Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:20-12-2015 Uruchomiony przez JAA (administrator) JAA_R580 (23-12-2015 00:05:24) Uruchomiony z D:\Pobierane Załadowane profile: JAA (Dostępne profile: JAA) Platform: Windows 10 Home (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd.) C:\Windows\V0770Mon.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14030080 2015-09-13] (Realtek Semiconductor) HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-11-10] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110008 2015-09-13] (CyberLink) HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2015-09-18] (Creative Technology Ltd) HKLM-x32\...\Run: [FastAccess Web Alert] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe [2033648 2015-09-18] (Microsoft) HKLM-x32\...\Run: [V0770Mon.exe] => C:\Windows\V0770Mon.exe HKU\S-1-5-21-3450215031-3558083040-3416132976-1001\...\Run: [Power2GoExpress10] => C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe [3005368 2015-09-13] (CyberLink Corp.) HKU\S-1-5-21-3450215031-3558083040-3416132976-1001\...\MountPoints2: {76151116-599e-11e5-9bc2-806e6f6e6963} - "F:\inicio_Win.exe" ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{a0931778-1aa7-43d5-b5ea-31c4aa35efb9}: [NameServer] 156.154.70.25,156.154.71.25 Tcpip\..\Interfaces\{d613909e-3058-419f-b116-0c6f679812a3}: [NameServer] 156.154.70.25,156.154.71.25 Tcpip\..\Interfaces\{d613909e-3058-419f-b116-0c6f679812a3}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-18] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-18] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-18] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-18] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-18] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-18] (Microsoft Corporation) FF SearchPlugin: C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default\searchplugins\firefox-add-ons.xml [2015-12-20] FF SearchPlugin: C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default\searchplugins\szukaj-chomikuj.xml [2015-12-20] FF SearchPlugin: C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default\searchplugins\youtube.xml [2015-10-12] FF Extension: Xmarks - C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default\extensions\foxmarks@kei.com [2015-09-13] FF Extension: Download Manager Tweak - C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2015-09-13] FF Extension: Google Translator for Firefox - C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default\extensions\translator@zoli.bod.xpi [2015-09-13] FF Extension: FastestFox - C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default\extensions\smarterwiki@wikiatic.com.xpi [2015-09-13] FF Extension: NoScript - C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-24] FF Extension: Flashblock - C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-12-01] FF Extension: Brak nazwy - C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default\Extensions\@chomikuj.xpi [2015-12-20] [Brak podpisu cyfrowego] FF Extension: Adblock Plus - C:\Users\JAA\AppData\Roaming\Mozilla\Firefox\Profiles\fkw1lhqk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-18] (Microsoft Corporation) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-13] (COMODO) R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-11-10] (NVIDIA Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-11-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-11-10] (NVIDIA Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-07-10] (Qualcomm Atheros Communications, Inc.) R3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [103176 2015-09-13] (CyberLink) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO) R3 cpuz138; C:\Users\JAA\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2015-12-22] (CPUID) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-11-11] (NVIDIA Corporation) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 V0770Vid; C:\Windows\system32\DRIVERS\V0770Vid.sys [390136 2015-09-18] (Creative Technology Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R3 ykinw8; C:\Windows\System32\drivers\ykinx64.sys [288768 2015-07-10] (Marvell) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-23 00:02 - 2015-12-23 00:05 - 00000000 ____D C:\FRST 2015-12-22 23:15 - 2015-12-22 23:15 - 00016148 _____ C:\Windows\system32\JAA_R580_JAA_HistoryPrediction.bin 2015-12-20 22:13 - 2015-12-20 22:13 - 00000000 ____D C:\Users\JAA\Documents\Niestandardowe szablony pakietu Office 2015-12-20 21:48 - 2015-12-20 21:48 - 01081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx 2015-12-20 21:48 - 2015-12-20 21:48 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx 2015-12-20 21:48 - 2015-12-20 21:48 - 00000000 ____D C:\ProgramData\PhotoME 2015-12-20 21:48 - 2015-12-20 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoME Beta-Release 2015-12-20 21:48 - 2015-12-20 21:48 - 00000000 ____D C:\Program Files (x86)\PhotoMEBeta 2015-12-19 22:15 - 2015-12-20 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-19 21:54 - 2015-12-20 09:53 - 00000000 ____D C:\AdwCleaner 2015-12-08 20:48 - 2015-12-08 20:48 - 24592384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-08 20:48 - 2015-12-08 20:48 - 21872640 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2015-12-08 20:48 - 2015-12-08 20:48 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-08 20:48 - 2015-12-08 20:48 - 18801664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2015-12-08 20:48 - 2015-12-08 20:48 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-08 20:48 - 2015-12-08 20:48 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-08 20:48 - 2015-12-08 20:48 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-08 20:48 - 2015-12-08 20:48 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2015-12-08 20:48 - 2015-12-08 20:48 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-08 20:48 - 2015-12-08 20:48 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll 2015-12-08 20:48 - 2015-12-08 20:48 - 01795584 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll 2015-12-08 20:48 - 2015-12-08 20:48 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2015-12-08 20:48 - 2015-12-08 20:48 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2015-12-08 20:47 - 2015-12-08 20:47 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 05455360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 04792320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-12-08 20:47 - 2015-12-08 20:47 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2015-12-08 20:47 - 2015-12-08 20:47 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 02350592 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2015-12-08 20:47 - 2015-12-08 20:47 - 01822280 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 01710592 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 01649152 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 01532984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 01442816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 01366680 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 01310880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00929792 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00849408 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe 2015-12-08 20:47 - 2015-12-08 20:47 - 00786432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe 2015-12-08 20:47 - 2015-12-08 20:47 - 00774656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2015-12-08 20:47 - 2015-12-08 20:47 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00474624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00168288 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe 2015-12-08 20:47 - 2015-12-08 20:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-08 20:47 - 2015-12-08 20:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\EthernetMediaManager.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\DAMediaManager.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00113184 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00092992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2015-12-08 20:47 - 2015-12-08 20:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2015-12-08 20:47 - 2015-12-08 20:47 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\gpuenergydrv.sys 2015-12-08 20:47 - 2015-12-08 20:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL 2015-12-08 20:47 - 2015-12-08 20:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-08 20:47 - 2015-12-08 20:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-08 20:47 - 2015-12-08 20:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-08 20:47 - 2015-12-08 20:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL 2015-12-08 20:47 - 2015-12-08 20:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-08 20:47 - 2015-12-08 20:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-08 20:47 - 2015-11-25 03:52 - 00775312 _____ C:\Windows\SysWOW64\locale.nls 2015-12-08 20:47 - 2015-11-25 03:52 - 00775312 _____ C:\Windows\system32\locale.nls 2015-12-05 18:26 - 2015-12-05 18:26 - 00000000 ____D C:\Users\JAA\AppData\Local\ElevatedDiagnostics 2015-11-26 22:51 - 2015-11-26 22:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-11-24 23:48 - 2015-11-24 23:48 - 00002513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2015-11-24 23:48 - 2015-11-24 23:48 - 00002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2015-11-24 23:48 - 2015-11-24 23:48 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2015-11-24 23:48 - 2015-11-24 23:48 - 00002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2015-11-24 23:48 - 2015-11-24 23:48 - 00002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2015-11-24 23:48 - 2015-11-24 23:48 - 00002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2015-11-24 23:48 - 2015-11-24 23:48 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2015-11-24 23:48 - 2015-11-24 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Narzędzia pakietu Microsoft Office 2016 2015-11-24 23:47 - 2015-11-24 23:48 - 00000000 ____D C:\Program Files\Microsoft Office 15 ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-23 00:02 - 2015-09-15 21:38 - 00032716 _____ C:\Windows\system32\Drivers\fvstore.dat 2015-12-23 00:02 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-12-23 00:00 - 2015-09-13 00:51 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat 2015-12-22 23:38 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness 2015-12-22 23:24 - 2015-09-17 02:05 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-22 22:32 - 2015-09-13 01:12 - 00000000 __RHD C:\Users\JAA\Desktop\Ikonki 2015-12-22 22:31 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-22 01:04 - 2015-07-10 10:05 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-22 01:03 - 2015-09-12 23:55 - 00000000 ____D C:\Users\JAA 2015-12-22 00:07 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-20 23:27 - 2015-09-13 00:18 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT 2015-12-20 19:13 - 2015-09-13 00:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-19 22:07 - 2015-09-13 00:34 - 00000000 ____D C:\Windows\Panther 2015-12-19 22:07 - 2015-07-10 12:02 - 00000000 ____D C:\Windows\INF 2015-12-19 21:56 - 2015-10-10 13:51 - 00000000 ___HD C:\Users\JAA\Desktop\Clean & Optym 2015-12-18 22:20 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\NDF 2015-12-18 16:06 - 2015-07-10 12:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-12-18 16:04 - 2015-09-13 12:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-12-16 23:10 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\rescache 2015-12-12 12:32 - 2015-09-12 23:47 - 02175994 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-12 12:32 - 2015-07-10 17:30 - 01062932 _____ C:\Windows\system32\perfh015.dat 2015-12-12 12:32 - 2015-07-10 17:30 - 00242580 _____ C:\Windows\system32\perfc015.dat 2015-12-10 23:42 - 2015-09-12 23:55 - 00000000 ____D C:\Users\JAA\AppData\Local\Packages 2015-12-10 23:34 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp 2015-12-10 23:27 - 2015-07-10 13:20 - 00342200 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-09 12:11 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\oobe 2015-12-09 11:31 - 2015-09-13 00:51 - 00000000 ____D C:\Windows\system32\MRT 2015-12-09 11:26 - 2015-09-13 00:51 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-08 20:40 - 2015-10-01 01:33 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-08 20:40 - 2015-10-01 01:33 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-06 09:25 - 2015-09-13 00:18 - 00000020 ____H C:\ProgramData\PKP_DLev.DAT 2015-12-06 09:03 - 2015-09-15 23:07 - 00000000 ____D C:\Windows\Minidump 2015-12-06 08:08 - 2015-09-13 14:48 - 00000000 ____D C:\Users\JAA\AppData\Local\GHISLER 2015-11-26 22:51 - 2015-09-13 14:44 - 00000000 ____D C:\Users\JAA\AppData\Roaming\Nikon 2015-11-24 23:51 - 2015-09-12 23:58 - 00002376 _____ C:\Users\JAA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-11-24 23:51 - 2015-09-12 23:58 - 00000000 ___RD C:\Users\JAA\OneDrive ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-09-13 00:18 - 2015-09-13 00:18 - 0000268 ___RH () C:\Users\JAA\AppData\Roaming\LaunchAgents 2015-09-13 00:18 - 2015-09-13 00:18 - 0000268 ___RH () C:\Users\JAA\AppData\Roaming\Legacy 2015-09-13 00:18 - 2015-09-13 00:18 - 0000268 ___RH () C:\Users\JAA\AppData\Roaming\Libraries 2015-09-13 00:46 - 2015-09-13 00:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-09-13 00:18 - 2015-09-13 00:18 - 0000268 ___RH () C:\ProgramData\Light Machine 2015-09-13 00:18 - 2015-09-13 00:18 - 0000268 ___RH () C:\ProgramData\Limiter 2015-09-13 00:18 - 2015-09-13 00:18 - 0000268 ___RH () C:\ProgramData\Logs 2015-09-13 00:18 - 2015-09-13 00:18 - 0000012 ___RH () C:\ProgramData\Metadata Importer 2015-09-13 00:18 - 2015-09-13 00:18 - 0000012 ___RH () C:\ProgramData\Nature 2015-09-13 00:18 - 2015-09-13 00:18 - 0000012 ___RH () C:\ProgramData\NetServices 2015-09-13 00:18 - 2015-09-13 00:18 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2015-09-13 00:18 - 2015-12-20 23:27 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2015-09-13 00:18 - 2015-12-06 09:25 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT Niektóre pliki w TEMP: ==================== C:\Users\JAA\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-12-16 18:17 ==================== Koniec FRST.txt ============================