FRST.txt

Prośba o sprawdzenie logów FRST

Laptop zwolnił,bardzo proszę o sprawdzenie logów


Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:27-01-2016
Uruchomiony przez Krzysiek (administrator) LENOVO-PC (16-02-2017 21:37:22)
Uruchomiony z C:\POBRANE\FRST
Załadowane profile: UpdatusUser & Krzysiek (Dostępne profile: UpdatusUser & Krzysiek)
Platform: Windows 8 (X64) Język: Polski (Polska)
Internet Explorer Wersja 10 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe
() C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Spotify Ltd) C:\Users\Krzysiek\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [IAStorIcon] = & gt; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] = & gt; C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] = & gt; C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] = & gt; C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] = & gt; rundll32.exe " C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll " ,TrayApp
HKLM\...\Run: [Energy Management] = & gt; C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-12-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] = & gt; C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-19] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] = & gt; C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] = & gt; C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] = & gt; C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] = & gt; C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] = & gt; C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] = & gt; C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\Run: [IDMan] = & gt; C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3541008 2013-01-10] (Tonec Inc.)
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\Run: [DAEMON Tools Lite] = & gt; C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\Run: [CCleaner Monitoring] = & gt; C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\Run: [Spotify Web Helper] = & gt; C:\Users\Krzysiek\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-06] (Spotify Ltd)
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\Run: [Spotify] = & gt; C:\Users\Krzysiek\AppData\Roaming\Spotify\Spotify.exe [7133808 2017-02-06] (Spotify Ltd)
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\Run: [SUPERAntiSpyware] = & gt; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-08] (SUPERAntiSpyware)
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\Run: [Skype] = & gt; C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\RunOnce: [FlashPlayerUpdate] = & gt; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_Plugin.exe [1224896 2016-10-05] (Adobe Systems Incorporated)
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\Policies\Explorer: []
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {0590c4c7-7803-11e6-bf3f-0cd292a985f2} - " G:\AutoRun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {0590c642-7803-11e6-bf3f-0cd292a985f2} - " G:\AutoRun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {0590c756-7803-11e6-bf3f-0cd292a985f2} - " G:\AutoRun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {2b3749b9-d1cb-11e6-bf9b-0cd292a985f2} - " G:\AutoRun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {31fa5f35-d3cb-11e5-be7a-0cd292a985f2} - " G:\AutoRun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {31fa5f6f-d3cb-11e5-be7a-0cd292a985f2} - " G:\AutoRun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {31fa6052-d3cb-11e5-be7a-0cd292a985f2} - " G:\AutoRun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {858cef2c-c84e-11e6-bf96-0cd292a985f2} - " G:\AutoRun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {858cef5c-c84e-11e6-bf96-0cd292a985f2} - " G:\AutoRun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {908ed3b3-f209-11e6-bfc5-0cd292a985f2} - " G:\AutoRun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {ce771b50-d33f-11e5-be78-0cd292a985f2} - " F:\Autorun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {ec61cb4f-dca3-11e6-bfaa-0cd292a985f2} - " G:\AutoRun.exe "
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\MountPoints2: {f8e03fa5-d967-11e5-be82-0cd292a985f2} - " G:\AutoRun.exe "
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] - & gt; {36A21736-36C2-4C11-8ACB-D4136F2B57BD} = & gt; C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] - & gt; {CDC95B92-E27C-4745-A8C5-64A52A78855D} = & gt; C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] - & gt; {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} = & gt; C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] - & gt; {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} = & gt; C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] - & gt; {A759AFF6-5851-457D-A540-F4ECED148351} = & gt; C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] - & gt; {1574C9EF-7D58-488F-B358-8B78C1538F51} = & gt; C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0B3FB952-F139-4E82-A818-6E6A26112A14}: [NameServer] 89.108.195.21 89.108.202.20
Tcpip\..\Interfaces\{4878B06F-603A-4F6E-9AB6-ABB8D16BFFFD}: [NameServer] 212.2.96.51 212.2.96.52
Tcpip\..\Interfaces\{500F7D8E-26CD-4D50-A777-D0ACA75FC922}: [NameServer] 89.108.195.20 89.108.202.20
Tcpip\..\Interfaces\{9DC2EE42-5BF2-4670-AC23-8682AD02B178}: [NameServer] 89.108.195.20 89.108.202.20
Tcpip\..\Interfaces\{A6CEE0E2-E96C-484C-AB43-7E3AB34998DF}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-667180924-1909731582-1038896506-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-667180924-1909731582-1038896506-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-667180924-1909731582-1038896506-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-667180924-1909731582-1038896506-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
URLSearchHook: [S-1-5-21-667180924-1909731582-1038896506-1001] UWAGA = & gt; Brak domyślnego URLSearchHook
SearchScopes: HKLM-x32 - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - & gt; ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-667180924-1909731582-1038896506-1001 - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667180924-1909731582-1038896506-1001 - & gt; {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-667180924-1909731582-1038896506-1002 - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667180924-1909731582-1038896506-1002 - & gt; {2799B5A2-4698-431F-8323-AA0780347F8E} URL =
SearchScopes: HKU\S-1-5-21-667180924-1909731582-1038896506-1002 - & gt; {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) - & gt; {0055C089-8582-441B-A0BF-17B458C2A3A8} - & gt; C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-01-09] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) - & gt; {0055C089-8582-441B-A0BF-17B458C2A3A8} - & gt; C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-01-09] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\r6q2sba1.default
FF NewTab:
FF Homepage: www.google.pl
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-10-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-05] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Extension: Super Start - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\r6q2sba1.default\extensions\superstart@enjoyfreeware.org [2016-02-14]
FF Extension: Adblock Plus - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\r6q2sba1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-01-28] [Brak podpisu cyfrowego]
FF HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Krzysiek\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Krzysiek\AppData\Roaming\IDM\idmmzcc5 [2016-02-14] [Brak podpisu cyfrowego]
FF HKU\S-1-5-21-667180924-1909731582-1038896506-1002\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Krzysiek\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Brak podpisu cyfrowego]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-12-03] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-02-25] (ELAN Microelectronics Corp.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
S2 PLAY INTERNET. RunOuc; C:\Program Files (x86)\PLAY INTERNET-e3372s\UpdateDog\ouc.exe [651856 2013-10-26] ()
S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2016-02-15] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-12-19] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel(R) Corporation)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-06-01] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
S3 cmnxusbser; C:\Windows\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2016-02-14] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-12-03] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197248 2016-12-03] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181384 2016-12-03] (ESET)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [248320 2014-08-21] (Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [380800 2014-09-11] (Huawei Technologies Co., Ltd.)
R1 LUMDriver; C:\WINDOWS\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3341792 2013-04-25] (Intel Corporation)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [242688 2016-03-24] (QUALCOMM Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [36288 2013-12-19] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [247216 2013-12-19] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ( " CyberLink)
R3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 vstor2; \??\C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-02-16 19:52 - 2017-02-16 19:53 - 00000000 ____D C:\Users\Krzysiek\Downloads\Adobe.Photoshop.Lightroom.5.4.PL
2017-02-16 19:37 - 2017-02-16 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2017-02-13 22:45 - 2017-02-13 22:45 - 00000000 ____D C:\Users\Krzysiek\.jssc
2017-02-05 16:53 - 2017-02-05 16:53 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2017-02-05 16:53 - 2017-02-05 16:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-05 16:53 - 2017-02-05 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-01-28 09:12 - 2017-01-28 09:12 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-01-28 09:12 - 2017-01-28 09:12 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\SUPERAntiSpyware.com
2017-01-28 09:12 - 2017-01-28 09:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-01-28 09:12 - 2017-01-28 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-01-28 09:12 - 2017-01-28 09:12 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-26 21:43 - 2017-01-26 21:43 - 00000000 ____D C:\ProgramData\OnlineUpdate
2017-01-26 21:43 - 2017-01-26 21:43 - 00000000 ____D C:\ProgramData\log
2017-01-18 20:09 - 2017-02-16 15:55 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Spotify
2017-01-18 20:09 - 2017-01-18 20:09 - 00001833 _____ C:\Users\Krzysiek\Desktop\Spotify.lnk
2017-01-18 20:09 - 2017-01-18 20:09 - 00001819 _____ C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-01-18 20:08 - 2017-02-16 12:24 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Spotify

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-02-16 21:37 - 2016-12-03 15:39 - 00000000 ____D C:\FRST
2017-02-16 20:58 - 2016-09-25 10:58 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {98C54A92-650F-4A46-AF0E-9BADC5ECD31A}.job
2017-02-16 19:56 - 2016-11-19 17:15 - 00000000 ____D C:\Users\Krzysiek\AppData\LocalLow\Mozilla
2017-02-16 19:49 - 2016-02-14 16:07 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\IDM
2017-02-16 19:48 - 2012-07-26 06:37 - 00000000 ____D C:\WINDOWS\Inf
2017-02-16 19:44 - 2016-08-23 22:28 - 00000000 ____D C:\Users\Krzysiek\Nowy folder
2017-02-16 19:44 - 2016-02-14 13:00 - 00000000 ____D C:\Users\Krzysiek
2017-02-16 19:36 - 2016-12-03 14:58 - 00000000 ____D C:\Users\Krzysiek\Desktop\AŚKA
2017-02-16 19:35 - 2017-01-09 11:06 - 00000000 ____D C:\Users\Krzysiek\Desktop\z pendriva 9 styczen
2017-02-16 16:17 - 2016-02-14 13:26 - 00000000 ____D C:\Users\Krzysiek\Documents\Moje odebrane pliki
2017-02-16 16:12 - 2016-02-14 14:05 - 00000000 ____D C:\Users\Krzysiek\Downloads\Video
2017-02-16 16:10 - 2016-02-14 14:07 - 00000000 ____D C:\POBRANE
2017-02-16 16:03 - 2016-02-14 14:10 - 00000000 ____D C:\Users\Krzysiek\Desktop\studia
2017-02-16 14:47 - 2016-02-16 14:25 - 00140288 ___SH C:\Users\Krzysiek\Thumbs.db
2017-02-16 14:43 - 2016-02-14 14:01 - 04704256 ___SH C:\Users\Krzysiek\Downloads\Thumbs.db
2017-02-16 11:32 - 2016-11-19 15:13 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Arduino15
2017-02-14 19:09 - 2013-12-19 11:41 - 00795984 _____ C:\WINDOWS\system32\perfh015.dat
2017-02-14 19:09 - 2013-12-19 11:41 - 00160066 _____ C:\WINDOWS\system32\perfc015.dat
2017-02-14 19:09 - 2012-07-26 08:28 - 01796820 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-14 15:51 - 2016-05-29 11:15 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Skype
2017-02-13 21:58 - 2016-02-14 14:09 - 04089344 ___SH C:\Users\Krzysiek\Desktop\Thumbs.db
2017-02-13 17:32 - 2016-05-29 11:15 - 00000000 ____D C:\ProgramData\Skype
2017-02-13 17:29 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-05 10:21 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-02-03 14:06 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-03 14:06 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2017-01-31 09:19 - 2016-11-19 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-31 09:19 - 2016-02-14 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-26 21:04 - 2016-02-14 16:45 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\cache
2017-01-26 21:02 - 2016-02-14 16:42 - 00000000 ____D C:\ProgramData\FLEXnet
2017-01-24 22:14 - 2016-11-21 19:56 - 00025600 ___SH C:\Users\Krzysiek\Documents\Thumbs.db
2017-01-20 00:00 - 2016-02-14 17:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Pliki w katalogu głównym wybranych folderów =======

2016-02-24 18:09 - 2016-02-24 18:09 - 8003072 _____ () C:\Users\Krzysiek\AppData\Roaming\agent.dat
2016-02-24 17:58 - 2016-02-24 17:58 - 0127488 _____ () C:\Users\Krzysiek\AppData\Roaming\Installer.dat
2016-02-24 18:09 - 2016-02-24 18:09 - 0018432 _____ () C:\Users\Krzysiek\AppData\Roaming\Main.dat
2016-02-24 18:09 - 2016-02-24 18:09 - 1894447 _____ () C:\Users\Krzysiek\AppData\Roaming\Nimex.tst
2013-12-19 03:19 - 2013-12-19 03:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-14 16:32 - 2016-02-14 16:32 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\WINDOWS\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\explorer.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo


LastRegBack: 2017-02-10 13:49

==================== Koniec FRST.txt ============================


Pobierz plik - link do postu