Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 29-01-2017 Uruchomiony przez Admin (administrator) LAPTOP-GAQ0U3RV (30-01-2017 15:24:48) Uruchomiony z C:\Users\Admin\Downloads Załadowane profile: Admin & weronika & basia (Dostępne profile: Admin & weronika & basia) Platform: Windows 10 Home Wersja 1511 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Edge) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McAMTaskAgent.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\fodhelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (SweetLabs, Inc) C:\Users\Admin\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\wuapihost.exe (Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-03] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455304 2016-10-02] (Power Software Ltd) ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated) ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated) ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{15469504-9291-48c6-8788-61e8b783ca1b}: [DhcpNameServer] 40.32.1.55 Tcpip\..\Interfaces\{800d3ae5-2b30-4c91-957a-830e93b7279a}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-481586451-2630524356-107470584-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE HKU\S-1-5-21-481586451-2630524356-107470584-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE HKU\S-1-5-21-481586451-2630524356-107470584-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE HKU\S-1-5-21-481586451-2630524356-107470584-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE HKU\S-1-5-21-481586451-2630524356-107470584-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE HKU\S-1-5-21-481586451-2630524356-107470584-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation) BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-09-23] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-09-23] (McAfee, Inc.) FireFox: ======== FF DefaultProfile: vndj86mh.default FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vndj86mh.default [2017-01-30] FF Homepage: Mozilla\Firefox\Profiles\vndj86mh.default -> hxxps://www.google.com FF Extension: (Amazon Assistant for Firefox) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vndj86mh.default\Extensions\abb-acer@amazon.com [2016-12-24] FF Extension: (Polski Language Pack) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vndj86mh.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-01-30] FF Extension: (Mozilla Partner Defaults) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vndj86mh.default\Extensions\partnerdefaults@mozilla.com [2016-12-24] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-19] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-12-28] [Brak podpisu cyfrowego] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-09-23] () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-09-23] () FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] () Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [326392 2015-11-27] (Windows (R) Win 7 DDK provider) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3019968 2016-12-04] (Microsoft Corporation) R2 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [459248 2016-08-10] (Intel Corporation) S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2016-07-01] (Dashlane, Inc.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-06-01] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [324592 2016-08-10] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [Brak podpisu cyfrowego] R2 IntelSSTSvc; C:\Windows\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-05] (Intel Corporation) S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [Brak podpisu cyfrowego] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-17] (Intel Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2016-12-12] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [353128 2015-11-27] (McAfee, Inc.) R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc.) R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-07-29] (Acer Incorporated) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-07-29] (Acer Incorporated) S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [295840 2016-05-27] (acer) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-08-02] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) S3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84280 2016-05-15] (Intel Corporation) R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185144 2016-05-16] (Intel Corporation) S3 iaLPSS2_SPI; C:\Windows\System32\drivers\iaLPSS2_SPI.sys [152376 2016-05-15] (Intel Corporation) S3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281400 2016-05-15] (Intel Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2016-07-29] (Acer Incorporated) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-08-02] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-08-02] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-08-02] (McAfee, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation) R3 Qcamain10x64; C:\Windows\system32\DRIVERS\Qcamain10x64.sys [2381112 2016-03-24] (Qualcomm Atheros, Inc.) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2016-07-29] (Acer Incorporated) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek ) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation) R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57448 2015-10-22] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U0 aswVmm; Brak ImagePath S3 mfeavfk01; \Device\mfeavfk01.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-30 15:24 - 2017-01-30 15:25 - 00021967 _____ C:\Users\Admin\Downloads\FRST.txt 2017-01-30 15:24 - 2017-01-30 15:24 - 00000000 ____D C:\FRST 2017-01-30 14:16 - 2017-01-30 15:23 - 02420736 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2017-01-30 13:45 - 2017-01-30 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-01-29 18:01 - 2017-01-29 18:02 - 30533688 _____ C:\Users\Admin\Downloads\vlc-2.2.4-win32.exe 2017-01-26 17:57 - 2017-01-30 12:29 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse 2017-01-26 17:57 - 2017-01-29 17:13 - 00004208 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse 2017-01-23 18:57 - 2017-01-23 19:07 - 00000000 ____D C:\Users\basia\AppData\LocalLow\Mozilla 2017-01-23 18:56 - 2017-01-23 19:03 - 00000000 ____D C:\Users\basia\AppData\Local\Mozilla 2017-01-23 18:56 - 2017-01-23 18:56 - 00000000 ____D C:\Users\basia\AppData\Roaming\Mozilla 2017-01-23 16:51 - 2017-01-23 16:51 - 00000214 _____ C:\Users\weronika\Desktop\httpsplay.google.comstore.URL 2017-01-23 16:42 - 2017-01-27 15:56 - 00000000 ____D C:\Users\weronika\AppData\LocalLow\Mozilla 2017-01-23 16:39 - 2017-01-23 16:39 - 00003368 _____ C:\Windows\System32\Tasks\{625D6F7C-ABE0-4B19-A3D7-CAF218B86A20} 2017-01-23 16:38 - 2017-01-24 18:02 - 00000000 ____D C:\Users\Admin\Documents\SolidWorks Downloads 2017-01-23 16:38 - 2017-01-23 16:38 - 00000000 ____D C:\Windows\SolidWorks 2017-01-23 16:38 - 2017-01-23 16:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\SolidWorks 2017-01-23 16:32 - 2017-01-23 16:33 - 00334644 _____ C:\Windows\Minidump\012317-19515-01.dmp 2017-01-23 10:27 - 2017-01-27 16:10 - 00000000 ___RD C:\Users\weronika\Desktop\Weronika 2017-01-22 11:45 - 2017-01-23 16:32 - 562844583 _____ C:\Windows\MEMORY.DMP 2017-01-22 11:45 - 2017-01-23 16:32 - 00000000 ____D C:\Windows\Minidump 2017-01-22 11:45 - 2017-01-22 11:45 - 00346708 _____ C:\Windows\Minidump\012217-21312-01.dmp 2017-01-21 11:57 - 2017-01-21 11:57 - 00586694 _____ C:\Users\Admin\Downloads\Map World Atlas ebook.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-30 15:16 - 2016-12-21 21:24 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps 2017-01-30 13:55 - 2016-12-28 21:57 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla 2017-01-30 13:52 - 2016-10-19 20:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-30 13:45 - 2016-12-03 07:38 - 00003508 _____ C:\Windows\System32\Tasks\DashlaneUpgradeCheck 2017-01-30 13:43 - 2016-12-28 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-30 13:42 - 2016-12-05 01:36 - 00000000 __SHD C:\Users\Admin\IntelGraphicsProfiles 2017-01-30 12:35 - 2016-12-05 01:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Host App Service 2017-01-30 09:20 - 2016-12-24 14:51 - 00000000 ____D C:\Users\weronika\AppData\Local\Host App Service 2017-01-30 09:13 - 2016-12-24 14:52 - 00000000 __SHD C:\Users\weronika\IntelGraphicsProfiles 2017-01-30 08:49 - 2016-12-26 16:58 - 00000000 ____D C:\Users\basia\AppData\Local\CrashDumps 2017-01-30 08:08 - 2016-12-26 16:37 - 00000000 ____D C:\Users\basia\AppData\Local\Host App Service 2017-01-30 08:05 - 2016-12-26 16:37 - 00000000 __SHD C:\Users\basia\IntelGraphicsProfiles 2017-01-30 08:03 - 2016-02-13 14:14 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-29 18:31 - 2015-10-30 07:28 - 00786432 ___SH C:\Windows\system32\config\BBI 2017-01-29 17:46 - 2016-02-13 14:20 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-01-26 17:58 - 2016-08-03 05:49 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-01-26 17:57 - 2015-10-30 07:28 - 00032768 ___SH C:\Windows\system32\config\ELAM 2017-01-26 08:04 - 2016-12-26 16:37 - 00000000 ____D C:\Users\basia 2017-01-24 17:56 - 2016-10-19 20:52 - 00000000 ____D C:\ProgramData\Acer 2017-01-24 17:56 - 2016-10-19 18:45 - 00819340 _____ C:\Windows\system32\perfh015.dat 2017-01-24 17:56 - 2016-10-19 18:45 - 00158506 _____ C:\Windows\system32\perfc015.dat 2017-01-24 17:56 - 2016-08-03 05:57 - 01849016 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-24 17:56 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF 2017-01-23 16:57 - 2016-12-24 14:52 - 00000000 ____D C:\Users\weronika\AppData\Local\Packages 2017-01-23 16:55 - 2016-12-24 15:01 - 00000000 ____D C:\Users\weronika\AppData\Local\CrashDumps 2017-01-23 16:40 - 2016-12-24 14:51 - 00000000 ____D C:\Users\weronika 2017-01-23 16:33 - 2016-12-05 01:35 - 00000000 ____D C:\Users\Admin 2017-01-22 13:59 - 2016-12-05 01:36 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages 2017-01-22 12:40 - 2016-12-25 12:36 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-21 11:39 - 2016-12-26 01:49 - 00003290 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-21 11:39 - 2016-12-05 01:39 - 00002456 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-21 11:39 - 2016-12-05 01:39 - 00000000 ___RD C:\Users\Admin\OneDrive 2017-01-20 01:34 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\MsDtc 2017-01-19 16:44 - 2016-12-24 14:59 - 00002465 _____ C:\Users\weronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-19 16:44 - 2016-12-24 14:59 - 00000000 ___RD C:\Users\weronika\OneDrive 2017-01-19 16:40 - 2016-12-26 16:43 - 00002456 _____ C:\Users\basia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-19 16:40 - 2016-12-26 16:43 - 00000000 ___RD C:\Users\basia\OneDrive ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-10-19 19:58 - 2016-10-19 19:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Niektóre pliki w TEMP: ==================== 2016-12-24 14:06 - 2016-12-24 14:08 - 58523032 _____ (SweetLabs,Inc.) C:\Users\Admin\AppData\Local\Temp\oct2E87.tmp.exe 2016-12-26 16:40 - 2016-12-27 13:27 - 58523032 _____ (SweetLabs,Inc.) C:\Users\basia\AppData\Local\Temp\oct3C30.tmp.exe 2016-12-25 10:31 - 2016-12-25 10:33 - 58523032 _____ (SweetLabs,Inc.) C:\Users\weronika\AppData\Local\Temp\oct8E00.tmp.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-01-30 13:29 ==================== Koniec FRST.txt ============================