Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 17.02.2018 Uruchomiony przez Tom (administrator) COMPUTER (18-02-2018 17:38:50) Uruchomiony z C:\Users\Tom\Desktop\Programy\Naprawa Załadowane profile: Tom (Dostępne profile: Tom) Platform: Windows 8.1 Pro (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Astonsoft) C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New_12010916\instup.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New_12010916\sbr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-04] (AVAST Software) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-30] (Realtek Semiconductor) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17509232 2015-02-06] (Astonsoft) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [AceStream] => C:\Users\Tom\AppData\Roaming\ACEStream\engine\ace_engine.exe [28024 2017-03-20] (Innovative Digital Technologies) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [Spotify] => C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe [21091728 2018-02-04] (Spotify Ltd) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [Spotify Web Helper] => C:\Users\Tom\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-02-04] (Spotify Ltd) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\MountPoints2: {62e6dd3c-6dc6-11e5-8470-d43d7e59adea} - "K:\Kurs_AutoCAD_2010_PL.exe" HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\MountPoints2: {62e6dd3e-6dc6-11e5-8470-d43d7e59adea} - "L:\setup.exe" HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\MountPoints2: {81b0fd73-c9ba-11e4-826b-d43d7e59adea} - "L:\setup.exe" HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\MountPoints2: {c9194106-3d29-11e7-8b1c-d43d7e59adea} - "E:\LGAutoRun.exe" ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 127.0.0.1 clients2.google.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{112643C3-9924-43EF-B654-4E66957BA431}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B3B9B21C-B20B-4C18-A81C-88CD5F48FB07}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3585312160-345975134-3153727662-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp HKU\S-1-5-21-3585312160-345975134-3153727662-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-16] (AVAST Software) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-18] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-16] (AVAST Software) BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Tom\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2018-01-09] (Mail.Ru) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-18] (Oracle Corporation) Chrome: ======= CHR DefaultProfile: Profile 4 CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-02-18] CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 4 [2018-02-18] CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 5 [2018-02-18] CHR Extension: (Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-08] CHR Extension: (Dysk Google) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-08] CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-08] CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-08] CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-18] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3585312160-345975134-3153727662-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-04] (AVAST Software) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-04] (AVAST Software) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-04] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-04] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-04] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-04] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-04] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-04] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-04] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-10] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-04] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-04] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-10] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-04] (AVAST Software) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-13] (Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] () R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] () R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-18] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-02-18] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-02-18] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-18] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-02-18] (Malwarebytes) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-01-10] (NVIDIA Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-08-27] (Duplex Secure Ltd.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-18 17:39 - 2018-02-18 17:38 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-02-18 17:39 - 2018-02-18 17:38 - 000459952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-02-18 17:39 - 2018-02-18 17:38 - 000379448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-02-18 17:39 - 2018-02-18 17:38 - 000205464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-02-18 17:39 - 2018-02-18 17:38 - 000192944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-02-18 17:39 - 2018-02-18 17:38 - 000190440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-02-18 17:39 - 2018-02-18 17:38 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-02-18 17:39 - 2018-02-18 17:38 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-02-18 17:39 - 2018-02-18 17:38 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-02-18 17:39 - 2018-02-18 17:38 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-02-18 17:39 - 2018-01-04 19:34 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys 2018-02-18 17:39 - 2018-01-04 19:34 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2018-02-18 17:39 - 2018-01-04 19:34 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys 2018-02-18 17:39 - 2018-01-04 19:34 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys 2018-02-18 17:38 - 2018-02-18 17:38 - 067651432 _____ (Malwarebytes ) C:\Users\Tom\Downloads\Niepotwierdzony 15909.crdownload 2018-02-18 17:37 - 2018-02-18 17:37 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-02-18 17:37 - 2018-02-18 17:37 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-02-18 17:37 - 2018-02-18 17:37 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-02-18 17:37 - 2018-02-18 17:37 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-02-18 17:21 - 2018-02-18 17:21 - 000006287 _____ C:\Users\Tom\Desktop\Malwarebytes.txt 2018-02-18 17:05 - 2018-02-18 17:05 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-02-18 17:05 - 2018-02-18 17:05 - 000001901 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-02-18 17:05 - 2018-02-18 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-02-18 17:05 - 2018-02-18 17:05 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-02-18 17:05 - 2018-02-18 17:05 - 000000000 ____D C:\Program Files\Malwarebytes 2018-02-18 17:05 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-02-18 17:00 - 2018-02-18 17:00 - 067651432 _____ (Malwarebytes ) C:\Users\Tom\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3976.exe 2018-02-18 16:46 - 2018-02-18 16:46 - 000000008 __RSH C:\ProgramData\ntuser.pol 2018-02-18 16:46 - 2018-02-18 16:46 - 000000000 ____D C:\ProgramData\SWCUTemp 2018-02-18 14:18 - 2018-02-18 14:18 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2018-02-18 14:17 - 2018-02-18 14:17 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Oracle 2018-02-17 17:59 - 2018-02-17 17:59 - 000007631 _____ C:\Users\Tom\Downloads\crystal.txt 2018-02-17 17:57 - 2018-02-17 18:28 - 000015671 _____ C:\Users\Tom\Desktop\Crystal.txt 2018-02-17 17:50 - 2018-02-17 17:50 - 003947992 _____ (Crystal Dew World ) C:\Users\Tom\Downloads\Niepotwierdzony 481770.crdownload 2018-02-17 17:47 - 2018-02-17 17:47 - 000001236 _____ C:\Users\Tom\Desktop\CrystalDiskInfo.lnk 2018-02-17 17:47 - 2018-02-17 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2018-02-17 17:47 - 2018-02-17 17:47 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo 2018-02-17 17:46 - 2018-02-17 17:46 - 003947992 _____ (Crystal Dew World ) C:\Users\Tom\Downloads\CrystalDiskInfo7_5_1.exe 2018-02-16 23:47 - 2018-02-18 17:30 - 000000930 _____ C:\Users\Tom\Desktop\Blue screen (critical error) i wyskakujące okna w przeglądarce.txt 2018-02-16 23:31 - 2018-02-16 23:31 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\uTorrent 2018-02-14 20:10 - 2018-02-18 15:24 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-02-14 20:09 - 2018-02-14 20:09 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-02-10 23:14 - 2018-02-18 17:14 - 000000000 ___HD C:\Users\Tom\AppData\Local\Local Recovery 2018-02-09 18:47 - 2018-02-09 18:48 - 000000000 ____D C:\Users\Tom\Desktop\OneDrive-2018-02-09 2018-02-07 21:53 - 2018-02-07 21:53 - 000046643 _____ C:\Users\Tom\Desktop\FS 13_U_2018 końcowa faktura.pdf 2018-02-03 16:57 - 2018-02-03 16:57 - 000031901 _____ C:\Users\Tom\Desktop\25531423_494_d.jpeg 2018-01-29 23:14 - 2018-02-18 17:14 - 000153088 _____ C:\Windows\SysWOW64\conhost64.exe 2018-01-28 23:42 - 2018-01-28 23:42 - 009649770 _____ C:\Users\Tom\Desktop\katalog_DRZWI_WIKĘD_2017_Luty.pdf 2018-01-24 23:23 - 2018-01-24 23:23 - 012439515 _____ C:\Users\Tom\Downloads\2007-kia-sportage-99254.pdf 2018-01-22 23:02 - 2018-01-22 23:02 - 000284540 _____ C:\Users\Tom\Downloads\Wniosek - rejestr. pojazdu sprowadzonego z zagranicy.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-18 17:38 - 2017-04-07 22:32 - 000000000 ____D C:\FRST 2018-02-18 17:37 - 2015-03-06 18:16 - 000000000 ____D C:\ProgramData\NVIDIA 2018-02-18 17:37 - 2015-03-06 17:24 - 000000000 ____D C:\Users\Tom 2018-02-18 17:37 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-02-18 17:29 - 2017-11-28 23:02 - 000009103 _____ C:\Users\Tom\Desktop\Najbl wydatki.xlsx 2018-02-18 17:04 - 2015-03-06 17:30 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3585312160-345975134-3153727662-1001 2018-02-18 16:50 - 2013-09-30 05:15 - 001838024 _____ C:\Windows\system32\PerfStringBackup.INI 2018-02-18 16:50 - 2013-09-30 04:56 - 000806956 _____ C:\Windows\system32\perfh015.dat 2018-02-18 16:50 - 2013-09-30 04:56 - 000163808 _____ C:\Windows\system32\perfc015.dat 2018-02-18 16:50 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2018-02-18 16:45 - 2016-06-24 14:04 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Temp 2018-02-18 16:44 - 2018-01-08 23:08 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Domekt 2018-02-18 16:44 - 2016-10-20 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2018-02-18 16:44 - 2015-06-28 21:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rodos_LE 2010 2018-02-18 16:44 - 2015-04-18 17:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitoWP 2018-02-18 16:44 - 2015-03-14 14:06 - 000000000 ____D C:\Users\Tom\Desktop\Programy 2018-02-18 16:44 - 2015-03-13 17:22 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast 2018-02-18 16:44 - 2015-03-13 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast 2018-02-18 16:44 - 2013-08-22 16:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2018-02-18 16:44 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2018-02-18 15:36 - 2015-03-13 23:05 - 000000000 ____D C:\Users\Tom\AppData\Local\CrashDumps 2018-02-18 15:25 - 2017-02-19 14:31 - 000000000 ____D C:\Users\Tom\AppData\Roaming\vlc 2018-02-18 15:24 - 2018-01-09 23:14 - 000003612 _____ C:\Windows\System32\Tasks\pduTE 2018-02-18 15:24 - 2017-09-06 19:56 - 000003958 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1490380310 2018-02-18 15:24 - 2017-05-13 20:01 - 000004570 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-02-18 15:24 - 2017-05-13 20:01 - 000004424 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-02-18 15:24 - 2017-04-22 17:41 - 000000000 ____D C:\Users\Tom\AppData\Roaming\.ACEStream 2018-02-18 15:24 - 2017-04-11 20:36 - 000003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-02-18 15:24 - 2017-04-11 20:36 - 000003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-02-18 15:24 - 2017-02-15 19:48 - 000003964 _____ C:\Windows\System32\Tasks\e-pity2016a_styczen 2018-02-18 15:24 - 2017-02-15 19:48 - 000003964 _____ C:\Windows\System32\Tasks\e-pity2016a_kwiecien 2018-02-18 15:24 - 2016-03-02 16:51 - 000003972 _____ C:\Windows\System32\Tasks\e-pity2015a_styczen 2018-02-18 15:24 - 2016-03-02 16:51 - 000003972 _____ C:\Windows\System32\Tasks\e-pity2015a_kwiecien 2018-02-18 15:24 - 2015-03-20 14:33 - 000002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-02-18 15:23 - 2015-12-03 17:12 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software 2018-02-18 14:25 - 2018-01-09 23:56 - 000000000 ____D C:\ProgramData\Oracle 2018-02-18 14:18 - 2018-01-09 23:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-02-18 14:18 - 2018-01-09 23:56 - 000000000 ____D C:\Program Files (x86)\Java 2018-02-17 20:26 - 2017-04-22 17:46 - 000000000 ___HD C:\_acestream_cache_ 2018-02-16 23:31 - 2016-06-02 20:29 - 000000000 ____D C:\Users\Tom\AppData\Roaming\uTorrent 2018-02-16 23:29 - 2018-01-09 18:50 - 000000000 ____D C:\Users\Tom\Documents\FIFA 18 2018-02-16 23:29 - 2015-03-14 15:56 - 000000000 ____D C:\Gry 2018-02-13 22:40 - 2015-03-19 13:46 - 000000000 ____D C:\Users\Tom\AppData\Local\Spotify 2018-02-13 22:40 - 2015-03-19 13:44 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Spotify 2018-02-11 08:49 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2018-02-06 21:06 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-02-06 21:06 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\Macromed 2018-02-02 18:19 - 2016-05-05 20:47 - 000000000 ____D C:\Users\Tom\AppData\Local\Windows Live 2018-01-25 19:36 - 2015-03-17 21:52 - 000000000 ____D C:\Users\Tom\AppData\Local\ElevatedDiagnostics ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-01-09 23:14 - 2013-08-22 04:39 - 000192512 _____ (Microsoft Corporation) C:\Program Files (x86)\yeIGOyz.exe 2013-08-22 04:39 - 2013-08-22 04:39 - 000000050 _____ () C:\Program Files (x86)\Common Files\oDilKaTEO.bat 2013-08-22 04:39 - 2013-08-22 04:39 - 000000059 _____ () C:\Users\Tom\AppData\Roaming\EvuyXJiab.bat 2017-08-19 21:32 - 2017-08-19 21:41 - 000000132 _____ () C:\Users\Tom\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe 2018-01-09 23:14 - 2013-08-22 04:56 - 000055808 _____ (Microsoft Corporation) C:\Users\Tom\AppData\Local\eoAAiZW.exe 2016-07-06 20:49 - 2016-07-06 20:49 - 000000001 _____ () C:\Users\Tom\AppData\Local\llftool.4.40.agreement 2017-04-05 16:05 - 2017-04-05 16:05 - 000000017 _____ () C:\Users\Tom\AppData\Local\resmon.resmoncfg 2016-10-20 15:43 - 2016-10-20 15:43 - 000000003 _____ () C:\Users\Tom\AppData\Local\updater.log 2016-10-20 15:43 - 2016-10-20 15:43 - 000000424 _____ () C:\Users\Tom\AppData\Local\UserProducts.xml 2018-01-09 23:14 - 2018-01-09 23:14 - 000000001 _____ () C:\Users\Tom\AppData\Local\WMI.ini ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-02-17 20:31 ==================== Koniec FRST.txt ============================