Witam. Czy można prosić o pomoc co można usunąć i czy to jest ten findit? 722798 722799
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:10-01-2015 01
Uruchomiony przez DELL (administrator) DELL-KOMPUTER (13-01-2016 21:36:14)
Uruchomiony z C:\Users\DELL\Desktop
Załadowane profile: DELL (Dostępne profile: DELL)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesy (filtrowane) =================
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
() C:\Program Files (x86)\4C4C4544-1452614870-3610-8053-B4C04F433332\knsy11BC.tmp
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Samsung installer) C:\Program Files (x86)\SpaceSondPro_v53.11980\SpaceSondPro_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TData.com) C:\Program Files (x86)\TDataDld\TData.exe
() C:\Program Files (x86)\4C4C4544-1452614870-3610-8053-B4C04F433332\hnszCB03.tmp
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Space Sound Pro) C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\rec_en_77\rec_en_77.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TeamViewer installer) C:\Program Files (x86)\SpaceSondPro_v53.11980\ioproduct.exe
() C:\Users\DELL\AppData\Local\Temp\nsr7A6B.tmp
() C:\Users\DELL\AppData\Local\4C4C4544-1452720418-3610-8053-B4C04F433332\qnscF6EE.tmp
(DotCash Limited) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
() C:\Users\DELL\AppData\Local\gmsd_pl_005010206\upgmsd_pl_005010206.exe
() C:\Program Files (x86)\gmsd_pl_005010206\gmsd_pl_005010206.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\DELL\AppData\Local\Temp\nsnD29E.tmp
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe
==================== Rejestr (filtrowane) ===========================
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
HKLM\...\Run: [egui] = & gt; C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM\...\Run: [SpaceSoundPro] = & gt; C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro)
HKLM-x32\...\Run: [HP Software Update] = & gt; C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] = & gt; [X]
HKLM-x32\...\Run: [gmsd_pl_005010206] = & gt; C:\Program Files (x86)\gmsd_pl_005010206\gmsd_pl_005010206.exe [4006576 2016-01-13] ()
HKLM-x32\...\Run: [rec_en_77] = & gt; C:\Program Files (x86)\rec_en_77\rec_en_77.exe [4004568 2016-01-13] ()
HKLM-x32\...\RunOnce: [IOPROTECT] = & gt; C:\Program Files (x86)\SpaceSondPro_v53.11980\ioproduct_service.bat [164 2016-01-13] ()
HKLM-x32\...\RunOnce: [upgmsd_pl_005010206.exe] = & gt; C:\Users\DELL\AppData\Local\gmsd_pl_005010206\upgmsd_pl_005010206.exe [3279024 2016-01-13] ()
HKLM-x32\...\RunOnce: [GrpConv] = & gt; grpconv -o
HKLM\...\Policies\Explorer\Run: [881281713] = & gt; C:\ProgramData\msxrxgrnd.exe [97421184 2010-11-21] ()
HKLM\...\Policies\Explorer\Run: [1281858421] = & gt; C:\ProgramData\msxiz.exe [104296960 2010-11-21] ()
HKU\S-1-5-21-499557954-418881905-3462982921-1000\...\Run: [HP Deskjet 3540 series (NET)] = & gt; C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-499557954-418881905-3462982921-1000\...\Run: [{DD102485-DF0D-4D65-BDA5-2CC442E45D6D}] = & gt; powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\tcdFhIHGghE').OGDctC)));
AppInit_DLLs: C:\Windows\system32\nvinitx.dll = & gt; C:\Windows\system32\nvinitx.dll [175880 2015-04-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll = & gt; C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-09] (NVIDIA Corporation)
==================== Internet (filtrowane) ====================
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B9DAF137-9C6D-447F-A757-5FBF6C2BD84B}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-499557954-418881905-3462982921-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O6ALVpuKMYLBCX6kjbuLzLzdEtNXP0fD9_SSKu3uQQ3X6RGFMXB11FBE2VWYzRJQG_PFC-UOxePEKzZ6fNmn81FlK20GDEIlHW4IMjzOqfMbVy4hdRlA_V0dXCDH52D7dlMplj6gLgprXubwEIlpCQlpfb_Wkjkjakusw, & q={searchTerms}
HKU\S-1-5-21-499557954-418881905-3462982921-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O6ALVpuKMYLBCX6kjbuLzLzdEtNXP0fD9_SSKu3uQQ3X6RGFMXB11FBE2VWYzRJQG_PFC-UOxePEKzazZfrfQyJKOnDYPpouwmqZGsG-v_9vu-mf-0hb0ONdgL_Y36xRTUWwk6AVhDYlMQSx1XmEqicyYKTI8W5FhxZ5U,
HKU\S-1-5-21-499557954-418881905-3462982921-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O6ALVpuKMYLBCX6kjbuLzLzdEtNXP0fD9_SSKu3uQQ3X6RGFMXB11FBE2VWYzRJQG_PFC-UOxePEKzZ6fNmn81FlK20GDEIlHW4IMjzOqfMbVy4hdRlA_V0dXCDH52D7dlMplj6gLgprXubwEIlpCQlpfb_Wkjkjakusw, & q={searchTerms}
HKU\S-1-5-21-499557954-418881905-3462982921-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O6ALVpuKMYLBCX6kjbuLzLzdEtNXP0fD9_SSKu3uQQ3X6RGFMXB11FBE2VWYzRJQG_PFC-UOxePEKzZ6fNmn81FlK20GDEIlHW4IMjzOqfMbVy4hdRlA_V0dXCDH52D7dlMplj6gLgprXubwEIlpCQlpfb_Wkjkjakusw, & q={searchTerms}
SearchScopes: HKLM-x32 - & gt; DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 - & gt; ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O6ALVpuKMYLBCX6kjbuLzLzdEtNXP0fD9_SSKu3uQQ3X6RGFMXB11FBE2VWYzRJQG_PFC-UOxePEKzZ6fNmn81FlK20GDEIlHW4IMjzOqfMbVy4hdRlA_V0dXCDH52D7dlMplj6gLgprXubwEIlpCQlpfb_Wkjkjakusw, & q={searchTerms}
SearchScopes: HKU\S-1-5-21-499557954-418881905-3462982921-1000 - & gt; {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O6ALVpuKMYLBCX6kjbuLzLzdEtNXP0fD9_SSKu3uQQ3X6RGFMXB11FBE2VWYzRJQG_PFC-UOxePEKzZ6fNmn81FlK20GDEIlHW4IMjzOqfMbVy4hdRlA_V0dXCDH52D7dlMplj6gLgprXubwEIlpCQlpfb_Wkjkjakusw, & q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-29] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\rib5zxbr.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: findit
FF Homepage: hxxps://www.google.pl/?gfe_rd=cr & ei=w0WVVt2NBOTBuAHA4Y9I & gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-30] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 - & gt; C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 - & gt; C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - & gt; C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - & gt; C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 - & gt; C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\rib5zxbr.default\searchplugins\findit.xml [2016-01-12]
FF SearchPlugin: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\rib5zxbr.default\searchplugins\omniboxes.xml [2016-01-12]
FF Extension: FirefixTab - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\rib5zxbr.default\extensions\deskCutv2@gmail.com [2016-01-12] [Brak podpisu cyfrowego]
FF Extension: " Total Video - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\rib5zxbr.default\Extensions\@AFAD5CE7AF9662EAF15E692FF6B78D9EAFAD.xpi [2016-01-12] [Brak podpisu cyfrowego]
FF Extension: " Kingdom Video - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\rib5zxbr.default\Extensions\@EEF13F682B589555BB23372239D6A115EEF1.xpi [2016-01-13] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\rib5zxbr.default\extensions\deskCutv2@gmail.com
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!EEF13F682B589555BB23372239D6A115EEF1.js [2016-01-13] & lt; ==== UWAGA
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\AFAD5CE7AF9662EAF15E692FF6B78D9EAFAD [2016-01-12] & lt; ==== UWAGA
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\EEF13F682B589555BB23372239D6A115EEF1 [2016-01-13] & lt; ==== UWAGA
Chrome:
=======
CHR HomePage: Default - & gt; hxxp://www.omniboxes.com/?type=hp & ts=1452614607 & z=7c02a13d623d48fca098d79g2z1w3o1q9g6z8q2ecm & from=amt & uid=st500lt012-1dg142_s3pp5nb3xxxxs3pp5nb3
CHR StartupUrls: Default - & gt; " hxxp://www.omniboxes.com/?type=hp & ts=1452614607 & z=7c02a13d623d48fca098d79g2z1w3o1q9g6z8q2ecm & from=amt & uid=st500lt012-1dg142_s3pp5nb3xxxxs3pp5nb3 "
CHR DefaultSearchURL: Default - & gt; hxxp://omniboxes.com/web?type=ds & ts=1452614607 & z=7c02a13d623d48fca098d79g2z1w3o1q9g6z8q2ecm & from=amt & uid=st500lt012-1dg142_s3pp5nb3xxxxs3pp5nb3 & q={searchTerms}
CHR DefaultSearchKeyword: Default - & gt; omniboxes
CHR Profile: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-03]
CHR Extension: (Dysk Google) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-13]
CHR Extension: (YouTube) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16]
CHR Extension: (Google Search) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-13]
CHR Extension: (HP Smart Print) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2015-09-03]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-03]
CHR Extension: (Gmail) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-03]
CHR Extension: (Kingdom Video) - C:\Users\DELL\AppData\Local\Kingdom Video\Component [2016-01-13]
==================== Usługi (filtrowane) ========================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [539136 2016-01-12] () [Brak podpisu cyfrowego]
R2 decofyjuzbt; C:\Program Files (x86)\4C4C4544-1452614870-3610-8053-B4C04F433332\knsy11BC.tmp [204800 2016-01-12] () [Brak podpisu cyfrowego]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-04-09] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [349152 2016-01-13] (DotCash Limited)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-08] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-04-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-04-09] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 TDataSvr; C:\Program Files (x86)\TDataDld\TData.exe [133360 2016-01-12] (TData.com)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-14] (Microsoft Corporation)
R2 wucotusy; C:\Program Files (x86)\4C4C4544-1452614870-3610-8053-B4C04F433332\hnszCB03.tmp [416256 2016-01-12] () [Brak podpisu cyfrowego]
R2 zigipyro; C:\Users\DELL\AppData\Local\4C4C4544-1452720418-3610-8053-B4C04F433332\qnscF6EE.tmp [158720 2015-12-26] () [Brak podpisu cyfrowego]
===================== Sterowniki (filtrowane) ==========================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-06-25] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [55016 2016-01-13] (DotCash)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-04-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-09] (NVIDIA Corporation)
R1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
==================== NetSvcs (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
==================== Jeden miesiąc - utworzone pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2016-01-13 21:36 - 2016-01-13 21:36 - 00019532 _____ C:\Users\DELL\Desktop\FRST.txt
2016-01-13 21:36 - 2016-01-13 21:36 - 00000000 ____D C:\FRST
2016-01-13 21:35 - 2016-01-13 21:35 - 02370560 _____ (Farbar) C:\Users\DELL\Desktop\FRST64.exe
2016-01-13 21:34 - 2016-01-13 21:34 - 04810368 _____ ( ) C:\Users\DELL\Desktop\setup_gmsd_en.exe
2016-01-13 21:28 - 2016-01-13 21:28 - 00055016 _____ (DotCash) C:\Windows\system32\Drivers\MPCKpt.sys
2016-01-13 21:28 - 2016-01-13 21:28 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-01-13 21:26 - 2016-01-13 21:27 - 00000000 ____D C:\Users\DELL\AppData\Local\4C4C4544-1452720418-3610-8053-B4C04F433332
2016-01-13 20:55 - 2016-01-13 20:55 - 00001433 _____ C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-13 20:49 - 2016-01-13 20:49 - 00000000 ____D C:\Users\DELL\AppData\Local\rec_en_77
2016-01-13 20:49 - 2016-01-13 20:49 - 00000000 ____D C:\Program Files (x86)\rec_en_77
2016-01-13 20:48 - 2016-01-13 20:54 - 00000264 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2016-01-13 20:48 - 2016-01-13 20:54 - 00000256 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2016-01-13 20:48 - 2016-01-13 20:51 - 00003090 _____ C:\Windows\System32\Tasks\RegClean Pro
2016-01-13 20:48 - 2016-01-13 20:48 - 00003164 _____ C:\Windows\System32\Tasks\Kingdom Video
2016-01-13 20:48 - 2016-01-13 20:48 - 00003150 _____ C:\Windows\System32\Tasks\Kingdom Video2
2016-01-13 20:48 - 2016-01-13 20:48 - 00003014 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2016-01-13 20:48 - 2016-01-13 20:48 - 00002858 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2016-01-13 20:48 - 2016-01-13 20:48 - 00000991 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2016-01-13 20:48 - 2016-01-13 20:48 - 00000000 ____D C:\Users\DELL\AppData\Roaming\systweak
2016-01-13 20:48 - 2016-01-13 20:48 - 00000000 ____D C:\Users\DELL\AppData\Local\Kingdom Video
2016-01-13 20:48 - 2016-01-13 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2016-01-13 20:48 - 2016-01-13 20:48 - 00000000 ____D C:\Program Files (x86)\RCP
2016-01-13 20:48 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe
2016-01-13 20:47 - 2016-01-13 21:35 - 00000000 ____D C:\Users\DELL\AppData\Local\gmsd_pl_005010206
2016-01-13 20:47 - 2016-01-13 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
2016-01-13 20:47 - 2016-01-13 21:28 - 00000000 ____D C:\Program Files (x86)\gmsd_pl_005010206
2016-01-13 20:45 - 2016-01-13 20:48 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.11980
2016-01-13 20:45 - 2016-01-13 20:45 - 00000876 _____ C:\Users\DELL\Desktop\SpaceSoundPro.lnk
2016-01-13 20:45 - 2016-01-13 20:45 - 00000008 _____ C:\END
2016-01-13 20:45 - 2016-01-13 20:45 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
2016-01-13 20:45 - 2016-01-13 20:45 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-01-13 20:45 - 2016-01-13 20:45 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2016-01-12 19:07 - 2016-01-12 19:07 - 00003266 _____ C:\Windows\System32\Tasks\psv_Salt-Com
2016-01-12 19:02 - 2016-01-12 19:02 - 00000000 ____D C:\Program Files (x86)\ExploreTech
2016-01-12 17:18 - 2016-01-12 17:18 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1452615501-3610-8053-B4C04F433332
2016-01-12 17:17 - 2016-01-12 17:17 - 00003614 _____ C:\Windows\System32\Tasks\snp
2016-01-12 17:17 - 2016-01-12 17:17 - 00003274 _____ C:\Windows\System32\Tasks\psv_UnoNix
2016-01-12 17:17 - 2016-01-12 17:17 - 00003252 _____ C:\Windows\System32\Tasks\psv_Tresair
2016-01-12 17:17 - 2016-01-12 17:17 - 00003228 _____ C:\Windows\System32\Tasks\snf
2016-01-12 17:17 - 2016-01-12 17:17 - 00002389 _____ C:\Windows\SysWOW64\findit.xml
2016-01-12 17:17 - 2016-01-12 17:17 - 00000000 ____D C:\ProgramData\Zoobams
2016-01-12 17:16 - 2016-01-12 17:16 - 00003266 _____ C:\Windows\System32\Tasks\psv_NamSancore
2016-01-12 17:16 - 2016-01-12 17:16 - 00000000 ____D C:\ProgramData\ApplicationHosting
2016-01-12 17:12 - 2016-01-12 17:12 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-12 17:08 - 2016-01-12 17:08 - 00000000 ____D C:\Users\DELL\AppData\Local\ESET
2016-01-12 17:08 - 2016-01-12 17:06 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-12 17:07 - 2016-01-12 23:11 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1452614870-3610-8053-B4C04F433332
2016-01-12 17:07 - 2016-01-12 17:07 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2016-01-12 17:06 - 2016-01-12 19:20 - 00000000 ____D C:\ProgramData\ShopperPro3
2016-01-12 17:06 - 2016-01-12 17:06 - 00003156 _____ C:\Windows\System32\Tasks\Total Video
2016-01-12 17:06 - 2016-01-12 17:06 - 00003152 _____ C:\Windows\System32\Tasks\Total Video2
2016-01-12 17:06 - 2016-01-12 17:06 - 00000000 ____D C:\Users\Public\Documents\ShopperPro3
2016-01-12 17:06 - 2016-01-12 17:06 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2016-01-12 17:06 - 2016-01-12 17:06 - 00000000 ____D C:\Users\DELL\AppData\Local\Total Video
2016-01-12 17:06 - 2016-01-12 17:06 - 00000000 ____D C:\Program Files (x86)\YTDownloader
2016-01-12 17:05 - 2016-01-12 19:01 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Opera Software
2016-01-12 17:05 - 2016-01-12 19:01 - 00000000 ____D C:\Users\DELL\AppData\Local\Opera Software
2016-01-12 17:05 - 2016-01-12 17:06 - 00003578 _____ C:\Windows\System32\Tasks\ShopperProJSUpd
2016-01-12 17:05 - 2016-01-12 17:05 - 00003542 _____ C:\Windows\System32\Tasks\Inst_Rep
2016-01-12 17:04 - 2016-01-12 19:01 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-12 17:04 - 2016-01-12 17:04 - 00000000 ____D C:\Program Files (x86)\TDataDld
2016-01-10 16:49 - 2016-01-13 20:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2016-01-13 21:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-13 21:12 - 2015-06-29 08:10 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-13 21:01 - 2011-04-12 14:21 - 00744318 _____ C:\Windows\system32\perfh015.dat
2016-01-13 21:01 - 2011-04-12 14:21 - 00157266 _____ C:\Windows\system32\perfc015.dat
2016-01-13 21:01 - 2009-07-14 06:13 - 01680332 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-13 21:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-13 20:55 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-01-13 20:55 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-13 20:54 - 2015-08-16 10:03 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-13 20:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-13 20:32 - 2015-06-29 08:09 - 00000000 ____D C:\Users\DELL\AppData\Roaming\AIMP3
2016-01-13 20:00 - 2009-07-14 05:45 - 00334664 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-12 23:13 - 2009-07-14 05:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-12 23:13 - 2009-07-14 05:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-12 19:20 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-12 19:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-01-12 19:13 - 2015-08-16 10:03 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-12 19:13 - 2015-06-29 11:10 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-12 19:13 - 2015-06-29 11:10 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-12 17:10 - 2015-06-29 11:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-11 20:25 - 2015-06-29 11:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-09 09:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-30 00:12 - 2015-06-29 08:10 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-30 00:12 - 2015-06-29 08:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-30 00:12 - 2015-06-29 08:10 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Pliki w katalogu głównym wybranych folderów =======
2015-08-16 10:00 - 2015-08-16 10:00 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-06-27 05:15 - 2015-06-27 05:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-11-21 04:24 - 2010-11-21 04:24 - 104296960 ___SH () C:\ProgramData\msxiz.exe
2010-11-21 04:24 - 2010-11-21 04:24 - 97421184 ___SH () C:\ProgramData\msxrxgrnd.exe
Pliki do przeniesienia lub usunięcia:
====================
C:\ProgramData\msxiz.exe
C:\ProgramData\msxrxgrnd.exe
Niektóre pliki w TEMP:
====================
C:\Users\DELL\AppData\Local\Temp\23D7.tmp.exe
C:\Users\DELL\AppData\Local\Temp\9F0D.tmp.exe
C:\Users\DELL\AppData\Local\Temp\ACA3.tmp.exe
C:\Users\DELL\AppData\Local\Temp\avg5D1D.exe
C:\Users\DELL\AppData\Local\Temp\B2DC.tmp.exe
C:\Users\DELL\AppData\Local\Temp\cdo1574202131.dll
C:\Users\DELL\AppData\Local\Temp\cdo1661846314.dll
C:\Users\DELL\AppData\Local\Temp\cdo1839818697.dll
C:\Users\DELL\AppData\Local\Temp\cdo1941714398.dll
C:\Users\DELL\AppData\Local\Temp\cdo1963928648.dll
C:\Users\DELL\AppData\Local\Temp\cdo2025479709.dll
C:\Users\DELL\AppData\Local\Temp\cdo2155838132.dll
C:\Users\DELL\AppData\Local\Temp\cdo2200488541.dll
C:\Users\DELL\AppData\Local\Temp\cdo2368983958.dll
C:\Users\DELL\AppData\Local\Temp\cdo2495297771.dll
C:\Users\DELL\AppData\Local\Temp\cdo2616939152.dll
C:\Users\DELL\AppData\Local\Temp\cdo2772713303.dll
C:\Users\DELL\AppData\Local\Temp\cdo2947486524.dll
C:\Users\DELL\AppData\Local\Temp\cdo2963735409.dll
C:\Users\DELL\AppData\Local\Temp\cdo3308741740.dll
C:\Users\DELL\AppData\Local\Temp\cdo3321588315.dll
C:\Users\DELL\AppData\Local\Temp\cdo3650311611.dll
C:\Users\DELL\AppData\Local\Temp\cdo3725587107.dll
C:\Users\DELL\AppData\Local\Temp\cdo3836618021.dll
C:\Users\DELL\AppData\Local\Temp\cdo3856661833.dll
C:\Users\DELL\AppData\Local\Temp\cdo3913548027.dll
C:\Users\DELL\AppData\Local\Temp\cdo3929070360.dll
C:\Users\DELL\AppData\Local\Temp\cdo3938305531.dll
C:\Users\DELL\AppData\Local\Temp\cdo397953120.dll
C:\Users\DELL\AppData\Local\Temp\cdo4054228180.dll
C:\Users\DELL\AppData\Local\Temp\cdo651254674.dll
C:\Users\DELL\AppData\Local\Temp\cdo690610893.dll
C:\Users\DELL\AppData\Local\Temp\cdo804302917.dll
C:\Users\DELL\AppData\Local\Temp\cdo868638121.dll
C:\Users\DELL\AppData\Local\Temp\cdo875047638.dll
C:\Users\DELL\AppData\Local\Temp\E3E9.tmp.exe
C:\Users\DELL\AppData\Local\Temp\ebook.rar__6629_i1819547459_il194986.exe
C:\Users\DELL\AppData\Local\Temp\fsd7C60.exe
C:\Users\DELL\AppData\Local\Temp\InstHelper.exe
C:\Users\DELL\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\DELL\AppData\Local\Temp\tu17p84.exe
C:\Users\DELL\AppData\Local\Temp\ytdieamodc_amodc_inst.exe
C:\Users\DELL\AppData\Local\Temp\{1E87EB1F-ED25-46DA-BD10-D5EFB4C57799}-44.0.2403.155_chrome_installer.exe
==================== Bamital & volsnap =================
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll
[2010-11-21 04:24] - [2015-06-30 11:22] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
C:\Windows\SysWOW64\User32.dll
[2010-11-21 04:24] - [2015-06-30 11:22] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo
LastRegBack: 2015-10-26 17:01
==================== Koniec FRST.txt ============================