Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 29-11-2017 Uruchomiony przez Andrzej (administrator) WINDOWS-CPOHV3L (30-11-2017 07:27:20) Uruchomiony z C:\Users\Andrzej\Desktop Załadowane profile: Andrzej (Dostępne profile: Andrzej) Platform: Windows 8.1 (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee LLC) C:\Windows\System32\mfevtps.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee LLC) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_7\mcapexe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\McCSPServiceHost.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe (Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_watchdog.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8444632 2015-01-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5793048 2015-03-04] (Dell Inc.) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Audio Ltd.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-04-14] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-211896074-2614562761-2518769672-1002\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2031864 2017-11-30] (Wargaming.net) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9A7311B6-6CFA-482D-9BF2-B78CC7E09C36}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DB20F8DA-86C0-4F6E-AD6C-3402BC9EA69F}: [DhcpNameServer] 10.49.34.1 10.49.34.2 Internet Explorer: ================== HKU\S-1-5-21-211896074-2614562761-2518769672-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com SearchScopes: HKU\S-1-5-21-211896074-2614562761-2518769672-1002 -> DefaultScope {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = SearchScopes: HKU\S-1-5-21-211896074-2614562761-2518769672-1002 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = SearchScopes: HKU\S-1-5-21-211896074-2614562761-2518769672-1002 -> {86D47F34-E4F3-4AC6-91A4-18ECF3FDA816} URL = hxxps://pl.search.yahoo.com/search?fr=mcafee_uninternational&type=C011PL105D20160522&p={searchTerms} Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-11-02] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-11-02] (McAfee, Inc.) FireFox: ======== FF DefaultProfile: h6y9692e.default FF ProfilePath: C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\h6y9692e.default [2017-11-30] FF Extension: (Disable Media WMF NV12 format) - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\h6y9692e.default\features\{6e5e5192-c2e1-47ac-bcb9-35be0a791f12}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-22] [Przestarzałe] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24] [Przestarzałe] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-11-15] [Przestarzałe] [Brak podpisu cyfrowego] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-11-02] () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-11-02] () Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-08-26] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-08-26] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-04-14] () [Brak podpisu cyfrowego] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-04-14] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.) S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-06] (CyberLink) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [166152 2016-10-03] (McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [728296 2017-10-24] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\\McCSPServiceHost.exe [2145496 2017-09-27] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [357840 2017-09-14] (McAfee LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [509904 2017-09-14] (McAfee LLC) R3 mfevtp; C:\windows\system32\mfevtps.exe [466384 2017-09-14] (McAfee LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1622856 2017-10-24] (McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (Intel Security, Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2014-12-23] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915408 2013-10-17] (SoftThinks SAS) R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Audio Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.) S3 AmdGpio2; C:\windows\System32\drivers\AmdGpio2.sys [25288 2015-01-13] (Advanced Micro Devices, INC.) S3 amdi2c; C:\windows\System32\drivers\amdi2c.sys [40136 2015-01-13] (Advanced Micro Devices, INC.) S3 amdkmcsp; C:\windows\System32\drivers\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. ) R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.) R0 amdpsp; C:\windows\System32\drivers\amdpsp.sys [243048 2017-06-12] (Advanced Micro Devices, Inc. ) S3 amduart; C:\windows\System32\drivers\amduart.sys [75464 2015-01-13] (Advanced Micro Devices, INC.) R3 athr; C:\windows\system32\DRIVERS\athwbx.sys [4267008 2015-01-12] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [222720 2015-02-12] (Advanced Micro Devices) R3 cfwids; C:\windows\System32\drivers\cfwids.sys [77296 2017-09-15] (McAfee LLC) R1 CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [235904 2017-10-11] (McAfee, Inc.) R3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [492520 2017-09-15] (McAfee LLC) R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [355304 2017-09-15] (McAfee LLC) U3 mfeavfk01; Brak ImagePath S0 mfeelamk; C:\windows\System32\drivers\mfeelamk.sys [84024 2017-09-15] (McAfee LLC) R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [505328 2017-09-15] (McAfee LLC) R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [936936 2017-09-15] (McAfee LLC) R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [505768 2017-11-14] (McAfee LLC.) S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [108456 2017-11-14] (McAfee LLC.) R3 mfeplk; C:\windows\System32\drivers\mfeplk.sys [115184 2017-09-15] (McAfee LLC) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.) R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [252904 2017-09-15] (McAfee LLC) R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; c:\program files\my dell\pcdsrvc_x64.pkms [25584 2013-08-09] (PC-Doctor, Inc.) S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-11-30 07:28 - 2017-11-30 07:28 - 000035745 _____ C:\Users\Andrzej\Downloads\Shortcut.txt 2017-11-30 07:27 - 2017-11-30 07:30 - 000013596 _____ C:\Users\Andrzej\Desktop\FRST.txt 2017-11-30 07:27 - 2017-11-30 07:28 - 000024039 _____ C:\Users\Andrzej\Downloads\Addition.txt 2017-11-30 07:10 - 2017-11-30 07:31 - 000030118 _____ C:\Users\Andrzej\Downloads\FRST.txt 2017-11-30 07:09 - 2017-11-30 07:28 - 000000000 ____D C:\FRST 2017-11-30 07:07 - 2017-11-30 07:07 - 002391552 _____ (Farbar) C:\Users\Andrzej\Desktop\FRST64.exe 2017-11-26 14:54 - 2017-11-30 07:20 - 000003860 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse 2017-11-26 11:14 - 2017-11-30 07:09 - 000004034 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse 2017-11-26 06:58 - 2017-11-26 06:58 - 000000000 ____H C:\windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2017-11-17 08:38 - 2017-11-28 07:02 - 000000000 ____D C:\Users\Andrzej\AppData\LocalLow\Mozilla 2017-11-15 05:17 - 2017-10-17 13:11 - 000339968 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexcl40.dll 2017-11-15 05:17 - 2017-10-16 12:38 - 002013016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys 2017-11-15 05:17 - 2017-10-14 07:04 - 001548624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2017-11-15 05:17 - 2017-10-14 02:38 - 025731584 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2017-11-15 05:17 - 2017-10-14 02:23 - 004168704 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2017-11-15 05:17 - 2017-10-14 02:13 - 002903552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2017-11-15 05:17 - 2017-10-14 02:11 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2017-11-15 05:17 - 2017-10-14 02:09 - 005979648 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2017-11-15 05:17 - 2017-10-14 02:01 - 000816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2017-11-15 05:17 - 2017-10-14 01:36 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2017-11-15 05:17 - 2017-10-14 01:31 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2017-11-15 05:17 - 2017-10-14 01:30 - 015266816 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2017-11-15 05:17 - 2017-10-14 01:30 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2017-11-15 05:17 - 2017-10-14 01:30 - 000380416 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2017-11-15 05:17 - 2017-10-14 01:29 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2017-11-15 05:17 - 2017-10-14 01:27 - 002134528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2017-11-15 05:17 - 2017-10-14 01:21 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2017-11-15 05:17 - 2017-10-14 01:14 - 020269056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2017-11-15 05:17 - 2017-10-14 01:09 - 001544704 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2017-11-15 05:17 - 2017-10-14 01:05 - 015431680 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2017-11-15 05:17 - 2017-10-14 00:58 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2017-11-15 05:17 - 2017-10-14 00:53 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2017-11-15 05:17 - 2017-10-14 00:50 - 002293760 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2017-11-15 05:17 - 2017-10-14 00:45 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2017-11-15 05:17 - 2017-10-14 00:33 - 004542464 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2017-11-15 05:17 - 2017-10-14 00:28 - 013680128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2017-11-15 05:17 - 2017-10-14 00:28 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2017-11-15 05:17 - 2017-10-14 00:25 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2017-11-15 05:17 - 2017-10-14 00:24 - 000694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2017-11-15 05:17 - 2017-10-14 00:24 - 000331776 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2017-11-15 05:17 - 2017-10-14 00:23 - 002058752 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2017-11-15 05:17 - 2017-10-14 00:14 - 013317632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll 2017-11-15 05:17 - 2017-10-14 00:10 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2017-11-15 05:17 - 2017-10-14 00:07 - 001314304 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2017-11-15 05:17 - 2017-10-14 00:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2017-11-15 05:17 - 2017-10-10 10:36 - 000124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\luafv.sys 2017-11-15 05:17 - 2017-10-10 09:38 - 003631616 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll 2017-11-15 05:17 - 2017-10-10 09:38 - 000425984 _____ (Microsoft Corporation) C:\windows\system32\PCPTpm12.dll 2017-11-15 05:17 - 2017-10-10 09:11 - 002749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll 2017-11-15 05:17 - 2017-10-10 09:08 - 000367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\PCPTpm12.dll 2017-11-15 05:17 - 2017-10-05 01:17 - 000380248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys 2017-11-15 05:17 - 2017-09-14 17:52 - 000986968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys 2017-11-15 05:17 - 2017-09-08 11:14 - 003084288 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll 2017-11-15 05:17 - 2017-09-08 10:50 - 002471424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll 2017-11-15 05:17 - 2017-09-07 21:31 - 000685440 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2017-11-15 05:17 - 2017-09-07 21:28 - 000507176 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2017-11-15 05:17 - 2017-09-07 15:31 - 000022528 _____ (Microsoft Corporation) C:\windows\system32\mgmtapi.dll 2017-11-15 05:17 - 2017-09-07 13:20 - 000018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mgmtapi.dll 2017-11-15 05:17 - 2017-09-07 11:20 - 000513456 _____ C:\windows\SysWOW64\locale.nls 2017-11-15 05:17 - 2017-09-07 11:20 - 000513456 _____ C:\windows\system32\locale.nls 2017-11-15 05:17 - 2017-09-07 07:40 - 000995272 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll 2017-11-15 05:17 - 2017-09-07 07:40 - 000922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll 2017-11-15 05:17 - 2017-09-06 17:07 - 000158552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2017-11-15 05:17 - 2017-09-06 15:17 - 000461144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2017-11-15 05:17 - 2017-09-06 15:17 - 000443224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2017-11-15 05:17 - 2017-09-06 08:14 - 000166400 _____ (Microsoft Corporation) C:\windows\system32\regsvc.dll 2017-11-15 05:17 - 2017-08-10 19:39 - 002779136 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2017-11-15 05:17 - 2017-08-10 19:30 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2017-11-15 05:03 - 2017-10-11 01:35 - 000143016 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe 2017-11-15 05:03 - 2017-10-10 09:21 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll 2017-11-15 05:03 - 2017-10-10 07:18 - 002023936 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2017-11-15 05:03 - 2017-10-10 07:18 - 001570304 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2017-11-15 05:03 - 2017-10-10 07:18 - 000670208 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2017-11-15 05:03 - 2017-10-10 07:18 - 000605184 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2017-11-15 05:03 - 2017-10-10 07:18 - 000603648 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2017-11-15 05:03 - 2017-10-10 07:18 - 000402944 _____ (Microsoft Corporation) C:\windows\system32\centel.dll 2017-11-15 05:03 - 2017-10-10 07:18 - 000370688 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2017-11-15 05:03 - 2017-10-10 07:18 - 000241664 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2017-11-15 05:03 - 2017-10-10 07:18 - 000181760 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2017-11-14 03:44 - 2017-11-14 03:44 - 000505768 _____ (McAfee LLC.) C:\windows\system32\Drivers\mfencbdc.sys 2017-11-14 03:44 - 2017-11-14 03:44 - 000108456 _____ (McAfee LLC.) C:\windows\system32\Drivers\mfencrk.sys 2017-11-14 03:44 - 2017-11-14 03:44 - 000031144 _____ (McAfee LLC.) C:\windows\system32\Drivers\mfeclnrk.sys 2017-10-31 12:51 - 2017-11-03 18:41 - 000835568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2017-10-31 12:51 - 2017-11-03 18:41 - 000177648 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-31 12:31 - 2017-11-17 10:21 - 000000000 ____D C:\windows\system32\appraiser 2017-10-31 12:31 - 2017-10-31 12:31 - 000000000 ___SD C:\windows\system32\CompatTel ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-11-30 07:27 - 2016-05-16 04:32 - 000808058 _____ C:\windows\system32\perfh015.dat 2017-11-30 07:27 - 2016-05-16 04:32 - 000163816 _____ C:\windows\system32\perfc015.dat 2017-11-30 07:27 - 2016-01-09 02:39 - 001827818 _____ C:\windows\system32\PerfStringBackup.INI 2017-11-30 07:27 - 2013-08-22 07:36 - 000000000 ____D C:\windows\Inf 2017-11-30 07:08 - 2016-05-22 08:17 - 000004020 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{372496A2-3D32-4242-9040-1EAF55AEE017} 2017-11-30 07:04 - 2017-10-25 14:22 - 000000000 ____D C:\ProgramData\boost_interprocess 2017-11-28 00:30 - 2016-05-22 08:20 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-211896074-2614562761-2518769672-1002 2017-11-26 06:47 - 2017-10-24 13:52 - 000000000 __SHD C:\Users\Andrzej\AppData\Local\EmieUserList 2017-11-26 06:47 - 2017-10-24 13:52 - 000000000 __SHD C:\Users\Andrzej\AppData\Local\EmieSiteList 2017-11-24 14:29 - 2013-08-22 09:36 - 000000000 ____D C:\windows\AppReadiness 2017-11-23 13:01 - 2016-01-09 03:40 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2017-11-23 12:59 - 2013-08-22 08:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2017-11-23 10:36 - 2016-05-21 04:17 - 000000000 ____D C:\Users\Andrzej 2017-11-23 10:35 - 2016-05-22 08:41 - 000000000 ____D C:\Program Files (x86)\McAfee 2017-11-21 18:24 - 2016-05-22 08:38 - 000000000 ____D C:\Program Files\Common Files\McAfee 2017-11-18 04:58 - 2013-08-22 09:36 - 000000000 ____D C:\windows\rescache 2017-11-17 10:28 - 2013-08-22 08:44 - 000372728 _____ C:\windows\system32\FNTCACHE.DAT 2017-11-17 10:25 - 2016-01-09 04:22 - 000065536 _____ C:\windows\system32\spu_storage.bin 2017-11-17 10:25 - 2013-08-22 07:25 - 000262144 ___SH C:\windows\system32\config\BBI 2017-11-17 08:37 - 2017-10-26 13:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-11-17 08:37 - 2016-05-22 08:21 - 000001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-11-17 08:37 - 2016-05-22 08:19 - 000000000 ____D C:\Users\Andrzej\AppData\Roaming\Mozilla 2017-11-17 08:37 - 2016-05-22 08:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-11-17 05:08 - 2013-08-22 09:36 - 000000000 ____D C:\windows\system32\NDF 2017-11-16 14:15 - 2013-08-22 09:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-15 07:05 - 2013-08-22 09:20 - 000000000 ____D C:\windows\CbsTemp 2017-11-15 06:58 - 2016-01-09 02:29 - 000596961 _____ C:\windows\SysWOW64\rootpa.e2e 2017-11-15 05:04 - 2016-08-26 04:05 - 000003068 _____ C:\windows\System32\Tasks\McAfeeLogon 2017-11-15 05:03 - 2016-05-22 08:42 - 000000000 ____D C:\windows\System32\Tasks\McAfee 2017-11-15 05:02 - 2013-08-22 09:36 - 000000000 ___HD C:\windows\ELAMBKUP 2017-11-01 09:23 - 2013-08-22 09:36 - 000000000 ____D C:\windows\AppCompat 2017-10-31 13:32 - 2013-08-22 09:36 - 000000000 ____D C:\windows\system32\SecureBootUpdates 2017-10-31 12:49 - 2016-05-22 08:41 - 000000000 ____D C:\Program Files\McAfee 2017-10-31 12:34 - 2013-08-22 09:36 - 000000000 ___RD C:\windows\ToastData 2017-10-31 12:34 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files\Windows Defender 2017-10-31 12:34 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ___RD C:\windows\ImmersiveControlPanel 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ____D C:\windows\SysWOW64\setup 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ____D C:\windows\SysWOW64\migwiz 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ____D C:\windows\SysWOW64\Com 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ____D C:\windows\PolicyDefinitions 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ____D C:\windows\MediaViewer 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ____D C:\windows\FileManager 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ____D C:\windows\Camera 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files\Windows Portable Devices 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files\Windows Multimedia Platform 2017-10-31 12:33 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files\Common Files\System 2017-10-31 12:33 - 2013-08-22 07:36 - 000000000 ____D C:\windows\SysWOW64\oobe 2017-10-31 12:33 - 2013-08-22 07:36 - 000000000 ____D C:\windows\SysWOW64\Dism 2017-10-31 12:33 - 2013-08-22 07:36 - 000000000 ____D C:\windows\system32\oobe 2017-10-31 12:33 - 2013-08-22 07:36 - 000000000 ____D C:\windows\system32\AdvancedInstallers 2017-10-31 12:33 - 2013-08-22 07:36 - 000000000 ____D C:\windows\servicing 2017-10-31 12:32 - 2013-08-22 09:36 - 000000000 ___SD C:\windows\system32\dsc 2017-10-31 12:32 - 2013-08-22 09:36 - 000000000 ____D C:\windows\system32\WinBioPlugIns 2017-10-31 12:32 - 2013-08-22 09:36 - 000000000 ____D C:\windows\system32\SystemResetPlatform 2017-10-31 12:32 - 2013-08-22 09:36 - 000000000 ____D C:\windows\system32\setup 2017-10-31 12:32 - 2013-08-22 09:36 - 000000000 ____D C:\windows\system32\migwiz 2017-10-31 12:32 - 2013-08-22 09:36 - 000000000 ____D C:\windows\system32\Com 2017-10-31 12:32 - 2013-08-22 09:36 - 000000000 ____D C:\windows\IME 2017-10-31 12:32 - 2013-08-22 07:36 - 000000000 ____D C:\windows\system32\Sysprep 2017-10-31 12:32 - 2013-08-22 07:36 - 000000000 ____D C:\windows\system32\Dism 2017-10-31 12:31 - 2013-08-22 09:36 - 000000000 ____D C:\windows\WinStore 2017-10-31 12:31 - 2013-08-22 09:36 - 000000000 ____D C:\windows\SysWOW64\InputMethod 2017-10-31 12:31 - 2013-08-22 09:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-10-31 12:31 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices 2017-10-31 12:31 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-10-31 12:31 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform Niektóre pliki w TEMP: ==================== 2016-03-14 05:03 - 2016-03-14 05:03 - 000205808 _____ (McAfee, Inc.) C:\Users\Andrzej\AppData\Local\Temp\McCSPInstall.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\windows\system32\wininit.exe => Plik podpisany cyfrowo C:\windows\explorer.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\windows\system32\svchost.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\windows\system32\services.exe => Plik podpisany cyfrowo C:\windows\system32\User32.dll => Plik podpisany cyfrowo C:\windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\windows\system32\userinit.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-11-23 14:50 ==================== Koniec FRST.txt ============================