Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 01.01.2019 Uruchomiony przez user (administrator) DESKTOP-3QHRRKJ (05-01-2019 11:19:29) Uruchomiony z C:\Users\user\Desktop Załadowane profile: user (Dostępne profile: user) Platform: Windows 10 Home Wersja 1803 17134.345 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINYE.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (© 2015 Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3363544 2015-11-22] (ELAN Microelectronics Corp.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-12-10] (AVAST Software) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-1231107459-2238070508-2818764562-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINYE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1231107459-2238070508-2818764562-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.) HKU\S-1-5-21-1231107459-2238070508-2818764562-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-01-10] (Apple Inc.) HKU\S-1-5-21-1231107459-2238070508-2818764562-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-01-10] (Apple Inc.) HKU\S-1-5-21-1231107459-2238070508-2818764562-1001\...\Run: [BingSvc] => C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (© 2015 Microsoft Corporation) HKU\S-1-5-21-1231107459-2238070508-2818764562-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [54788456 2018-12-11] (Skype Technologies S.A.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplorer.lnk [2018-11-21] ShortcutTarget: iexplorer.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) ProxyEnable: [S-1-5-19] => Proxy [funkcja włączona] ProxyServer: [S-1-5-19] => 127.0.0.1:1080 ProxyEnable: [S-1-5-21-1231107459-2238070508-2818764562-1001] => Proxy [funkcja włączona] ProxyServer: [S-1-5-21-1231107459-2238070508-2818764562-1001] => 127.0.0.1:1080 Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{12cdab81-86b8-4ed5-b798-0d25fbbd5ff6}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{c67185a3-956f-401a-9963-a122264953a4}: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{e637da43-9b5d-4190-8a7f-a9729feef1ec}: [DhcpNameServer] 192.168.0.1 ManualProxies: 1127.0.0.1:1080 Internet Explorer: ================== BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: w6m7mqq7.default-1533969747481 FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\w6m7mqq7.default-1533969747481 [2019-01-05] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> msn.com CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms} CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2019-01-03] CHR Extension: (Prezentacje) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-13] CHR Extension: (Dokumenty) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-13] CHR Extension: (Dysk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-21] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-21] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-21] CHR Extension: (Bing) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-12-15] CHR Extension: (Arkusze) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-13] CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-15] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-15] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-21] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-15] CHR HKU\S-1-5-21-1231107459-2238070508-2818764562-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 0AD4444B; C:\ProgramData\0AD4444B\0AD44464.dll [2718736 2018-11-13] () [Brak podpisu cyfrowego] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-12-10] (AVAST Software) S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-12-10] (AVAST Software) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [156384 2015-11-22] (ELAN Microelectronics Corp.) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373712 2018-04-17] (Intel Corporation) R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [Brak podpisu cyfrowego] S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-01] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-01] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-12-10] (AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-29] (AVAST Software) S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-12-10] (AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-12-10] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-12-10] (AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-12-10] (AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-12-10] (AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-12-10] (AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-12-10] (AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-12-10] (AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-12-10] (AVAST Software) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [34624 2014-05-08] (Intel Corporation) R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET) R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [193136 2014-05-08] (Intel Corporation) R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [40016 2015-12-10] (ELAN Microelectronic Corp.) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation) R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] () R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation) R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3529728 2017-11-22] (Intel Corporation) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-09-09] (Realtek Semiconductor Corp.) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-08-01] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-08-01] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-01] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-01-05 11:18 - 2019-01-05 11:19 - 000015283 _____ C:\Users\user\Desktop\FRST.txt 2019-01-05 11:18 - 2019-01-05 11:18 - 000705376 _____ C:\Users\Public\ASR.dat 2019-01-05 11:17 - 2019-01-05 11:17 - 000000000 ___HD C:\OneDriveTemp 2019-01-05 11:16 - 2019-01-05 11:16 - 000000000 ____D C:\Users\user\Desktop\przed 2019-01-05 11:14 - 2019-01-05 11:19 - 000000000 ____D C:\FRST 2019-01-05 11:12 - 2019-01-05 11:13 - 002426368 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2018-12-18 00:51 - 2018-12-18 00:51 - 000132821 _____ C:\Users\user\Downloads\schudnij-skutecznie-ajwendieta.pdf 2018-12-10 23:47 - 2018-12-10 23:47 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-01-05 11:19 - 2018-11-16 19:58 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2019-01-05 11:17 - 2018-11-13 12:03 - 000000000 __RHD C:\ProgramData\0AD4444B 2019-01-05 11:17 - 2018-05-16 16:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-01-05 11:17 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-01-05 11:17 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-01-05 11:17 - 2018-04-02 17:21 - 000000000 ___RD C:\Users\user\iCloudDrive 2019-01-05 11:17 - 2017-06-11 17:01 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-01-05 11:17 - 2015-09-09 18:44 - 000000000 ___RD C:\Users\user\OneDrive 2019-01-05 11:17 - 2015-09-09 18:42 - 000000000 __SHD C:\Users\user\IntelGraphicsProfiles 2019-01-05 11:16 - 2016-11-22 17:42 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla 2019-01-05 11:08 - 2018-08-29 19:58 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2019-01-03 19:04 - 2018-05-16 17:03 - 001763504 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-01-03 19:04 - 2018-04-12 16:51 - 000785012 _____ C:\WINDOWS\system32\perfh015.dat 2019-01-03 19:04 - 2018-04-12 16:51 - 000152122 _____ C:\WINDOWS\system32\perfc015.dat 2019-01-03 19:04 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF 2019-01-03 18:55 - 2018-05-16 16:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-01-03 17:16 - 2016-03-29 20:47 - 000000000 ____D C:\Users\user\Desktop\!!!Outlook 2019-01-03 16:52 - 2018-04-02 17:21 - 000000000 ____D C:\Users\user\AppData\Local\7D016235-1F57-4EDB-A0D6-774284755FA4.aplzod 2019-01-03 16:02 - 2018-05-19 09:10 - 000000000 ____D C:\Users\user\Desktop\PV 2019-01-03 16:02 - 2015-09-11 08:46 - 000000000 ____D C:\Users\user\Documents\INFO WAZNE 2019-01-03 15:59 - 2016-11-14 01:01 - 000000000 ____D C:\Users\user\Desktop\Z TELEFONU ZDJ DCIM 2018-12-19 23:42 - 2018-05-16 16:59 - 000003568 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2018-12-19 23:42 - 2018-05-16 16:59 - 000003444 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2018-12-18 17:14 - 2016-01-21 21:56 - 000002318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-12-18 17:14 - 2016-01-21 21:56 - 000002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-12-16 18:50 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-12-15 11:21 - 2016-11-28 23:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-12-15 11:21 - 2015-09-12 18:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-12-14 18:17 - 2015-09-12 18:41 - 000001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-12-13 09:58 - 2018-08-16 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-12-13 09:58 - 2015-09-11 11:48 - 000001394 _____ C:\Users\Public\Desktop\Skype.lnk 2018-12-12 23:03 - 2018-05-16 16:59 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1231107459-2238070508-2818764562-1001 2018-12-12 23:03 - 2018-05-16 16:54 - 000002419 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-12-12 23:00 - 2015-09-09 18:55 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-12-10 23:47 - 2018-11-12 09:42 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2018-12-10 23:47 - 2018-08-29 19:58 - 001028680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2018-12-10 23:47 - 2018-08-29 19:58 - 000469272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2018-12-10 23:47 - 2018-08-29 19:58 - 000380464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2018-12-10 23:47 - 2018-08-29 19:58 - 000208472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2018-12-10 23:47 - 2018-08-29 19:58 - 000201240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2018-12-10 23:47 - 2018-08-29 19:58 - 000163208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2018-12-10 23:47 - 2018-08-29 19:58 - 000111800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2018-12-10 23:47 - 2018-08-29 19:58 - 000087432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2018-12-10 23:47 - 2018-08-29 19:58 - 000046384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2018-12-10 23:47 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP ==================== Pliki w katalogu głównym wybranych folderów ======= 2019-01-05 11:18 - 2019-01-05 11:18 - 000705376 _____ () C:\Users\Public\ASR.dat 2015-09-09 19:05 - 2016-08-29 18:31 - 000002559 _____ () C:\Users\user\AppData\Roaming\DESKTOP-3QHRRKJ.MTBF.txt 2018-11-14 12:37 - 2018-11-14 12:37 - 000450645 _____ (MINDBODY) C:\Users\user\AppData\Roaming\fe.dll 2018-11-16 11:29 - 2018-11-16 11:29 - 000520262 _____ (Adobe Systems, Incorporated) C:\Users\user\AppData\Roaming\jpSxqNdRKn.dll 2018-11-13 23:58 - 2018-11-13 23:58 - 000450645 _____ (MINDBODY) C:\Users\user\AppData\Roaming\nsow.dll 2018-11-13 12:03 - 2018-11-13 12:03 - 000450645 _____ (MINDBODY) C:\Users\user\AppData\Roaming\rU.dll 2018-11-15 16:45 - 2018-11-15 16:45 - 000602112 _____ (Microsoft Corporation) C:\Users\user\AppData\Roaming\tzLAJLAnC.dll 2015-09-09 19:46 - 2015-09-09 19:46 - 000003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-05-16 16:53 ==================== Koniec FRST.txt ============================