Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20.06.2018 Uruchomiony przez zuzia (administrator) LAPTOP-4VKLQJJ9 (01-07-2018 21:14:23) Uruchomiony z C:\Users\zuzia\Desktop Załadowane profile: zuzia (Dostępne profile: zuzia) Platform: Windows 10 Home Wersja 1703 15063.786 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe (ESET) C:\Program Files\ESET\ESET Security\egui.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe () C:\OEM\Preload\FubTracking\FubTracking.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Microsoft Corporation) C:\Windows\HelpPane.exe () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.1022_none_b963c7de6f5da1b7\TiWorker.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178496 2018-04-19] (ESET) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA HKU\S-1-5-21-2449909946-2020927604-2903180081-1001\...\Run: [Discord] => C:\ProgramData\zuzia\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.) HKU\S-1-5-21-2449909946-2020927604-2903180081-1001\...\MountPoints2: {70f37a46-6ca7-11e5-9bc6-806e6f6e6963} - "D:\SETUP.EXE" HKU\S-1-5-21-2449909946-2020927604-2903180081-1001\...\MountPoints2: {ad34ec0d-5d1d-11e7-9c00-2c600cf2a71a} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2449909946-2020927604-2903180081-1001\...\MountPoints2: {c31f3f89-ec1e-11e7-9c12-2c600cf2a71a} - "E:\AutoRun.exe" HKU\S-1-5-21-2449909946-2020927604-2903180081-1001\...\MountPoints2: {c31f3fd7-ec1e-11e7-9c12-2c600cf2a71a} - "E:\HiSuiteDownLoader.exe" ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1aa49170-ff56-4410-b26e-86e2fbb94cd4}: [DhcpNameServer] 40.31.1.66 Tcpip\..\Interfaces\{6a59a155-ed8d-4e16-98e0-32089eea1b11}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{85d3482f-a436-443f-8ee3-af716743319f}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\S-1-5-21-2449909946-2020927604-2903180081-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ HKU\S-1-5-21-2449909946-2020927604-2903180081-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE SearchScopes: HKU\S-1-5-21-2449909946-2020927604-2903180081-1001 -> DefaultScope {4B083A41-C34B-48AD-8FAC-84F039BFAF28} URL = SearchScopes: HKU\S-1-5-21-2449909946-2020927604-2903180081-1001 -> {4B083A41-C34B-48AD-8FAC-84F039BFAF28} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Brak pliku FireFox: ======== FF DefaultProfile: kt6yop5s.default-1530471005979 FF ProfilePath: C:\Users\zuzia\AppData\Roaming\Mozilla\Firefox\Profiles\kt6yop5s.default-1530471005979 [2018-07-01] FF Homepage: Mozilla\Firefox\Profiles\kt6yop5s.default-1530471005979 -> hxxp://google.pl FF Extension: (uBlock) - C:\Users\zuzia\AppData\Roaming\Mozilla\Firefox\Profiles\kt6yop5s.default-1530471005979\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2018-07-01] FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-01] [Przestarzałe] [Brak podpisu cyfrowego] FF Extension: (Polski Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pl@firefox.mozilla.org [2016-11-18] [Przestarzałe] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-14] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] () Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR Profile: C:\Users\zuzia\AppData\Local\Google\Chrome\User Data\Default [2018-06-30] CHR Extension: (Dokumenty) - C:\Users\zuzia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24] CHR Extension: (Dysk Google) - C:\Users\zuzia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-24] CHR Extension: (YouTube) - C:\Users\zuzia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-24] CHR Extension: (Avast SafePrice) - C:\Users\zuzia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-24] CHR Extension: (Dokumenty Google offline) - C:\Users\zuzia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-24] CHR Extension: (Avast Online Security) - C:\Users\zuzia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-24] CHR Extension: (Skype) - C:\Users\zuzia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-10-24] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\zuzia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-24] CHR Extension: (Gmail) - C:\Users\zuzia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-24] CHR Extension: (Chrome Media Router) - C:\Users\zuzia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-24] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278616 2017-03-20] (Acer Incorporated) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET) R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373712 2017-09-25] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Brak podpisu cyfrowego] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Brak podpisu cyfrowego] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2201920 2018-06-12] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3072328 2018-06-12] (Electronic Arts) R2 osrss; C:\WINDOWS\system32\osrss.dll [108584 2018-01-18] (Microsoft Corporation) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-05] (Acer Incorporated) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-05] (Acer Incorporated) S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET) S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-04-12] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET) R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-05] (Acer Incorporated) S3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation) S3 Qcamain; C:\WINDOWS\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [Brak podpisu cyfrowego] R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-05] (Acer Incorporated) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-12-28] (Realsil Semiconductor Corporation) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-07-29] (Synaptics Incorporated) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-07-01 21:14 - 2018-07-01 21:15 - 000019406 _____ C:\Users\zuzia\Desktop\FRST.txt 2018-07-01 21:00 - 2018-07-01 21:14 - 000000000 ____D C:\FRST 2018-07-01 20:59 - 2018-07-01 21:00 - 002412544 _____ (Farbar) C:\Users\zuzia\Desktop\FRST64.exe 2018-07-01 20:50 - 2018-07-01 20:50 - 000000000 ____D C:\Users\zuzia\Desktop\Old Firefox Data 2018-07-01 19:40 - 2018-07-01 20:37 - 000000739 _____ C:\Users\zuzia\Desktop\klucze-office.txt 2018-07-01 19:31 - 2018-07-01 19:31 - 000001158 _____ C:\Users\zuzia\Desktop\Notepad.lnk 2018-07-01 19:18 - 2018-07-01 19:18 - 000002680 _____ C:\Users\zuzia\Desktop\Word 2013.lnk 2018-07-01 19:02 - 2018-07-01 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2018-07-01 18:57 - 2018-07-01 19:00 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2018-07-01 18:57 - 2018-07-01 18:57 - 000000000 ____D C:\WINDOWS\PCHEALTH 2018-07-01 18:55 - 2018-07-01 19:01 - 000000000 ____D C:\WINDOWS\SHELLNEW 2018-07-01 18:55 - 2018-07-01 18:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2018-07-01 18:54 - 2018-07-01 18:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-07-01 18:50 - 2018-07-01 18:50 - 000000000 __RHD C:\MSOCache 2018-07-01 18:35 - 2018-07-01 18:36 - 000046120 _____ C:\Users\zuzia\Documents\cc_20180701_183543.reg 2018-06-30 22:48 - 2018-06-30 22:48 - 000000000 ____D C:\Users\zuzia\AppData\Local\Microsoft Help 2018-06-30 22:47 - 2018-07-01 18:54 - 000000000 ____D C:\Program Files\Microsoft Office 2018-06-30 22:40 - 2018-06-30 22:40 - 000000440 _____ C:\Users\zuzia\Desktop\Ten komputer — skrót.lnk 2018-06-30 19:10 - 2018-06-30 19:10 - 000000000 ____D C:\Users\zuzia\Mobile Uploads 2018-06-30 19:10 - 2018-06-30 19:10 - 000000000 ____D C:\Users\zuzia\AppData\Local\abFiles 2018-06-30 19:07 - 2018-06-30 19:07 - 001533288 _____ (Igor Pavlov) C:\Users\zuzia\Downloads\abFiles_Setup1_00_2014.exe 2018-06-30 18:57 - 2018-06-30 18:57 - 000001540 _____ C:\Users\zuzia\Desktop\iexplore — skrót .lnk 2018-06-30 18:19 - 2018-06-30 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2018-06-30 18:19 - 2018-06-30 18:19 - 000000000 ____D C:\ProgramData\ESET 2018-06-30 18:19 - 2018-06-30 18:19 - 000000000 ____D C:\Program Files\ESET 2018-06-30 17:52 - 2018-06-30 17:52 - 000000000 ____D C:\Users\zuzia\AppData\Local\ElevatedDiagnostics 2018-06-30 17:46 - 2018-06-30 18:03 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2018-06-30 17:08 - 2018-06-30 17:08 - 000081850 _____ C:\Users\zuzia\Documents\cc_20180630_170831.reg 2018-06-30 17:04 - 2018-06-30 17:04 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-06-19 23:52 - 2018-06-19 23:52 - 000003608 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA 2018-06-19 23:52 - 2018-06-19 23:52 - 000003484 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore 2018-06-19 23:52 - 2018-06-19 23:52 - 000000000 ____D C:\Program Files (x86)\AVAST Software 2018-06-19 19:22 - 2018-06-19 19:22 - 000001027 _____ C:\Users\zuzia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk 2018-06-19 19:22 - 2018-06-19 19:22 - 000001019 _____ C:\Users\zuzia\Desktop\osu!.lnk 2018-06-19 19:05 - 2018-06-30 22:28 - 000000000 ____D C:\Users\zuzia\AppData\Local\osu! 2018-06-19 19:05 - 2018-06-19 19:05 - 000000000 ____D C:\Users\zuzia\Downloads\Localisation 2018-06-19 19:01 - 2018-06-19 19:02 - 004100664 _____ (ppy) C:\Users\zuzia\Downloads\osu!install.exe 2018-06-19 18:42 - 2018-06-19 20:31 - 000000000 ____D C:\Users\zuzia\AppData\Roaming\discord 2018-06-19 18:42 - 2018-06-19 18:42 - 000002241 _____ C:\Users\zuzia\Desktop\Discord.lnk 2018-06-19 18:42 - 2018-06-19 18:42 - 000000000 ____D C:\Users\zuzia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2018-06-19 18:40 - 2018-06-19 18:43 - 000000000 ____D C:\Users\zuzia\AppData\Local\SquirrelTemp 2018-06-19 18:40 - 2018-06-19 18:42 - 000000000 ____D C:\Users\zuzia\AppData\Local\Discord 2018-06-19 18:40 - 2018-06-19 18:40 - 000000000 ____D C:\ProgramData\zuzia 2018-06-19 18:36 - 2018-06-19 18:40 - 060074328 _____ (Discord Inc.) C:\Users\zuzia\Downloads\DiscordSetup.exe 2018-06-14 13:31 - 2018-06-14 13:31 - 000000000 ____D C:\WINDOWS\UpdateAssistant ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-07-01 21:15 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-07-01 20:55 - 2016-11-19 14:02 - 000000000 ____D C:\Users\zuzia\AppData\LocalLow\Mozilla 2018-07-01 20:54 - 2016-11-18 21:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-07-01 20:54 - 2015-08-31 12:51 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-07-01 20:54 - 2015-08-31 12:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-07-01 20:45 - 2017-09-30 01:05 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-07-01 20:45 - 2015-12-28 07:12 - 000000000 __SHD C:\Users\zuzia\IntelGraphicsProfiles 2018-07-01 20:44 - 2017-09-30 01:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-07-01 20:44 - 2016-10-10 19:06 - 000000000 ____D C:\ProgramData\NVIDIA 2018-07-01 19:51 - 2017-09-30 00:58 - 000393072 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-07-01 19:50 - 2017-03-18 13:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2018-07-01 19:34 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-07-01 19:06 - 2016-01-31 20:32 - 000000000 ____D C:\Users\zuzia\Desktop\Mama 2018-07-01 18:59 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-07-01 18:56 - 2015-07-10 13:04 - 000000199 _____ C:\WINDOWS\win.ini 2018-07-01 18:54 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-07-01 18:39 - 2017-09-30 01:30 - 000004226 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{523E3B1F-F5F5-4E2F-8355-31D885981E13} 2018-06-30 23:12 - 2017-09-30 01:09 - 000000000 ____D C:\Users\zuzia 2018-06-30 22:48 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF 2018-06-30 21:51 - 2017-04-19 14:16 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-06-30 21:51 - 2017-04-19 14:16 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-06-30 21:49 - 2017-09-30 00:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-06-30 19:21 - 2016-02-13 20:47 - 000000000 ____D C:\Program Files (x86)\Origin 2018-06-30 19:10 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2018-06-30 19:09 - 2015-08-31 12:50 - 000000000 ____D C:\Program Files (x86)\Acer 2018-06-30 19:08 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\OEM 2018-06-30 18:29 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\AVAST Software 2018-06-30 18:19 - 2017-03-18 23:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2018-06-30 18:10 - 2016-03-05 02:16 - 000000000 ____D C:\Users\zuzia\AppData\Roaming\AVAST Software 2018-06-30 18:05 - 2017-12-25 22:01 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2018-06-30 17:05 - 2017-05-12 17:46 - 000000000 ___RD C:\Users\zuzia\Desktop\miotla 2018-06-30 17:04 - 2017-05-12 18:45 - 000000000 ____D C:\Program Files\CCleaner 2018-06-30 16:26 - 2017-05-12 19:36 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2018-06-30 16:17 - 2017-05-12 18:32 - 000000000 ____D C:\AdwCleaner 2018-06-30 16:10 - 2017-08-21 10:40 - 000000000 ___DC C:\WINDOWS\Panther 2018-06-30 16:10 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-06-30 16:10 - 2015-12-27 18:54 - 000000000 ____D C:\Users\zuzia\AppData\Local\CrashDumps 2018-06-30 16:07 - 2017-09-30 01:30 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2018-06-21 22:47 - 2017-09-30 01:30 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2449909946-2020927604-2903180081-1001 2018-06-21 22:47 - 2015-12-28 07:16 - 000002415 _____ C:\Users\zuzia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-06-21 22:47 - 2015-12-28 07:16 - 000000000 ___RD C:\Users\zuzia\OneDrive 2018-06-20 01:29 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps 2018-06-19 23:54 - 2017-09-30 01:30 - 002261632 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-06-19 23:54 - 2017-03-20 05:59 - 001032392 _____ C:\WINDOWS\system32\perfh015.dat 2018-06-19 23:54 - 2017-03-20 05:59 - 000220680 _____ C:\WINDOWS\system32\perfc015.dat 2018-06-19 23:46 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-06-16 01:10 - 2016-02-13 20:47 - 000000000 ____D C:\ProgramData\Origin 2018-06-16 00:48 - 2016-02-13 20:54 - 000000000 ____D C:\Users\zuzia\AppData\Roaming\Origin 2018-06-14 13:31 - 2018-02-23 17:26 - 000000000 ____D C:\Program Files\rempl 2018-06-14 13:26 - 2018-03-28 22:22 - 000004688 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-06-14 13:26 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-06-14 13:26 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-06-14 13:25 - 2018-04-30 21:48 - 000000811 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asystent aktualizacji do systemu Windows 10.lnk 2018-06-14 13:25 - 2018-04-30 21:48 - 000000799 _____ C:\Users\zuzia\Desktop\Asystent aktualizacji do systemu Windows 10.lnk 2018-06-14 13:25 - 2018-04-30 21:48 - 000000000 ____D C:\Windows10Upgrade 2018-06-05 22:45 - 2017-03-18 23:06 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-06-05 22:45 - 2017-03-18 23:06 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-05-26 12:44 ==================== Koniec FRST.txt ============================