Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 09.12.2018 Uruchomiony przez ewuśka (administrator) EWUSKA-KOMPUTER (19-12-2018 19:02:27) Uruchomiony z C:\Users\ewuśka\Desktop Załadowane profile: UpdatusUser & ewuśka (Dostępne profile: UpdatusUser & ewuśka) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (© 2015 Microsoft Corporation) C:\Users\ewuśka\AppData\Local\Microsoft\BingSvc\BingSvc.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (HP Inc.) C:\Program Files\HP\HP DeskJet 5000 series\Bin\ScanToPCActivationApp.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe (Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-20] (AVAST Software) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Sage Komunikator] => C:\Program Files (x86)\Sage\Komunikator\SageUpdt.exe [246736 2013-01-03] () Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-1480235242-2075340924-4091109271-1001\...\Run: [BingSvc] => C:\Users\ewuśka\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) HKU\S-1-5-21-1480235242-2075340924-4091109271-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Technologies S.A.) HKU\S-1-5-21-1480235242-2075340924-4091109271-1001\...\Run: [HP DeskJet 5000 (NET)] => C:\Program Files\HP\HP DeskJet 5000 series\Bin\ScanToPCActivationApp.exe [4062344 2017-03-31] (HP Inc.) HKU\S-1-5-21-1480235242-2075340924-4091109271-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd) HKU\S-1-5-21-1480235242-2075340924-4091109271-1001\...\MountPoints2: {0a84b657-1e98-11e5-82c0-806e6f6e6963} - G:\Setup.exe HKU\S-1-5-21-1480235242-2075340924-4091109271-1001\...\MountPoints2: {c4a591c2-fde2-11e6-8367-dca9712eecc5} - F:\AutoRun.exe HKU\S-1-5-18\...\Run: [Norton Download Manager{NIS2250215-SHPD-FSD51083}] => C:\Users\Public\Downloads\Norton\{NIS2250215-SHPD-FSD51083}\FSDUI_Custom.exe [1110856 2015-09-07] (Symantec Corporation) AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{3713E8AA-7E1B-455F-84A9-C31553156439}: [DhcpNameServer] 192.168.8.1 Internet Explorer: ================== HKU\S-1-5-21-1480235242-2075340924-4091109271-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com/ HKU\S-1-5-21-1480235242-2075340924-4091109271-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1480235242-2075340924-4091109271-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) Toolbar: HKU\S-1-5-21-1480235242-2075340924-4091109271-1001 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab FireFox: ======== FF ProfilePath: C:\Users\ewuśka\AppData\Roaming\Mozilla\Firefox\Profiles\26a9xiyc.default [2018-12-19] FF Homepage: Mozilla\Firefox\Profiles\26a9xiyc.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=pl-pl FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-19] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-19] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [Brak pliku] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> msn.com CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms} CHR Profile: C:\Users\ewuśka\AppData\Local\Google\Chrome\User Data\Default [2018-12-19] CHR Extension: (Dokumenty) - C:\Users\ewuśka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Dysk Google) - C:\Users\ewuśka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (YouTube) - C:\Users\ewuśka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02] CHR Extension: (Google Search) - C:\Users\ewuśka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31] CHR Extension: (Avast SafePrice | Porównania, promocje, kupony) - C:\Users\ewuśka\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-12-19] CHR Extension: (Dokumenty Google offline) - C:\Users\ewuśka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\ewuśka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05] CHR Extension: (Gmail) - C:\Users\ewuśka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR Extension: (Chrome Media Router) - C:\Users\ewuśka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31] CHR HKU\S-1-5-21-1480235242-2075340924-4091109271-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-20] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-20] (AVAST Software) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [Brak podpisu cyfrowego] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [201240 2018-11-20] (AVAST Software) R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-20] (AVAST Software) R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [201768 2018-11-20] (AVAST Software) R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [346592 2018-11-20] (AVAST Software) R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [59496 2018-11-20] (AVAST Software) R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software) S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46384 2018-11-20] (AVAST Software) R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42288 2018-11-20] (AVAST Software) R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [163208 2018-11-20] (AVAST Software) R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [111800 2018-11-20] (AVAST Software) R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [87432 2018-11-20] (AVAST Software) R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1028680 2018-11-20] (AVAST Software) R1 aswSP; C:\windows\System32\drivers\aswSP.sys [469272 2018-11-20] (AVAST Software) R2 aswStm; C:\windows\System32\drivers\aswStm.sys [208472 2018-11-20] (AVAST Software) R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380464 2018-11-20] (AVAST Software) S3 CT_QUALCOMM_U_drv; C:\windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (QUALCOMM Incorporated) [Brak podpisu cyfrowego] S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-17] (Windows (R) 2003 DDK 3790 provider) R2 SGDrv; C:\windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-12-19 19:02 - 2018-12-19 19:03 - 000015404 _____ C:\Users\ewuśka\Desktop\FRST.txt 2018-12-19 19:00 - 2018-12-19 15:19 - 002417152 _____ (Farbar) C:\Users\ewuśka\Desktop\FRST64.exe 2018-12-19 18:59 - 2018-12-19 18:59 - 000000951 _____ C:\Users\ewuśka\Desktop\BlueScreenView.cfg 2018-12-19 18:52 - 2018-12-19 18:53 - 000000000 ____D C:\Users\ewuśka\AppData\Local\DBG 2018-12-19 18:50 - 2018-12-19 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2018-12-19 18:50 - 2018-12-19 18:50 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2018-12-19 18:46 - 2018-12-19 18:46 - 001351248 _____ (Microsoft Corporation) C:\Users\ewuśka\Downloads\winsdksetup.exe 2018-12-19 18:46 - 2018-12-19 18:46 - 000509264 _____ (Microsoft Corporation) C:\Users\ewuśka\Downloads\winsdk_web.exe 2018-12-19 18:25 - 2018-12-19 18:25 - 000085380 _____ C:\Users\ewuśka\Downloads\bluescreenview-x64.zip 2018-12-19 18:05 - 2018-12-19 18:05 - 773307990 _____ C:\windows\MEMORY.DMP 2018-12-19 18:05 - 2018-12-19 18:05 - 000262144 _____ C:\windows\Minidump\121918-29078-01.dmp 2018-12-19 17:42 - 2018-12-19 15:26 - 007321808 _____ (Malwarebytes) C:\Users\ewuśka\Desktop\adwcleaner_7.2.5.0.exe 2018-12-19 17:33 - 2018-12-19 17:45 - 000000000 ____D C:\AdwCleaner 2018-12-19 17:33 - 2018-12-19 17:33 - 000003870 _____ C:\windows\System32\Tasks\CCleaner Update 2018-12-19 17:33 - 2018-12-19 17:33 - 000002824 _____ C:\windows\System32\Tasks\CCleanerSkipUAC 2018-12-19 17:33 - 2018-12-19 17:33 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-12-19 17:33 - 2018-12-19 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-12-19 17:31 - 2018-12-19 17:32 - 019309424 _____ (Piriform Software Ltd) C:\Users\ewuśka\Downloads\cctrialsetup.exe 2018-11-20 09:24 - 2018-11-20 09:24 - 000378584 _____ (AVAST Software) C:\windows\system32\aswBoot.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-12-19 19:02 - 2017-11-10 15:05 - 000000000 ____D C:\FRST 2018-12-19 18:50 - 2014-02-19 17:25 - 000000000 ____D C:\ProgramData\Package Cache 2018-12-19 18:49 - 2009-07-14 05:45 - 000028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-12-19 18:49 - 2009-07-14 05:45 - 000028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-12-19 18:36 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf 2018-12-19 18:26 - 2015-01-29 10:11 - 000146528 _____ (NirSoft) C:\Users\ewuśka\Desktop\BlueScreenView.exe 2018-12-19 18:26 - 2015-01-29 10:11 - 000018488 _____ C:\Users\ewuśka\Desktop\BlueScreenView.chm 2018-12-19 18:26 - 2015-01-29 10:11 - 000017494 _____ C:\Users\ewuśka\Desktop\readme.txt 2018-12-19 18:25 - 2011-11-21 03:52 - 000070248 _____ C:\Users\ewuśka\AppData\Local\GDIPFONTCACHEV1.DAT 2018-12-19 18:11 - 2018-07-26 08:52 - 000000000 ____D C:\Users\ewuśka\AppData\Local\AVAST Software 2018-12-19 18:05 - 2016-10-30 13:10 - 000000000 ____D C:\windows\Minidump 2018-12-19 18:05 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT 2018-12-19 17:56 - 2011-12-10 09:09 - 000000000 ____D C:\Users\ewuśka\AppData\Local\CrashDumps 2018-12-19 17:33 - 2017-11-10 15:13 - 000000000 ____D C:\Program Files\CCleaner 2018-12-19 17:31 - 2018-03-23 09:30 - 000004578 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-12-19 17:31 - 2012-11-30 18:34 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2018-12-19 17:31 - 2012-11-30 18:34 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-12-19 17:31 - 2012-11-30 18:34 - 000004412 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2018-12-19 17:31 - 2011-09-07 00:01 - 001044684 _____ C:\windows\system32\perfh015.dat 2018-12-19 17:31 - 2011-09-07 00:01 - 000262496 _____ C:\windows\system32\perfc015.dat 2018-12-19 17:31 - 2009-07-14 06:13 - 000006484 _____ C:\windows\system32\PerfStringBackup.INI 2018-12-19 17:30 - 2012-11-30 18:34 - 000000000 ____D C:\windows\system32\Macromed 2018-12-19 17:30 - 2011-09-07 04:48 - 000000000 ____D C:\windows\SysWOW64\Macromed 2018-12-19 17:15 - 2011-12-10 11:53 - 000003482 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-12-19 17:15 - 2011-12-10 11:53 - 000003354 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-12-19 17:12 - 2011-09-07 04:42 - 000000000 ____D C:\Users\UpdatusUser 2018-11-28 09:57 - 2011-12-10 11:53 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-11-28 09:57 - 2011-12-10 11:53 - 000002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-11-26 18:42 - 2018-02-07 20:45 - 000239840 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys 2018-11-20 09:24 - 2018-10-23 08:00 - 000042288 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 001028680 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000469272 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000380464 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000346592 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000230344 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000208472 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000201768 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000201240 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000163208 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000111800 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000087432 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000059496 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000046384 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys 2018-11-20 09:24 - 2018-02-07 20:45 - 000003910 _____ C:\windows\System32\Tasks\Avast Emergency Update ==================== Pliki w katalogu głównym wybranych folderów ======= 2012-01-05 15:19 - 2012-01-05 15:19 - 000000000 _____ () C:\Users\ewuśka\AppData\Local\{A13BDE9E-5C71-4C07-8098-51D1ACCEDA90} ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\windows\system32\wininit.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\windows\explorer.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\windows\system32\svchost.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\windows\system32\services.exe => Plik podpisany cyfrowo C:\windows\system32\User32.dll => Plik podpisany cyfrowo C:\windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\windows\system32\userinit.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-11-26 10:00 ==================== Koniec FRST.txt ============================