Witam posiadam podobny problem jak kolega w temacie : https://www.elektroda.pl/rtvforum/topic3502630.html nie mogę sobie z tym poradzić, skanowałem kasperskym ale niestety wynik mizerny w załącznikach logi z frst, proszę was o pomoc pozdrawiam
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 14.11.2018
Uruchomiony przez Tomek (administrator) SKALMIAR (15-11-2018 19:11:34)
Uruchomiony z C:\Users\Tomek\AppData\Local\Microsoft\Windows\INetCache\IE\4WBJCIJH
Załadowane profile: Tomek (Dostępne profile: UpdatusUser & Dariusz & Tomek)
Platform: Windows 8.1 (Update) (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: IE)
Tryb startu:
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesy (filtrowane) =================
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HSDPA USB Modem\WCDMA_Eject.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FirebirdSQL Project) C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(FirebirdSQL Project) C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIPLE.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Contex A/S) C:\Program Files (x86)\Contex\WIDEsystem\WS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Engine_Patch_1.1.15400.4.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Rejestr (filtrowane) ===========================
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
HKLM\...\Run: [RTHDVCPL] = & gt; C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] = & gt; C:\Program Files (x86)\ASUS\Splendid\ACMON.exe********************************************* [107192 2012-08-24] ()
HKLM\...\Run: [Nvtmru] = & gt; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] = & gt; rundll32.exe " C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll " ,TrayApp
HKLM\...\Run: [WindowsDefender] = & gt; " %ProgramFiles%\Windows Defender\MSASCuiL.exe "
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = & gt; C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-04-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = & gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] = & gt; C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] = & gt; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [GrooveMonitor] = & gt; C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] = & gt; C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] = & gt; C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] = & gt; [X]
HKLM-x32\...\Run: [EEventManager] = & gt; C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-206837425-3596134748-4281429784-1004\...\Run: [NTRedirect] = & gt; C:\Windows\SysWOW64\rundll32.exe " C:\Users\Tomek\AppData\Roaming\BabSolution\Shared\enhancedNT.dll " ,Run*************************
HKU\S-1-5-21-206837425-3596134748-4281429784-1004\...\Run: [DAEMON Tools Lite] = & gt; C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-206837425-3596134748-4281429784-1004\...\Run: [Delta Chrome Toolbar] = & gt; C:\Users\Tomek\AppData\Local\\delta\\delta\\2.2.0.1\delta.exe [314880 2016-06-02] (TODO: & lt; Company name & gt; )
HKU\S-1-5-21-206837425-3596134748-4281429784-1004\...\Run: [EPLTarget\P0000000000000000] = & gt; C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIPLE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...A8F59079A8D5}\localserver32: & lt; ==== UWAGA
AppInit_DLLs: C:\Windows\system32\nvinitx.dll = & gt; C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll = & gt; C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll = & gt; C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-28]
ShortcutTarget: AsusVibeLauncher.lnk - & gt; C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-07]
ShortcutTarget: HP Digital Imaging Monitor.lnk - & gt; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WIDEsystem.lnk [2013-08-05]
ShortcutTarget: WIDEsystem.lnk - & gt; C:\Program Files (x86)\Contex\WIDEsystem\WS.exe (Contex A/S)
Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplorer.lnk [2018-10-11]
ShortcutTarget: iexplorer.lnk - & gt; C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2014-10-13]
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - & gt; C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (filtrowane) ====================
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
ProxyEnable: [.DEFAULT] = & gt; Proxy [funkcja włączona]
ProxyServer: [.DEFAULT] = & gt; 127.0.0.1:1080
ProxyServer: [S-1-5-21-206837425-3596134748-4281429784-1004] = & gt; 127.0.0.1:1080
Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254
Tcpip\..\Interfaces\{4AB36B70-ACCC-4F97-8564-923DA8A0E7FC}: [DhcpNameServer] 100.100.2.213
Tcpip\..\Interfaces\{6F20239E-62B2-4C6D-A375-A00B1FE91C35}: [DhcpNameServer] 37.8.214.2 31.11.202.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia & lt; ==== UWAGA
HKU\S-1-5-21-206837425-3596134748-4281429784-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wp.pl/
SearchScopes: HKU\.DEFAULT - & gt; {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-206837425-3596134748-4281429784-1004 - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-206837425-3596134748-4281429784-1004 - & gt; bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-206837425-3596134748-4281429784-1004 - & gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-206837425-3596134748-4281429784-1004 - & gt; {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms} & babsrc=SP_ss & mntrId=FA4984A6C8D48632 & affID=119357 & tsp=4973
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Bing Bar Helper - & gt; {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - & gt; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK = & gt; nie znaleziono
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - & gt; C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default - & gt; " hxxp://wp.pl/ "
CHR Profile: C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default [2018-11-15]
CHR Extension: (Prezentacje) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-08]
CHR Extension: (Kaspersky Protection) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-15]
CHR Extension: (Dokumenty) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-08]
CHR Extension: (Dysk Google) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-08]
CHR Extension: (YouTube) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-08]
CHR Extension: (Delta Toolbar) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2018-11-08] [UpdateUrl: hxxp://upd.info-stream.net/chromecrx/update.php] & lt; ==== UWAGA
CHR Extension: (Arkusze) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-08]
CHR Extension: (Brak nazwy) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2018-11-15]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-08]
CHR Extension: (Gmail) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-08]
CHR Extension: (Chrome Media Router) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-08]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Tomek\AppData\Roaming\BabSolution\CR\Delta.crx [2013-08-13]
==================== Usługi (filtrowane) ====================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R2 870C9E9A; C:\ProgramData\870C9E9A\870C9E64.dll [2566160 2018-10-09] () [Brak podpisu cyfrowego]
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 CDROM_Detect; C:\Program Files\HSDPA USB Modem\WCDMA_Eject.exe [325632 2011-11-21] () [Brak podpisu cyfrowego]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2012-02-21] (FirebirdSQL Project) [Brak podpisu cyfrowego]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2048000 2012-02-21] (FirebirdSQL Project) [Brak podpisu cyfrowego]
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4683144 2014-07-15] (SafeNet Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
===================== Sterowniki (filtrowane) ======================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
S3 akshasp; C:\WINDOWS\system32\DRIVERS\akshasp.sys [60488 2014-07-15] (SafeNet Inc.)
S3 akshhl; C:\WINDOWS\system32\DRIVERS\akshhl.sys [63944 2014-07-15] (SafeNet Inc.)
S3 aksusb; C:\WINDOWS\System32\drivers\aksusb.sys [303624 2014-07-15] (SafeNet Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 btmaux; C:\WINDOWS\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 CT_QUALCOMM_U_drv; C:\WINDOWS\system32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (QUALCOMM Incorporated)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2013-08-13] (Disc Soft Ltd)
S3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [129448 2017-09-19] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [89800 2017-08-24] (Future Technology Devices International Ltd.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [331608 2014-07-15] (SafeNet Inc.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-09-17] (ASUSTek Computer Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [12400 2010-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
==================== Jeden miesiąc - utworzone pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2018-11-15 19:11 - 2018-11-15 19:11 - 000000000 ____D C:\FRST
2018-11-15 19:08 - 2018-11-15 19:10 - 001775616 _____ (Farbar) C:\Users\Tomek\Downloads\FRST.exe
2018-11-15 15:57 - 2018-11-15 18:43 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-15 15:57 - 2018-11-15 15:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-11-15 15:56 - 2018-11-15 18:10 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-11-15 15:56 - 2018-11-15 15:57 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-11-15 15:56 - 2018-11-15 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2018-11-08 16:57 - 2018-11-15 18:43 - 000000000 ____D C:\Users\Tomek\Documents\Autoruns
2018-11-08 16:29 - 2018-11-15 18:42 - 000000000 ____D C:\Users\Tomek\AppData\Local\Apps\2.0
2018-11-08 16:29 - 2018-11-08 16:30 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-08 16:29 - 2018-11-08 16:29 - 000000000 ____D C:\Users\Tomek\AppData\Local\Deployment
2018-10-16 10:48 - 2018-10-16 10:48 - 000302080 _____ C:\Users\Tomek\AppData\Roaming\zWQEZGLmoF.dll
2018-10-16 09:23 - 2018-11-08 07:23 - 000000937 _____ C:\WINDOWS\Tasks\EPSON XP-630 Series Update {40C1A5D8-2392-4717-9543-3D6BCD1AEE10}.job
2018-10-16 09:23 - 2018-10-16 09:23 - 000003968 _____ C:\WINDOWS\System32\Tasks\EPSON XP-630 Series Update {40C1A5D8-2392-4717-9543-3D6BCD1AEE10}
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2018-11-15 19:10 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-15 19:04 - 2012-12-21 16:11 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-206837425-3596134748-4281429784-1004
2018-11-15 19:03 - 2012-12-21 16:06 - 000000401 _____ C:\Users\Tomek\AppData\Roaming\sp_data.sys
2018-11-15 19:00 - 2013-09-30 05:15 - 001817498 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-15 19:00 - 2013-09-30 05:00 - 000801022 _____ C:\WINDOWS\system32\perfh015.dat
2018-11-15 19:00 - 2013-09-30 05:00 - 000160728 _____ C:\WINDOWS\system32\perfc015.dat
2018-11-15 19:00 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2018-11-15 18:57 - 2013-11-06 10:48 - 000000000 ____D C:\Users\Tomek
2018-11-15 18:55 - 2018-01-07 14:55 - 000000937 _____ C:\WINDOWS\Tasks\EPSON XP-630 Series Update {147BE1E5-5516-42A2-8E08-D815A4D4DBFF}.job
2018-11-15 18:51 - 2018-10-09 05:25 - 000000000 __RHD C:\ProgramData\870C9E9A
2018-11-15 18:51 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-15 18:46 - 2013-11-06 10:48 - 000000000 ____D C:\Users\UpdatusUser
2018-11-15 18:46 - 2013-11-06 10:48 - 000000000 ____D C:\Users\Dariusz
2018-11-15 18:46 - 2013-08-22 16:36 - 000000000 __RSD C:\WINDOWS\Media
2018-11-15 18:46 - 2013-08-22 16:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-11-15 18:46 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-11-15 18:46 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
2018-11-15 18:46 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-11-15 18:46 - 2013-04-29 07:10 - 000000000 ____D C:\WinKalk
2018-11-15 18:46 - 2012-10-28 07:46 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-11-15 18:44 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\Globalization
2018-11-15 18:43 - 2017-06-29 17:04 - 000000000 ____D C:\ProgramData\Licenses
2018-11-15 18:43 - 2015-12-11 13:25 - 000000000 ____D C:\Users\Tomek\AppData\Local\ShdUpdate
2018-11-15 18:43 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\ADFS
2018-11-15 18:42 - 2012-07-26 09:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-15 18:31 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-15 18:23 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\registration
2018-11-15 18:21 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-11-15 18:18 - 2013-10-10 19:34 - 000000000 ____D C:\Users\Tomek\AppData\Local\Google
2018-11-15 16:27 - 2016-12-20 17:16 - 000000488 _____ C:\Users\Tomek\Downloads\Płatność_ALL.zip
2018-11-15 15:57 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2018-11-15 05:47 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-14 12:01 - 2015-12-07 14:59 - 000000000 ____D C:\Users\Tomek\Desktop\Okładki-2
2018-11-14 08:25 - 2013-10-17 20:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-08 17:05 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-08 16:42 - 2013-11-26 18:02 - 000003984 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7BFB44C-6299-470A-9ADA-49D9EE8D2C58}
2018-11-08 16:38 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-11-06 16:50 - 2012-10-28 07:55 - 000000000 ____D C:\ProgramData\Temp
==================== Pliki w katalogu głównym wybranych folderów =======
2018-10-12 11:17 - 2018-10-12 11:17 - 000321024 _____ () C:\Users\Tomek\AppData\Roaming\GCTdimYxV.dll
2018-10-15 05:12 - 2018-10-15 05:12 - 000309760 _____ () C:\Users\Tomek\AppData\Roaming\hfYjjybHFR.dll
2018-10-10 12:51 - 2018-10-10 12:51 - 000302592 _____ () C:\Users\Tomek\AppData\Roaming\irepdtgeFGc.dll
2018-08-03 05:02 - 2018-08-03 05:02 - 000876623 _____ () C:\Users\Tomek\AppData\Roaming\iwZwnhTPdUI.dll
2018-10-11 04:57 - 2018-10-11 04:57 - 000301056 _____ () C:\Users\Tomek\AppData\Roaming\kkiLxVGIcIK.dll
2018-10-15 12:37 - 2018-10-15 12:37 - 000299520 _____ () C:\Users\Tomek\AppData\Roaming\OLIxjKWDJCb.dll
2012-12-21 16:06 - 2018-11-15 19:03 - 000000401 _____ () C:\Users\Tomek\AppData\Roaming\sp_data.sys
2018-08-03 12:43 - 2018-08-03 12:43 - 000876623 _____ () C:\Users\Tomek\AppData\Roaming\VpXGoyhb.dll
2018-10-16 10:48 - 2018-10-16 10:48 - 000302080 _____ () C:\Users\Tomek\AppData\Roaming\zWQEZGLmoF.dll
2018-07-30 05:11 - 2018-07-30 05:11 - 001739776 _____ (Robert Simpson, et al.) C:\Users\Tomek\AppData\Local\System.Data.SQLite.dll
Niektóre pliki w TEMP:
====================
2015-01-21 13:25 - 2015-01-21 13:25 - 000014336 _____ () C:\Users\Tomek\AppData\Local\Temp\clp1.exe
2015-06-28 08:53 - 2015-06-28 08:53 - 000467456 _____ (Realtek Semiconductor Corp.) C:\Users\Tomek\AppData\Local\Temp\COMAP.EXE
2017-06-29 17:04 - 2010-01-28 21:21 - 000477184 _____ (Wise Solutions, Inc.) C:\Users\Tomek\AppData\Local\Temp\InitBDE.exe
2015-12-11 13:47 - 2016-06-02 12:25 - 000151040 _____ (MultiTool) C:\Users\Tomek\AppData\Local\Temp\rtbrm.exe
2015-01-21 13:25 - 2015-01-08 11:38 - 000456718 _____ (DevInst Ltd) C:\Users\Tomek\AppData\Local\Temp\uninst1.exe
2016-06-02 12:25 - 2016-06-02 12:25 - 000230176 _____ () C:\Users\Tomek\AppData\Local\Temp\vlcDisAmb.exe
==================== Bamital & volsnap ======================
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
C:\WINDOWS\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\explorer.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo
LastRegBack: 2018-11-15 05:55
==================== Koniec FRST.txt ============================