Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 13-09-2017 02 Uruchomiony przez Monia (administrator) KRZYŚ (15-09-2017 16:29:48) Uruchomiony z C:\Users\krzysztof\Desktop\fresdt Załadowane profile: Monia (Dostępne profile: Monia & monia_2 & Administrator) Platform: Windows 8.1 Connected (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_6\mcapexe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\2.3.322.0\McCSPServiceHost.exe (Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\22.10.1.10\nav.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe (Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\22.10.1.10\nav.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\Legacy\McClientAnalytics.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\CommonBuild\McCBEntAndInstru.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\ActWiz\mcautoreg.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-13] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKU\S-1-5-21-894481356-605578302-1186019840-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation) HKU\S-1-5-21-894481356-605578302-1186019840-1002\...\MountPoints2: {62294bc9-5f28-11e7-826a-acb57d3fb68b} - "F:\HiSuiteDownLoader.exe" ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3811B6A1-D866-436B-920B-136DED28738E}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{6093AAB9-3BA0-4FAB-987B-C220D31F6C23}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{8C6A336A-0457-4E0C-A903-85CD9DDB807F}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL14/178 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL14/178 HKU\S-1-5-21-894481356-605578302-1186019840-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL14/178 SearchScopes: HKLM -> {274BF8B5-5EB2-4E36-BC5F-47FBAE7FDC36} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {274BF8B5-5EB2-4E36-BC5F-47FBAE7FDC36} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-894481356-605578302-1186019840-1002 -> {274BF8B5-5EB2-4E36-BC5F-47FBAE7FDC36} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton AntiVirus\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton AntiVirus\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-01] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-01] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton AntiVirus\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton AntiVirus\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-04-17] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-04-17] (McAfee, Inc.) Chrome: ======= CHR Profile: C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default [2017-09-14] CHR Extension: (Prezentacje Google) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-09] CHR Extension: (Dokumenty Google) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-09] CHR Extension: (Dysk Google) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-09] CHR Extension: (YouTube) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-09] CHR Extension: (Arkusze Google) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-09] CHR Extension: (Dokumenty Google offline) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-09] CHR Extension: (Norton Identity Safe) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-09-09] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-09] CHR Extension: (Gmail) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-09] CHR Extension: (Chrome Media Router) - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-09] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [Brak podpisu cyfrowego] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-07] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [Brak podpisu cyfrowego] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-04-04] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.) S2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.) S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.) R2 NAV; C:\Program Files\Norton AntiVirus\Engine\22.10.1.10\NAV.exe [326144 2017-08-24] (Symantec Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-13] (Realtek Semiconductor) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) S2 PEFService; "C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.) R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4265984 2014-12-21] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices) R1 BHDrvx64; C:\Program Files\Norton AntiVirus\NortonData\22.10.0.85\Definitions\BASHDefs\20170906.001\BHDrvx64.sys [1862816 2017-09-06] (Symantec Corporation) R1 ccSet_NAV; C:\WINDOWS\system32\drivers\NAVx64\160A010.00A\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation) S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-04-03] (McAfee, Inc.) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-05-30] (Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-05-30] (Disc Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-09-08] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-09-08] (Symantec Corporation) R1 IDSVia64; C:\Program Files\Norton AntiVirus\NortonData\22.10.0.85\Definitions\IPSDefs\20170913.001\IDSvia64.sys [1056920 2017-09-09] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-04-03] (McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-04-03] (McAfee, Inc.) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-04-03] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518696 2017-04-03] (McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-04-03] (McAfee, Inc.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2017-04-03] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-04-03] (McAfee, Inc.) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.) S3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) S3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated) S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated) R1 SRTSP; C:\WINDOWS\System32\Drivers\NAVx64\160A010.00A\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation) R1 SRTSPX; C:\WINDOWS\system32\drivers\NAVx64\160A010.00A\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation) S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45928 2017-06-29] (SteelSeries ApS) R0 SymEFASI; C:\WINDOWS\System32\drivers\NAVx64\160A010.00A\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation) S0 SymELAM; C:\WINDOWS\System32\drivers\NAVx64\160A010.00A\SymELAM.sys [24608 2017-07-14] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-09-09] (Symantec Corporation) R1 SymIRON; C:\WINDOWS\system32\drivers\NAVx64\160A010.00A\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation) R1 SymNetS; C:\WINDOWS\System32\Drivers\NAVx64\160A010.00A\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-14 16:12 - 2017-09-14 19:40 - 000000000 ____D C:\Users\krzysztof\Desktop\fresdt 2017-09-14 15:46 - 2017-09-14 15:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2017-09-14 15:45 - 2017-09-14 15:45 - 000083052 _____ C:\Users\krzysztof\Downloads\Shortcut.txt 2017-09-14 15:43 - 2017-09-14 15:45 - 000052887 _____ C:\Users\krzysztof\Downloads\Addition.txt 2017-09-14 15:40 - 2017-09-14 15:45 - 000041361 _____ C:\Users\krzysztof\Downloads\FRST.txt 2017-09-14 15:32 - 2017-09-14 15:33 - 000000000 ____D C:\Users\krzysztof\AppData\Local\CrashDumps 2017-09-14 14:35 - 2017-09-14 19:49 - 000000000 ____D C:\FRST 2017-09-11 21:37 - 2017-09-11 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-09-11 17:54 - 2017-09-11 17:54 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-09-11 17:53 - 2017-09-11 20:18 - 000001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2017-09-11 17:53 - 2017-09-11 18:23 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-09-11 17:53 - 2017-09-11 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2017-09-11 17:53 - 2017-09-11 17:53 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-11 17:53 - 2015-10-05 09:50 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2017-09-11 17:53 - 2015-10-05 09:50 - 000064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2017-09-11 17:53 - 2015-10-05 09:50 - 000025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-09-11 17:52 - 2017-09-11 17:52 - 000000000 ____D C:\Users\krzysztof\Desktop\Malwarebytes Anti-Malware Premium 2.2.0 Premium 2017-09-11 16:59 - 2017-09-11 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2017-09-11 16:52 - 2017-09-11 16:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2017-09-11 16:51 - 2017-09-11 16:58 - 000000000 ____D C:\WINDOWS\SHELLNEW 2017-09-11 16:51 - 2017-09-11 16:51 - 000000000 ____D C:\Program Files\Microsoft Office 2017-09-11 16:51 - 2017-09-11 16:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2017-09-11 16:50 - 2017-09-11 16:50 - 000000000 ____D C:\Users\krzysztof\AppData\Local\Microsoft Help 2017-09-11 16:33 - 2017-09-11 16:34 - 000791712 _____ (Disc Soft Ltd.) C:\Users\krzysztof\Downloads\DTLiteInstaller (1).exe 2017-09-11 16:20 - 2016-03-24 23:11 - 4186341376 _____ C:\Users\krzysztof\Desktop\2w1.Office.2010.Standard.SP2.PL.x86.x64.Kwiecien.2015-NiKKA.iso 2017-09-11 16:19 - 2017-07-06 13:33 - 023011027 _____ C:\Users\krzysztof\Desktop\Malwarebytes Anti-Malware Premium 2.2.0 Premium.rar 2017-09-09 23:15 - 2017-09-09 23:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton AntiVirus 2017-09-09 23:09 - 2017-09-09 23:09 - 000003208 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2017-09-09 22:38 - 2017-09-09 22:38 - 008182736 _____ (Malwarebytes) C:\Users\krzysztof\Downloads\AdwCleaner.exe 2017-09-09 22:38 - 2017-09-09 22:38 - 008182736 _____ (Malwarebytes) C:\Users\krzysztof\Desktop\AdwCleaner.exe 2017-09-09 22:19 - 2017-09-09 23:10 - 000000000 ____D C:\Users\krzysztof\AppData\Local\NPE 2017-09-09 21:46 - 2017-09-09 21:47 - 000000000 ____D C:\WINDOWS\SysWOW64\directx 2017-09-09 21:43 - 2017-09-09 21:43 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA 2017-09-09 21:37 - 2017-09-09 21:37 - 000000000 ____D C:\Users\krzysztof\Desktop\Terraria.v1.3.5.2 2017-09-09 21:37 - 2017-09-09 21:34 - 182383251 ____R C:\Users\krzysztof\Desktop\Terraria.v1.3.5.2.rar 2017-09-09 19:23 - 2017-09-11 20:19 - 000002275 _____ C:\Users\Public\Desktop\Norton AntiVirus.lnk 2017-09-09 19:23 - 2017-09-09 19:23 - 000102568 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2017-09-09 19:23 - 2017-09-09 19:23 - 000008309 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2017-09-09 19:23 - 2017-09-09 19:23 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared 2017-09-09 19:21 - 2017-09-09 23:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\NAVx64 2017-09-09 19:21 - 2017-09-09 23:08 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus 2017-09-09 19:21 - 2017-09-09 22:20 - 000000000 ____D C:\ProgramData\Norton 2017-09-09 19:21 - 2017-09-09 19:21 - 000000000 ____D C:\Program Files\Norton AntiVirus 2017-09-09 19:16 - 2017-09-09 19:16 - 000000000 ____D C:\Program Files (x86)\NortonInstaller 2017-09-09 19:03 - 2017-09-09 19:09 - 237105616 _____ (Symantec Corporation) C:\Users\krzysztof\Downloads\NAV-ESD-Def-22.10.0.85-PL.exe 2017-09-09 18:50 - 2017-09-09 18:50 - 000000000 ____D C:\Users\krzysztof\Desktop\CCleaner Pro 5.24 PL wersja 32 i 64 bitowa Portable 2017-09-09 18:49 - 2017-09-09 19:02 - 082592192 _____ (Hewlett-Packard Company ) C:\Users\krzysztof\Downloads\sp70859.exe 2017-09-09 18:48 - 2017-09-09 18:55 - 036278896 _____ (Hewlett-Packard Company ) C:\Users\krzysztof\Downloads\sp72927.exe 2017-09-09 18:48 - 2017-09-09 18:55 - 032051024 _____ (Hewlett-Packard Company ) C:\Users\krzysztof\Downloads\sp69411.exe 2017-09-09 18:47 - 2017-09-09 18:53 - 032010872 _____ (Hewlett-Packard Company ) C:\Users\krzysztof\Downloads\sp66088.exe 2017-09-09 18:00 - 2017-09-09 18:05 - 019331428 _____ C:\Users\krzysztof\Downloads\CCleaner Pro 5.24 PL wersja 32 i 64 bitowa Portable.7z 2017-09-09 16:55 - 2017-09-09 16:55 - 000000000 ____D C:\Program Files\WinRAR 2017-09-03 15:45 - 2017-09-06 15:35 - 000000000 ____D C:\Users\krzysztof\Documents\Euro Truck Simulator 2017-09-03 15:41 - 2017-09-03 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cdp.pl 2017-09-03 15:40 - 2017-09-03 15:40 - 000000000 ____D C:\Program Files (x86)\CDP Games 2017-09-03 13:51 - 2017-09-03 13:51 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-09-03 12:38 - 2017-09-03 12:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive 2017-09-03 12:36 - 2017-09-03 12:36 - 000000000 ____D C:\Program Files (x86)\City Interactive 2017-09-01 10:47 - 2017-09-01 10:47 - 000000000 ____D C:\Users\Default\AppData\Local\Google 2017-08-31 10:58 - 2017-08-31 10:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symulator Farmy Legendarne Maszyny 2017-08-31 10:54 - 2017-09-03 13:48 - 000000000 ____D C:\Program Files (x86)\Techland ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-15 16:26 - 2015-02-06 13:54 - 000000000 ____D C:\Users\krzysztof\Documents\Youcam 2017-09-15 16:25 - 2017-05-18 14:12 - 000000000 ____D C:\Program Files (x86)\Steam 2017-09-15 16:25 - 2015-02-21 20:09 - 000000000 __RDO C:\Users\krzysztof\OneDrive 2017-09-15 16:24 - 2017-05-14 20:05 - 000000000 ____D C:\Users\krzysztof 2017-09-14 22:30 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-09-14 21:01 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-09-14 20:23 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-09-14 19:55 - 2017-05-14 20:21 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-894481356-605578302-1186019840-1002 2017-09-14 19:41 - 2013-08-22 15:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI 2017-09-14 19:40 - 2014-11-21 04:02 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2017-09-14 19:37 - 2016-08-04 15:08 - 000000000 ____D C:\Users\krzysztof\Desktop\programy 2017-09-14 19:37 - 2014-05-08 01:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2017-09-14 14:34 - 2017-07-15 20:40 - 000000000 ____D C:\AdwCleaner 2017-09-11 21:58 - 2017-05-30 07:49 - 000000000 ____D C:\Users\krzysztof\AppData\Roaming\DAEMON Tools Lite 2017-09-11 21:55 - 2014-05-08 01:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-09-11 21:55 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-09-11 20:20 - 2017-07-03 15:58 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-09-11 20:20 - 2017-05-22 14:31 - 000002098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gra zdalna PS4.lnk 2017-09-11 20:20 - 2017-05-14 20:44 - 000000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-11 20:20 - 2014-05-08 01:57 - 000001390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2017-09-11 20:20 - 2014-05-08 01:57 - 000001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2017-09-11 20:20 - 2013-10-01 00:49 - 000001602 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Control Zone (Touchpad Clickpad Trackpad Mouse).lnk 2017-09-11 20:19 - 2017-05-27 09:24 - 000001215 _____ C:\Users\krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2017-09-11 20:19 - 2017-05-14 20:12 - 000000080 _____ C:\Users\krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-09-11 20:19 - 2017-05-14 20:05 - 000000469 _____ C:\Users\krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2017-09-11 20:19 - 2017-05-14 20:05 - 000000467 _____ C:\Users\krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2017-09-11 19:45 - 2017-05-14 20:55 - 000000000 ____D C:\Program Files\Common Files\AV 2017-09-11 18:11 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-09-11 17:38 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2017-09-11 17:38 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2017-09-11 17:38 - 2013-08-22 16:44 - 000482232 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-09-11 17:38 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf 2017-09-11 17:37 - 2013-08-22 17:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2017-09-11 17:23 - 2013-08-22 15:25 - 000000199 _____ C:\WINDOWS\win.ini 2017-09-11 16:52 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-09-11 15:34 - 2013-08-22 17:20 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-09-11 15:24 - 2014-11-21 04:12 - 000000000 ____D C:\ProgramData\McAfee 2017-09-09 23:22 - 2017-05-09 09:45 - 000000000 ____D C:\Temp 2017-09-09 21:47 - 2015-09-03 12:49 - 000000000 ____D C:\Users\krzysztof\Documents\My Games 2017-09-09 19:25 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM 2017-09-09 19:13 - 2017-05-27 22:59 - 000000000 ____D C:\Users\krzysztof\AppData\Roaming\PhotoScape 2017-09-09 19:12 - 2017-06-05 10:43 - 000000000 ____D C:\WINDOWS\Minidump 2017-09-09 19:12 - 2014-04-02 12:25 - 000000000 ___DC C:\WINDOWS\Panther 2017-09-09 19:12 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2017-09-09 19:07 - 2015-02-06 13:52 - 000000000 ____D C:\Users\krzysztof\AppData\Local\Packages 2017-09-09 16:55 - 2017-06-21 08:20 - 000000000 ____D C:\Users\krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-09-09 16:55 - 2017-06-21 08:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-09-09 16:51 - 2014-05-08 10:35 - 000840738 _____ C:\WINDOWS\system32\perfh015.dat 2017-09-09 16:51 - 2014-05-08 10:35 - 000180320 _____ C:\WINDOWS\system32\perfc015.dat 2017-09-09 16:51 - 2014-03-18 11:53 - 001970710 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-09-04 12:49 - 2017-03-02 14:25 - 000000000 ____D C:\Users\krzysztof\Documents\My Cheat Tables 2017-09-03 16:33 - 2015-09-07 14:23 - 000000000 ____D C:\Users\krzysztof\Desktop\gry, piosenki i nagrania 2017-09-03 13:50 - 2017-05-31 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland 2017-09-01 12:01 - 2017-05-31 16:04 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-09-01 11:56 - 2017-05-31 16:04 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-09-01 10:53 - 2017-06-01 07:28 - 000000000 ____D C:\Users\krzysztof\AppData\Roaming\.minecraft 2017-09-01 10:47 - 2017-05-27 23:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2017-09-01 10:47 - 2016-11-18 17:59 - 000000000 ____D C:\Users\krzysztof\AppData\LocalLow\Mozilla 2017-08-29 15:54 - 2017-05-24 17:27 - 000000000 ____D C:\Users\krzysztof\AppData\Roaming\obs-studio 2017-08-28 13:33 - 2017-06-08 13:17 - 000000000 ____D C:\Users\krzysztof\Documents\Euro Truck Simulator 2 2017-08-27 14:59 - 2015-02-25 19:05 - 000000000 ____D C:\Users\krzysztof\Desktop\zuzia 2017-08-16 13:44 - 2016-07-31 17:03 - 000000000 ____D C:\Users\krzysztof\Desktop\zdjęcia ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-09-05 15:27 ==================== Koniec FRST.txt ============================