Kroku
-
Postów
7 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez Kroku
-
-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by SYSTEM on MININT-45CTUGH on 18-02-2015 18:12:31
Running from D:\
Platform: Windows 8 Pro (X86) OS Language: Polski (Polska)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\Wojtek\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3000680 2013-11-01] (ALLPlayer Group Ltd.)
HKU\Wojtek\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\Wojtek\...\Run: [Akamai NetSession Interface] => "C:\Users\Wojtek\AppData\Local\Akamai\netsession_win.exe"
HKU\Wojtek\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.)
HKU\Wojtek\...\Run: [DellSystemDetect] => C:\Users\Wojtek\AppData\Local\Apps\2.0\5ZZZ1X32.E9A\E9YVJXWX.0BQ\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe [264488 2014-10-06] (Dell)
HKU\Wojtek\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\Wojtek\...\Run: [Facebook Update] => C:\Users\Wojtek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-16] (Facebook Inc.)
HKU\Wojtek\...\Run: [WebcamMaxAutoRun] => C:\Program Files\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\Wojtek\...\Policies\Explorer: []
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2014-10-06] (Flexera Software LLC)
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [705416 2014-09-24] (Cherished Technololgy LIMITED)
S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-15] (Elex do Brasil Participações Ltda)
S2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-07] (Native Instruments GmbH)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2015-01-21] (Electronic Arts)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2014-09-22] (Microsoft Corporation)
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63.sys [4704256 2012-06-02] (Broadcom Corporation)
S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [243128 2014-10-06] (Disc Soft Ltd)
S2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam.sys [1068216 2012-04-15] (Windows (R) Win 7 DDK provider)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [238080 2012-07-25] (Marvell)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 17:30 - 2015-02-18 18:12 - 00000000 ____D () C:\FRST
2015-02-13 17:11 - 2015-02-18 18:10 - 00000000 _____ () C:\Recovery.txt
2015-02-11 22:59 - 2015-02-11 22:59 - 17295024 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2015-02-11 17:53 - 2015-02-11 17:54 - 11064406 _____ () C:\Users\Wojtek\Desktop\L-Trans backup (11.02.2015) lapek.rar
2015-02-11 17:18 - 2015-01-12 06:07 - 01762816 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-02-11 17:18 - 2015-01-12 06:07 - 01338880 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-02-11 17:18 - 2015-01-12 06:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-02-11 17:18 - 2015-01-12 06:07 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-02-11 17:18 - 2015-01-12 06:06 - 14373376 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-02-11 17:18 - 2015-01-12 06:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-02-11 17:18 - 2015-01-12 06:06 - 02861568 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-02-11 17:18 - 2015-01-12 06:06 - 02055168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-02-11 17:18 - 2015-01-12 06:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-02-11 17:18 - 2015-01-12 06:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-02-11 17:18 - 2015-01-12 06:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-02-11 17:18 - 2015-01-12 04:46 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-02-11 17:18 - 2014-12-08 06:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-02-11 17:17 - 2015-01-29 08:02 - 00446704 _____ (Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
2015-02-11 17:17 - 2015-01-29 08:02 - 00412664 _____ (Microsoft Corporation) C:\Windows\System32\NotificationUI.exe
2015-02-11 17:17 - 2015-01-29 08:02 - 00011056 _____ () C:\Windows\System32\AutoconfigV2.cab
2015-02-11 17:17 - 2015-01-29 07:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2015-02-11 17:17 - 2015-01-29 07:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 17:16 - 2015-01-15 11:18 - 05578560 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-02-11 17:16 - 2015-01-09 05:06 - 03400704 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-02-11 17:14 - 2015-01-15 11:00 - 01026560 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-02-11 17:14 - 2015-01-15 11:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\System32\usercpl.dll
2015-02-11 17:14 - 2015-01-15 11:00 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\SHCore.dll
2015-02-11 17:14 - 2015-01-15 10:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-02-11 17:14 - 2015-01-15 05:08 - 00492200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-02-11 17:13 - 2014-12-18 08:02 - 00038720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2015-02-11 17:13 - 2014-12-18 07:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2015-02-11 17:13 - 2014-12-18 07:19 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2015-02-11 17:13 - 2014-12-18 07:19 - 00473600 _____ (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2015-02-11 17:13 - 2014-12-09 00:13 - 00391526 _____ () C:\Windows\System32\ApnDatabase.xml
2015-02-11 17:13 - 2014-11-26 05:50 - 00567808 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2015-01-30 20:48 - 2015-01-30 20:52 - 724441088 _____ () C:\Users\Wojtek\Downloads\Ted.2012.PL.chomikuj.avi
2015-01-29 21:23 - 2015-01-29 21:53 - 737667072 _____ () C:\Users\Wojtek\Downloads\Ale jazda - Interstate 60 [2002] DVDRip Lektor PL.avi
2015-01-27 22:54 - 2015-01-27 22:57 - 332500686 _____ () C:\Users\Wojtek\Downloads\Requiem dla snu; polski lektor.rmvb
2015-01-25 18:35 - 2015-01-26 20:21 - 00000000 ____D () C:\Users\Wojtek\Desktop\UTP
2015-01-24 17:58 - 2015-01-24 17:58 - 00000000 ____D () C:\Users\Wojtek\Downloads\fotki_zestaw
2015-01-21 22:16 - 2015-01-21 22:18 - 734011392 _____ () C:\Users\Wojtek\Downloads\Mercy (2014) Napisy.PL.HDRip.XviD-MBR.avi
2015-01-20 22:56 - 2015-01-20 22:56 - 00053089 _____ () C:\Users\Wojtek\Downloads\Jeff Dunham - Spark of Insanity.txt
2015-01-20 22:50 - 2015-01-21 01:42 - 296651285 _____ () C:\Users\Wojtek\Downloads\Jeff Dunham - Spark of Insanity.rmvb
2015-01-20 00:18 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\System32\aspnet_counters.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-13 13:08 - 2012-07-26 05:17 - 00262144 ___SH () C:\Windows\System32\config\BBI
2015-02-13 13:07 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\WinStore
2015-02-13 13:07 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\System32\pl-PL
2015-02-13 13:06 - 2014-10-06 19:09 - 01532674 _____ () C:\Windows\WindowsUpdate.log
2015-02-13 13:00 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\System32\sru
2015-02-13 12:54 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-13 09:20 - 2013-04-09 20:58 - 01793398 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-02-13 09:20 - 2012-07-26 09:14 - 00794946 _____ () C:\Windows\System32\perfh015.dat
2015-02-13 09:20 - 2012-07-26 09:14 - 00159530 _____ () C:\Windows\System32\perfc015.dat
2015-02-13 09:19 - 2013-04-11 10:20 - 00000000 ____D () C:\Users\Wojtek\AppData\Local\Adobe
2015-02-13 00:19 - 2014-01-08 23:44 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\ClassicShell
2015-02-13 00:08 - 2013-07-31 10:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 19:15 - 2013-04-10 09:42 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\foobar2000
2015-02-11 20:57 - 2012-07-26 07:43 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-11 20:53 - 2014-10-07 21:14 - 00000000 ____D () C:\Windows\System32\MRT
2015-02-11 20:47 - 2014-10-07 21:14 - 113756392 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-02-11 20:45 - 2012-07-26 05:17 - 00000269 _____ () C:\Windows\win.ini
2015-02-11 18:33 - 2014-10-07 15:24 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\TS3Client
2015-02-11 17:52 - 2014-12-10 11:07 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\WinZipper
2015-02-11 17:39 - 2014-10-07 10:51 - 00000000 ___RD () C:\Users\Wojtek\Desktop\L-Trans
2015-02-11 16:47 - 2013-04-09 21:09 - 00000000 ____D () C:\Program Files\Opera
2015-02-09 15:30 - 2014-09-23 11:25 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\uTorrent
2015-02-08 12:23 - 2014-12-10 11:07 - 00000000 ____D () C:\Program Files\WinZipper
2015-02-07 13:58 - 2013-11-27 16:37 - 00000000 ____D () C:\Users\Wojtek\AppData\Local\cache
2015-02-03 20:29 - 2014-11-17 21:01 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2015-02-03 20:29 - 2014-11-17 21:01 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2015-01-31 21:42 - 2014-10-26 20:06 - 00325632 ___SH () C:\Users\Wojtek\Desktop\Thumbs.db
2015-01-31 13:20 - 2014-10-05 19:27 - 00000000 ____D () C:\Program Files\Steam
2015-01-31 11:06 - 2014-10-05 19:27 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-01-30 20:36 - 2015-01-11 16:49 - 00000000 ____D () C:\Users\Wojtek\Desktop\x
2015-01-30 14:35 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\System32\NDF
2015-01-25 23:52 - 2014-10-21 13:47 - 00088576 ___SH () C:\Users\Wojtek\Downloads\Thumbs.db
2015-01-21 12:58 - 2014-12-10 10:04 - 00000000 ____D () C:\ProgramData\Origin
2015-01-21 12:56 - 2014-12-10 10:04 - 00000000 ____D () C:\Program Files\Origin
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2014-10-07 20:05] - [2014-04-12 08:24] - 0429056 ____A (Microsoft Corporation) 89D6AFD5B257049375008BAA512910EE
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2015-01-14 13:01] - [2014-11-01 05:36] - 0334336 ____A (Microsoft Corporation) DBD45269B9CC4DDAB5ECE4B37A102B8A
C:\Windows\System32\User32.dll
[2014-10-15 11:13] - [2014-06-28 08:02] - 1168896 ____A (Microsoft Corporation) D592455FBA84E91F0B510F244383D85C
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-10-15 11:14] - [2014-07-04 08:12] - 0281408 ____A (Microsoft Corporation) BF079843E272759BAE587FB980163293
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 2038.04 MB
Available physical RAM: 1562.64 MB
Total Pagefile: 2038.04 MB
Available Pagefile: 1569.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:193.82 GB) (Free:62.99 GB) NTFS
Drive d: (UUI) (Removable) (Total:0.93 GB) (Free:0.15 GB) FAT32
Drive f: () (Fixed) (Total:38.96 GB) (Free:36.65 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B8000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=193.8 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 953.5 MB) (Disk ID: 20AC7DDA)
No partition Table on disk 1.
LastRegBack: 2015-02-09 14:41
==================== End Of Log ============================
-
Żaden z trybów awaryjnych nie odapala. No to chyba trzeba bedzie odpalić ubunciaka i zrobić backupy danych
-
Yep. Od razu wyrzuca do trybu odzyskiwania.
-
Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015 Ran by SYSTEM at 2015-02-18 16:34:25 Run:1 Running from D:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** S1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-01-15] (Elex do Brasil Participaçoes Ltda) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-01-15] (Elex do Brasil Participaçoes Ltda) S1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2015-01-15] (Elex do Brasil Participaçoes Ltda) S1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-01-15] (Elex do Brasil Participaçoes Ltda) S1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-01-15] (Elex do Brasil Participaçoes Ltda) S1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-01-03] (Elex do Brasil Participaçoes Ltda HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe [747712 2013-11-27] () S1 {55dce8ba-9dec-4013-937e-adbf9317d990}w; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880 2014-08-04] (StdLib) S3 catchme; \??\C:\Users\Wojtek\AppData\Local\Temp\catchme.sys [X] EmptyTemp: ***************** iSafeKrnl => Service deleted successfully. iSafeKrnlBoot => Service deleted successfully. iSafeKrnlKit => Service deleted successfully. iSafeKrnlMon => Service deleted successfully. iSafeKrnlR3 => Service deleted successfully. iSafeNetFilter => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully. {55dce8ba-9dec-4013-937e-adbf9317d990}w => Service deleted successfully. catchme => Service deleted successfully. EmptyTemp: => Error: This directive works only outside recovery mode. ==== End of Fixlog 16:34:25 ==== -
Teraz jedyny sposób na dostanie sie do danych to Ubuntu live na pendrive bo system nie wstaje. Deamon z tego co wiem jest zainstalowany.
Dzisiaj postaram sie zdobyć brakujące logi.Kiedy odpalam FRST z konsoli odzyskiwania (najnowsza wersja programu) nie mam możliwości wygenerowania tych logów, o które prosisz.Jedyny wygenerowany LOG
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015 Ran by SYSTEM on MININT-6JH9SQR on 18-02-2015 13:32:18 Running from D:\ Platform: Windows 8 Pro (X86) OS Language: Polski (Polska) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe [747712 2013-11-27] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKU\Wojtek\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3000680 2013-11-01] (ALLPlayer Group Ltd.) HKU\Wojtek\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd) HKU\Wojtek\...\Run: [Akamai NetSession Interface] => "C:\Users\Wojtek\AppData\Local\Akamai\netsession_win.exe" HKU\Wojtek\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.) HKU\Wojtek\...\Run: [DellSystemDetect] => C:\Users\Wojtek\AppData\Local\Apps\2.0\5ZZZ1X32.E9A\E9YVJXWX.0BQ\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe [264488 2014-10-06] (Dell) HKU\Wojtek\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun HKU\Wojtek\...\Run: [Facebook Update] => C:\Users\Wojtek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-16] (Facebook Inc.) HKU\Wojtek\...\Run: [WebcamMaxAutoRun] => C:\Program Files\WebcamMax\wcmmon.exe [1038848 2011-07-17] () HKU\Wojtek\...\Policies\Explorer: [] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2014-10-06] (Flexera Software LLC) S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [705416 2014-09-24] (Cherished Technololgy LIMITED) S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-15] (Elex do Brasil Participações Ltda) S2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-07] (Native Instruments GmbH) S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2015-01-21] (Electronic Arts) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2014-09-22] (Microsoft Corporation) S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-10] (Fuyu LIMITED) S2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [424624 2015-01-12] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63.sys [4704256 2012-06-02] (Broadcom Corporation) S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [243128 2014-10-06] (Disc Soft Ltd) S1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-01-15] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-01-15] (Elex do Brasil Participações Ltda) S1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2015-01-15] (Elex do Brasil Participações Ltda) S1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-01-15] (Elex do Brasil Participações Ltda) S1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-01-15] (Elex do Brasil Participações Ltda) S1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-01-03] (Elex do Brasil Participações Ltda) S2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam.sys [1068216 2012-04-15] (Windows (R) Win 7 DDK provider) S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) S3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [238080 2012-07-25] (Marvell) S1 {55dce8ba-9dec-4013-937e-adbf9317d990}w; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880 2014-08-04] (StdLib) S3 catchme; \??\C:\Users\Wojtek\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 17:30 - 2015-02-16 17:35 - 00000000 ____D () C:\FRST 2015-02-13 17:11 - 2015-02-18 13:24 - 00000000 _____ () C:\Recovery.txt 2015-02-11 22:59 - 2015-02-11 22:59 - 17295024 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe 2015-02-11 17:53 - 2015-02-11 17:54 - 11064406 _____ () C:\Users\Wojtek\Desktop\L-Trans backup (11.02.2015) lapek.rar 2015-02-11 17:18 - 2015-01-12 06:07 - 01762816 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2015-02-11 17:18 - 2015-01-12 06:07 - 01338880 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2015-02-11 17:18 - 2015-01-12 06:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2015-02-11 17:18 - 2015-01-12 06:07 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 14373376 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 02861568 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 02055168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2015-02-11 17:18 - 2015-01-12 04:46 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec 2015-02-11 17:18 - 2014-12-08 06:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll 2015-02-11 17:17 - 2015-01-29 08:02 - 00446704 _____ (Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe 2015-02-11 17:17 - 2015-01-29 08:02 - 00412664 _____ (Microsoft Corporation) C:\Windows\System32\NotificationUI.exe 2015-02-11 17:17 - 2015-01-29 08:02 - 00011056 _____ () C:\Windows\System32\AutoconfigV2.cab 2015-02-11 17:17 - 2015-01-29 07:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll 2015-02-11 17:17 - 2015-01-29 07:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-02-11 17:16 - 2015-01-15 11:18 - 05578560 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2015-02-11 17:16 - 2015-01-09 05:06 - 03400704 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2015-02-11 17:14 - 2015-01-15 11:00 - 01026560 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2015-02-11 17:14 - 2015-01-15 11:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\System32\usercpl.dll 2015-02-11 17:14 - 2015-01-15 11:00 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\SHCore.dll 2015-02-11 17:14 - 2015-01-15 10:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2015-02-11 17:14 - 2015-01-15 05:08 - 00492200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2015-02-11 17:13 - 2014-12-18 08:02 - 00038720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys 2015-02-11 17:13 - 2014-12-18 07:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll 2015-02-11 17:13 - 2014-12-18 07:19 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL 2015-02-11 17:13 - 2014-12-18 07:19 - 00473600 _____ (Microsoft Corporation) C:\Windows\System32\BFE.DLL 2015-02-11 17:13 - 2014-12-09 00:13 - 00391526 _____ () C:\Windows\System32\ApnDatabase.xml 2015-02-11 17:13 - 2014-11-26 05:50 - 00567808 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2015-01-30 20:48 - 2015-01-30 20:52 - 724441088 _____ () C:\Users\Wojtek\Downloads\Ted.2012.PL.chomikuj.avi 2015-01-29 21:23 - 2015-01-29 21:53 - 737667072 _____ () C:\Users\Wojtek\Downloads\Ale jazda - Interstate 60 [2002] DVDRip Lektor PL.avi 2015-01-27 22:54 - 2015-01-27 22:57 - 332500686 _____ () C:\Users\Wojtek\Downloads\Requiem dla snu; polski lektor.rmvb 2015-01-25 18:35 - 2015-01-26 20:21 - 00000000 ____D () C:\Users\Wojtek\Desktop\UTP 2015-01-24 17:58 - 2015-01-24 17:58 - 00000000 ____D () C:\Users\Wojtek\Downloads\fotki_zestaw 2015-01-21 22:16 - 2015-01-21 22:18 - 734011392 _____ () C:\Users\Wojtek\Downloads\Mercy (2014) Napisy.PL.HDRip.XviD-MBR.avi 2015-01-20 22:56 - 2015-01-20 22:56 - 00053089 _____ () C:\Users\Wojtek\Downloads\Jeff Dunham - Spark of Insanity.txt 2015-01-20 22:50 - 2015-01-21 01:42 - 296651285 _____ () C:\Users\Wojtek\Downloads\Jeff Dunham - Spark of Insanity.rmvb 2015-01-20 00:18 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\System32\aspnet_counters.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-13 13:08 - 2012-07-26 05:17 - 00262144 ___SH () C:\Windows\System32\config\BBI 2015-02-13 13:07 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\WinStore 2015-02-13 13:07 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\System32\pl-PL 2015-02-13 13:06 - 2014-10-06 19:09 - 01532674 _____ () C:\Windows\WindowsUpdate.log 2015-02-13 13:00 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\System32\sru 2015-02-13 12:54 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-02-13 09:20 - 2013-04-09 20:58 - 01793398 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-02-13 09:20 - 2012-07-26 09:14 - 00794946 _____ () C:\Windows\System32\perfh015.dat 2015-02-13 09:20 - 2012-07-26 09:14 - 00159530 _____ () C:\Windows\System32\perfc015.dat 2015-02-13 09:19 - 2013-04-11 10:20 - 00000000 ____D () C:\Users\Wojtek\AppData\Local\Adobe 2015-02-13 00:19 - 2014-01-08 23:44 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\ClassicShell 2015-02-13 00:08 - 2013-07-31 10:58 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-12 19:15 - 2013-04-10 09:42 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\foobar2000 2015-02-11 20:57 - 2012-07-26 07:43 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-11 20:53 - 2014-10-07 21:14 - 00000000 ____D () C:\Windows\System32\MRT 2015-02-11 20:47 - 2014-10-07 21:14 - 113756392 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2015-02-11 20:45 - 2012-07-26 05:17 - 00000269 _____ () C:\Windows\win.ini 2015-02-11 18:33 - 2014-10-07 15:24 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\TS3Client 2015-02-11 17:52 - 2014-12-10 11:07 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\WinZipper 2015-02-11 17:39 - 2014-10-07 10:51 - 00000000 ___RD () C:\Users\Wojtek\Desktop\L-Trans 2015-02-11 16:47 - 2013-04-09 21:09 - 00000000 ____D () C:\Program Files\Opera 2015-02-09 15:30 - 2014-09-23 11:25 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\uTorrent 2015-02-08 12:23 - 2014-12-10 11:07 - 00000000 ____D () C:\Program Files\WinZipper 2015-02-07 13:58 - 2013-11-27 16:37 - 00000000 ____D () C:\Users\Wojtek\AppData\Local\cache 2015-02-03 20:29 - 2014-11-17 21:01 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2015-02-03 20:29 - 2014-11-17 21:01 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2015-01-31 21:42 - 2014-10-26 20:06 - 00325632 ___SH () C:\Users\Wojtek\Desktop\Thumbs.db 2015-01-31 13:20 - 2014-10-05 19:27 - 00000000 ____D () C:\Program Files\Steam 2015-01-31 11:06 - 2014-10-05 19:27 - 00000000 ____D () C:\Program Files\Common Files\Steam 2015-01-30 20:36 - 2015-01-11 16:49 - 00000000 ____D () C:\Users\Wojtek\Desktop\x 2015-01-30 14:35 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\System32\NDF 2015-01-25 23:52 - 2014-10-21 13:47 - 00088576 ___SH () C:\Users\Wojtek\Downloads\Thumbs.db 2015-01-21 12:58 - 2014-12-10 10:04 - 00000000 ____D () C:\ProgramData\Origin 2015-01-21 12:56 - 2014-12-10 10:04 - 00000000 ____D () C:\Program Files\Origin ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe [2014-10-07 20:05] - [2014-04-12 08:24] - 0429056 ____A (Microsoft Corporation) 89D6AFD5B257049375008BAA512910EE C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2015-01-14 13:01] - [2014-11-01 05:36] - 0334336 ____A (Microsoft Corporation) DBD45269B9CC4DDAB5ECE4B37A102B8A C:\Windows\System32\User32.dll [2014-10-15 11:13] - [2014-06-28 08:02] - 1168896 ____A (Microsoft Corporation) D592455FBA84E91F0B510F244383D85C C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-10-15 11:14] - [2014-07-04 08:12] - 0281408 ____A (Microsoft Corporation) BF079843E272759BAE587FB980163293 ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 2038.04 MB Available physical RAM: 1564.06 MB Total Pagefile: 2038.04 MB Available Pagefile: 1573.28 MB Total Virtual: 2047.88 MB Available Virtual: 1939.61 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:193.82 GB) (Free:62.99 GB) NTFS Drive d: (UUI) (Removable) (Total:0.93 GB) (Free:0.15 GB) FAT32 Drive f: () (Fixed) (Total:38.96 GB) (Free:36.65 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B8000000) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=193.8 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 953.5 MB) (Disk ID: 20AC7DDA) No partition Table on disk 1. LastRegBack: 2015-02-09 14:41 ==================== End Of Log ============================ -
Witam wszystkich forumowiczów. Dostałem ostatnio laptopa (Dell Inspiron 1525) do naprawy.. laptop należy do znajomego, więc zdecydowałem się mu pomóc. Laptop po aktualizacji po prostu sie wstaje, automatycznie próbuje wykonać naprawę, która nic nie daje i z powrotem wraca do narzędzia uruchamiania. Po całym dniu główkowania trafiłem na to forum i na narzędzie FRST.. o ile skanowanie udało się wykonać sprawnie, to "budowa" skryptu naprawczego troche mnie przerasta. Przeczytałem bardzo obszerny poradnik z tego forum, za który szczerze dziekuje, ale troche nie jestem pewny, a że nie robię "na swoim" to bardziej potęguje niepewność.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015 Ran by SYSTEM on MININT-CGCPL9K on 16-02-2015 17:34:38 Running from D:\ Platform: Windows 8 Pro (X86) OS Language: Polski (Polska) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe [747712 2013-11-27] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKU\Wojtek\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3000680 2013-11-01] (ALLPlayer Group Ltd.) HKU\Wojtek\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd) HKU\Wojtek\...\Run: [Akamai NetSession Interface] => "C:\Users\Wojtek\AppData\Local\Akamai\netsession_win.exe" HKU\Wojtek\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.) HKU\Wojtek\...\Run: [DellSystemDetect] => C:\Users\Wojtek\AppData\Local\Apps\2.0\5ZZZ1X32.E9A\E9YVJXWX.0BQ\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe [264488 2014-10-06] (Dell) HKU\Wojtek\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\Wojtek\...\Run: [Facebook Update] => C:\Users\Wojtek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-16] (Facebook Inc.) HKU\Wojtek\...\Run: [WebcamMaxAutoRun] => C:\Program Files\WebcamMax\wcmmon.exe [1038848 2011-07-17] () HKU\Wojtek\...\Policies\Explorer: [] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2014-10-06] (Flexera Software LLC) S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [705416 2014-09-24] (Cherished Technololgy LIMITED) S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-15] (Elex do Brasil Participações Ltda) S2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-07] (Native Instruments GmbH) S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2015-01-21] (Electronic Arts) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2014-09-22] (Microsoft Corporation) S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-10] (Fuyu LIMITED) S2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [424624 2015-01-12] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63.sys [4704256 2012-06-02] (Broadcom Corporation) S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [243128 2014-10-06] (Disc Soft Ltd) S1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-01-15] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-01-15] (Elex do Brasil Participações Ltda) S1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2015-01-15] (Elex do Brasil Participações Ltda) S1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-01-15] (Elex do Brasil Participações Ltda) S1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-01-15] (Elex do Brasil Participações Ltda) S1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-01-03] (Elex do Brasil Participações Ltda) S2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam.sys [1068216 2012-04-15] (Windows (R) Win 7 DDK provider) S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) S3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [238080 2012-07-25] (Marvell) S1 {55dce8ba-9dec-4013-937e-adbf9317d990}w; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880 2014-08-04] (StdLib) S3 catchme; \??\C:\Users\Wojtek\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 17:30 - 2015-02-16 17:32 - 00000000 ____D () C:\FRST 2015-02-13 17:11 - 2015-02-16 17:27 - 00000000 _____ () C:\Recovery.txt 2015-02-11 22:59 - 2015-02-11 22:59 - 17295024 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe 2015-02-11 17:53 - 2015-02-11 17:54 - 11064406 _____ () C:\Users\Wojtek\Desktop\L-Trans backup (11.02.2015) lapek.rar 2015-02-11 17:18 - 2015-01-12 06:07 - 01762816 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2015-02-11 17:18 - 2015-01-12 06:07 - 01338880 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2015-02-11 17:18 - 2015-01-12 06:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2015-02-11 17:18 - 2015-01-12 06:07 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 14373376 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 02861568 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 02055168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2015-02-11 17:18 - 2015-01-12 06:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2015-02-11 17:18 - 2015-01-12 04:46 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec 2015-02-11 17:18 - 2014-12-08 06:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll 2015-02-11 17:17 - 2015-01-29 08:02 - 00446704 _____ (Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe 2015-02-11 17:17 - 2015-01-29 08:02 - 00412664 _____ (Microsoft Corporation) C:\Windows\System32\NotificationUI.exe 2015-02-11 17:17 - 2015-01-29 08:02 - 00011056 _____ () C:\Windows\System32\AutoconfigV2.cab 2015-02-11 17:17 - 2015-01-29 07:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll 2015-02-11 17:17 - 2015-01-29 07:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-02-11 17:16 - 2015-01-15 11:18 - 05578560 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2015-02-11 17:16 - 2015-01-09 05:06 - 03400704 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2015-02-11 17:14 - 2015-01-15 11:00 - 01026560 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2015-02-11 17:14 - 2015-01-15 11:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\System32\usercpl.dll 2015-02-11 17:14 - 2015-01-15 11:00 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\SHCore.dll 2015-02-11 17:14 - 2015-01-15 10:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2015-02-11 17:14 - 2015-01-15 05:08 - 00492200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2015-02-11 17:13 - 2014-12-18 08:02 - 00038720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys 2015-02-11 17:13 - 2014-12-18 07:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll 2015-02-11 17:13 - 2014-12-18 07:19 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL 2015-02-11 17:13 - 2014-12-18 07:19 - 00473600 _____ (Microsoft Corporation) C:\Windows\System32\BFE.DLL 2015-02-11 17:13 - 2014-12-09 00:13 - 00391526 _____ () C:\Windows\System32\ApnDatabase.xml 2015-02-11 17:13 - 2014-11-26 05:50 - 00567808 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2015-01-30 20:48 - 2015-01-30 20:52 - 724441088 _____ () C:\Users\Wojtek\Downloads\Ted.2012.PL.chomikuj.avi 2015-01-29 21:23 - 2015-01-29 21:53 - 737667072 _____ () C:\Users\Wojtek\Downloads\Ale jazda - Interstate 60 [2002] DVDRip Lektor PL.avi 2015-01-27 22:54 - 2015-01-27 22:57 - 332500686 _____ () C:\Users\Wojtek\Downloads\Requiem dla snu; polski lektor.rmvb 2015-01-25 18:35 - 2015-01-26 20:21 - 00000000 ____D () C:\Users\Wojtek\Desktop\UTP 2015-01-24 17:58 - 2015-01-24 17:58 - 00000000 ____D () C:\Users\Wojtek\Downloads\fotki_zestaw 2015-01-21 22:16 - 2015-01-21 22:18 - 734011392 _____ () C:\Users\Wojtek\Downloads\Mercy (2014) Napisy.PL.HDRip.XviD-MBR.avi 2015-01-20 22:56 - 2015-01-20 22:56 - 00053089 _____ () C:\Users\Wojtek\Downloads\Jeff Dunham - Spark of Insanity.txt 2015-01-20 22:50 - 2015-01-21 01:42 - 296651285 _____ () C:\Users\Wojtek\Downloads\Jeff Dunham - Spark of Insanity.rmvb 2015-01-20 00:18 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\System32\aspnet_counters.dll 2015-01-17 22:35 - 2015-01-17 22:35 - 00141507 _____ () C:\Users\Wojtek\Downloads\31888_5889c5860a2c54ced761339f6fd5859701c4a5d9 2015-01-17 20:26 - 2015-01-17 20:26 - 251633536 _____ () C:\Windows\MEMORY.DMP ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-13 13:08 - 2012-07-26 05:17 - 00262144 ___SH () C:\Windows\System32\config\BBI 2015-02-13 13:07 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\WinStore 2015-02-13 13:07 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\System32\pl-PL 2015-02-13 13:06 - 2014-10-06 19:09 - 01532674 _____ () C:\Windows\WindowsUpdate.log 2015-02-13 13:00 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\System32\sru 2015-02-13 12:54 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-02-13 09:20 - 2013-04-09 20:58 - 01793398 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-02-13 09:20 - 2012-07-26 09:14 - 00794946 _____ () C:\Windows\System32\perfh015.dat 2015-02-13 09:20 - 2012-07-26 09:14 - 00159530 _____ () C:\Windows\System32\perfc015.dat 2015-02-13 09:19 - 2013-04-11 10:20 - 00000000 ____D () C:\Users\Wojtek\AppData\Local\Adobe 2015-02-13 00:19 - 2014-01-08 23:44 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\ClassicShell 2015-02-13 00:08 - 2013-07-31 10:58 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-12 19:15 - 2013-04-10 09:42 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\foobar2000 2015-02-11 20:57 - 2012-07-26 07:43 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-11 20:53 - 2014-10-07 21:14 - 00000000 ____D () C:\Windows\System32\MRT 2015-02-11 20:47 - 2014-10-07 21:14 - 113756392 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2015-02-11 20:45 - 2012-07-26 05:17 - 00000269 _____ () C:\Windows\win.ini 2015-02-11 18:33 - 2014-10-07 15:24 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\TS3Client 2015-02-11 17:52 - 2014-12-10 11:07 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\WinZipper 2015-02-11 17:39 - 2014-10-07 10:51 - 00000000 ___RD () C:\Users\Wojtek\Desktop\L-Trans 2015-02-11 16:47 - 2013-04-09 21:09 - 00000000 ____D () C:\Program Files\Opera 2015-02-09 15:30 - 2014-09-23 11:25 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\uTorrent 2015-02-08 12:23 - 2014-12-10 11:07 - 00000000 ____D () C:\Program Files\WinZipper 2015-02-07 13:58 - 2013-11-27 16:37 - 00000000 ____D () C:\Users\Wojtek\AppData\Local\cache 2015-02-03 20:29 - 2014-11-17 21:01 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2015-02-03 20:29 - 2014-11-17 21:01 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2015-01-31 21:42 - 2014-10-26 20:06 - 00325632 ___SH () C:\Users\Wojtek\Desktop\Thumbs.db 2015-01-31 13:20 - 2014-10-05 19:27 - 00000000 ____D () C:\Program Files\Steam 2015-01-31 11:06 - 2014-10-05 19:27 - 00000000 ____D () C:\Program Files\Common Files\Steam 2015-01-30 20:36 - 2015-01-11 16:49 - 00000000 ____D () C:\Users\Wojtek\Desktop\x 2015-01-30 14:35 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\System32\NDF 2015-01-25 23:52 - 2014-10-21 13:47 - 00088576 ___SH () C:\Users\Wojtek\Downloads\Thumbs.db 2015-01-21 12:58 - 2014-12-10 10:04 - 00000000 ____D () C:\ProgramData\Origin 2015-01-21 12:56 - 2014-12-10 10:04 - 00000000 ____D () C:\Program Files\Origin 2015-01-17 20:36 - 2013-10-24 18:36 - 00000000 ____D () C:\Windows\Minidump 2015-01-17 20:27 - 2013-04-09 20:59 - 00000000 ____D () C:\users\Wojtek ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe [2014-10-07 20:05] - [2014-04-12 08:24] - 0429056 ____A (Microsoft Corporation) 89D6AFD5B257049375008BAA512910EE C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2015-01-14 13:01] - [2014-11-01 05:36] - 0334336 ____A (Microsoft Corporation) DBD45269B9CC4DDAB5ECE4B37A102B8A C:\Windows\System32\User32.dll [2014-10-15 11:13] - [2014-06-28 08:02] - 1168896 ____A (Microsoft Corporation) D592455FBA84E91F0B510F244383D85C C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-10-15 11:14] - [2014-07-04 08:12] - 0281408 ____A (Microsoft Corporation) BF079843E272759BAE587FB980163293 ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 2038.04 MB Available physical RAM: 1564.02 MB Total Pagefile: 2038.04 MB Available Pagefile: 1572.51 MB Total Virtual: 2047.88 MB Available Virtual: 1939.61 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:193.82 GB) (Free:62.99 GB) NTFS Drive d: (UUI) (Removable) (Total:0.93 GB) (Free:0.15 GB) FAT32 Drive f: () (Fixed) (Total:38.96 GB) (Free:36.65 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B8000000) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=193.8 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 953.5 MB) (Disk ID: 20AC7DDA) No partition Table on disk 1. LastRegBack: 2015-02-09 14:41 ==================== End Of Log ============================
Windows 8 (32 bit) recovery loop
w Windows 8
Opublikowano
Dzieki za zainteresowanie. W weekend przysiądę nad backupem i postawie nowy system