08 - 2015-07-30 23:42 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-17 18:08 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-17 18:05 - 2015-11-01 14:45 - 00026039 _____ C:\Users\Marcin\Desktop\wyd.xlsx 2015-12-17 08:17 - 2015-11-01 09:35 - 00004208 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ED20BE6F-2F53-431B-B756-948FA2A04F0B} 2015-12-16 23:15 - 2015-10-30 23:32 - 00000000 ____D C:\Program Files (x86)\Opera 2015-12-16 23:14 - 2015-11-01 08:08 - 01836100 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-16 23:14 - 2015-09-10 06:09 - 00813762 _____ C:\WINDOWS\system32\perfh015.dat 2015-12-16 23:14 - 2015-09-10 06:09 - 00156260 _____ C:\WINDOWS\system32\perfc015.dat 2015-12-16 23:14 - 2015-07-30 23:40 - 00000000 ____D C:\WINDOWS\INF 2015-12-16 23:10 - 2015-11-01 08:03 - 00000000 ____D C:\Users\Marcin 2015-12-16 23:10 - 2015-07-30 22:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-16 22:39 - 2015-07-10 10:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2015-12-16 22:39 - 2015-05-06 02:47 - 00000000 ____D C:\ProgramData\McAfee 2015-12-16 22:39 - 2015-05-06 02:47 - 00000000 ____D C:\Program Files\Common Files\McAfee 2015-12-16 22:10 - 2015-11-02 12:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2015-12-16 22:10 - 2015-07-30 23:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-12-16 22:10 - 2015-07-10 10:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-12-16 22:10 - 2013-08-22 14:36 - 00000000 ____D C:\Users\Default.migrated 2015-12-14 19:22 - 2015-05-06 04:44 - 00000000 ____D C:\ProgramData\Dell 2015-12-14 19:21 - 2015-05-06 02:43 - 00000000 ____D C:\Program Files\Dell 2015-12-14 18:59 - 2015-07-30 23:25 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-14 18:53 - 2015-11-01 09:35 - 00000992 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-12-14 18:52 - 2015-11-01 09:33 - 00000000 ____D C:\Users\Marcin\AppData\Local\Adobe 2015-12-14 18:51 - 2015-11-01 09:35 - 00004130 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-12-14 09:35 - 2015-11-03 20:52 - 00000000 ____D C:\ProgramData\gWMiniProg 2015-12-14 09:35 - 2015-10-30 23:33 - 00001420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-12-10 21:20 - 2015-10-30 23:34 - 00003994 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1446244429 2015-12-07 18:54 - 2015-05-06 02:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2015-12-04 22:29 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-04 15:59 - 2015-10-30 21:15 - 00000000 ____D C:\ProgramData\softthinks 2015-12-03 22:08 - 2015-10-31 17:43 - 00000000 ____D C:\Users\Marcin\AppData\Local\ElevatedDiagnostics 2015-12-02 21:35 - 2015-11-03 21:23 - 00000000 ____D C:\Users\Marcin\AppData\Local\GG 2015-12-02 19:16 - 2015-05-06 02:44 - 00000000 ____D C:\ProgramData\PCDr 2015-11-30 18:35 - 2015-07-30 22:49 - 00368864 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-11-27 20:56 - 2015-11-01 22:20 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\CyberLink 2015-11-27 20:56 - 2015-05-06 02:29 - 00000000 ____D C:\ProgramData\CyberLink 2015-11-27 15:05 - 2015-11-01 22:16 - 00000000 ____D C:\Users\Marcin\Downloads\materiały z 66 aplikacji 2015-11-26 19:51 - 2015-11-01 22:13 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\BitTorrent 2015-11-26 19:49 - 2015-11-01 21:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-23 21:00 - 2015-11-02 21:55 - 00000000 ____D C:\Users\Marcin\.oracle_jre_usage 2015-11-23 21:00 - 2015-11-02 21:55 - 00000000 ____D C:\ProgramData\Oracle 2015-11-23 21:00 - 2015-11-02 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-23 21:00 - 2015-11-02 21:55 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-23 20:59 - 2015-11-02 21:55 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-11-01 08:02 - 2015-11-01 08:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-05-06 02:33 - 2015-05-06 02:33 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-11-03 20:52 - 2015-11-03 20:52 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-05-06 02:29 - 2015-05-06 02:30 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-05-06 02:30 - 2015-05-06 02:31 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-05-06 02:31 - 2015-05-06 02:32 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-05-06 02:29 - 2015-05-06 02:29 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Niektóre pliki w TEMP: ==================== C:\Users\Marcin\AppData\Local\Temp\McCSPInstall.dll C:\Users\Marcin\AppData\Local\Temp\mccspuninstall.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-12-14 19:28 ==================== Koniec FRST.txt ============================