Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 12.02.2018 Uruchomiony przez Irena (administrator) LENOVO-PC (14-02-2018 13:38:50) Uruchomiony z C:\Users\Irena\Downloads\FRST Załadowane profile: Irena & (Dostępne profile: Irena) Platform: Windows 8.1 (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe () C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe (Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe (Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\SysWOW64\UMonit64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe (Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Recommends\Lenovo Recommends.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () C:\Program Files\Lenovo PhoneCompanion\adb.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-26] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2014-01-21] (Realtek semiconductor) HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-09-04] () HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-04] (Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-04] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-09-04] (Lenovo(beijing) Limited) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [Lenovo Recommends] => C:\Program Files (x86)\Lenovo\Lenovo Recommends\Lenovo Recommends.exe [119280 2014-01-09] (Lenovo) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-01-30] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Atheros Communications) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7F5FE3A0-F492-4B4E-A267-C8A1CC4E38DD}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{FC07B217-A58E-49F5-81B3-939BB3B4FA00}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-651531635-3565247976-1847686583-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02142018013619221\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02142018013619221\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02142018013619221\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02142018015617051\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02142018015617051\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02142018015617051\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-08] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-08] (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default [2018-02-14] CHR Extension: (Avira Browser Safety) - C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-02-08] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Chrome Media Router) - C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-25] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Session Restore: -> [funkcja włączona] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2018-01-29] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-01-29] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-01-29] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2018-01-29] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [445112 2018-01-30] (Avira Operations GmbH & Co. KG) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-03-26] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.) R2 LenovoRecommends.AppService; C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe [19440 2014-01-09] () R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-04] (Lenovo(beijing) Limited) R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-09-04] (Lenovo) S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2014-01-07] (PointGrab LTD) R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-04] (Lenovo) S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-09-04] (Lenovo) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2014-09-04] (Lenovo) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-09-04] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-09-04] (Lenovo) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-12-24] (Atheros) [Brak podpisu cyfrowego] S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2018-01-29] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2018-01-29] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-01-29] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-01-29] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2018-01-29] (Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2018-01-29] (Avira Operations GmbH & Co. KG) R1 Bfilter; C:\WINDOWS\System32\drivers\Bfilter.sys [46912 2013-07-15] (Baidu, Inc.) R1 Bfmon; C:\WINDOWS\System32\drivers\Bfmon.sys [32064 2013-07-15] (Baidu, Inc.) R1 Bprotect; C:\WINDOWS\System32\drivers\Bprotect.sys [98048 2013-06-08] (Baidu, Inc.) R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] () U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [111336 2014-04-17] (GenesysLogic) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-02-14] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-02-14] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-02-14] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-14] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-02-14] (Malwarebytes) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [9105624 2014-01-21] (Realtek Semiconductor Corp.) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-25] (Synaptics Incorporated) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-14 01:55 - 2018-02-14 01:56 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-02-14 01:55 - 2018-02-14 01:55 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-02-14 01:55 - 2018-02-14 01:55 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-02-14 01:55 - 2018-02-14 01:55 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-02-14 01:55 - 2018-02-14 01:55 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-02-14 01:55 - 2018-02-14 01:55 - 000001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-02-14 01:55 - 2018-02-14 01:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-02-14 01:55 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2018-02-14 01:08 - 2018-02-14 01:08 - 000002793 _____ C:\Users\Irena\Desktop\Malwarebytes_raport_13_02_2018.txt 2018-02-14 00:47 - 2018-02-14 00:47 - 000001885 _____ C:\Users\Public\Desktop\Lenovo Updates.lnk 2018-02-14 00:44 - 2018-02-14 00:44 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-02-14 00:38 - 2018-02-14 00:39 - 067292528 _____ (Malwarebytes ) C:\Users\Irena\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3932.exe 2018-02-13 12:13 - 2018-02-13 12:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2018-02-12 16:06 - 2018-02-14 01:55 - 000000000 ____D C:\Program Files\Malwarebytes 2018-02-12 12:44 - 2018-02-14 13:38 - 000000000 ____D C:\FRST 2018-02-12 12:40 - 2018-02-12 18:57 - 000000000 ____D C:\Users\Irena\Downloads\FRST 2018-02-12 12:28 - 2018-02-12 12:41 - 169207208 _____ (Kaspersky Lab) C:\Users\Irena\Downloads\kav18.0.0.405pl-pl_full.exe 2018-02-08 19:01 - 2018-02-08 19:01 - 000003292 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray 2018-02-08 19:01 - 2018-02-08 19:01 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf 2018-02-08 19:01 - 2018-01-29 10:05 - 000178840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2018-02-08 19:01 - 2018-01-29 10:05 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2018-02-08 19:01 - 2018-01-29 10:05 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2018-02-08 19:01 - 2018-01-29 10:05 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys 2018-02-08 19:01 - 2018-01-29 10:05 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2018-02-08 19:01 - 2018-01-29 10:05 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2018-02-08 18:58 - 2018-02-08 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2018-02-08 18:58 - 2018-02-08 19:01 - 000000000 ____D C:\ProgramData\Avira 2018-02-08 18:58 - 2018-02-08 19:01 - 000000000 ____D C:\Program Files (x86)\Avira 2018-02-08 18:58 - 2018-02-08 18:58 - 000001215 _____ C:\Users\Public\Desktop\Avira.lnk ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-14 02:00 - 2015-01-08 20:37 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-651531635-3565247976-1847686583-1001 2018-02-14 01:51 - 2015-01-08 15:48 - 000000000 ____D C:\Users\Irena\AppData\Roaming\ClassicShell 2018-02-14 01:49 - 2015-01-08 14:41 - 000000000 ____D C:\ProgramData\LU 2018-02-14 01:42 - 2015-01-08 14:43 - 000003844 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F05BAAF-A46E-4826-B96E-42CB6366CD81} 2018-02-14 01:09 - 2015-07-11 09:02 - 000001279 _____ C:\Users\Irena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk 2018-02-14 01:03 - 2014-09-05 04:00 - 000808198 _____ C:\WINDOWS\system32\perfh015.dat 2018-02-14 01:03 - 2014-09-05 04:00 - 000164014 _____ C:\WINDOWS\system32\perfc015.dat 2018-02-14 01:03 - 2014-03-18 10:53 - 001828496 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-02-14 01:03 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf 2018-02-14 00:58 - 2014-09-04 19:35 - 000027136 _____ C:\WINDOWS\system32\VfService.trf 2018-02-14 00:58 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-02-14 00:57 - 2015-01-08 15:16 - 000002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-14 00:57 - 2015-01-08 15:16 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-02-14 00:33 - 2014-09-04 19:40 - 000000000 ____D C:\ProgramData\Office2013 2018-02-14 00:33 - 2013-08-22 16:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2018-02-14 00:32 - 2016-08-17 17:20 - 000000000 ____D C:\Program Files\Common Files\AV 2018-02-12 22:23 - 2015-01-08 14:50 - 000000000 ____D C:\totalcmd 2018-02-12 21:31 - 2015-01-08 14:57 - 000000000 ____D C:\Program Files (x86)\Opera 2018-02-12 21:01 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2018-02-12 21:00 - 2014-09-04 19:28 - 000000000 ____D C:\Program Files (x86)\Lenovo 2018-02-12 20:37 - 2015-01-08 15:59 - 000000000 ____D C:\Program Files\Advanced Registry Care Pro 2018-02-08 18:58 - 2014-09-04 19:38 - 000000000 ____D C:\ProgramData\Package Cache 2018-02-08 18:06 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-02-06 18:34 - 2015-01-08 15:04 - 000004252 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2018-02-06 18:34 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-02-06 18:34 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-01-23 15:24 - 2015-01-08 14:57 - 000003890 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1420725446 2018-01-17 20:10 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-01-17 20:10 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-01-08 14:56 - 2014-07-15 00:52 - 006791360 _____ (IvoSoft) C:\Users\ w i n 8\ ClassicShellSetup_4_1_0.exe 2015-01-08 14:56 - 2013-04-16 18:45 - 008791552 _____ (IvoSoft) C:\Users\ w i n 8\ClassicShellSetup_3_6_2.exe 2015-01-08 14:56 - 2013-01-16 14:16 - 001415884 _____ () C:\Users\ w i n 8\classic_shell_instalator_sciagnij.pl.exe 2016-10-12 15:01 - 2016-10-12 15:01 - 000000000 _____ () C:\Users\Irena\AppData\Local\{38094598-0B1F-486F-A5C8-7394D4DF9591} 2017-01-26 12:46 - 2017-01-26 12:46 - 000000000 _____ () C:\Users\Irena\AppData\Local\{3AA78958-78CF-4B4A-A07E-D3266895616E} 2017-06-08 19:26 - 2017-06-08 19:26 - 000000000 _____ () C:\Users\Irena\AppData\Local\{B7A6EBBD-9E79-417F-9601-9AA2BDDABA89} 2017-07-10 04:26 - 2017-07-10 04:26 - 000000000 _____ () C:\Users\Irena\AppData\Local\{BDF0BED2-49B3-41D5-95DE-6C85DB45B0DC} 2017-11-04 18:46 - 2017-11-04 18:46 - 000000000 _____ () C:\Users\Irena\AppData\Local\{F56CC64A-98BB-450B-8B7F-D94B4C73B71F} ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-07-19 06:47 ==================== Koniec FRST.txt ============================