Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:03-10-2015 Uruchomiony przez Karmelek (administrator) TOSIA (03-10-2015 12:08:51) Uruchomiony z C:\Users\Karmelek\Downloads\FRST Załadowane profile: Karmelek (Dostępne profile: Karmelek) Platform: Windows 10 Home (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Innova Co S.a r.l.) C:\Program Files (x86)\4game\3.5.6.155\4game-service.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.207\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.207\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.207\opera.exe (Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.207\opera.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.207\opera.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Opera Software) C:\Program Files (x86)\Opera\31.0.1889.207\opera.exe (Microsoft) C:\Program Files\Dell\Dell Foundation Services\DFSSystrayUI.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2857128 2015-01-10] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3859456 2014-09-05] (Dell Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [gpuminer] => C:\Users\Karmelek\AppData\Roaming\cpuminer\sgminer\start.cmd [214 2015-08-21] () HKLM\...\Run: [WavesSvc] => "C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe" HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] () HKLM-x32\...\Run: [mbot_pl_014010079] => [X] HKLM-x32\...\Run: [gmsd_pl_005010079] => [X] HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2560683777-2046369973-3445867491-1001\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) HKU\S-1-5-21-2560683777-2046369973-3445867491-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot HKU\S-1-5-21-2560683777-2046369973-3445867491-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd) HKU\S-1-5-21-2560683777-2046369973-3445867491-1001\...\RunOnce: [Uninstall C:\Users\Karmelek\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Karmelek\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-2560683777-2046369973-3445867491-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) Startup: C:\Users\Karmelek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-09-03] ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Brak pliku) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{221ff4a2-7fec-47a2-970f-7587ac01acf6}: [DhcpNameServer] 172.121.1.171 Tcpip\..\Interfaces\{8143209a-c7dd-42ec-9a2f-18d13f13b4d4}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2560683777-2046369973-3445867491-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2560683777-2046369973-3445867491-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKU\S-1-5-21-2560683777-2046369973-3445867491-1001 -> DefaultScope {C608A031-6EDF-4034-BC05-4996C58003FC} URL = SearchScopes: HKU\S-1-5-21-2560683777-2046369973-3445867491-1001 -> {C608A031-6EDF-4034-BC05-4996C58003FC} URL = StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1441281428&z=f0ae4350a24fa703973c72bgfz3z6g5o3beg4z3o4c&from=amt&uid=WDCXWD5000LPVX-75V0TT0_WX21A458C0VXA458C0VX FireFox: ======== FF Plugin-x32: @4game.com/plugin -> C:\Program Files (x86)\4game\3.5.6.155\npplugin4game.dll [2015-08-03] (Innova Co S.a r.l.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku] FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx Opera: ======= StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.istartsurf.com/?type=sc&ts=1441307362&z=fa836c7a0a09cad35089d72g9zdz4g5c5efmco9o9c&from=face&uid=WDCXWD5000LPVX-75V0TT0_WX21A458C0VXA458C0VX ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 4game-service; C:\Program Files (x86)\4game\3.5.6.155\4game-service.exe [1506440 2015-08-03] (Innova Co S.a r.l.) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.) R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [116424 2015-08-18] (Dell) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2020240 2015-01-23] (SoftThinks SAS) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.) R3 BCMWL63A; C:\Windows\system32\DRIVERS\bcmwl63a.sys [11259136 2015-08-13] (Broadcom Corp) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET) R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [231520 2015-07-14] (ESET) R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET) S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation) R3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-13] (Realtek ) R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation) R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-08-26] (YTDownloader) R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42664 2015-01-10] (Synaptics Incorporated) R1 tcfd_vw_1_10_0_22; C:\Windows\System32\drivers\tcfd_vw_1_10_0_22.sys [57728 2015-08-14] (TermCoach) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-16] (Word Surfer) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-10-03 11:52 - 2015-10-03 11:52 - 00016148 _____ C:\WINDOWS\system32\TOSIA_Karmelek_HistoryPrediction.bin 2015-10-03 11:18 - 2015-10-03 11:19 - 03480040 _____ (McAfee, Inc.) C:\Users\Karmelek\Downloads\MCPR.exe 2015-09-30 22:42 - 2015-09-30 22:42 - 00012056 _____ C:\Users\Karmelek\Downloads\FRST.txt 2015-09-29 13:40 - 2015-09-29 13:40 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect 2015-09-29 13:24 - 2015-09-29 13:24 - 00333880 _____ C:\WINDOWS\Minidump\092915-19031-01.dmp 2015-09-29 11:53 - 2015-09-29 11:53 - 00332456 _____ C:\WINDOWS\Minidump\092915-24218-01.dmp 2015-09-29 11:44 - 2015-09-29 11:45 - 00000478 _____ C:\Users\Karmelek\Downloads\defogger_disable.log 2015-09-29 11:44 - 2015-09-29 11:44 - 00000000 _____ C:\Users\Karmelek\defogger_reenable 2015-09-29 11:43 - 2015-09-29 11:43 - 00050477 _____ C:\Users\Karmelek\Downloads\Defogger.exe 2015-09-28 18:46 - 2015-09-28 18:47 - 00331536 _____ C:\WINDOWS\Minidump\092815-25625-01.dmp 2015-09-28 17:32 - 2015-10-03 12:08 - 00000000 ____D C:\Users\Karmelek\Downloads\FRST 2015-09-28 12:44 - 2015-09-28 12:44 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-09-28 12:44 - 2015-09-28 12:44 - 00000000 _____ C:\WINDOWS\setupact.log 2015-09-28 12:05 - 2015-09-28 12:05 - 00000000 ____D C:\Users\Karmelek\Downloads\FRST-OlderVersion 2015-09-22 21:39 - 2015-09-22 21:39 - 19375304 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2015-09-15 15:40 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-09-15 15:40 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-09-15 15:39 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-09-15 15:38 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-09-15 15:38 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-09-15 15:38 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-09-15 15:37 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-09-15 15:37 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-09-15 15:37 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2015-09-15 15:36 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-09-15 15:36 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-09-15 15:36 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2015-09-15 15:34 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-09-15 15:34 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-09-15 15:34 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-09-15 15:34 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2015-09-15 15:34 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-09-15 15:34 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2015-09-15 15:33 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-09-15 15:33 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-09-15 15:33 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-09-15 15:33 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-09-15 15:33 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-09-15 15:33 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-09-15 15:32 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-09-15 15:31 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-09-15 15:31 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll 2015-09-15 15:31 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2015-09-15 15:31 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-09-15 15:31 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2015-09-15 15:29 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-09-15 15:29 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-09-04 15:50 - 2015-09-04 15:50 - 00000000 ____D C:\Users\Karmelek\AppData\Roaming\ESET 2015-09-04 15:50 - 2015-09-04 15:50 - 00000000 ____D C:\Users\Karmelek\AppData\Local\ESET 2015-09-04 15:46 - 2015-09-04 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-09-04 15:46 - 2015-09-04 15:46 - 00000000 ____D C:\ProgramData\ESET 2015-09-04 15:46 - 2015-09-04 15:46 - 00000000 ____D C:\Program Files\ESET 2015-09-04 15:44 - 2015-09-04 15:44 - 01660616 _____ (ESET) C:\Users\Karmelek\Downloads\eset_smart_security_live_installer_.exe 2015-09-04 13:17 - 2015-09-04 13:53 - 00380416 _____ C:\Users\Karmelek\Downloads\o2udf8w1.exe 2015-09-04 12:30 - 2015-09-04 12:30 - 00020952 _____ C:\Users\Karmelek\Desktop\cc_20150904_123027.reg 2015-09-04 10:34 - 2015-10-03 12:08 - 00000000 ____D C:\FRST 2015-09-04 10:29 - 2015-09-04 10:29 - 00294160 _____ (Duplex Secure Ltd) C:\Users\Karmelek\Downloads\SPTD2inst-v204-x64.exe 2015-09-04 09:19 - 2015-09-04 09:19 - 00000000 ____D C:\Users\Karmelek\AppData\LocalLow\Temp 2015-09-04 08:24 - 2015-09-04 08:24 - 00000000 ____D C:\Users\Karmelek\AppData\Local\Publishers 2015-09-04 08:20 - 2015-09-04 08:20 - 00000000 ____D C:\Users\Karmelek\AppData\Local\NetworkTiles 2015-09-03 20:38 - 2015-09-03 20:38 - 00326864 _____ C:\WINDOWS\Minidump\090315-21703-01.dmp 2015-09-03 20:37 - 2015-10-03 11:38 - 00008072 _____ C:\WINDOWS\PFRO.log 2015-09-03 20:37 - 2015-09-29 13:24 - 557026973 _____ C:\WINDOWS\MEMORY.DMP 2015-09-03 20:34 - 2015-09-03 20:35 - 01654272 _____ C:\Users\Karmelek\Downloads\AdwCleaner.exe 2015-09-03 19:38 - 2015-10-03 11:40 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-03 18:21 - 2015-09-26 14:50 - 00000000 ____D C:\ProgramData\BWdsManProB 2015-09-03 17:42 - 2015-09-03 17:43 - 00071290 _____ C:\Users\Karmelek\Desktop\cc_20150903_174241.reg 2015-09-03 17:37 - 2015-09-03 17:38 - 00000000 ____D C:\Program Files\CCleaner 2015-09-03 17:37 - 2015-09-03 17:37 - 00002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-09-03 17:37 - 2015-09-03 17:37 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-09-03 17:37 - 2015-09-03 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-09-03 17:12 - 2015-09-26 14:49 - 00000000 ____D C:\ProgramData\5WdsManPro5 2015-09-03 16:36 - 2015-07-05 12:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-09-03 16:31 - 2015-09-29 13:24 - 00000000 ____D C:\WINDOWS\Minidump 2015-09-03 16:29 - 2015-09-30 14:29 - 00000000 ____D C:\AdwCleaner 2015-09-03 16:27 - 2015-09-03 16:26 - 01654272 _____ C:\Users\Karmelek\Downloads\AdwCleaner 5.005.exe 2015-09-03 16:09 - 2015-09-26 14:50 - 00000000 ____D C:\ProgramData\OWdsManProO 2015-09-03 15:48 - 2015-09-03 15:50 - 00000000 ____D C:\Users\Karmelek\AppData\Local\BrowserHelper 2015-09-03 15:46 - 2015-09-03 15:46 - 00000000 ____D C:\Users\Karmelek\AppData\Local\globalUpdate 2015-09-03 15:46 - 2015-09-03 15:46 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-09-03 15:44 - 2015-09-03 15:44 - 00000000 ____D C:\Users\Karmelek\AppData\Local\Aviata 2015-09-03 15:40 - 2015-09-03 15:40 - 00000000 ____D C:\Users\Karmelek\AppData\Local\DropboxOEM 2015-09-03 15:39 - 2015-09-03 15:39 - 00000000 ____D C:\Users\Karmelek\AppData\Local\VirtualStore 2015-09-03 15:38 - 2015-09-30 12:57 - 00000000 ____D C:\Users\Karmelek\AppData\Local\NVIDIA Corporation 2015-09-03 14:32 - 2015-09-03 15:46 - 00000000 ____D C:\Users\Karmelek\AppData\Roaming\cpuminer 2015-09-03 14:32 - 2015-09-03 14:32 - 00000217 _____ C:\task.vbs 2015-09-03 14:32 - 2015-09-03 14:32 - 00000000 ____D C:\Users\Karmelek\AppData\Roaming\NVIDIA 2015-09-03 14:31 - 2015-09-04 16:14 - 00000000 ____D C:\ProgramData\cWdsManProc 2015-09-03 14:30 - 2015-10-02 21:58 - 00000000 ____D C:\Users\Karmelek\AppData\Roaming\istartsurf 2015-09-03 14:30 - 2015-09-03 17:11 - 00004312 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update 2015-09-03 14:30 - 2015-09-03 17:11 - 00004282 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core 2015-09-03 14:25 - 2015-09-03 14:25 - 00000000 ____D C:\Users\Karmelek\AppData\Local\Opera Software 2015-09-03 14:07 - 2015-09-03 14:07 - 00000000 __SHD C:\Users\Karmelek\AppData\Local\EmieUserList 2015-09-03 14:07 - 2015-09-03 14:07 - 00000000 __SHD C:\Users\Karmelek\AppData\Local\EmieSiteList 2015-09-03 14:07 - 2015-09-03 14:07 - 00000000 __SHD C:\Users\Karmelek\AppData\Local\EmieBrowserModeList 2015-09-03 14:07 - 2015-09-03 14:07 - 00000000 ____D C:\Users\Karmelek\AppData\Local\MicrosoftEdge 2015-09-03 14:02 - 2015-10-03 11:39 - 00001074 _____ C:\WINDOWS\Tasks\Crossbrowse.job 2015-09-03 14:02 - 2015-09-03 16:09 - 00004196 _____ C:\WINDOWS\System32\Tasks\Crossbrowse 2015-09-03 14:02 - 2015-09-03 14:02 - 00000000 ____D C:\Users\Karmelek\AppData\Local\Crossbrowse 2015-09-03 14:00 - 2015-09-04 16:03 - 00000000 ____D C:\Users\Karmelek\AppData\Local\4C4C4544-1441288801-4210-8035-B7C04F4A3532 2015-09-03 13:59 - 2015-09-04 21:44 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1441281560-4210-8035-B7C04F4A3532 2015-09-03 13:59 - 2015-09-03 17:50 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-09-03 13:59 - 2015-09-03 13:59 - 00000000 ____D C:\Program Files (x86)\predm 2015-09-03 13:59 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-09-03 13:58 - 2015-09-26 14:49 - 00000000 ____D C:\Program Files (x86)\YTDownloader 2015-09-03 13:58 - 2015-09-03 13:58 - 00003498 _____ C:\WINDOWS\System32\Tasks\Inst_Rep 2015-09-03 13:58 - 2015-09-03 13:58 - 00000000 ____D C:\Users\Public\Documents\ShopperPro 2015-09-03 13:58 - 2015-09-03 13:58 - 00000000 ____D C:\Users\Karmelek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader 2015-09-03 13:58 - 2015-09-03 13:58 - 00000000 ____D C:\ProgramData\ShopperPro 2015-09-03 13:57 - 2015-09-26 14:51 - 00000000 ____D C:\ProgramData\yWdsManProy 2015-09-03 13:57 - 2015-09-03 21:09 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-09-03 13:57 - 2015-09-03 18:13 - 00000000 ____D C:\Users\Karmelek\AppData\Roaming\oursurfing 2015-09-03 13:33 - 2015-09-03 13:33 - 00000000 ____D C:\Users\Karmelek\AppData\Roaming\WinRAR 2015-09-03 13:25 - 2015-09-03 13:25 - 00002738 _____ C:\Users\Karmelek\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-09-03 13:18 - 2015-09-03 17:38 - 00000000 ____D C:\Users\Karmelek\AppData\Roaming\uTorrent ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-10-03 11:53 - 2015-06-21 04:29 - 00011593 _____ C:\WINDOWS\SysWOW64\Gms.log 2015-10-03 11:48 - 2015-06-21 04:32 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2015-10-03 11:43 - 2015-08-28 17:12 - 00000992 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-10-03 11:41 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru 2015-10-03 11:39 - 2015-08-28 15:16 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-10-03 11:38 - 2015-08-28 17:12 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-10-03 11:38 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-10-03 11:38 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-10-03 11:29 - 2015-08-30 16:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2015-10-03 11:29 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-10-03 11:29 - 2015-07-10 11:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-10-03 11:27 - 2013-08-22 15:36 - 00000000 ____D C:\Users\Default.migrated 2015-10-03 11:26 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-10-02 21:56 - 2015-08-28 12:58 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-10-02 21:56 - 2015-08-28 12:58 - 00001129 _____ C:\Users\Public\Desktop\Opera.lnk 2015-10-02 17:57 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-10-01 18:08 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-09-30 12:57 - 2015-08-28 12:19 - 00000000 ____D C:\Users\Karmelek\AppData\Local\NVIDIA 2015-09-29 13:40 - 2015-06-21 04:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2015-09-29 11:44 - 2015-08-28 15:19 - 00000000 ____D C:\Users\Karmelek 2015-09-27 12:58 - 2015-08-28 12:57 - 00000000 ____D C:\Program Files (x86)\Opera 2015-09-27 03:48 - 2015-07-10 14:20 - 00211832 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-09-27 03:46 - 2015-07-10 18:34 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-27 03:46 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-09-26 14:47 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Common Files\System 2015-09-22 21:48 - 2015-08-28 17:12 - 00003920 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-09-22 21:47 - 2015-08-28 17:12 - 00004132 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-09-21 21:40 - 2015-08-28 15:44 - 00002430 _____ C:\Users\Karmelek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-09-21 21:40 - 2015-08-28 13:19 - 00000000 ___RD C:\Users\Karmelek\OneDrive 2015-09-19 04:59 - 2015-08-28 12:19 - 00000000 ____D C:\Users\Karmelek\AppData\Local\Packages 2015-09-15 19:44 - 2015-08-28 17:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-09-15 18:12 - 2015-07-10 13:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-09-15 18:12 - 2015-07-10 13:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-03 17:38 - 2015-08-28 16:10 - 00000000 ___DC C:\WINDOWS\Panther 2015-09-03 15:45 - 2015-08-28 15:33 - 01836100 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-09-03 15:45 - 2015-07-10 18:30 - 00813762 _____ C:\WINDOWS\system32\perfh015.dat 2015-09-03 15:45 - 2015-07-10 18:30 - 00156260 _____ C:\WINDOWS\system32\perfc015.dat 2015-09-03 15:42 - 2015-08-28 15:41 - 00000000 ____D C:\Users\Karmelek\AppData\Local\Comms ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-08-28 15:16 - 2015-08-28 15:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-06-21 04:18 - 2015-06-21 04:19 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-09-03 13:57 - 2015-09-03 21:09 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-06-21 04:15 - 2015-06-21 04:16 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-06-21 04:16 - 2015-06-21 04:17 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-06-21 04:17 - 2015-06-21 04:18 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-06-21 04:14 - 2015-06-21 04:15 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Niektóre pliki w TEMP: ==================== C:\Users\Karmelek\AppData\Local\Temp\EAD2DAD.exe C:\Users\Karmelek\AppData\Local\Temp\EAD4106.exe C:\Users\Karmelek\AppData\Local\Temp\EAD59C7.exe C:\Users\Karmelek\AppData\Local\Temp\EAD61BD.exe C:\Users\Karmelek\AppData\Local\Temp\EAD8766.exe C:\Users\Karmelek\AppData\Local\Temp\EAD8DA5.exe C:\Users\Karmelek\AppData\Local\Temp\EADED34.exe C:\Users\Karmelek\AppData\Local\Temp\EADF1FC.exe C:\Users\Karmelek\AppData\Local\Temp\EADFE76.exe C:\Users\Karmelek\AppData\Local\Temp\InstHelper.exe C:\Users\Karmelek\AppData\Local\Temp\McCSPInstall.dll C:\Users\Karmelek\AppData\Local\Temp\mccspuninstall.exe C:\Users\Karmelek\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-09-23 18:13 ==================== Koniec FRST.txt ============================