Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 17.02.2018 Uruchomiony przez Jagoda (administrator) DESKTOP-MAQ1KLK (19-02-2018 19:37:16) Uruchomiony z C:\Users\Jagoda\Desktop Załadowane profile: Jagoda (Dostępne profile: defaultuser0 & Jagoda) Platform: Windows 10 Pro Wersja 1709 16299.15 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-27] (Realtek Semiconductor) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe [2090176 2016-08-26] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe [1242816 2016-08-26] (CHENGDU Yiwo Tech Development Co., Ltd.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKU\S-1-5-21-659809927-3005934564-2642407563-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd) HKU\S-1-5-21-659809927-3005934564-2642407563-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.) HKU\S-1-5-21-659809927-3005934564-2642407563-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2017-09-29] (Microsoft Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{0e59a5c6-adb1-40ae-bb54-0b10ee40bd17}: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{a6bde9b6-f20b-4170-9f08-3bbfa05fe295}: [DhcpNameServer] 62.179.1.63 62.179.1.62 Internet Explorer: ================== HKU\S-1-5-21-659809927-3005934564-2642407563-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190 SearchScopes: HKU\S-1-5-21-659809927-3005934564-2642407563-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\Program Files\StatSoft\STATISTICA 12\StaBHO.dll [2014-04-19] (StatSoft, Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-02-06] (Microsoft Corporation) BHO-x32: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\Program Files\StatSoft\STATISTICA 12\Support\StaBHO.dll [2014-04-18] (StatSoft, Inc.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-06] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-01-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=190 CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.gazeta.pl/0,0.html?p=190" CHR Profile: C:\Users\Jagoda\AppData\Local\Google\Chrome\User Data\Default [2018-02-19] CHR Extension: (Prezentacje) - C:\Users\Jagoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-27] CHR Extension: (Dokumenty) - C:\Users\Jagoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-27] CHR Extension: (Dysk Google) - C:\Users\Jagoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-01] CHR Extension: (YouTube) - C:\Users\Jagoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-01] CHR Extension: (Arkusze) - C:\Users\Jagoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-27] CHR Extension: (Dokumenty Google offline) - C:\Users\Jagoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-09] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Jagoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-27] CHR Extension: (Gmail) - C:\Users\Jagoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-01] CHR Extension: (Chrome Media Router) - C:\Users\Jagoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-25] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968424 2018-02-08] (Microsoft Corporation) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-24] () R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4297920 2017-09-30] (Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated) R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [294168 2017-10-05] (Reason Software Company Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [24056 2016-01-14] () S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] () S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] () [Brak podpisu cyfrowego] S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] () [Brak podpisu cyfrowego] S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-05-04] (Malwarebytes) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) R3 RtkBtFilter2; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [65792 2015-05-29] (Realtek Microelectronics) R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2017-09-29] (Realtek Semiconductor Corporation ) S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [52816 2016-08-03] (Toshiba Client Solutions Co., Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) Error(1) reading file: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Narzędzia pakietu Microsoft Office " 2018-02-19 19:37 - 2018-02-19 19:38 - 000013016 _____ C:\Users\Jagoda\Desktop\FRST.txt 2018-02-19 19:36 - 2018-02-19 19:37 - 000000000 ____D C:\FRST 2018-02-19 19:22 - 2018-02-19 19:22 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2018-02-19 19:21 - 2018-02-19 19:21 - 000000000 ____D C:\Users\Jagoda\AppData\Local\DBG 2018-02-19 19:20 - 2018-02-19 19:20 - 000000000 ___RD C:\Users\Jagoda\3D Objects 2018-02-19 19:19 - 2018-02-19 19:19 - 000000020 ___SH C:\Users\Jagoda\ntuser.ini 2018-02-19 19:09 - 2018-02-19 19:09 - 000000000 ____D C:\ProgramData\USOShared 2018-02-19 19:03 - 2018-02-19 19:03 - 001858914 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-02-19 19:03 - 2018-02-19 19:03 - 000011433 _____ C:\WINDOWS\diagwrn.xml 2018-02-19 19:03 - 2018-02-19 19:03 - 000011433 _____ C:\WINDOWS\diagerr.xml 2018-02-19 19:02 - 2018-02-19 19:02 - 000023044 _____ C:\WINDOWS\system32\emptyregdb.dat 2018-02-19 19:02 - 2018-02-19 19:02 - 000003682 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-02-19 19:02 - 2018-02-19 19:02 - 000003546 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2018-02-19 19:02 - 2018-02-19 19:02 - 000003494 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2018-02-19 19:02 - 2018-02-19 19:02 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-02-19 19:02 - 2018-02-19 19:02 - 000003360 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1473073522 2018-02-19 19:02 - 2018-02-19 19:02 - 000003270 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2018-02-19 19:02 - 2018-02-19 19:02 - 000003046 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 74f2de55c4ad40a0805dff2b9431821a13ff1a0372b9403ca4c296754b88f120 2018-02-19 19:02 - 2018-02-19 19:02 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-659809927-3005934564-2642407563-1001 2018-02-19 19:02 - 2018-02-19 19:02 - 000002708 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 2540 series 2018-02-19 19:02 - 2018-02-19 19:02 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2018-02-19 19:02 - 2018-02-19 19:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-02-19 18:54 - 2018-02-19 18:54 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2018-02-19 18:53 - 2018-02-19 18:53 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages 2018-02-19 18:52 - 2018-02-19 19:37 - 000000000 ____D C:\Users\Jagoda\AppData\Local\Packages 2018-02-19 18:51 - 2018-02-19 19:20 - 000000000 ____D C:\Users\Jagoda 2018-02-19 18:51 - 2018-02-19 19:02 - 000000000 ____D C:\Users\defaultuser0 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\Jagoda\Ustawienia lokalne 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\Jagoda\Szablony 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\Jagoda\Moje dokumenty 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\Jagoda\Menu Start 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\Jagoda\Documents\Moje wideo 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\Jagoda\Documents\Moje obrazy 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\Jagoda\Documents\Moja muzyka 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\Jagoda\Dane aplikacji 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\Jagoda\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\Jagoda\AppData\Local\Historia 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\Jagoda\AppData\Local\Dane aplikacji 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\defaultuser0\Ustawienia lokalne 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\defaultuser0\Szablony 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\defaultuser0\Moje dokumenty 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\defaultuser0\Menu Start 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Moje wideo 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Moje obrazy 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Moja muzyka 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\defaultuser0\Dane aplikacji 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Local\Historia 2018-02-19 18:51 - 2018-02-19 18:51 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Local\Dane aplikacji 2018-02-19 18:51 - 2017-09-29 14:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2018-02-19 18:50 - 2016-05-03 22:30 - 000081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2018-02-19 18:47 - 2018-02-19 19:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-02-19 18:47 - 2018-02-19 18:58 - 000402152 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-02-19 18:42 - 2018-02-19 19:05 - 000000000 ____D C:\Windows.old 2018-02-19 18:35 - 2018-02-19 18:42 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2018-02-19 18:33 - 2018-02-19 18:35 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2018-02-19 18:33 - 2018-02-19 18:33 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2018-02-19 18:32 - 2018-02-19 18:32 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2018-02-19 18:32 - 2018-02-19 18:32 - 000000000 ____D C:\Program Files\Reference Assemblies 2018-02-19 18:32 - 2018-02-19 18:32 - 000000000 ____D C:\Program Files\MSBuild 2018-02-19 18:32 - 2018-02-19 18:32 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2018-02-19 18:32 - 2018-02-19 18:32 - 000000000 ____D C:\Program Files (x86)\MSBuild 2018-02-19 18:31 - 2017-09-28 15:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2018-02-19 18:31 - 2017-09-28 15:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2018-02-19 18:31 - 2017-09-28 15:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2018-02-19 18:31 - 2017-09-22 18:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2018-02-19 18:31 - 2017-09-22 18:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2018-02-19 18:31 - 2017-09-22 18:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2018-02-19 18:30 - 2018-02-19 18:30 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2018-02-19 18:30 - 2018-02-19 18:30 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2018-02-19 18:30 - 2018-02-19 18:30 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2018-02-19 17:52 - 2018-02-19 17:52 - 000002903 _____ C:\WINDOWS\SysWOW64\servers.def.vpx 2018-02-19 17:52 - 2018-02-19 17:52 - 000000446 _____ C:\WINDOWS\SysWOW64\prod-pgm.vpx 2018-02-19 17:52 - 2018-02-19 17:52 - 000000039 _____ C:\WINDOWS\SysWOW64\Stats.ini 2018-02-19 17:05 - 2018-02-19 17:05 - 000000000 ____D C:\Users\Jagoda\AppData\Local\ESET 2018-02-19 16:52 - 2018-02-19 16:52 - 000000000 ____D C:\WINDOWS\UpdateAssistant 2018-02-19 16:46 - 2018-02-19 16:46 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2018-02-19 16:42 - 2018-02-19 16:42 - 002403840 _____ (Farbar) C:\Users\Jagoda\Desktop\FRST64.exe 2018-02-19 16:39 - 2018-02-19 16:39 - 008222496 _____ (Malwarebytes) C:\Users\Jagoda\Desktop\adwcleaner_7.0.8.0.exe 2018-02-15 23:44 - 2018-02-19 16:50 - 000000000 ____D C:\Users\Jagoda\Desktop\Nowy folder (6) 2018-02-15 23:38 - 2018-02-15 23:38 - 000000000 ___HD C:\$AV_AVG 2018-01-23 19:49 - 2018-01-23 19:49 - 000000000 ____D C:\Program Files\Common Files\AVG ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-19 19:37 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-02-19 19:37 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-02-19 19:35 - 2014-07-27 16:15 - 000000000 ____D C:\AdwCleaner 2018-02-19 19:20 - 2016-09-05 11:58 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-02-19 19:20 - 2016-09-05 11:58 - 000000000 ____D C:\Users\Jagoda\AppData\Local\TileDataLayer 2018-02-19 19:19 - 2017-12-23 19:59 - 000000000 ___DC C:\WINDOWS\Panther 2018-02-19 19:19 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-02-19 19:19 - 2016-09-05 11:58 - 000000000 __SHD C:\Users\Jagoda\IntelGraphicsProfiles 2018-02-19 19:19 - 2016-09-05 11:56 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2018-02-19 19:13 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF 2018-02-19 19:04 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2018-02-19 19:04 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\USOPrivate 2018-02-19 19:04 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\windows nt 2018-02-19 19:03 - 2017-09-30 15:31 - 000823366 _____ C:\WINDOWS\system32\perfh015.dat 2018-02-19 19:03 - 2017-09-30 15:31 - 000159452 _____ C:\WINDOWS\system32\perfc015.dat 2018-02-19 19:03 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Registration 2018-02-19 19:03 - 2017-09-29 09:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2018-02-19 19:02 - 2017-09-29 14:46 - 000000000 __RHD C:\Users\Public\Libraries 2018-02-19 19:01 - 2016-11-01 11:10 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-19 19:01 - 2016-11-01 11:10 - 000002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-02-19 18:57 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-02-19 18:57 - 2016-09-05 17:45 - 000000000 ____D C:\Users\Jagoda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-02-19 18:54 - 2017-09-29 14:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2018-02-19 18:50 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2018-02-19 18:50 - 2016-09-05 11:57 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2018-02-19 18:47 - 2017-09-29 14:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2018-02-19 18:42 - 2017-09-29 14:49 - 000000000 ____D C:\WINDOWS\Setup 2018-02-19 18:42 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-02-19 18:42 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\spool 2018-02-19 18:42 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-02-19 18:42 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-02-19 18:42 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-02-19 18:42 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-02-19 18:42 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-02-19 18:42 - 2017-06-18 21:50 - 000000000 ____D C:\Program Files\UNP 2018-02-19 18:42 - 2017-03-31 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SigmaPlot 2018-02-19 18:42 - 2017-03-29 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R 2018-02-19 18:42 - 2017-03-24 18:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STATISTICA 12 64-bit 2018-02-19 18:42 - 2017-03-24 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\novaPDF 7 2018-02-19 18:42 - 2017-02-05 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-02-19 18:42 - 2017-01-16 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite 2018-02-19 18:42 - 2017-01-08 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2018-02-19 18:42 - 2017-01-08 16:49 - 000000000 ____D C:\WINDOWS\SHELLNEW 2018-02-19 18:42 - 2016-12-10 21:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Narzędzia pakietu Microsoft Office 2016 2018-02-19 18:42 - 2016-11-13 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer 2018-02-19 18:42 - 2016-11-05 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2018-02-19 18:42 - 2016-09-08 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2018-02-19 18:42 - 2016-09-05 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2018-02-19 18:42 - 2016-09-05 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 11.8 2018-02-19 18:42 - 2016-09-05 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky 2018-02-19 18:42 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2018-02-19 18:39 - 2016-09-05 11:57 - 000000000 ____D C:\WINDOWS\system32\SRSLabs 2018-02-19 18:35 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\appcompat 2018-02-19 18:35 - 2016-09-05 11:57 - 000000000 ____D C:\Program Files\Synaptics 2018-02-19 18:35 - 2016-09-05 11:57 - 000000000 ____D C:\Program Files\Realtek 2018-02-19 18:35 - 2016-09-05 11:47 - 000000000 ____D C:\Program Files\Intel 2018-02-19 18:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2018-02-19 18:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\MUI 2018-02-19 18:32 - 2017-09-29 14:41 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2018-02-19 18:32 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-02-19 17:52 - 2016-09-05 17:26 - 000000000 ____D C:\ProgramData\Avg 2018-02-19 17:43 - 2017-12-10 22:04 - 000185328 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswf462ef7cfafb843e.tmp 2018-02-19 17:43 - 2017-04-10 21:27 - 000452336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw5e14e7c0cc0142be.tmp 2018-02-19 17:43 - 2017-04-10 21:27 - 000372920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw 2e6f70d3a7a9006.tmp 2018-02-19 17:43 - 2017-04-10 21:27 - 000197856 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswc59922764928f71b.tmp 2018-02-19 17:43 - 2017-04-10 21:27 - 000139040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw86f2a96c91de8d08.tmp 2018-02-19 17:43 - 2017-04-10 21:27 - 000102720 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswcc43b8b19b3814af.tmp 2018-02-19 17:43 - 2017-04-10 21:27 - 000076760 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswbb6c71521d5df79a.tmp 2018-02-19 17:43 - 2017-04-10 21:27 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswa3fe69f4fb2597b2.tmp 2018-02-19 17:42 - 2017-04-10 21:27 - 001019088 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw8199b0e307e10efe.tmp 2018-02-19 17:42 - 2017-04-10 21:27 - 000337344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswb32bd8a1c7acb54d.tmp 2018-02-19 17:42 - 2017-04-10 21:27 - 000315088 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw472ef3e779bcf9cf.tmp 2018-02-19 17:42 - 2017-04-10 21:27 - 000193024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw9c914ec9a1b3239b.tmp 2018-02-19 17:42 - 2017-04-10 21:27 - 000166552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw6762b7723fe56932.tmp 2018-02-19 17:42 - 2017-04-10 21:27 - 000051272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswc05b21cda3481571.tmp 2018-02-19 17:32 - 2016-09-05 17:26 - 000000000 ____D C:\Users\Jagoda\AppData\Local\AvgSetupLog 2018-02-19 16:52 - 2016-07-16 12:42 - 000000204 _____ C:\WINDOWS\SysWOW64\ge7n73x.dll 2018-02-19 16:52 - 2016-07-16 12:42 - 000000100 _____ C:\WINDOWS\SysWOW64\prsgrc.dll 2018-02-19 16:48 - 2016-09-05 17:24 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-02-19 16:44 - 2016-09-18 21:24 - 000000000 ____D C:\Program Files\Microsoft Office 2018-02-15 23:27 - 2017-06-22 21:21 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2 2018-02-10 21:06 - 2017-10-19 18:53 - 000000000 ____D C:\Program Files\rempl 2018-01-31 21:48 - 2016-09-05 12:00 - 000002422 _____ C:\Users\Jagoda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-01-31 21:48 - 2016-09-05 12:00 - 000000000 ___RD C:\Users\Jagoda\OneDrive 2018-01-23 19:51 - 2016-09-05 12:05 - 000000000 ____D C:\Program Files (x86)\Opera ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-12-10 20:16 - 2016-12-10 20:18 - 005542712 _____ (Microsoft Corporation) C:\Users\Jagoda\Setup.x64.pl-pl_ProfessionalRetail_NKGG6-WBPCC-HXWMY-6DQGJ-CPQVG_act_1_.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-02-19 18:47 ==================== Koniec FRST.txt ============================