Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 03.10.2018 01 Uruchomiony przez unit01 (administrator) DESKTOP-A0EUKHV (04-10-2018 18:11:32) Uruchomiony z C:\Users\unit01\Downloads Załadowane profile: unit01 (Dostępne profile: unit01) Platform: Windows 10 Home Wersja 1803 17134.165 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Edge) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.14.2.13\nortonsecurity.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe (G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.14.2.13\nortonsecurity.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe (MSI) C:\Windows\SysWOW64\muachost.exe (G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.30.98.1000_x64__kzf8qxf38zg5c\SkypeApp.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.30.98.1000_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AAA Internet Publishing, Inc.) C:\Program Files (x86)\WTFast\WTFast.exe (Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe () C:\Users\unit01\AppData\Local\GameCenter\GameCenter.exe (MSI) C:\Windows\SysWOW64\muachost.exe (MSI) C:\Windows\SysWOW64\muachost.exe (MSI) C:\Windows\SysWOW64\muachost.exe (MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe (G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltSur64.exe (Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Farbar) C:\Users\unit01\Downloads\FRST64 (2).exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-30] (Realtek Semiconductor) HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1022928 2017-03-17] (MSI) HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [17315512 2017-08-31] (Micro-Star INT'L CO., LTD.) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-806793905-2298995170-3679009990-1002\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [7381000 2016-02-23] (AAA Internet Publishing, Inc.) HKU\S-1-5-21-806793905-2298995170-3679009990-1002\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net) HKU\S-1-5-21-806793905-2298995170-3679009990-1002\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3140384 2018-06-25] (Wargaming.net) HKU\S-1-5-21-806793905-2298995170-3679009990-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3207968 2018-09-08] (Valve Corporation) HKU\S-1-5-21-806793905-2298995170-3679009990-1002\...\Run: [GameCenter] => C:\Users\unit01\AppData\Local\GameCenter\GameCenter.exe [9676928 2018-10-04] () HKU\S-1-5-21-806793905-2298995170-3679009990-1002\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI) HKU\S-1-5-21-806793905-2298995170-3679009990-1002\...\MountPoints2: {c091b568-2dae-11e8-936d-806e6f6e6963} - "E:\autorun.exe" ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9f379d03-66a1-4ee1-bc05-bdf83f8ba6a7}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-04] (Microsoft Corporation) BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.14.2.13\coIEPlg.dll [2018-05-30] (Symantec Corporation) BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.14.2.13\coIEPlg.dll [2018-05-30] (Symantec Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.14.2.13\coIEPlg.dll [2018-05-30] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.14.2.13\coIEPlg.dll [2018-05-30] (Symantec Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-08] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.) Chrome: ======= CHR Session Restore: Default -> [funkcja włączona] CHR Profile: C:\Users\unit01\AppData\Local\Google\Chrome\User Data\Default [2018-10-04] CHR Extension: (Dokumenty) - C:\Users\unit01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-17] CHR Extension: (Dysk Google) - C:\Users\unit01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-17] CHR Extension: (YouTube) - C:\Users\unit01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-17] CHR Extension: (Dokumenty Google offline) - C:\Users\unit01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\unit01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-16] CHR Extension: (Gmail) - C:\Users\unit01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-17] CHR Extension: (Chrome Media Router) - C:\Users\unit01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-13] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.14.2.13\Exts\Chrome.crx CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.14.2.13\Exts\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3759752 2016-05-18] (Intel Corporation) R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [5044784 2017-01-19] (G DATA Software AG) R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [1022440 2016-12-23] (G DATA Software AG) R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3236168 2017-01-10] (G Data Software AG) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation) R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [47056 2017-08-23] (Micro-Star Int'l Co., Ltd.) R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (Micro-Star INT'L CO., LTD.) S3 GDBackupSvc; C:\Program Files (x86)\G DATA\InternetSecurity\AVKBackup\AVKBackupService.exe [3991016 2017-01-19] (G DATA Software AG) R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3386872 2017-01-10] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [852968 2016-12-23] (G DATA Software AG) S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2410672 2017-10-16] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel(R) Corporation) S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel Corporation) R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [83616 2017-09-11] (Micro-Star INT'L CO., LTD.) R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2295480 2017-08-31] (Micro-Star INT'L CO., LTD.) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [173520 2017-03-17] (MSI) R2 MysticLight2_Service; C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe [30904 2017-09-07] (Micro-Star Int'l Co., Ltd.) R2 NortonSecurity; C:\Program Files (x86)\Norton Security\Engine\22.14.2.13\NortonSecurity.exe [328648 2018-05-30] (Symantec Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-10] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-10] (NVIDIA Corporation) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.9.2.3\Definitions\BASHDefs\20180425.001\BHDrvx64.sys [1879632 2018-04-11] (Symantec Corporation) R1 ccSet_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\ccSetx64.sys [187520 2018-05-30] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-04-16] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-04-18] (Symantec Corporation) R0 GDBehave; C:\WINDOWS\System32\drivers\GDBehave.sys [196152 2018-03-21] (G Data Software AG) S0 GDElam; C:\WINDOWS\System32\DRIVERS\GDElam.sys [117904 2016-04-21] (G Data Software AG) R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [46104 2018-03-21] (G Data Software AG) R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [38984 2018-03-21] (G DATA Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [294968 2018-03-21] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [157240 2018-03-21] (G Data Software AG) R1 gdwfpcd; C:\WINDOWS\System32\drivers\gdwfpcd64.sys [86584 2018-03-21] (G DATA Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [116296 2018-04-18] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [153656 2018-03-21] (G Data Software AG) R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.) S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-10-16] (Intel Corporation) R3 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.9.2.3\Definitions\IPSDefs\20180504.061\IDSvia64.sys [1299024 2018-04-13] (Symantec Corporation) R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MysticLight\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MSI) R3 NTIOLib_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [14288 2017-03-15] (MSI) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_048172e9d7cc483d\nvlddmkm.sys [17524720 2018-02-26] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30280 2018-01-10] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57928 2018-01-10] (NVIDIA Corporation) S3 SRTSP; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\SRTSP64.SYS [838224 2018-05-30] (Symantec Corporation) R3 SRTSPX; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\SRTSPX64.SYS [49232 2018-05-30] (Symantec Corporation) R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\160E020.00D\SYMEFASI64.SYS [1942096 2018-05-30] (Symantec Corporation) S4 SymELAM; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\SymELAM.sys [24584 2018-05-30] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-18] (Symantec Corporation) R3 SymIRON; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\Ironx64.SYS [307792 2018-05-30] (Symantec Corporation) R3 SymNetS; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\SYMNETS.SYS [566912 2018-05-30] (Symantec Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation) S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\wpCtrlDrv.sys [1015592 2018-05-30] (Symantec Corporation) R2 WtfEngineDrv; C:\WINDOWS\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (AAA Internet Publishing, Inc.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-10-04 18:10 - 2018-10-04 18:10 - 002414080 _____ (Farbar) C:\Users\unit01\Downloads\FRST64 (2).exe 2018-10-04 18:08 - 2018-10-04 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Narzędzia pakietu Microsoft Office 2018-10-04 17:54 - 2018-10-04 17:55 - 000994396 _____ C:\WINDOWS\Minidump\100418-6328-01.dmp 2018-10-04 17:54 - 2018-10-04 17:54 - 000845860 _____ C:\WINDOWS\Minidump\100418-5312-01.dmp 2018-10-04 17:52 - 2018-10-04 17:53 - 000910092 _____ C:\WINDOWS\Minidump\100418-6000-01.dmp 2018-10-02 18:09 - 2018-10-02 18:09 - 000031643 _____ C:\Users\unit01\Downloads\Potwierdzenie_transakcji_nr_0034036100_021018.pdf 2018-10-02 15:54 - 2018-10-02 15:54 - 000000000 _____ C:\WINDOWS\Minidump\100218-5703-01.dmp 2018-09-30 11:15 - 2018-09-30 11:15 - 000000222 _____ C:\Users\unit01\Desktop\ASTRONEER.url 2018-09-28 12:11 - 2018-09-28 12:11 - 000000000 ___HD C:\$SysReset 2018-09-28 11:06 - 2018-09-28 11:06 - 000000080 ___SH C:\bootTel.dat 2018-09-25 22:48 - 2018-09-25 22:48 - 000000000 ____D C:\ProgramData\boost_interprocess 2018-09-25 22:46 - 2018-09-25 22:46 - 000000000 ____D C:\ProgramData\Wargaming.net 2018-09-16 18:43 - 2018-09-16 18:43 - 001894953 _____ C:\Users\unit01\Downloads\Darkest Hour Unified Patch 1.05.1 Hot-Fix (1).zip 2018-09-11 15:57 - 2018-09-11 15:57 - 001894953 _____ C:\Users\unit01\Downloads\Darkest Hour Unified Patch 1.05.1 Hot-Fix.zip 2018-09-11 15:21 - 2018-09-11 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2018-09-11 15:21 - 2018-09-11 15:21 - 000000000 ____D C:\Program Files\Reference Assemblies 2018-09-11 15:21 - 2018-09-11 15:21 - 000000000 ____D C:\Program Files\MSBuild 2018-09-11 15:21 - 2018-09-11 15:21 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2018-09-11 15:21 - 2018-09-11 15:21 - 000000000 ____D C:\Program Files (x86)\MSBuild 2018-09-11 15:21 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2018-09-11 15:21 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2018-09-11 15:21 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2018-09-11 15:21 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2018-09-11 15:21 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2018-09-11 15:21 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2018-09-11 10:51 - 2018-09-11 10:51 - 000000221 _____ C:\Users\unit01\Desktop\Darkest Hour A Hearts of Iron Game.url 2018-09-08 14:06 - 2018-09-08 14:06 - 015345231 _____ C:\Users\unit01\Downloads\hoi2arma_patch_v12pl.zip 2018-09-08 14:06 - 2018-09-08 14:06 - 000000000 ____D C:\Users\unit01\Downloads\hoi2arma_patch_v12pl ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-10-04 18:11 - 2018-05-22 16:39 - 000021639 _____ C:\Users\unit01\Downloads\FRST.txt 2018-10-04 18:11 - 2018-05-22 16:37 - 000000000 ____D C:\FRST 2018-10-04 18:09 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-10-04 18:08 - 2018-04-21 23:07 - 000000000 ____D C:\Users\unit01\AppData\Local\GameCenter 2018-10-04 18:08 - 2018-03-21 16:51 - 000002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-10-04 18:08 - 2018-03-21 16:51 - 000002508 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-10-04 18:08 - 2018-03-21 16:51 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-10-04 18:08 - 2018-03-21 16:51 - 000002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-10-04 18:08 - 2018-03-21 16:51 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-10-04 18:08 - 2018-03-21 16:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-10-04 17:59 - 2018-05-20 21:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security 2018-10-04 17:57 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2018-10-04 17:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-10-04 17:55 - 2018-03-21 16:50 - 000000000 ____D C:\ProgramData\NVIDIA 2018-10-04 17:54 - 2018-05-20 21:29 - 000000000 ____D C:\WINDOWS\Minidump 2018-10-04 17:54 - 2018-05-20 21:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-10-04 17:54 - 2018-05-20 21:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-10-04 17:53 - 2018-05-20 21:25 - 000000000 ____D C:\Users\unit01 2018-10-04 17:52 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-10-04 15:55 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2018-10-02 18:13 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2018-10-02 16:38 - 2018-04-18 17:43 - 000000000 ____D C:\Program Files (x86)\Steam 2018-09-28 12:22 - 2018-04-21 23:07 - 000000000 ____D C:\Users\unit01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games 2018-09-28 12:22 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\InfusedApps 2018-09-28 12:20 - 2018-04-17 15:36 - 000000000 ____D C:\Users\unit01\AppData\Roaming\Wargaming.net 2018-09-28 12:20 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\registration 2018-09-28 11:28 - 2018-05-20 21:28 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-806793905-2298995170-3679009990-1002 2018-09-28 11:28 - 2018-05-20 21:25 - 000002417 _____ C:\Users\unit01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-09-28 11:28 - 2018-04-16 19:00 - 000000000 ___RD C:\Users\unit01\OneDrive 2018-09-28 11:25 - 2018-04-21 23:07 - 000002095 _____ C:\Users\unit01\Desktop\GameCenter My.Com.lnk 2018-09-19 20:13 - 2018-05-20 21:28 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-09-18 05:35 - 2018-04-16 19:06 - 000002314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-15 06:54 - 2018-04-16 18:59 - 000000000 ____D C:\Users\unit01\AppData\Local\Packages 2018-09-14 11:19 - 2018-07-15 12:43 - 000000000 ____D C:\Users\unit01\AppData\Local\ElevatedDiagnostics 2018-09-12 13:00 - 2018-04-17 20:01 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-09-12 12:59 - 2018-04-17 20:00 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-09-12 12:59 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-09-11 15:22 - 2018-04-12 17:51 - 000782334 _____ C:\WINDOWS\system32\perfh015.dat 2018-09-11 15:22 - 2018-04-12 17:51 - 000151496 _____ C:\WINDOWS\system32\perfc015.dat 2018-09-11 15:21 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2018-09-11 15:21 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\MUI 2018-09-05 01:04 - 2018-04-12 01:41 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-09-05 01:04 - 2018-04-12 01:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-04-16 21:48 - 2018-04-16 21:48 - 000007628 _____ () C:\Users\unit01\AppData\Local\Resmon.ResmonCfg 2018-05-31 11:06 - 2018-05-31 11:06 - 000000000 _____ () C:\Users\unit01\AppData\Local\{86A84C55-CF00-400C-B63B-9F2199247B46} ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-05-20 21:23 ==================== Koniec FRST.txt ============================