Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 27.01.2018 Uruchomiony przez Seba (administrator) SEBAPC (05-02-2018 18:39:37) Uruchomiony z C:\Users\Seba\Downloads Załadowane profile: Seba (Dostępne profile: Seba & DefaultAppPool) Platform: Windows 10 Home Wersja 1709 16299.192 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\ws.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe (Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe () C:\Program Files\ByteFence\rsLggr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1712.3351.0_x64__8wekyb3d8bbwe\Calculator.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Farbar) C:\Users\Seba\Downloads\FRST64 (4).exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google) HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\...\Run: [Google Update] => C:\Users\Seba\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\...\Run: [Spotify Web Helper] => C:\Users\Seba\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-19] (Spotify Ltd) HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\...\MountPoints2: {46e69c88-f1f2-11e7-b425-bc5ff40a7c84} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\...\MountPoints2: {68ad728a-a854-11e7-b3f3-bc5ff40a7c84} - "G:\HiSuiteDownLoader.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-08-23] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Seba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-01-29] () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254 Tcpip\..\Interfaces\{96da6e7f-43f9-4a6d-9947-4daab09f4c9f}: [DhcpNameServer] 37.8.214.2 31.11.202.254 Internet Explorer: ================== HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/ BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24] (pdfforge GmbH) Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24] (pdfforge GmbH) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\ibf23961.default [2017-01-30] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension FF Extension: (PDF Architect 3 Creator) - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-07-19] [Przestarzałe] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-01-30] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-01-30] (Adobe Systems) FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-2441937318-2594584175-3204281650-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Seba\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2441937318-2594584175-3204281650-1000: @talk.google.com/O1DPlugin -> C:\Users\Seba\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2441937318-2594584175-3204281650-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Seba\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-2441937318-2594584175-3204281650-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Seba\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Seba\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Seba\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default [2018-02-05] CHR Extension: (Dokumenty) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16] CHR Extension: (Dysk Google) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Adblock Plus) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27] CHR Extension: (Google Search) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Dropbox dla Gmaila) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-03-06] CHR Extension: (Adobe Acrobat) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-14] CHR Extension: (Dokumenty Google offline) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23] CHR Extension: (Gmail) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR Extension: (Chrome Media Router) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-08] CHR Profile: C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-01-05] CHR Profile: C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-30] CHR Extension: (From Dust) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-01-15] CHR Extension: (Dysk Google) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18] CHR Extension: (YouTube) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18] CHR Extension: (Google Search) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18] CHR Extension: (Gmail offline) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-01-15] CHR Extension: (busuu.com) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\epadnjldocmkadjbopkanclaamocokoo [2014-01-15] CHR Extension: (Pulpit zdalny Chrome) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-19] CHR Extension: (Webcam Toy) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-02-18] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-19] CHR Extension: (Picasa) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-01-15] CHR Extension: (Click&Clean App) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-04-19] CHR Extension: (Gmail) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18] CHR Profile: C:\Users\Seba\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-30] CHR HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-01-30] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated) S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Brak podpisu cyfrowego] R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [156640 2017-10-03] (Byte Technologies LLC) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] () [Brak podpisu cyfrowego] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-11] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-11] (NVIDIA Corporation) R3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH) S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH) R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-11-20] () S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-22] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-22] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-12-07] () S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-15] (Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-15] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-25] (Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-15] (Malwarebytes) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2014-01-12] (Intel Corporation) R1 MpKsl18d1614c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10E25690-42C6-4DCE-B6A9-33B157C9A7F5}\MpKsl18d1614c.sys [58120 2018-02-05] (Microsoft Corporation) R1 MpKsl73994f89; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A168964-1703-4714-9FB8-9794E12E6F62}\MpKsl73994f89.sys [58120 2018-01-25] (Microsoft Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-11] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-10-11] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-10-11] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-01-12] (Synaptics Incorporated) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-22] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-22] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-22] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-03 12:27 - 2018-02-03 12:27 - 000001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2018-02-03 12:27 - 2018-02-03 12:27 - 000001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2018-02-01 18:11 - 2018-02-01 18:12 - 002393088 _____ (Farbar) C:\Users\Seba\Downloads\FRST64 (4).exe 2018-01-30 19:47 - 2018-01-30 19:47 - 000037958 _____ C:\Users\Seba\Downloads\Roboty wykończeniowe-dom nr 3 (1).pdf 2018-01-30 07:40 - 2018-01-30 07:40 - 000003548 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-SebaPC-Seba 2018-01-26 12:21 - 2018-01-30 20:17 - 001269254 _____ C:\Users\Seba\Downloads\sanepid inwentaryzacja_ projekt remontu_od Seby.dwg 2018-01-26 12:21 - 2018-01-27 15:49 - 001267331 _____ C:\Users\Seba\Downloads\sanepid inwentaryzacja_ projekt remontu_od Seby.bak 2018-01-25 18:07 - 2018-01-25 18:07 - 000182709 _____ C:\Users\Seba\Downloads\Kostka - opaska + dojazd (1) (1).pdf 2018-01-25 10:33 - 2017-12-22 14:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-01-25 10:33 - 2017-12-22 14:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-01-25 10:32 - 2018-02-05 08:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-01-24 12:47 - 2018-01-24 12:47 - 000063077 _____ C:\Users\Seba\Downloads\Budynek leśnictwa dz nr 165_7_inwestorski (1).pdf 2018-01-24 12:47 - 2018-01-24 12:47 - 000057218 _____ C:\Users\Seba\Downloads\Budynek leśnictwa dz nr 165_7_przedmiar (1).pdf 2018-01-18 14:51 - 2018-02-05 07:48 - 000000186 ____H C:\Users\Seba\Documents\Drawing1.dwl2 2018-01-18 14:51 - 2018-02-05 07:48 - 000000036 ____H C:\Users\Seba\Documents\Drawing1.dwl 2018-01-15 19:53 - 2018-01-15 19:54 - 221366927 _____ C:\Users\Seba\Downloads\Dokumentacja przetargowa.rar 2018-01-08 16:41 - 2018-01-08 16:41 - 000182709 _____ C:\Users\Seba\Downloads\Kostka - opaska + dojazd (1).pdf 2018-01-08 10:41 - 2018-01-08 10:41 - 002602140 _____ C:\Users\Seba\Downloads\Botanika_I.pptx 2018-01-08 10:40 - 2018-01-08 10:40 - 004906655 _____ C:\Users\Seba\Downloads\Bot_cw_I.pptx ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-05 18:40 - 2016-02-18 20:25 - 000022933 _____ C:\Users\Seba\Downloads\FRST.txt 2018-02-05 18:39 - 2014-01-29 12:27 - 000000000 ____D C:\FRST 2018-02-05 18:17 - 2017-11-17 10:49 - 000004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE19EDE1-045F-4924-972D-EC87D616A401} 2018-02-05 17:47 - 2017-11-17 10:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-02-05 16:44 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-02-05 12:25 - 2016-02-19 19:18 - 000000000 ____D C:\ProgramData\NVIDIA 2018-02-05 11:27 - 2016-02-19 21:01 - 000000000 ____D C:\Users\Seba\AppData\Local\CrashDumps 2018-02-05 07:34 - 2017-11-20 17:55 - 000000000 ____D C:\Program Files\ByteFence 2018-02-05 07:31 - 2014-07-22 05:28 - 000000000 ____D C:\Users\Seba\AppData\Local\Adobe 2018-02-05 07:29 - 2017-12-26 09:33 - 000000000 ___RD C:\Users\Seba\Creative Cloud Files 2018-02-04 17:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-02-03 12:27 - 2014-01-12 17:26 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-02-03 12:26 - 2014-02-04 11:20 - 000000000 ____D C:\ProgramData\Package Cache 2018-02-03 11:53 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-02-01 18:18 - 2016-02-18 20:26 - 000074510 _____ C:\Users\Seba\Downloads\Addition.txt 2018-02-01 08:43 - 2017-11-17 10:49 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2441937318-2594584175-3204281650-1000 2018-02-01 08:43 - 2015-11-29 14:41 - 000002444 _____ C:\Users\Seba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-02-01 08:43 - 2015-11-29 14:41 - 000000000 ___RD C:\Users\Seba\OneDrive 2018-01-25 10:58 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache 2018-01-25 10:45 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF 2018-01-25 10:38 - 2017-09-30 15:29 - 001021256 _____ C:\WINDOWS\system32\perfh015.dat 2018-01-25 10:38 - 2017-09-30 15:29 - 000234740 _____ C:\WINDOWS\system32\perfc015.dat 2018-01-25 10:38 - 2016-02-01 11:23 - 000000000 ___RD C:\Users\Seba\3D Objects 2018-01-25 10:38 - 2015-11-29 14:32 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-01-25 10:38 - 2015-11-29 14:11 - 002328372 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-01-25 10:34 - 2017-11-17 10:18 - 005010360 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-01-25 10:31 - 2017-11-17 10:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-01-25 10:31 - 2017-11-17 09:24 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-01-25 10:30 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-01-25 10:29 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2018-01-25 10:29 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12 2018-01-25 10:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput 2018-01-25 10:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-01-25 10:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-01-25 10:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\migwiz 2018-01-25 10:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-01-25 10:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Provisioning 2018-01-25 10:29 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-01-25 10:23 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-01-24 10:23 - 2010-11-21 04:27 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2018-01-24 10:11 - 2015-07-19 22:40 - 000000000 ____D C:\Users\Seba\Documents\PDF Architect 2018-01-22 20:41 - 2017-01-29 15:30 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-01-10 10:51 - 2014-01-14 00:17 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-01-10 10:48 - 2017-10-10 18:57 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-01-10 10:48 - 2014-01-14 00:17 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-01-09 09:54 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-01-09 09:54 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-01-08 10:08 - 2014-01-12 16:18 - 000002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-01-08 10:08 - 2014-01-12 16:18 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-02-08 18:04 - 2014-02-08 18:05 - 000005813 _____ () C:\Users\Seba\AppData\Roaming\LiveSupport.exe_log.txt 2014-02-13 19:24 - 2014-02-13 19:24 - 000000132 _____ () C:\Users\Seba\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG 2014-02-08 18:04 - 2014-02-08 18:05 - 000000092 _____ () C:\Users\Seba\AppData\Roaming\regsvr32.exe_log.txt 2014-01-16 15:14 - 2016-04-22 14:05 - 000001496 _____ () C:\Users\Seba\AppData\Local\Adobe Zapisz dla Internetu 12.0 Prefs 2014-09-12 00:29 - 2014-09-12 00:29 - 000007604 _____ () C:\Users\Seba\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-01-29 08:33 ==================== Koniec FRST.txt ============================