Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:25-04-2016 Uruchomiony przez SYSTEM MININT-08U4PQC (26-05-2016 09:19:08) Uruchomiony z H:\ Platform: Windows 10 Pro (X64) Język: Polski (Polska) Internet Explorer Wersja 11 Tryb startu: Recovery Domyślne: ControlSet001 [b]UWAGA!:=====> Jeśli system uruchamia się, FRST należy uruchomić z poziomu Trybu awaryjnego lub normalnego w celu utworzenia kompletnego raportu.[/b] Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-27] (Realtek Semiconductor) HKLM\...\Run: [Ashampoo HDD Control 3 Guard] => C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 3 Corporate\HDDC3Guard.exe [3389312 2014-11-21] (Ashampoo Development GmbH & Co. KG) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET) HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-24] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation) HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112512 2015-06-12] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation) HKU\Jacek\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\Jacek\...\Policies\Explorer: [NoInstrumentation] 1 BootExecute: autocheck autochk * ROBoot64 \??\C:\WINDOWS\system32\ASOROSet.bin ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 appdrvrem01; C:\WINDOWS\System32\appdrvrem01.exe [551896 2015-09-08] (Protection Technology) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 3 Corporate\DfSdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET) S4 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [23504 2014-12-25] (Micro-Star Int'l Co., Ltd.) S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-24] (NVIDIA Corporation) S3 HDDC3Service; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 3 Corporate\HDDC3Service.exe [322432 2014-11-21] () S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) S4 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1733072 2015-01-27] (Micro-Star INT'L CO., LTD.) S2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-22] (Apache Software Foundation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-24] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-24] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-24] (NVIDIA Corporation) S2 p2csvc; C:\WINDOWS\System32\p2csvc.exe [107008 2014-05-23] (Panasonic Corporation) S2 p2csvc32; C:\WINDOWS\SysWOW64\p2csvc32.exe [190464 2014-05-23] (Panasonic Corporation) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [984768 2015-07-16] (@ByELDI) S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) S3 DAUpdaterSvc; H:\SteamLibrary\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [33872 2013-10-12] (AnvSoft Inc.) S1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [2715824 2015-09-08] (Protection Technology) S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-24] (Disc Soft Ltd) S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [530416 2015-06-19] (Intel Corporation) S3 e1rexpress; C:\Windows\system32\DRIVERS\e1r65x64.sys [486344 2015-04-21] (Intel Corporation) S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-02-23] (ESET) S5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-02-23] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-02-23] (ESET) S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2015-02-23] (ESET) S1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2015-02-23] (ESET) S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-02-23] (ESET) S3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] () S3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] () S3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] () S3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185600 2015-10-08] (Intel Corporation) S3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-22] () S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-03-24] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation) S3 p2cache; C:\Windows\system32\DRIVERS\p2cache.sys [59392 2013-02-01] (Panasonic Corporation) S3 p2cata; C:\Windows\System32\drivers\p2cata.sys [46592 2013-02-22] (Panasonic Corporation) S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated) S3 tapoas; C:\Windows\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 dg_ssudbus; \SystemRoot\system32\DRIVERS\ssudbus.sys [X] S3 idsvc; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-29 11:50 - 2016-04-29 11:50 - 00250164 _____ C:\Users\Jacek\Documents\PIT-37(22)_v1-0E_2015.pdf 2016-04-29 11:48 - 2016-04-29 11:48 - 00002741 _____ C:\Users\Jacek\Documents\PIT-37_20160429_124830.xml 2016-04-26 17:56 - 2016-05-10 13:10 - 00000000 ____D C:\FRST 2016-04-26 14:50 - 2016-05-10 13:12 - 00000000 _____ C:\Recovery.txt ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\hash.dat ==================== Known DLLs (filtrowane) ========================= [2015-10-30 08:17] - [2015-10-30 08:17] - 0442720 ____A (Microsoft Corporation) C:\Windows\System32\coml2.dll [2015-10-30 08:18] - [2015-10-30 08:18] - 0358240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\coml2.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\System32\winlogon.exe [2016-02-13 18:32] - [2016-02-13 18:32] - 0584704 ____A (Microsoft Corporation) 7B24B823404D53DA4748F21AD2BF04C9 C:\Windows\System32\wininit.exe [2015-10-30 08:17] - [2015-10-30 08:17] - 0290856 ____A (Microsoft Corporation) CAD491DD9EC00BB841EA407D9C498C4A C:\Windows\explorer.exe [2016-02-13 18:32] - [2016-02-13 18:32] - 4502352 ____A (Microsoft Corporation) 95D730526EF81792CD6848D8D10FAA1C C:\Windows\SysWOW64\explorer.exe [2016-02-13 18:32] - [2016-02-13 18:32] - 4064320 ____A (Microsoft Corporation) FCBCED2A237DCD7EF86CED551B731742 C:\Windows\System32\svchost.exe [2015-10-30 08:17] - [2015-10-30 08:17] - 0043944 ____A (Microsoft Corporation) 8497852ED44AFF902D502015792D315D C:\Windows\SysWOW64\svchost.exe [2015-10-30 08:18] - [2015-10-30 08:18] - 0037256 ____A (Microsoft Corporation) 6A1212077C0559029CDFB9C39580C835 C:\Windows\System32\services.exe [2016-02-13 18:32] - [2016-02-13 18:32] - 0440152 ____A (Microsoft Corporation) 6FF8248F3A9D69A095C7F3F42BC29CB2 C:\Windows\System32\User32.dll [2016-02-13 18:32] - [2016-02-13 18:32] - 1399224 ____A (Microsoft Corporation) DD97EF0AE9224B8C1161736E033C03F1 C:\Windows\SysWOW64\User32.dll [2016-02-13 18:32] - [2016-02-13 18:32] - 1337240 ____A (Microsoft Corporation) B8C4EFAA6AAED98E6B5AB57CAFA489B9 C:\Windows\System32\userinit.exe [2015-10-30 08:17] - [2015-10-30 08:17] - 0030720 ____A (Microsoft Corporation) 8F3ECCB5DC878FA14887B43CD148CBA9 C:\Windows\SysWOW64\userinit.exe [2015-10-30 08:18] - [2015-10-30 08:18] - 0026112 ____A (Microsoft Corporation) A878CF325C93723B5017642E6FDB80E8 C:\Windows\System32\rpcss.dll [2015-10-30 08:17] - [2015-10-30 08:17] - 0904704 ____A (Microsoft Corporation) B339861C6A2A86FBCA67C2006B461473 C:\Windows\System32\dnsapi.dll [2016-04-21 00:39] - [2016-03-29 11:11] - 0686976 ____A (Microsoft Corporation) 9A3E17CDB177913C2A111C80F3D0DBB4 C:\Windows\SysWOW64\dnsapi.dll [2016-04-21 00:39] - [2016-03-29 10:28] - 0535080 ____A (Microsoft Corporation) 6A7ACABAE92C837F5C1330188EAE36AE C:\Windows\System32\Drivers\volsnap.sys [2015-10-30 08:17] - [2015-10-30 08:17] - 0414560 ____A (Microsoft Corporation) E1F91A727A04C9F8199D04FF3BBBF63C ==================== EXE - Powiązania (filtrowane) ============= ==================== Punkty Przywracania systemu ========================= ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: path \bootmgr description Windows Boot Manager locale pl-PL inherit {globalsettings} resumeobject {13453802-0bbb-11e6-b73f-806e6f6e6963} displayorder {710f3369-1f91-4580-b0c8-0950c70d7ab2} {fdc64386-0bc1-11e6-b8c3-94de806b5115} toolsdisplayorder {memdiag} timeout 3 Windows Boot Loader ------------------- identifier {710f3369-1f91-4580-b0c8-0950c70d7ab2} device partition=C: path \Windows\system32\winload.exe description Windows 10 locale pl-PL inherit {bootloadersettings} {globalsettings} osdevice partition=C: systemroot \Windows resumeobject {40d2b69e-548f-4c66-96a0-caaeb9c04144} Windows Boot Loader ------------------- identifier {fdc64386-0bc1-11e6-b8c3-94de806b5115} device partition=D: path \Windows\system32\winload.exe description Windows 7 Ultimate locale pl-PL osdevice partition=D: systemroot \Windows resumeobject {13453802-0bbb-11e6-b73f-806e6f6e6963} bootmenupolicy Legacy Resume from Hibernate --------------------- identifier {13453802-0bbb-11e6-b73f-806e6f6e6963} device partition=D: path \Windows\system32\winresume.exe description Windows 7 Ultimate locale pl-PL inherit {resumeloadersettings} filedevice partition=D: filepath \hiberfil.sys debugoptionenabled No Resume from Hibernate --------------------- identifier {1b4585e2-0bb2-11e6-9ae6-806e6f6e6963} device partition=D: path \Windows\system32\winresume.exe description Windows 7 Ultimate locale pl-PL inherit {resumeloadersettings} filedevice partition=D: filepath \hiberfil.sys debugoptionenabled No Resume from Hibernate --------------------- identifier {40d2b69e-548f-4c66-96a0-caaeb9c04144} device boot path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice boot filepath \hiberfil.sys pae No debugoptionenabled No Resume from Hibernate --------------------- identifier {feee058c-b237-11e3-9ab0-d57d4f9c0469} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale pl-PL inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Diagnostyka pami©ci systemu Windows locale pl-PL inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} ==================== Statystyki pamięci =========================== Procent pamięci w użyciu: 9% Całkowita pamięć fizyczna: 8142.13 MB Dostępna pamięć fizyczna: 7335.45 MB Całkowita pamięć wirtualna: 8142.13 MB Dostępna pamięć wirtualna: 7387.17 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:118.45 GB) (Free:27.11 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: (Szybka Tera) (Fixed) (Total:931.51 GB) (Free:338.38 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive g: (Półtorak) (Fixed) (Total:1397.26 GB) (Free:315.34 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive h: (OS_Setup_USB) (Removable) (Total:14.9 GB) (Free:11.77 GB) NTFS Drive i: () (Fixed) (Total:488.18 GB) (Free:10.98 GB) NTFS Drive j: (Nowy) (Fixed) (Total:1374.73 GB) (Free:112.52 GB) NTFS Drive k: () (Fixed) (Total:0.79 GB) (Free:0.34 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS Drive y: (Wolna Tera) (Fixed) (Total:931.51 GB) (Free:83.43 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 08857BA5) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 790D4AE6) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: A2B3B727) Partition 1: (Active) - (Size=118.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=807 MB) - (Type=27) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3FC221E5) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1374.7 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 2634FACC) Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 14.9 GB) (Disk ID: 6BFD61F0) Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS) LastRegBack: 2016-04-20 02:57 ==================== Koniec FRST.txt ============================