Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 13.01.2018 01 Uruchomiony przez Zod (administrator) LAPTOP (14-01-2018 14:50:31) Uruchomiony z D:\Pobrane Załadowane profile: Zod (Dostępne profile: Zod) Platform: Windows 10 Home Wersja 1709 16299.64 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Datpol) C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125173.inf_amd64_6f141e257f4fffee\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Arcabit) C:\Program Files\Arcabit\bin\arcasv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125173.inf_amd64_6f141e257f4fffee\IntelCpHDCPSvc.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125173.inf_amd64_6f141e257f4fffee\IntelCpHeciSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Arcabit) C:\Program Files\Arcabit\bin\arcamon.exe () C:\Program Files\Arcabit\bin\scanenginecon.exe (Arcabit) C:\Program Files\Arcabit\bin\awsc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125173.inf_amd64_6f141e257f4fffee\igfxEM.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Datpol) C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe (Arcabit) C:\Program Files\Arcabit\bin\arcamenu.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Windows\System32\MdRes.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-05-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489376 2017-05-25] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-06-09] (Intel Corporation) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1189744 2017-06-27] (Waves Audio Ltd.) HKLM\...\Run: [SpyShelter] => C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe [3755264 2018-01-08] (Datpol) HKLM\...\Run: [arcamenu] => C:\Program Files\Arcabit\bin\arcamenu.exe [388288 2018-01-12] (Arcabit) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA GroupPolicy: Ograniczenia <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 89.231.1.206 217.172.224.160 192.168.1.1 Tcpip\..\Interfaces\{e8c97b7e-8df8-4fe8-b457-96b1c1cd3c6f}: [DhcpNameServer] 89.231.1.206 217.172.224.160 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-262468516-1371124315-1426830773-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA HKU\S-1-5-21-262468516-1371124315-1426830773-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.pl HKU\S-1-5-21-262468516-1371124315-1426830773-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl HKU\S-1-5-21-262468516-1371124315-1426830773-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE HKU\S-1-5-21-262468516-1371124315-1426830773-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.google.pl FireFox: ======== FF DefaultProfile: eose00tq.default-1514367045594 FF ProfilePath: C:\Users\Zod\AppData\Roaming\Mozilla\Firefox\Profiles\eose00tq.default-1514367045594 [2018-01-14] FF Extension: (Disable WebRTC) - C:\Users\Zod\AppData\Roaming\Mozilla\Firefox\Profiles\eose00tq.default-1514367045594\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2017-12-27] FF Extension: (uBlock Origin) - C:\Users\Zod\AppData\Roaming\Mozilla\Firefox\Profiles\eose00tq.default-1514367045594\Extensions\uBlock0@raymondhill.net.xpi [2017-12-27] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 arcabitsv; C:\Program Files\Arcabit\bin\arcasv.exe [215392 2018-01-12] (Arcabit) S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [312864 2017-07-20] (Dell Inc.) S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232296 2017-08-07] (Dell Inc.) R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [1700968 2017-05-11] (Intel Corporation) S4 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413720 2017-06-10] (Intel Corporation) S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-06-09] (Intel Corporation) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542392 2017-10-18] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation) R2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-10-24] () S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2017-09-25] (CloudBees, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-05-25] (Realtek Semiconductor) R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [1909448 2017-09-25] (Rivet Networks) R2 SpyShelterSrv; C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe [61184 2018-01-08] (Datpol) S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2150120 2017-03-16] (Intel Corporation) R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [828792 2017-06-27] (Waves Audio Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-10-24] (Intel® Corporation) S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{C20A0679-BE60-4310-9683-B8DB916C5C88} R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 ArcaFsAv; C:\WINDOWS\System32\DRIVERS\arcafsav.sys [44880 2018-01-14] () R1 arcawfp; C:\WINDOWS\System32\drivers\arcawfp.sys [96352 2018-01-12] (Windows (R) Win 7 DDK provider) S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74168 2017-05-11] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69560 2017-05-11] (Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382392 2017-05-11] (Intel Corporation) R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54816 2017-06-12] (Intel Corporation) R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2017-11-30] (REALiX(tm)) S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [97912 2017-05-09] (Intel Corporation) S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70632 2017-06-10] (Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [132104 2017-10-18] (Intel Corporation) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-13] (Malwarebytes) S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation) R3 Netwtw06; C:\WINDOWS\system32\DRIVERS\Netwtw06.sys [7737344 2017-11-22] (Intel Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_423cc2fecd1c7121\nvlddmkm.sys [17486096 2018-01-05] (NVIDIA Corporation) R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [124784 2017-09-25] (Rivet Networks, LLC.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984040 2017-06-19] (Realtek ) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-27] (Realsil Semiconductor Corporation) R1 Spyshelter; C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys [1893208 2018-01-08] (SpyShelter) R2 SpyshelterFw; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterWFP.sys [75096 2018-01-08] (SpyShelter) R1 SpyshelterKb; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterKb.sys [884568 2018-01-08] (SpyShelter) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) U4 DiagTrack; Brak ImagePath U4 TimeBroker; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-01-14 14:48 - 2018-01-14 14:50 - 000000000 ____D C:\FRST 2018-01-14 14:40 - 2018-01-14 14:40 - 000000733 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk 2018-01-14 14:40 - 2018-01-14 14:40 - 000000721 _____ C:\Users\Zod\Desktop\Windows 10 Update Assistant.lnk 2018-01-14 14:40 - 2018-01-14 14:40 - 000000000 ____D C:\Windows10Upgrade 2018-01-13 15:26 - 2018-01-13 15:26 - 000000000 ____D C:\Program Files\Common Files\Intel 2018-01-13 15:25 - 2018-01-14 14:30 - 000044880 _____ C:\WINDOWS\system32\Drivers\arcafsav.sys 2018-01-12 00:25 - 2018-01-14 11:56 - 000000000 ____D C:\ProgramData\Arcabit 2018-01-12 00:25 - 2018-01-12 00:25 - 000096352 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\arcawfp.sys 2018-01-12 00:25 - 2018-01-12 00:25 - 000044880 _____ C:\WINDOWS\system32\Drivers\arcafsav.sys.temp 2018-01-12 00:25 - 2018-01-12 00:25 - 000000000 ____D C:\Program Files\Arcabit 2018-01-10 06:41 - 2018-01-10 06:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter 2018-01-09 22:09 - 2018-01-09 22:09 - 000000000 ____D C:\Users\Zod\AppData\Local\Steam 2018-01-09 22:07 - 2018-01-09 23:34 - 000000000 ____D C:\Program Files (x86)\Steam 2018-01-09 22:07 - 2018-01-09 22:07 - 000001034 _____ C:\Users\Public\Desktop\Steam.lnk 2018-01-09 22:07 - 2018-01-09 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2018-01-09 16:48 - 2018-01-09 16:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation 2018-01-09 16:48 - 2018-01-09 16:48 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2018-01-09 16:48 - 2017-11-02 21:15 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll 2018-01-09 16:48 - 2017-11-02 21:15 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2018-01-09 16:48 - 2017-11-02 21:15 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2018-01-09 16:48 - 2017-11-02 21:14 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe 2018-01-09 16:46 - 2018-01-04 02:44 - 040269624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 035179080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 019796520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 016449872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 013430632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 012843496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 011015584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 010900432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 004306736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 003893792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 003707888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 001975184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439065.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 001674544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439065.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 001334624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 001325384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 001134952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 001125960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 001053768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 001049296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 001043128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 000988656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 000938896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 000795928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 000635248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 000616248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2018-01-09 16:46 - 2018-01-04 02:44 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2018-01-07 22:26 - 2018-01-07 22:40 - 000000266 __RSH C:\ProgramData\ntuser.pol 2018-01-05 22:09 - 2018-01-05 22:10 - 000000000 ____D C:\Gry 2018-01-05 21:07 - 2018-01-05 21:07 - 000000000 ____D C:\Users\Zod\AppData\Roaming\NuGet 2018-01-05 21:07 - 2018-01-05 21:07 - 000000000 ____D C:\Users\Zod\AppData\Local\PackageManagement 2018-01-05 21:07 - 2018-01-05 21:07 - 000000000 ____D C:\Program Files\PackageManagement 2018-01-04 20:19 - 2018-01-04 20:19 - 000236757 _____ C:\Users\Zod\Documents\523899191217.pdf 2018-01-04 20:14 - 2018-01-04 20:20 - 000000000 ____D C:\Users\Zod\AppData\Local\Thunderbird 2018-01-04 20:14 - 2018-01-04 20:14 - 000001280 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2018-01-04 20:14 - 2018-01-04 20:14 - 000000000 ____D C:\Users\Zod\AppData\Roaming\Thunderbird 2018-01-04 20:14 - 2018-01-04 20:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-12-29 15:16 - 2017-12-29 15:16 - 000000000 ____D C:\Users\Zod\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me 2017-12-29 14:30 - 2017-12-29 14:30 - 000000000 ____D C:\Users\Zod\Documents\OCCT 2017-12-27 11:31 - 2017-12-27 11:31 - 000000000 ____D C:\Users\Zod\AppData\Roaming\WinRAR 2017-12-27 11:31 - 2017-12-27 11:31 - 000000000 ____D C:\Users\Zod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-12-27 11:31 - 2017-12-27 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-12-27 11:31 - 2017-12-27 11:31 - 000000000 ____D C:\Program Files\WinRAR 2017-12-25 22:45 - 2018-01-09 16:48 - 000000000 ____D C:\Users\Zod\AppData\Local\NVIDIA 2017-12-25 22:45 - 2017-12-25 22:45 - 000000000 ____D C:\Users\Zod\AppData\Roaming\MAXON 2017-12-24 01:01 - 2017-12-24 01:01 - 000000000 ___HD C:\$SysReset 2017-12-24 00:06 - 2017-12-24 00:06 - 000001946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk 2017-12-24 00:06 - 2017-12-24 00:06 - 000000000 ____D C:\Users\Zod\AppData\Roaming\SumatraPDF 2017-12-24 00:06 - 2017-12-24 00:06 - 000000000 ____D C:\Program Files\SumatraPDF 2017-12-23 18:17 - 2017-12-23 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-12-20 00:09 - 2017-12-24 00:59 - 000000000 ____D C:\Program Files\Sandboxie 2017-12-18 23:00 - 2017-11-20 21:32 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-12-18 16:08 - 2017-12-18 16:08 - 000000000 ___HD C:\Users\Zod\MicrosoftEdgeBackups 2017-12-17 13:35 - 2017-12-17 13:35 - 000007625 _____ C:\Users\Zod\AppData\Local\Resmon.ResmonCfg 2017-12-17 12:26 - 2017-12-07 23:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2017-12-17 12:26 - 2017-12-07 23:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-01-14 14:34 - 2017-11-28 18:06 - 002935364 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-01-14 14:34 - 2017-09-30 15:29 - 001362042 _____ C:\WINDOWS\system32\perfh015.dat 2018-01-14 14:34 - 2017-09-30 15:29 - 000319750 _____ C:\WINDOWS\system32\perfc015.dat 2018-01-14 14:34 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-01-14 14:33 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-01-14 14:32 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF 2018-01-14 14:30 - 2017-12-06 22:43 - 000000000 ____D C:\ProgramData\NVIDIA 2018-01-14 14:30 - 2017-11-29 00:12 - 000000000 ____D C:\Users\Zod\AppData\LocalLow\Mozilla 2018-01-14 14:30 - 2017-11-28 08:37 - 000000000 __SHD C:\Users\Zod\IntelGraphicsProfiles 2018-01-14 14:29 - 2017-11-28 18:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-01-14 14:29 - 2017-11-28 17:58 - 000397632 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-01-14 14:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput 2018-01-14 14:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2018-01-14 14:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-01-14 14:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2018-01-14 14:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-01-14 14:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-01-14 14:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\ShellExperiences 2018-01-14 14:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Provisioning 2018-01-14 14:28 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Windows Defender 2018-01-14 14:28 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-01-14 14:28 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-01-14 14:26 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-01-14 02:46 - 2017-11-28 17:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-01-13 23:30 - 2017-12-04 16:57 - 000000000 ____D C:\Users\Zod\AppData\Roaming\TS3Client 2018-01-13 19:55 - 2017-12-10 20:47 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-01-13 15:27 - 2017-10-20 23:57 - 000000000 ____D C:\Intel 2018-01-13 15:26 - 2017-10-20 23:56 - 000000000 ____D C:\ProgramData\Package Cache 2018-01-13 15:26 - 2017-10-20 23:56 - 000000000 ____D C:\ProgramData\Intel 2018-01-13 15:26 - 2017-10-20 23:56 - 000000000 ____D C:\Program Files (x86)\Intel 2018-01-13 15:25 - 2017-11-28 17:55 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2018-01-13 15:25 - 2017-10-20 23:56 - 000000000 ____D C:\Program Files\Intel 2018-01-11 18:20 - 2017-11-28 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2018-01-10 15:10 - 2017-11-28 10:07 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-01-10 15:09 - 2017-11-28 10:07 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-01-10 15:09 - 2017-11-28 10:07 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-01-10 15:06 - 2017-12-03 16:39 - 000000000 ____D C:\Users\Zod\AppData\Roaming\SpyShelter 2018-01-10 06:41 - 2017-12-06 22:07 - 000001165 _____ C:\Users\Public\Desktop\SpyShelter Firewall.lnk 2018-01-10 06:41 - 2017-12-03 16:39 - 000000000 ____D C:\Program Files (x86)\SpyShelter Firewall 2018-01-09 16:49 - 2017-12-06 22:42 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2018-01-09 16:48 - 2017-12-06 22:44 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-01-09 16:48 - 2017-12-06 22:44 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-01-09 16:48 - 2017-12-06 22:44 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-01-09 16:48 - 2017-12-06 22:44 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-01-09 16:48 - 2017-12-06 22:44 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-01-09 16:48 - 2017-12-06 22:39 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2018-01-07 22:26 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2018-01-07 22:26 - 2017-03-18 22:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-01-05 20:21 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Registration 2018-01-05 17:14 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache 2018-01-05 15:39 - 2017-11-29 00:12 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2018-01-05 15:39 - 2017-11-29 00:12 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-01-04 02:44 - 2017-12-06 22:44 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat 2018-01-04 02:44 - 2017-12-06 22:42 - 004580320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2018-01-04 02:44 - 2017-12-06 22:42 - 000048282 _____ C:\WINDOWS\system32\nvinfo.pb 2018-01-04 01:33 - 2017-12-06 22:43 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2018-01-04 00:50 - 2017-12-06 22:43 - 005951336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2018-01-04 00:50 - 2017-12-06 22:43 - 002588232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2018-01-04 00:50 - 2017-12-06 22:43 - 001768480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2018-01-04 00:50 - 2017-12-06 22:43 - 000631880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2018-01-04 00:50 - 2017-12-06 22:43 - 000450352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2018-01-04 00:50 - 2017-12-06 22:43 - 000123704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2018-01-04 00:50 - 2017-12-06 22:43 - 000081992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2017-12-25 23:48 - 2017-11-28 18:03 - 000003738 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification 2017-12-25 23:45 - 2017-10-21 00:03 - 000000000 ____D C:\ProgramData\Dell 2017-12-24 20:07 - 2017-12-06 22:43 - 007928821 _____ C:\WINDOWS\system32\nvcoproc.bin 2017-12-24 01:12 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-12-23 23:39 - 2017-10-20 23:55 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-12-23 21:44 - 2017-12-03 16:44 - 000000000 ____D C:\Games 2017-12-23 17:47 - 2017-12-08 18:21 - 000000000 ____D C:\Users\Zod\AppData\Local\CrashDumps 2017-12-23 14:33 - 2017-12-03 17:27 - 000000000 ____D C:\Users\Zod\AppData\Roaming\Wargaming.net 2017-12-23 00:32 - 2017-09-29 14:46 - 000000000 ____D C:\PerfLogs 2017-12-22 14:45 - 2017-09-29 14:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-12-22 14:45 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-12-18 23:00 - 2017-09-29 09:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2017-12-18 16:08 - 2017-11-28 18:00 - 000000000 ____D C:\Users\Zod ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-12-17 13:35 - 2017-12-17 13:35 - 000007625 _____ () C:\Users\Zod\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-01-08 17:20 ==================== Koniec FRST.txt ============================