Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 12.02.2018 Uruchomiony przez Irena (administrator) LENOVO-PC (12-02-2018 18:59:01) Uruchomiony z C:\Users\Irena\Downloads\FRST Załadowane profile: Irena & (Dostępne profile: Irena) Platform: Windows 8.1 (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe () C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe (Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe (Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe () C:\Program Files\Lenovo PhoneCompanion\adb.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-26] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2014-01-21] (Realtek semiconductor) HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-09-04] () HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-04] (Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-04] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-09-04] (Lenovo(beijing) Limited) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [Lenovo Recommends] => C:\Program Files (x86)\Lenovo\Lenovo Recommends\Lenovo Recommends.exe [119280 2014-01-09] (Lenovo) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-01-30] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Atheros Communications) HKU\S-1-5-21-651531635-3565247976-1847686583-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd) HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02122018183755138\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd) HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02122018183759430\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7F5FE3A0-F492-4B4E-A267-C8A1CC4E38DD}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{FC07B217-A58E-49F5-81B3-939BB3B4FA00}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-651531635-3565247976-1847686583-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02122018183755138\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02122018183755138\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02122018183755138\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02122018183759430\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02122018183759430\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-651531635-3565247976-1847686583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02122018183759430\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-08] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-08] (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default [2018-02-12] CHR Extension: (Avira Browser Safety) - C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-02-08] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Chrome Media Router) - C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-25] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Session Restore: -> [funkcja włączona] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2018-01-29] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-01-29] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-01-29] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2018-01-29] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [445112 2018-01-30] (Avira Operations GmbH & Co. KG) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-03-26] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.) R2 LenovoRecommends.AppService; C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe [19440 2014-01-09] () R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-04] (Lenovo(beijing) Limited) R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-09-04] (Lenovo) R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2014-01-07] (PointGrab LTD) R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-04] (Lenovo) S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-09-04] (Lenovo) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2014-09-04] (Lenovo) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-09-04] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-09-04] (Lenovo) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-12-24] (Atheros) [Brak podpisu cyfrowego] S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2018-01-29] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2018-01-29] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-01-29] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-01-29] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2018-01-29] (Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2018-01-29] (Avira Operations GmbH & Co. KG) R1 Bfilter; C:\WINDOWS\System32\drivers\Bfilter.sys [46912 2013-07-15] (Baidu, Inc.) R1 Bfmon; C:\WINDOWS\System32\drivers\Bfmon.sys [32064 2013-07-15] (Baidu, Inc.) R1 Bprotect; C:\WINDOWS\System32\drivers\Bprotect.sys [98048 2013-06-08] (Baidu, Inc.) R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] () U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [111336 2014-04-17] (GenesysLogic) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-02-12] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-02-12] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-02-12] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-12] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-02-12] (Malwarebytes) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [9105624 2014-01-21] (Realtek Semiconductor Corp.) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-25] (Synaptics Incorporated) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-12 18:48 - 2018-02-12 18:48 - 000000671 _____ C:\Users\Irena\Desktop\Malwarebytes_zdarzenie_ochrony.txt 2018-02-12 18:45 - 2018-02-12 18:45 - 000013089 _____ C:\Users\Irena\Desktop\Malwarebytes_report.txt 2018-02-12 18:42 - 2018-02-12 18:42 - 000013089 _____ C:\Users\Irena\Desktop\AntiMalware.txt 2018-02-12 16:07 - 2018-02-12 18:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-02-12 16:07 - 2018-02-12 16:07 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-02-12 16:07 - 2018-02-12 16:07 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-02-12 16:07 - 2018-02-12 16:07 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-02-12 16:07 - 2018-02-12 16:07 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-02-12 16:07 - 2018-02-12 16:07 - 000001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-02-12 16:07 - 2018-02-12 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-02-12 16:06 - 2018-02-12 16:06 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-02-12 16:06 - 2018-02-12 16:06 - 000000000 ____D C:\Program Files\Malwarebytes 2018-02-12 16:06 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2018-02-12 15:55 - 2018-02-12 16:00 - 067136752 _____ (Malwarebytes ) C:\Users\Irena\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3917.exe 2018-02-12 12:44 - 2018-02-12 18:59 - 000000000 ____D C:\FRST 2018-02-12 12:40 - 2018-02-12 18:57 - 000000000 ____D C:\Users\Irena\Downloads\FRST 2018-02-12 12:28 - 2018-02-12 12:41 - 169207208 _____ (Kaspersky Lab) C:\Users\Irena\Downloads\kav18.0.0.405pl-pl_full.exe 2018-02-08 19:01 - 2018-02-08 19:01 - 000003292 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray 2018-02-08 19:01 - 2018-02-08 19:01 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf 2018-02-08 19:01 - 2018-01-29 10:05 - 000178840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2018-02-08 19:01 - 2018-01-29 10:05 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2018-02-08 19:01 - 2018-01-29 10:05 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2018-02-08 19:01 - 2018-01-29 10:05 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys 2018-02-08 19:01 - 2018-01-29 10:05 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2018-02-08 19:01 - 2018-01-29 10:05 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2018-02-08 18:58 - 2018-02-08 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2018-02-08 18:58 - 2018-02-08 19:01 - 000000000 ____D C:\ProgramData\Avira 2018-02-08 18:58 - 2018-02-08 19:01 - 000000000 ____D C:\Program Files (x86)\Avira 2018-02-08 18:58 - 2018-02-08 18:58 - 000001215 _____ C:\Users\Public\Desktop\Avira.lnk 2018-02-08 18:57 - 2018-02-08 18:58 - 005357088 _____ (Avira Operations GmbH & Co. KG) C:\Users\Irena\Downloads\avira_en_av_5a7c8b46de7d8__ws.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-12 18:55 - 2015-01-08 15:48 - 000000000 ____D C:\Users\Irena\AppData\Roaming\ClassicShell 2018-02-12 18:39 - 2015-01-08 14:43 - 000003844 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F05BAAF-A46E-4826-B96E-42CB6366CD81} 2018-02-12 18:31 - 2015-01-08 14:53 - 000000000 ____D C:\Users\ !_canon dodatki system ok 2018-02-12 17:37 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf 2018-02-12 16:26 - 2015-01-08 20:37 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-651531635-3565247976-1847686583-1001 2018-02-12 15:52 - 2015-01-08 14:41 - 000000000 ____D C:\ProgramData\LU 2018-02-12 15:51 - 2015-07-11 09:02 - 000001279 _____ C:\Users\Irena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk 2018-02-12 15:46 - 2014-09-05 04:00 - 000808198 _____ C:\WINDOWS\system32\perfh015.dat 2018-02-12 15:46 - 2014-09-05 04:00 - 000164014 _____ C:\WINDOWS\system32\perfc015.dat 2018-02-12 15:46 - 2014-03-18 10:53 - 001828496 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-02-12 15:41 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-02-12 15:39 - 2014-09-04 19:35 - 000027136 _____ C:\WINDOWS\system32\VfService.trf 2018-02-12 12:50 - 2015-01-08 14:55 - 000000000 ____D C:\Users\ !_canon dodatki system ok 2 2018-02-08 18:58 - 2014-09-04 19:38 - 000000000 ____D C:\ProgramData\Package Cache 2018-02-08 18:37 - 2015-01-08 14:57 - 000000000 ____D C:\Program Files (x86)\Opera 2018-02-08 18:06 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-02-06 18:34 - 2015-01-08 15:04 - 000004252 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2018-02-06 18:34 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-02-06 18:34 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-02-03 17:33 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2018-02-02 10:56 - 2015-01-08 15:16 - 000002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-02 10:56 - 2015-01-08 15:16 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-01-23 15:24 - 2015-01-08 14:57 - 000003890 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1420725446 2018-01-17 20:10 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-01-17 20:10 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-01-08 14:55 - 2014-08-04 21:49 - 035596384 _____ (Skype Technologies S.A.) C:\Users\ !_canon dodatki system ok\ SkypeSetupFull.exe 2015-01-08 14:54 - 2012-11-27 22:46 - 000730960 _____ () C:\Users\ !_canon dodatki system ok\AA_v3.exe 2015-01-08 14:54 - 2013-07-30 15:22 - 038966928 _____ (Adobe Systems Incorporated) C:\Users\ !_canon dodatki system ok\AdbeRdr11000_pl_PL.exe 2015-01-08 14:54 - 2014-03-26 15:20 - 007681400 _____ (AIMP DevTeam) C:\Users\ !_canon dodatki system ok\AIMP3.exe 2015-01-08 14:54 - 2013-11-15 18:15 - 003298012 _____ ( ) C:\Users\ !_canon dodatki system ok\Burner 3.5 pl -full.exe 2015-01-08 14:54 - 2006-06-14 10:36 - 000880484 _____ () C:\Users\ !_canon dodatki system ok\EFRCSetup11b.exe 2015-01-08 14:54 - 2013-03-15 01:36 - 004699803 _____ (ffdshow ) C:\Users\ !_canon dodatki system ok\ffdshow_rev4504_20130312_clsid.exe 2015-01-08 14:54 - 2013-03-15 01:37 - 004933779 _____ (ffdshow ) C:\Users\ !_canon dodatki system ok\ffdshow_rev4504_20130312_clsid_x64.exe 2015-01-08 14:55 - 2014-11-08 23:55 - 017712816 _____ (Adobe Systems Incorporated) C:\Users\ !_canon dodatki system ok\flashplayer_15_ax_debug.exe 2015-01-08 14:54 - 2012-03-03 21:48 - 026809048 _____ () C:\Users\ !_canon dodatki system ok\gg10,5.exe 2015-01-08 14:55 - 2014-04-19 01:44 - 009545740 _____ (HaoZip Software Studio ) C:\Users\ !_canon dodatki system ok\HaoZip.exe 2015-01-08 14:54 - 2013-07-14 13:31 - 009063768 _____ ( ) C:\Users\ !_canon dodatki system ok\Hard Disk Sentinel PRO 4.40.6431 pl-full.exe 2015-01-08 14:54 - 2013-02-02 23:29 - 007812268 _____ (EFD Software) C:\Users\ !_canon dodatki system ok\HD Tune Pro v5.00.exe 2015-01-08 14:54 - 2009-12-29 16:19 - 027190316 _____ (Macrovision Corporation) C:\Users\ !_canon dodatki system ok\jetaudio5.exe 2015-01-08 14:54 - 2012-09-05 12:38 - 032693736 _____ (Oracle Corporation) C:\Users\ !_canon dodatki system ok\jre-7u7-windows-x64.exe 2015-01-08 14:54 - 2014-11-06 05:39 - 029458856 _____ (Oracle Corporation) C:\Users\ !_canon dodatki system ok\jre-7u71-windows-i586.exe 2015-01-08 14:55 - 2010-09-07 11:50 - 000806992 _____ ( ) C:\Users\ !_canon dodatki system ok\nfsAnalogGreenClock.exe 2015-01-08 14:55 - 2012-05-07 12:24 - 017233925 _____ (Daum Communications ) C:\Users\ !_canon dodatki system ok\PotPlayer_1.5.33425.0_x86_Beta_PL.exe 2015-01-08 14:55 - 2011-02-01 17:34 - 006909232 _____ ( ) C:\Users\ !_canon dodatki system ok\Real_Alternative_202.exe 2015-01-08 14:54 - 2014-11-10 15:04 - 004991400 _____ (Adobe Systems Inc.) C:\Users\ !_canon dodatki system ok\Shockwave_Installer_Slim.exe 2015-01-08 14:55 - 2014-11-08 23:54 - 006958304 _____ (Microsoft Corporation) C:\Users\ !_canon dodatki system ok\Silverlight.exe 2015-01-08 14:55 - 2014-11-09 00:01 - 001546856 _____ (Skype Technologies S.A.) C:\Users\ !_canon dodatki system ok\SkypeSetup.exe 2015-01-08 14:55 - 2011-01-28 21:44 - 003495256 _____ (TeamViewer GmbH) C:\Users\ !_canon dodatki system ok\TeamViewerQS.exe 2015-01-08 14:55 - 2014-05-19 16:16 - 013233971 _____ ( ) C:\Users\ !_canon dodatki system ok\WinRAR+5.10+-32x64+bit+pl-full.exe 2015-01-08 14:55 - 2010-03-02 18:35 - 000318904 _____ (Microsoft Corporation) C:\Users\ !_canon dodatki system ok\wmpfirefoxplugin.exe 2015-01-08 14:56 - 2014-01-27 15:04 - 032788928 _____ (Qihu 360 Software Co., Ltd.) C:\Users\ !_canon dodatki system ok 2\360is.exe 2015-01-08 14:56 - 2014-06-26 08:24 - 025848136 _____ () C:\Users\ !_canon dodatki system ok 2\360TS_Setup.exe 2015-01-08 14:55 - 2014-01-25 16:47 - 042258371 _____ ( ) C:\Users\ !_canon dodatki system ok 2\Advanced SystemCare Pro v7.1.0.399 pl-full.exe 2015-01-08 14:56 - 2014-10-27 01:21 - 001962496 _____ () C:\Users\ !_canon dodatki system ok 2\AdwCleaner 4.001.exe 2015-01-08 14:56 - 2014-10-27 01:24 - 001233962 _____ () C:\Users\ !_canon dodatki system ok 2\AdwCleaner(1).exe 2015-01-08 14:55 - 2013-10-04 16:23 - 000632049 _____ () C:\Users\ !_canon dodatki system ok 2\adwcleaner.exe 2015-01-08 14:55 - 2014-01-16 07:14 - 091412976 _____ (AVAST Software) C:\Users\ !_canon dodatki system ok 2\avast_free_antivirus_setup.exe 2015-01-08 14:55 - 2013-09-05 20:11 - 099333800 _____ (Baidu, Inc.) C:\Users\ !_canon dodatki system ok 2\baidu_Setup.EXE 2015-01-08 14:56 - 2014-07-23 18:47 - 050450705 _____ ( ) C:\Users\ !_canon dodatki system ok 2\GridinSoft Trojan Killer 2.2.4.0 pl-full.exe 2015-01-08 14:56 - 2013-09-17 13:13 - 000633672 _____ (Woodtale Technology Inc) C:\Users\ !_canon dodatki system ok 2\iSafedl.exe 2015-01-08 14:56 - 2012-07-30 01:06 - 012229728 _____ (Kingsoft Corporation) C:\Users\ !_canon dodatki system ok 2\kav_setup.exe 2015-01-08 14:56 - 2014-06-26 09:51 - 005576608 _____ (Kingsoft Corporation) C:\Users\ !_canon dodatki system ok 2\setup_multilang kingsoft pc doctor.exe 2015-01-08 14:56 - 2013-06-09 17:56 - 033471159 _____ (hirania) C:\Users\ !_canon dodatki system ok 2\SpyHunter4.13.6.4253-portable.exe 2015-01-08 14:56 - 2014-07-13 13:32 - 015344032 _____ ( ) C:\Users\ !_canon dodatki system ok 2\WinUtilities 11.15 Professinal Edition pl-full.exe 2015-01-08 14:56 - 2013-12-16 20:07 - 015500015 _____ ( ) C:\Users\ !_canon dodatki system ok 2\Wise Care 365 Pro 2.92.236 pl-full.exe 2015-01-08 14:56 - 2014-07-08 10:30 - 014556232 _____ ( ) C:\Users\ !_canon dodatki system ok 2\Wise Care 365 Pro 3.16.276 pl-full.exe 2015-01-08 14:56 - 2014-07-15 00:52 - 006791360 _____ (IvoSoft) C:\Users\ w i n 8\ ClassicShellSetup_4_1_0.exe 2015-01-08 14:56 - 2013-04-16 18:45 - 008791552 _____ (IvoSoft) C:\Users\ w i n 8\ClassicShellSetup_3_6_2.exe 2015-01-08 14:56 - 2013-01-16 14:16 - 001415884 _____ () C:\Users\ w i n 8\classic_shell_instalator_sciagnij.pl.exe 2015-01-08 14:56 - 2013-01-16 14:20 - 000889186 _____ (Lee-Soft.com) C:\Users\ w i n 8\windows-start-menu-vistart.exe 2016-10-12 15:01 - 2016-10-12 15:01 - 000000000 _____ () C:\Users\Irena\AppData\Local\{38094598-0B1F-486F-A5C8-7394D4DF9591} 2017-01-26 12:46 - 2017-01-26 12:46 - 000000000 _____ () C:\Users\Irena\AppData\Local\{3AA78958-78CF-4B4A-A07E-D3266895616E} 2017-06-08 19:26 - 2017-06-08 19:26 - 000000000 _____ () C:\Users\Irena\AppData\Local\{B7A6EBBD-9E79-417F-9601-9AA2BDDABA89} 2017-07-10 04:26 - 2017-07-10 04:26 - 000000000 _____ () C:\Users\Irena\AppData\Local\{BDF0BED2-49B3-41D5-95DE-6C85DB45B0DC} 2017-11-04 18:46 - 2017-11-04 18:46 - 000000000 _____ () C:\Users\Irena\AppData\Local\{F56CC64A-98BB-450B-8B7F-D94B4C73B71F} ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-07-19 06:47 ==================== Koniec FRST.txt ============================