Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 06.06.2018 01 Uruchomiony przez User (administrator) DESKTOP-ELIF4U0 (18-06-2018 17:31:12) Uruchomiony z C:\Users\User\Downloads Załadowane profile: User (Dostępne profile: User) Platform: Windows 10 Pro Wersja 1709 16299.371 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (AMD) C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atiesrxx.exe (AMD) C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atieclxx.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHDCPSvc.exe (Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe (Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHeciSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (SoundMixer) C:\Users\User\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe (SoundMixer) C:\Users\User\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe Brak dostępu do procesu -> SoundMixer.exe Brak dostępu do procesu -> SoundMixer.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383336 2017-08-31] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-31] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-31] (Realtek Semiconductor) HKLM\...\Run: [TNOD UP] => C:\Program Files (x86)\TNod\TNODUP.exe [5101056 2017-12-22] (Tukero[X]Team) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-4155290210-3035117307-2680524550-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-01-30] (Disc Soft Ltd) HKU\S-1-5-21-4155290210-3035117307-2680524550-1001\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.) HKU\S-1-5-21-4155290210-3035117307-2680524550-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd) HKU\S-1-5-21-4155290210-3035117307-2680524550-1001\...\MountPoints2: {3153fdce-0732-11e8-b001-6014b3b092ea} - "H:\Install.exe" HKU\S-1-5-21-4155290210-3035117307-2680524550-1001\...\MountPoints2: {fff2b269-05d7-11e8-afff-6014b3b092ea} - "E:\setup.exe" HKU\S-1-5-21-4155290210-3035117307-2680524550-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [272896 2017-09-29] (Microsoft Corporation) <==== UWAGA HKU\S-1-5-21-4155290210-3035117307-2680524550-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\User\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\User\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Ograniczenia ? <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 Tcpip\..\Interfaces\{2d94457a-c2a5-46ab-b99a-b4bb4b686fdf}: [DhcpNameServer] 192.168.88.1 Tcpip\..\Interfaces\{d708c620-0690-45bd-b980-950263d01689}: [DhcpNameServer] 192.168.88.1 Internet Explorer: ================== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2018-01-30] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2018-01-30] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GR469A~1.DLL [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2018-01-30] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2018-01-30] (Oracle Corporation) Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GRA32A~1.DLL [2006-10-27] (Microsoft Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4155290210-3035117307-2680524550-1001 -> hxxp://google.pl/ FireFox: ======== FF DefaultProfile: 6tvcj6m4.default-1525591620804 FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6tvcj6m4.default-1525591620804 [2018-06-18] FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6tvcj6m4.default-1525591620804\features\{8237ae08-87cb-4fc7-9445-1df3d25438d0}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-07] [Przestarzałe] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2018-01-30] () FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-01-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-01-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2018-01-30] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2016-09-20] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-01-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-01-30] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atiesrxx.exe [482280 2018-04-27] (AMD) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-01-30] (Disc Soft Ltd) R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [197120 2017-07-13] (Dolby Laboratories, Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2016-12-14] (ESET) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-06-17] (SurfRight B.V.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324584 2017-08-31] (Realtek Semiconductor) R2 RtkBtManServ; C:\Windows\RtkBtManServ.exe [293352 2017-08-09] (Realtek Semiconductor Corp.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-13] (Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [291496 2018-01-29] (Synaptics Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-30] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-30] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atikmdag.sys [44670944 2018-04-27] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atikmpag.sys [553448 2018-04-27] (Advanced Micro Devices, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2018-01-30] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2018-01-30] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-02-19] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET) R1 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [70960 2017-01-17] (ESET) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [724456 2017-08-09] (Realtek Semiconductor Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3238368 2017-10-31] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [7895912 2017-10-28] (Realtek Semiconductor Corporation ) S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-30] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [55976 2018-01-29] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [23040 2018-03-14] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-01-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288848 2018-01-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-30] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-06-18 17:23 - 2018-06-18 17:32 - 000014650 _____ C:\Users\User\Downloads\FRST.txt 2018-06-18 17:23 - 2018-06-18 17:23 - 000000000 ____D C:\FRST 2018-06-18 17:22 - 2018-06-18 17:22 - 002413056 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2018-06-18 17:10 - 2018-06-18 17:10 - 000106816 _____ C:\Users\User\Downloads\FixWin10.zip 2018-06-17 12:57 - 2017-09-29 15:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20180617-125740.backup 2018-06-17 12:28 - 2018-06-17 12:28 - 000002689 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Otwórz dokument pakietu Microsoft Office.lnk 2018-06-17 12:28 - 2018-06-17 12:28 - 000002663 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Nowy dokument pakietu Microsoft Office.lnk 2018-06-17 11:53 - 2018-06-17 11:53 - 000001474 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2018-06-17 11:53 - 2018-06-17 11:53 - 000001462 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2018-06-17 11:53 - 2018-06-17 11:53 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2018-06-17 11:53 - 2018-06-17 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2018-06-17 11:52 - 2018-06-18 14:28 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2018-06-17 11:52 - 2018-06-17 12:53 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2018-06-17 11:52 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe 2018-06-17 11:45 - 2018-06-17 11:45 - 000001694 _____ C:\Windows\system32\.crusader 2018-06-17 11:39 - 2018-06-17 11:47 - 000000000 ____D C:\ProgramData\HitmanPro 2018-06-17 11:39 - 2018-06-17 11:39 - 000002012 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2018-06-17 11:39 - 2018-06-17 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2018-06-17 11:39 - 2018-06-17 11:39 - 000000000 ____D C:\Program Files\HitmanPro 2018-06-11 19:57 - 2018-06-11 19:57 - 000000165 ____H C:\Users\User\Desktop\~$wesele1.xlsx 2018-06-03 14:21 - 2018-06-17 10:10 - 000018264 _____ C:\Users\User\Desktop\wesele1.xlsx 2018-06-02 17:26 - 2018-06-02 17:26 - 000000000 ____D C:\ProgramData\Samsung 2018-05-28 08:28 - 2018-06-01 17:23 - 000017381 _____ C:\Users\User\Documents\wesele.xlsx 2018-05-25 22:12 - 2018-05-25 22:12 - 000112104 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2018-05-25 20:53 - 2018-06-17 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2018-05-25 20:29 - 2018-05-25 20:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Works 2018-05-25 20:28 - 2018-05-25 20:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2018-05-25 20:26 - 2018-05-25 20:26 - 000000000 ____D C:\Windows\PCHEALTH 2018-05-25 20:00 - 2018-05-25 20:00 - 000000000 ____D C:\Program Files\Microsoft Office 2018-05-25 19:59 - 2018-05-25 19:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2018-05-25 19:56 - 2018-05-25 20:28 - 000000000 ____D C:\Windows\SHELLNEW 2018-05-25 19:53 - 2018-05-25 19:53 - 000000000 __RHD C:\MSOCache 2018-05-25 15:12 - 2018-06-14 23:17 - 000004000 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1527253915 2018-05-25 15:12 - 2018-06-14 23:17 - 000001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk 2018-05-20 12:33 - 2018-06-17 11:16 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-05-20 12:33 - 2018-06-17 11:16 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-05-20 12:33 - 2018-05-20 12:33 - 000002868 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-05-20 12:33 - 2018-05-20 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-05-20 12:33 - 2018-05-20 12:33 - 000000000 ____D C:\Program Files\CCleaner 2018-05-20 12:00 - 2018-05-20 12:00 - 000000000 ___HD C:\$WINDOWS.~BT 2018-05-20 11:57 - 2018-05-20 11:57 - 000000979 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk 2018-05-20 11:57 - 2018-05-20 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2018-05-20 11:57 - 2018-05-20 11:57 - 000000000 ____D C:\Program Files\CPUID ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-06-18 17:23 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\AppReadiness 2018-06-18 16:54 - 2018-01-30 16:49 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2018-06-18 16:11 - 2018-01-30 16:14 - 000000000 ____D C:\Windows\system32\SleepStudy 2018-06-18 15:54 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization 2018-06-18 14:40 - 2018-01-30 16:23 - 008275078 _____ C:\Windows\system32\PerfStringBackup.INI 2018-06-18 14:40 - 2017-09-30 16:31 - 004139394 _____ C:\Windows\system32\perfh015.dat 2018-06-18 14:40 - 2017-09-30 16:31 - 001144984 _____ C:\Windows\system32\perfc015.dat 2018-06-18 14:28 - 2018-01-30 16:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-06-17 22:05 - 2018-01-30 16:25 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2018-06-17 22:05 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-06-17 22:05 - 2017-09-29 10:45 - 000524288 _____ C:\Windows\system32\config\BBI 2018-06-17 21:22 - 2018-01-30 16:14 - 000454176 _____ C:\Windows\system32\FNTCACHE.DAT 2018-06-17 13:32 - 2017-09-29 15:37 - 000000000 ____D C:\Windows\CbsTemp 2018-06-17 12:55 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF 2018-06-17 11:35 - 2018-01-30 16:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-06-17 11:34 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-06-16 23:54 - 2018-01-30 16:27 - 000000000 ____D C:\Windows\system32\MRT 2018-06-16 19:05 - 2018-01-30 16:27 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-06-16 19:05 - 2017-12-13 13:24 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe 2018-06-14 23:17 - 2018-04-17 10:14 - 000000000 ____D C:\Program Files\Opera 2018-06-13 23:02 - 2018-01-30 16:14 - 000000000 ____D C:\Windows\Panther 2018-06-10 08:08 - 2018-05-06 09:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-06-07 20:34 - 2018-05-06 09:26 - 000001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-06-07 20:34 - 2018-05-06 09:26 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-06-06 01:24 - 2018-05-13 21:52 - 000835056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-06-06 01:24 - 2018-05-13 21:52 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-06-03 14:21 - 2018-01-30 16:55 - 000000000 ____D C:\Users\User\AppData\Local\Microsoft Help 2018-05-25 20:29 - 2017-12-13 13:39 - 000000000 ____D C:\Program Files (x86)\MSBuild 2018-05-25 20:03 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-05-25 19:58 - 2017-09-29 15:46 - 000000167 _____ C:\Windows\win.ini 2018-05-25 15:12 - 2018-04-17 10:16 - 000000000 ____D C:\Users\User\AppData\Roaming\Opera Software 2018-05-25 15:12 - 2018-04-17 10:16 - 000000000 ____D C:\Users\User\AppData\Local\Opera Software 2018-05-20 11:13 - 2018-01-30 16:20 - 000000000 ____D C:\Users\User\AppData\Local\Packages ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo UWAGA: ==> Nie można uzyskać dostępu do BCD. LastRegBack: 2018-06-07 19:56 ==================== Koniec FRST.txt ============================