Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 19.06.2018 Uruchomiony przez User (administrator) DESKTOP-ELIF4U0 (19-06-2018 21:34:21) Uruchomiony z C:\Users\User\Desktop Załadowane profile: User (Dostępne profile: User) Platform: Windows 10 Pro Wersja 1709 16299.371 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (AMD) C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atiesrxx.exe (AMD) C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atieclxx.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHDCPSvc.exe (Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHeciSvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxEM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383336 2017-08-31] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-31] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-31] (Realtek Semiconductor) HKLM\...\Run: [TNOD UP] => "C:\Program Files (x86)\TNod\TNODUP.exe" /i HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKU\S-1-5-21-4155290210-3035117307-2680524550-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-01-30] (Disc Soft Ltd) HKU\S-1-5-21-4155290210-3035117307-2680524550-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-4155290210-3035117307-2680524550-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 Tcpip\..\Interfaces\{2d94457a-c2a5-46ab-b99a-b4bb4b686fdf}: [DhcpNameServer] 192.168.88.1 Tcpip\..\Interfaces\{d708c620-0690-45bd-b980-950263d01689}: [DhcpNameServer] 192.168.88.1 Internet Explorer: ================== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2018-01-30] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2018-01-30] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GR469A~1.DLL [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2018-01-30] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2018-01-30] (Oracle Corporation) Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GRA32A~1.DLL [2006-10-27] (Microsoft Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4155290210-3035117307-2680524550-1001 -> hxxp://google.pl/ FireFox: ======== FF DefaultProfile: 6tvcj6m4.default-1525591620804 FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6tvcj6m4.default-1525591620804 [2018-06-19] FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6tvcj6m4.default-1525591620804\features\{d18d837c-bb77-4d16-95c5-00fa2526f61e}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-17] [Przestarzałe] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2018-01-30] () FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-01-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-01-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2018-01-30] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2016-09-20] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-01-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-01-30] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atiesrxx.exe [482280 2018-04-27] (AMD) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-01-30] (Disc Soft Ltd) R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [197120 2017-07-13] (Dolby Laboratories, Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2016-12-14] (ESET) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-06-17] (SurfRight B.V.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324584 2017-08-31] (Realtek Semiconductor) R2 RtkBtManServ; C:\Windows\RtkBtManServ.exe [293352 2017-08-09] (Realtek Semiconductor Corp.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-13] (Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [291496 2018-01-29] (Synaptics Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-30] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-30] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atikmdag.sys [44670944 2018-04-27] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atikmpag.sys [553448 2018-04-27] (Advanced Micro Devices, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2018-01-30] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2018-01-30] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-02-19] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET) R1 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [70960 2017-01-17] (ESET) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-19] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-19] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-06-19] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-19] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [103656 2018-06-19] (Malwarebytes) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [724456 2017-08-09] (Realtek Semiconductor Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3238368 2017-10-31] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [7895912 2017-10-28] (Realtek Semiconductor Corporation ) S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-30] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [55976 2018-01-29] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [23040 2018-03-14] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-01-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288848 2018-01-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-30] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-06-19 21:34 - 2018-06-19 21:34 - 000013013 _____ C:\Users\User\Desktop\FRST.txt 2018-06-19 21:29 - 2018-06-19 21:31 - 000003895 _____ C:\Users\User\Desktop\Fixlog.txt 2018-06-19 19:52 - 2018-06-19 21:32 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-06-19 19:52 - 2018-06-19 21:32 - 000112872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-06-19 19:52 - 2018-06-19 21:32 - 000103656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-06-19 19:52 - 2018-06-19 21:32 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-06-19 19:52 - 2018-06-19 19:52 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-06-19 19:52 - 2018-06-19 19:52 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-06-19 19:52 - 2018-06-19 19:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-06-19 19:52 - 2018-06-19 19:52 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-06-19 19:52 - 2018-06-19 19:52 - 000000000 ____D C:\Program Files\Malwarebytes 2018-06-19 19:52 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-06-19 19:50 - 2018-06-19 19:51 - 078101496 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5526.exe 2018-06-19 19:45 - 2018-06-19 19:46 - 000002601 _____ C:\Users\User\Downloads\spbqvcnzftiybes.txt 2018-06-19 19:43 - 2018-06-19 19:43 - 000002601 _____ C:\Users\User\Downloads\idbniluzwz.txt 2018-06-19 19:42 - 2018-06-19 19:42 - 000000002 _____ C:\Users\User\Downloads\ffyfnsazfxsodxg.txt 2018-06-19 19:41 - 2018-06-19 19:46 - 000004467 _____ C:\Users\User\Downloads\Fixlog.txt 2018-06-19 19:41 - 2018-06-19 19:41 - 000002601 _____ C:\Users\User\Downloads\rlcxfwdfnwsgtnpdrx.txt 2018-06-19 19:40 - 2018-06-19 19:40 - 000000085 _____ C:\Windows\wininit.ini 2018-06-18 17:23 - 2018-06-19 21:34 - 000000000 ____D C:\FRST 2018-06-18 17:22 - 2018-06-19 21:28 - 002413056 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2018-06-18 17:10 - 2018-06-18 17:10 - 000106816 _____ C:\Users\User\Downloads\FixWin10.zip 2018-06-17 12:57 - 2017-09-29 15:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20180617-125740.backup 2018-06-17 12:28 - 2018-06-17 12:28 - 000002689 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Otwórz dokument pakietu Microsoft Office.lnk 2018-06-17 12:28 - 2018-06-17 12:28 - 000002663 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Nowy dokument pakietu Microsoft Office.lnk 2018-06-17 11:53 - 2018-06-17 11:53 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2018-06-17 11:52 - 2018-06-19 19:44 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2018-06-17 11:52 - 2018-06-19 19:40 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2018-06-17 11:45 - 2018-06-17 11:45 - 000001694 _____ C:\Windows\system32\.crusader 2018-06-17 11:39 - 2018-06-17 11:47 - 000000000 ____D C:\ProgramData\HitmanPro 2018-06-17 11:39 - 2018-06-17 11:39 - 000002012 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2018-06-17 11:39 - 2018-06-17 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2018-06-17 11:39 - 2018-06-17 11:39 - 000000000 ____D C:\Program Files\HitmanPro 2018-06-11 19:57 - 2018-06-11 19:57 - 000000165 ____H C:\Users\User\Desktop\~$wesele1.xlsx 2018-06-03 14:21 - 2018-06-18 20:50 - 000018294 _____ C:\Users\User\Desktop\wesele1.xlsx 2018-06-02 17:26 - 2018-06-02 17:26 - 000000000 ____D C:\ProgramData\Samsung 2018-05-28 08:28 - 2018-06-01 17:23 - 000017381 _____ C:\Users\User\Documents\wesele.xlsx 2018-05-25 22:12 - 2018-05-25 22:12 - 000112104 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2018-05-25 20:53 - 2018-06-17 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2018-05-25 20:29 - 2018-05-25 20:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Works 2018-05-25 20:28 - 2018-05-25 20:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2018-05-25 20:26 - 2018-05-25 20:26 - 000000000 ____D C:\Windows\PCHEALTH 2018-05-25 20:00 - 2018-05-25 20:00 - 000000000 ____D C:\Program Files\Microsoft Office 2018-05-25 19:59 - 2018-05-25 19:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2018-05-25 19:56 - 2018-05-25 20:28 - 000000000 ____D C:\Windows\SHELLNEW 2018-05-25 19:53 - 2018-05-25 19:53 - 000000000 __RHD C:\MSOCache 2018-05-25 15:12 - 2018-06-14 23:17 - 000004000 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1527253915 2018-05-25 15:12 - 2018-06-14 23:17 - 000001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk 2018-05-20 12:33 - 2018-06-17 11:16 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-05-20 12:33 - 2018-06-17 11:16 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-05-20 12:33 - 2018-05-20 12:33 - 000002868 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-05-20 12:33 - 2018-05-20 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-05-20 12:33 - 2018-05-20 12:33 - 000000000 ____D C:\Program Files\CCleaner 2018-05-20 11:57 - 2018-05-20 11:57 - 000000979 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk 2018-05-20 11:57 - 2018-05-20 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2018-05-20 11:57 - 2018-05-20 11:57 - 000000000 ____D C:\Program Files\CPUID ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-06-19 21:33 - 2018-01-30 16:58 - 000000000 ____D C:\Program Files (x86)\TNod 2018-06-19 21:33 - 2018-01-30 16:49 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2018-06-19 21:33 - 2018-01-30 16:21 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles 2018-06-19 21:32 - 2018-05-03 13:02 - 000000008 __RSH C:\ProgramData\ntuser.pol 2018-06-19 21:32 - 2018-01-30 16:25 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2018-06-19 21:32 - 2018-01-30 16:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-06-19 21:32 - 2017-09-29 10:45 - 000524288 _____ C:\Windows\system32\config\BBI 2018-06-19 21:29 - 2018-05-16 11:53 - 000019053 _____ C:\Windows\diagwrn.xml 2018-06-19 21:29 - 2018-05-16 11:53 - 000019053 _____ C:\Windows\diagerr.xml 2018-06-19 21:29 - 2017-09-29 15:46 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2018-06-19 21:29 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2018-06-19 21:25 - 2018-01-30 16:14 - 000000000 ____D C:\Windows\system32\SleepStudy 2018-06-19 20:54 - 2017-09-29 10:45 - 000032768 _____ C:\Windows\system32\config\ELAM 2018-06-19 20:53 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF 2018-06-19 20:49 - 2018-04-12 18:58 - 000000000 ___HD C:\$WINDOWS.~BT 2018-06-19 20:49 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\Registration 2018-06-19 20:23 - 2018-01-30 16:14 - 000000000 ____D C:\Windows\Panther 2018-06-19 19:51 - 2018-01-30 16:23 - 008332406 _____ C:\Windows\system32\PerfStringBackup.INI 2018-06-19 19:51 - 2017-09-30 16:31 - 004169010 _____ C:\Windows\system32\perfh015.dat 2018-06-19 19:51 - 2017-09-30 16:31 - 001153792 _____ C:\Windows\system32\perfc015.dat 2018-06-19 19:51 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization 2018-06-19 19:50 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-06-19 19:50 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\AppReadiness 2018-06-19 19:41 - 2018-03-31 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16## 2018-06-19 19:41 - 2018-03-18 09:36 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk 2018-06-19 19:41 - 2018-01-30 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Narzędzia pakietu Microsoft Office 2016 2018-06-19 19:40 - 2018-03-18 09:00 - 000000000 ____D C:\Users\User\AppData\Local\Akamai 2018-06-17 21:22 - 2018-01-30 16:14 - 000454176 _____ C:\Windows\system32\FNTCACHE.DAT 2018-06-17 13:32 - 2017-09-29 15:37 - 000000000 ____D C:\Windows\CbsTemp 2018-06-17 11:35 - 2018-01-30 16:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-06-17 11:34 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-06-16 23:54 - 2018-01-30 16:27 - 000000000 ____D C:\Windows\system32\MRT 2018-06-16 19:05 - 2018-01-30 16:27 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-06-16 19:05 - 2017-12-13 13:24 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe 2018-06-14 23:17 - 2018-04-17 10:14 - 000000000 ____D C:\Program Files\Opera 2018-06-10 08:08 - 2018-05-06 09:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-06-07 20:34 - 2018-05-06 09:26 - 000001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-06-07 20:34 - 2018-05-06 09:26 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-06-06 01:24 - 2018-05-13 21:52 - 000835056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-06-06 01:24 - 2018-05-13 21:52 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-06-03 14:21 - 2018-01-30 16:55 - 000000000 ____D C:\Users\User\AppData\Local\Microsoft Help 2018-05-25 20:29 - 2017-12-13 13:39 - 000000000 ____D C:\Program Files (x86)\MSBuild 2018-05-25 20:03 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-05-25 19:58 - 2017-09-29 15:46 - 000000167 _____ C:\Windows\win.ini 2018-05-25 15:12 - 2018-04-17 10:16 - 000000000 ____D C:\Users\User\AppData\Roaming\Opera Software 2018-05-25 15:12 - 2018-04-17 10:16 - 000000000 ____D C:\Users\User\AppData\Local\Opera Software 2018-05-20 11:13 - 2018-01-30 16:20 - 000000000 ____D C:\Users\User\AppData\Local\Packages ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-06-19 20:25 ==================== Koniec FRST.txt ============================