Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 23-07-2016 02 Uruchomiony przez Tomasz (administrator) TYMEK (23-07-2016 18:44:39) Uruchomiony z C:\Users\Tomasz\Downloads Załadowane profile: Tomasz (Dostępne profile: Tomasz & Administrator) Platform: Windows 8.1 Pro (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe (MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Users\Tomasz\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2015-01-17] (Realtek Semiconductor) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [797648 2014-11-11] () HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] () HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2724432 2015-12-26] (Sony Corporation) HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [DS3 Tool] => C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe [112400 2011-09-22] (www.motioninjoy.com) HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\MountPoints2: {569c9781-9e60-11e4-8257-448a5bd1adb7} - "G:\LaunchU3.exe" -a ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-01-17] ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{FC2CA280-7EF3-41C9-AD8D-E4CEC4726E5D}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.9.1 Tcpip\..\Interfaces\{6AE88442-CD1F-4627-957A-9F8E6D58FFF3}: [DhcpNameServer] 192.168.9.1 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-01-21] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Brak pliku] FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20] CHR Extension: (Dokumenty Google) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20] CHR Extension: (Dysk Google) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Adblock Plus) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30] CHR Extension: (Google Search) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Arkusze Google) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20] CHR Extension: (Dokumenty Google offline) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-02-15] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation) S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2099712 2014-10-21] (MSI) [Brak podpisu cyfrowego] S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4026880 2014-09-26] (MSI) [Brak podpisu cyfrowego] S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2117632 2014-11-05] () [Brak podpisu cyfrowego] S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4157440 2014-09-26] () [Brak podpisu cyfrowego] R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [1993216 2014-09-26] () [Brak podpisu cyfrowego] S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2242048 2014-10-21] () [Brak podpisu cyfrowego] S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2063360 2014-07-28] () [Brak podpisu cyfrowego] S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [575488 2014-10-29] () [Brak podpisu cyfrowego] R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation) R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [386560 2014-12-10] (Qualcomm Atheros) [Brak podpisu cyfrowego] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [98992 2014-11-18] (Qualcomm Atheros, Inc.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation) R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI) S3 NTIOLib_MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MSI) S3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MSI) S3 NTIOLib_MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MSI) S3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI) S3 NTIOLib_MSIFrequency_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys [13368 2012-11-20] (MSI) S3 NTIOLib_MSIRatio_CC; C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MSI) S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI) S3 NTIOLib_MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-06-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation) S3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2013-06-18] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-17] (Duplex Secure Ltd.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-07-23 18:44 - 2016-07-23 18:44 - 00018926 _____ C:\Users\Tomasz\Downloads\FRST.txt 2016-07-23 18:43 - 2016-07-23 18:44 - 00000000 ____D C:\FRST 2016-07-23 18:41 - 2016-07-23 18:41 - 02394112 _____ (Farbar) C:\Users\Tomasz\Downloads\FRST64.exe 2016-07-23 16:28 - 2016-07-23 16:31 - 00000000 ____D C:\Users\Tomasz\Desktop\COLT foty 2016-07-22 15:13 - 2016-07-22 15:13 - 25736704 _____ C:\Users\Tomasz\Downloads\AcroRdrSD1500720033_all_DC.msi 2016-07-22 15:08 - 2016-07-22 15:08 - 02981506 _____ C:\Users\Tomasz\Downloads\dejavu-sans.zip 2016-07-20 14:39 - 2016-07-20 14:39 - 00000000 ____D C:\Windows\EOONotify 2016-07-13 14:35 - 2016-05-25 15:22 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2016-07-13 14:35 - 2016-05-25 15:22 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2016-07-13 14:35 - 2016-05-25 15:12 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2016-07-13 14:35 - 2016-05-25 15:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2016-07-13 14:07 - 2016-06-11 20:14 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-07-13 14:07 - 2016-06-11 20:11 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-07-13 14:07 - 2016-06-11 19:56 - 25812992 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-07-13 14:07 - 2016-06-11 19:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-07-13 14:07 - 2016-06-11 19:42 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-07-13 14:07 - 2016-06-11 19:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-07-13 14:07 - 2016-06-11 19:22 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-07-13 14:07 - 2016-06-11 19:22 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2016-07-13 14:07 - 2016-06-11 19:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-07-13 14:07 - 2016-06-11 19:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-07-13 14:07 - 2016-06-11 19:13 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-07-13 14:07 - 2016-06-11 19:12 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-07-13 14:07 - 2016-06-11 19:12 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-07-13 14:07 - 2016-06-11 19:07 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-07-13 14:07 - 2016-06-11 19:03 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-07-13 14:07 - 2016-06-11 19:01 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-07-13 14:07 - 2016-06-11 19:00 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-07-13 14:07 - 2016-06-11 19:00 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-07-13 14:07 - 2016-06-11 18:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-07-13 14:07 - 2016-06-11 18:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2016-07-13 14:07 - 2016-06-11 18:43 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-07-13 14:07 - 2016-06-11 18:38 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-07-13 14:07 - 2016-06-11 18:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-07-13 14:07 - 2016-06-11 18:31 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-07-13 14:07 - 2016-06-11 18:31 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-07-13 14:07 - 2016-06-11 18:31 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-07-13 14:07 - 2016-06-11 18:30 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-07-13 14:07 - 2016-06-11 18:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-07-13 14:07 - 2016-06-11 18:26 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-07-13 14:07 - 2016-06-11 18:15 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-07-13 14:07 - 2016-06-11 18:12 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-07-13 14:07 - 2016-06-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-07-13 14:07 - 2016-06-11 17:59 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-07-13 14:07 - 2016-06-11 17:56 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-07-13 14:07 - 2016-06-11 17:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-07-13 14:05 - 2016-06-25 22:05 - 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-07-13 14:05 - 2016-06-25 20:13 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2016-07-13 14:05 - 2016-06-25 18:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2016-07-13 14:05 - 2016-06-25 18:15 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2016-07-13 14:05 - 2016-06-25 18:13 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-07-13 14:05 - 2016-06-25 18:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2016-07-13 14:05 - 2016-06-22 15:48 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-07-13 14:05 - 2016-06-21 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2016-07-13 14:05 - 2016-06-21 16:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2016-07-13 14:05 - 2016-06-21 15:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-07-13 14:05 - 2016-06-21 15:48 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-07-13 14:05 - 2016-06-21 15:48 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-07-13 14:05 - 2016-06-21 15:48 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-07-13 14:05 - 2016-06-21 15:48 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-07-13 14:05 - 2016-06-21 15:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-07-13 14:05 - 2016-06-21 15:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-07-13 14:05 - 2016-06-11 21:45 - 07445856 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-07-13 14:05 - 2016-01-30 21:50 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2016-07-13 14:05 - 2016-01-30 21:00 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll 2016-07-13 14:05 - 2016-01-30 20:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll 2016-07-13 14:05 - 2016-01-30 20:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2016-07-13 14:05 - 2016-01-30 19:48 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll 2016-07-13 14:05 - 2016-01-30 19:41 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll 2016-07-13 14:04 - 2016-06-10 23:35 - 04167680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-07-12 11:31 - 2016-07-12 11:31 - 00934269 _____ C:\Users\Tomasz\Downloads\D2016000028001.pdf 2016-07-12 11:21 - 2016-07-12 11:21 - 00814547 _____ C:\Users\Tomasz\Downloads\D20110151Lj.pdf 2016-07-08 13:24 - 2016-07-18 14:01 - 00000000 ____D C:\Users\Tomasz\Desktop\Mitsubishi Colt Reklamacja SF15839 2016-07-05 20:44 - 2016-07-05 20:44 - 04720221 _____ C:\Users\Tomasz\Desktop\warstwa sprzedany.psd 2016-06-27 17:39 - 2016-06-30 15:45 - 00000000 ____D C:\Users\Tomasz\Desktop\Beema 2016-06-26 20:20 - 2016-06-26 20:36 - 00000000 ____D C:\Users\Tomasz\Desktop\Pickup 2016-06-24 16:33 - 2016-06-30 00:14 - 00000000 ____D C:\Users\Tomasz\Desktop\FIAT BRAVO ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-07-23 18:41 - 2015-02-20 21:57 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-23 18:26 - 2015-01-17 18:28 - 00000000 ____D C:\Users\Tomasz\AppData\Roaming\ClassicShell 2016-07-23 17:54 - 2015-02-20 21:57 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-23 16:28 - 2015-01-17 17:32 - 00000000 ____D C:\Users\Tomasz 2016-07-23 16:28 - 2014-09-24 17:08 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-23 16:28 - 2014-09-24 16:35 - 00805918 _____ C:\Windows\system32\perfh015.dat 2016-07-23 16:28 - 2014-09-24 16:35 - 00163272 _____ C:\Windows\system32\perfc015.dat 2016-07-23 16:28 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2016-07-23 15:33 - 2015-01-17 17:42 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1854063861-834038236-3450837710-1001 2016-07-23 15:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2016-07-22 15:08 - 2015-11-08 19:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-07-22 15:08 - 2015-06-24 21:33 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-22 13:38 - 2016-05-20 01:07 - 00000000 ____D C:\Users\Tomasz\Desktop\FACHOWCY.pl 2016-07-22 13:37 - 2015-07-28 13:22 - 00015694 _____ C:\Windows\BRRBCOM.INI 2016-07-22 13:28 - 2015-07-10 14:43 - 00000000 ____D C:\Users\Tomasz\Desktop\NAUKA JAZDY 2016-07-22 12:55 - 2015-02-20 21:57 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-07-22 12:55 - 2015-02-20 21:57 - 00002209 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-07-20 15:30 - 2015-09-04 14:47 - 00019483 _____ C:\Users\Tomasz\Desktop\FINANSE po zakupie hyundaia.xlsx 2016-07-20 14:57 - 2015-10-07 14:55 - 00011366 _____ C:\Users\Tomasz\Desktop\książki.xlsx 2016-07-20 14:40 - 2015-10-06 15:07 - 00061316 _____ C:\Users\Tomasz\Desktop\wpłaty i zaliczki.xlsx 2016-07-20 14:39 - 2015-04-08 17:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-07-20 14:39 - 2015-04-08 17:06 - 00000000 ___SD C:\Windows\system32\GWX 2016-07-20 14:39 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2016-07-18 15:52 - 2015-02-20 23:07 - 00000000 ____D C:\Users\Tomasz\AppData\Roaming\vlc 2016-07-18 13:59 - 2015-07-28 14:28 - 00000000 ____D C:\Users\Tomasz\Desktop\SKAN 2016-07-16 14:32 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2016-07-13 22:25 - 2015-01-17 17:47 - 00000000 ____D C:\ProgramData\NVIDIA 2016-07-13 22:25 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-13 22:25 - 2013-08-22 16:44 - 00424960 _____ C:\Windows\system32\FNTCACHE.DAT 2016-07-13 14:38 - 2015-04-15 23:12 - 00000000 ____D C:\Windows\system32\appraiser 2016-07-13 14:38 - 2015-01-21 15:41 - 00000000 ____D C:\Windows\system32\MRT 2016-07-13 14:38 - 2014-09-24 16:52 - 00000000 ____D C:\Program Files\Windows Journal 2016-07-13 14:38 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2016-07-13 14:38 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-07-13 14:36 - 2015-01-21 15:41 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-07-07 02:39 - 2015-01-17 18:25 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-07-06 11:15 - 2015-10-19 10:10 - 00010201 _____ C:\Users\Tomasz\Desktop\harmonogram zajęć teoretycznych.xlsx 2016-07-05 21:19 - 2015-09-20 16:47 - 00000000 ____D C:\Users\Tomasz\Desktop\Materiały graficzne 2016-07-05 21:19 - 2015-09-20 14:24 - 00000000 ____D C:\Users\Tomasz\Desktop\Zdjęcia Szkoła Jazdy 2016-07-04 14:10 - 2016-01-12 00:37 - 00000000 ____D C:\Users\Tomasz\Desktop\Zgłoszenie kursu 2016-07-03 15:33 - 2015-02-10 00:10 - 00000000 ____D C:\Users\Tomasz\AppData\Roaming\FileZilla 2016-07-02 06:29 - 2014-09-24 18:34 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-02 06:29 - 2014-09-24 18:34 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-02-09 22:14 - 2015-02-09 22:14 - 183677480 _____ () C:\Users\Tomasz\AppData\Local\ACCCx2_9_0_465.zip.aamdownload 2015-02-09 22:14 - 2015-02-09 22:14 - 0002195 _____ () C:\Users\Tomasz\AppData\Local\ACCCx2_9_0_465.zip.aamdownload.aamd 2015-08-26 19:11 - 2015-09-02 18:34 - 0001496 _____ () C:\Users\Tomasz\AppData\Local\Adobe Zapisz dla Internetu 13.0 Prefs 2015-01-17 19:02 - 2015-01-17 19:06 - 0000000 _____ () C:\Users\Tomasz\AppData\Local\Driver_LOM_8161Present.flag Niektóre pliki w TEMP: ==================== C:\Users\Tomasz\AppData\Local\Temp\CCP11s.dll C:\Users\Tomasz\AppData\Local\Temp\pkcs11wrapper1884334125720138756.dll C:\Users\Tomasz\AppData\Local\Temp\pkcs11wrapper2348675817866886739.dll C:\Users\Tomasz\AppData\Local\Temp\pkcs11wrapper3169862669107100608.dll C:\Users\Tomasz\AppData\Local\Temp\pkcs11wrapper3266853789732371210.dll C:\Users\Tomasz\AppData\Local\Temp\pkcs11wrapper3611436905706024092.dll C:\Users\Tomasz\AppData\Local\Temp\pkcs11wrapper6887402491550624466.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-07-23 16:54 ==================== Koniec FRST.txt ============================