Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20-08-2017 Uruchomiony przez fredi (administrator) PAWEL (05-09-2017 19:56:31) Uruchomiony z C:\Users\fredi\Desktop Załadowane profile: fredi (Dostępne profile: fredi) Platform: Windows 8.1 (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (DEVGURU Co., LTD.) E:\kies\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications) HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\MountPoints2: {0bfa50a3-231a-11e4-be82-5a2c80139263} - "G:\AutoRun.exe" HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\MountPoints2: {29b94118-b386-11e4-bf16-485ab69e31d3} - "G:\AutoRun.exe" HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\MountPoints2: {29b9415f-b386-11e4-bf16-485ab69e31d3} - "G:\AutoRun.exe" HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\MountPoints2: {2b73589e-ff0c-11e3-be78-5a2c80139263} - "F:\setup.exe" HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\MountPoints2: {3e27f4a7-2bdf-11e5-804c-5a2c80139263} - "F:\Install.exe" HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\MountPoints2: {9e3f5fd0-e516-11e4-bfa0-5a2c80139263} - "G:\LG_PC_Programs.exe" HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\MountPoints2: {aff41698-fe24-11e3-be77-485ab69e31d3} - "G:\AutoRun.exe" HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\MountPoints2: {b8a79575-6dcd-11e3-be6c-806e6f6e6963} - "D:\Autorun.exe" HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\MountPoints2: {c428dde7-6dc5-11e4-be93-5a2c80139263} - "G:\AutoRun.exe" HKU\S-1-5-21-11856607-3315338600-60452357-1001\...\MountPoints2: {d675067f-775d-11e6-835f-201a06b964cc} - "F:\AutoRun.exe" HKU\S-1-5-18\...\Run: [Agent Portfela Bitdefender] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" HKU\S-1-5-18\...\Run: [Portfel Bitdefender] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard HKU\S-1-5-18\...\Run: [Agent aplikacji Portfel Bitdefender] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" GroupPolicyUsers\S-1-5-21-11856607-3315338600-60452357-1001\User: Ograniczenia <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{1780FB51-0313-4C52-A04D-9233396EBB66}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{E74B8EE4-C03D-4776-A167-F8E6B1F9217E}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com SearchScopes: HKU\S-1-5-21-11856607-3315338600-60452357-1001 -> DefaultScope {9616D5CD-D489-490A-AC9F-A1CDCC4E203F} URL = SearchScopes: HKU\S-1-5-21-11856607-3315338600-60452357-1001 -> {9616D5CD-D489-490A-AC9F-A1CDCC4E203F} URL = BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: ux8ai94a.default FF ProfilePath: C:\Users\fredi\AppData\Roaming\Mozilla\Firefox\Profiles\ux8ai94a.default [2017-08-30] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-03] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-09-03] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-11856607-3315338600-60452357-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Brak pliku] Chrome: ======= CHR DefaultProfile: Profile 2 CHR HomePage: Profile 2 -> hxxp://forum.octaviaclub.pl/viewtopic.php?t=86032 CHR StartupUrls: Profile 2 -> "hxxp://start.qone8.com/?type=hp&ts=1382634097&from=cor&uid=WDCXWD400BB-75FJA1_WD-WCAJC3601558","hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=hp&from=cor&uid=WDCXWD400BB-75FJA1_WD-WCAJC3601558&ts=1383923948","hxxp://www.istartsurf.com/?type=hp&ts=1434701188&z=795234cb407d9d928140b08gbzac2z3mde4gbg8bec&from=cor&uid=ST500LT012-1DG142_S3P1ZPX1XXXXS3P1ZPX1" CHR Profile: C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Default [2017-08-12] CHR Extension: (Tłumacz Google) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-02-19] CHR Extension: (Dysk Google) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Facebook Secret Emoticons) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe [2016-02-19] CHR Extension: (Google Search) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Facebook Icon Pack) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjnigeodbhfkikngfpbpaponldpnajj [2016-02-19] CHR Extension: (Dokumenty Google offline) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24] CHR Extension: (AdBlock) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-16] CHR Extension: (Gmail) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Profile: C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-09-05] CHR Extension: (Tłumacz Google) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-07-26] CHR Extension: (Prezentacje Google) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-25] CHR Extension: (Dysk Google) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-25] CHR Extension: (YouTube) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-25] CHR Extension: (Google Search) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-25] CHR Extension: (Arkusze Google) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-25] CHR Extension: (Pulpit zdalny Chrome) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-08-23] CHR Extension: (Dokumenty Google offline) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14] CHR Extension: (AdBlock) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-12] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-25] CHR Extension: (Chrome Media Router) - C:\Users\fredi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-12] CHR Profile: C:\Users\fredi\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-12] CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-28] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-08-28] (Microsoft Corporation) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated) S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-11] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate) S3 Origin Client Service; E:\Origin\OriginClientService.exe [2098528 2017-09-02] (Electronic Arts) S2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [2977640 2017-09-02] (Electronic Arts) S2 SkypeUpdate; E:\skype\Updater\Updater.exe [324224 2016-09-20] (Skype Technologies) R2 ss_conn_service; E:\kies\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.) S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.) S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.) S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-07-16] (Disc Soft Ltd) S3 IT9135BDA; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [165504 2016-09-12] (ITE ) R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) S3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-05 19:56 - 2017-09-05 19:57 - 000020594 _____ C:\Users\fredi\Desktop\FRST.txt 2017-09-05 19:55 - 2017-09-05 19:56 - 000000000 ____D C:\FRST 2017-09-05 15:42 - 2017-09-05 15:42 - 000202913 _____ C:\Users\fredi\Downloads\wiadomosc.pdf 2017-09-03 13:58 - 2017-09-03 13:58 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2017-09-03 13:49 - 2017-09-03 13:49 - 000003166 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-11856607-3315338600-60452357-1001 2017-09-02 14:07 - 2017-09-02 14:07 - 000960523 _____ C:\Users\fredi\Desktop\Poczta — pmaliszewski746@leroymerlin.pl.html 2017-09-02 14:07 - 2017-09-02 14:07 - 000000000 ____D C:\Users\fredi\Desktop\Poczta — pmaliszewski746@leroymerlin.pl_files 2017-09-02 12:50 - 2017-09-05 18:31 - 000000000 ____D C:\Users\fredi\Desktop\raporty 2017-09-02 11:48 - 2017-09-03 13:48 - 000003174 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-11856607-3315338600-60452357-1001 2017-09-02 11:48 - 2017-09-03 13:48 - 000002342 _____ C:\Users\fredi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive dla Firm.lnk 2017-09-02 11:48 - 2017-09-02 11:48 - 000002286 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive dla Firm.lnk 2017-09-02 11:48 - 2017-09-02 11:48 - 000002286 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive dla Firm.lnk 2017-09-02 11:48 - 2017-09-02 11:48 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2017-09-02 11:47 - 2017-09-02 11:47 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2017-09-02 11:43 - 2017-09-02 11:43 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2017-09-02 11:43 - 2017-09-02 11:43 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2017-09-02 11:43 - 2017-09-02 11:43 - 000002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2017-09-02 11:43 - 2017-09-02 11:43 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2017-09-02 11:43 - 2017-09-02 11:43 - 000002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2017-09-02 11:43 - 2017-09-02 11:43 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2017-09-02 11:43 - 2017-09-02 11:43 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2017-09-02 11:43 - 2017-09-02 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Narzędzia pakietu Microsoft Office 2016 2017-09-02 11:34 - 2017-09-03 17:01 - 000000000 ____D C:\Program Files\Microsoft Office 2017-09-02 11:34 - 2017-09-02 11:34 - 000000000 ____D C:\Program Files\Microsoft Office 15 2017-09-02 11:33 - 2017-09-02 11:33 - 006917944 _____ (Microsoft Corporation) C:\Users\fredi\Desktop\Setup.x64.pl-pl_ProfessionalRetail_NKGG6-WBPCC-HXWMY-6DQGJ-CPQVG_act_1_.exe 2017-08-30 10:38 - 2017-08-30 10:38 - 000001450 _____ C:\Users\Public\Desktop\LibreOffice 5.4.lnk 2017-08-30 10:38 - 2017-08-30 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.4 2017-08-30 10:38 - 2017-08-30 10:38 - 000000000 ____D C:\Program Files\LibreOffice 5 2017-08-30 10:26 - 2017-09-05 18:23 - 000000000 ____D C:\Users\fredi\Desktop\PREZENTACJA AO 2017-08-24 13:34 - 2017-08-24 13:34 - 000001827 _____ C:\Users\fredi\Desktop\LaunchGTAIV — skrót.lnk 2017-08-24 08:33 - 2017-08-24 08:33 - 000067717 _____ C:\Users\fredi\Downloads\3182190000_FES_00010.pdf 2017-08-24 08:29 - 2017-08-24 08:29 - 000067332 _____ C:\Users\fredi\Downloads\17194506_Nota_odsetkowa_ratalna_20170717.pdf 2017-08-24 08:29 - 2017-08-24 08:29 - 000067168 _____ C:\Users\fredi\Downloads\17194506_Nota_odsetkowa_20170717.pdf 2017-08-24 08:29 - 2017-08-24 08:29 - 000005257 _____ C:\Users\fredi\Downloads\smime.p7s 2017-08-24 08:28 - 2017-08-24 08:28 - 000023344 _____ C:\Users\fredi\Downloads\17194506_Detale_20170717.pdf 2017-08-24 08:27 - 2017-08-24 08:27 - 000149957 _____ C:\Users\fredi\Downloads\17194506_E_Faktura_20170717.pdf 2017-08-24 00:40 - 2017-08-24 00:40 - 006590679 _____ (Cenega Poland Sp. z o.o. ) C:\Users\fredi\Desktop\2058_Gta_Sa_Spolszczenie.exe 2017-08-24 00:39 - 2017-08-24 00:39 - 000484803 _____ C:\Users\fredi\Desktop\GTA_San_Andreas_-_spolszczenie[www.instalki.pl].zip 2017-08-24 00:15 - 2017-08-24 00:15 - 000001922 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk 2017-08-23 11:11 - 2017-08-23 11:11 - 000000000 ____D C:\Users\fredi\Desktop\pliki gta 2017-08-23 10:41 - 2017-08-23 10:47 - 000000000 ____D C:\Users\fredi\Downloads\GTA San Andreas PL 2017-08-23 10:41 - 2017-08-23 10:43 - 4238278656 _____ C:\Users\fredi\Downloads\GTA San Andreas PL.iso 2017-08-23 01:27 - 2017-08-23 01:27 - 000000000 ____D C:\Users\fredi\Documents\Rockstar Games 2017-08-23 01:23 - 2017-08-23 01:23 - 000001827 _____ C:\Users\fredi\Desktop\LaunchGTAIV — skrót (2).lnk 2017-08-22 23:19 - 2017-08-22 23:19 - 000000083 _____ C:\Users\fredi\Documents\GTA4.txt 2017-08-22 22:56 - 2017-08-22 22:56 - 000000000 __RHD C:\Users\fredi\AppData\Roaming\SecuROM 2017-08-22 22:22 - 2017-08-22 22:25 - 002395648 _____ (Farbar) C:\Users\fredi\Desktop\FRST64.exe 2017-08-22 22:16 - 2017-08-24 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2017-08-22 22:16 - 2017-08-24 00:15 - 000000000 ____D C:\Program Files (x86)\Rockstar Games 2017-08-21 00:36 - 2017-08-22 23:12 - 000000000 ____D C:\Users\fredi\AppData\Local\Rockstar Games 2017-08-21 00:36 - 2017-08-21 00:36 - 000000000 __SHD C:\ProgramData\SecuROM 2017-08-21 00:30 - 2017-08-21 00:30 - 000178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll 2017-08-20 22:59 - 2017-08-21 00:04 - 000000000 ____D C:\Users\fredi\Downloads\GTA IV PC+Spolszczenie ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-05 17:54 - 2014-06-27 19:48 - 000003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-11856607-3315338600-60452357-1001 2017-09-05 17:33 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf 2017-09-05 17:31 - 2014-08-05 20:17 - 000000000 __SHD C:\Users\fredi\IntelGraphicsProfiles 2017-09-05 17:31 - 2014-08-04 19:36 - 000000000 __RDO C:\Users\fredi\OneDrive 2017-09-05 17:30 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-09-05 15:57 - 2013-08-22 15:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI 2017-09-05 15:29 - 2014-03-18 11:57 - 001855024 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-09-05 15:29 - 2014-03-18 11:28 - 000817284 _____ C:\WINDOWS\system32\perfh015.dat 2017-09-05 15:29 - 2014-03-18 11:28 - 000168972 _____ C:\WINDOWS\system32\perfc015.dat 2017-09-05 15:28 - 2017-07-09 19:51 - 000001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk 2017-09-05 15:28 - 2014-06-29 00:07 - 000003882 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1403993208 2017-09-05 15:28 - 2014-06-29 00:06 - 000000000 ____D C:\Program Files (x86)\Opera 2017-09-05 14:52 - 2014-08-05 20:23 - 000003972 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{359FB3BF-590C-4606-9F97-BFE751801C85} 2017-09-03 13:59 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-09-03 13:58 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-09-03 13:42 - 2014-08-04 20:14 - 000000000 ____D C:\Users\fredi\AppData\Roaming\ipla 2017-09-03 00:20 - 2014-06-28 20:03 - 000000000 ____D C:\Users\fredi\AppData\Roaming\Origin 2017-09-02 20:54 - 2014-06-28 20:02 - 000000000 ____D C:\ProgramData\Origin 2017-09-02 20:41 - 2014-12-19 18:16 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-02 20:27 - 2013-08-22 16:44 - 000559352 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-09-02 18:59 - 2014-06-28 10:22 - 000000000 ____D C:\Users\fredi\AppData\Local\Packages 2017-08-30 10:25 - 2016-12-22 00:06 - 000000000 ____D C:\Users\fredi\AppData\LocalLow\Mozilla 2017-08-29 08:44 - 2015-02-04 21:04 - 000002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-29 08:44 - 2015-02-04 21:04 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-24 00:15 - 2013-12-26 03:50 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-08-23 11:10 - 2014-06-29 00:00 - 000000000 ____D C:\Users\fredi\AppData\Roaming\uTorrent 2017-08-22 22:11 - 2014-06-29 13:43 - 000000000 ____D C:\Users\fredi\Documents\ccleaner 2017-08-21 00:07 - 2014-06-29 13:27 - 000000000 ____D C:\Users\fredi\AppData\Roaming\DAEMON Tools Lite 2017-08-20 20:39 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-08-12 19:29 - 2016-09-02 16:38 - 000000000 ____D C:\WINDOWS\Minidump 2017-08-12 19:29 - 2014-08-13 15:19 - 000000000 ___RD C:\Users\fredi\Desktop\programy 2017-08-12 19:18 - 2014-09-28 22:53 - 000000000 ____D C:\PLIKI 2017-08-12 19:18 - 2014-06-29 00:24 - 000000000 ____D C:\Users\fredi\AppData\Roaming\vlc 2017-08-12 19:16 - 2015-09-22 11:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2017-08-12 19:05 - 2016-10-12 16:14 - 000000000 ____D C:\Users\fredi\Desktop\grysteam 2017-08-12 19:01 - 2017-03-30 19:14 - 000000000 ____D C:\Users\fredi\Desktop\donwloadpulpit 2017-08-09 19:27 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-08-09 14:34 - 2017-04-20 20:46 - 000004568 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-08-09 14:34 - 2016-11-12 20:23 - 000004388 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-08-09 14:34 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-08-09 14:34 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-08-09 14:18 - 2015-02-18 20:22 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2017-08-08 10:56 - 2015-07-21 15:03 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-07-04 14:42 - 2014-07-04 14:42 - 000000093 _____ () C:\Users\fredi\AppData\Local\fusioncache.dat 2014-06-27 22:32 - 2014-11-27 21:14 - 000007597 _____ () C:\Users\fredi\AppData\Local\Resmon.ResmonCfg 2015-09-30 15:46 - 2015-09-30 15:46 - 000000000 _____ () C:\Users\fredi\AppData\Local\{B657C460-0473-4F20-8F6A-2BED375EF648} 2014-08-13 15:05 - 2014-08-13 15:05 - 000565422 _____ () C:\ProgramData\1407934553.bdinstall.bin 2014-08-13 21:30 - 2014-08-13 21:30 - 000250724 _____ () C:\ProgramData\1407958019.bdinstall.bin 2014-08-14 16:28 - 2014-08-14 16:28 - 000559594 _____ () C:\ProgramData\1408026133.bdinstall.bin 2014-09-12 16:54 - 2014-09-12 16:54 - 000251650 _____ () C:\ProgramData\1410533604.bdinstall.bin Niektóre pliki w TEMP: ==================== 2017-08-22 22:56 - 2017-08-22 23:22 - 000204800 _____ (Sony DADC Austria AG) C:\Users\fredi\AppData\Local\Temp\drm_dyndata_7370014.dll 2014-08-01 23:38 - 2017-08-23 01:29 - 000204800 _____ (Sony DADC Austria AG) C:\Users\fredi\AppData\Local\Temp\drm_dyndata_7380014.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-09-03 19:28 ==================== Koniec FRST.txt ============================