Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:10-04-2016 01 Uruchomiony przez Franciszek (administrator) FRANEK (11-04-2016 16:55:42) Uruchomiony z C:\Users\Franciszek\Desktop Załadowane profile: Franciszek (Dostępne profile: UpdatusUser & Franciszek) Platform: Windows 10 Home Wersja 1511 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Google, Inc) C:\Users\Franciszek\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\wuapihost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-09-23] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-11-23] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1359127692-1463339172-2411425835-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1359127692-1463339172-2411425835-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation) HKU\S-1-5-21-1359127692-1463339172-2411425835-1002\...\Run: [Google Update] => C:\Users\Franciszek\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-28] (Google Inc.) HKU\S-1-5-21-1359127692-1463339172-2411425835-1002\...\Run: [Google Photos Backup] => C:\Users\Franciszek\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc) HKU\S-1-5-21-1359127692-1463339172-2411425835-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd) HKU\S-1-5-21-1359127692-1463339172-2411425835-1002\...\RunOnce: [Uninstall C:\Users\Franciszek\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Franciszek\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" HKU\S-1-5-21-1359127692-1463339172-2411425835-1002\...\RunOnce: [Uninstall C:\Users\Franciszek\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Franciszek\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-1359127692-1463339172-2411425835-1002\...\RunOnce: [Uninstall C:\Users\Franciszek\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Franciszek\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-20] (AVAST Software) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2016-04-07] ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.3.100 Tcpip\..\Interfaces\{242dceb5-c622-442c-b84c-8451637f02c3}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{507da0a0-3e11-4f0e-9ea5-1426e7314cb2}: [NameServer] 89.108.202.21 89.108.195.21 Tcpip\..\Interfaces\{74018475-f143-474a-b8eb-008d65178f08}: [NameServer] 89.108.202.21 89.108.195.21 Tcpip\..\Interfaces\{a923e0fb-7a41-4fb3-8069-eac029ff2028}: [NameServer] 89.108.202.21 89.108.195.21 Tcpip\..\Interfaces\{db1c0518-667c-4433-94f1-33717f037978}: [DhcpNameServer] 192.168.3.100 Internet Explorer: ================== BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-11] (Qualcomm Atheros Commnucations) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-20] (AVAST Software) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-20] (AVAST Software) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.pl/" CHR Profile: C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-07] CHR Extension: (Dokumenty Google) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-07] CHR Extension: (Dysk Google) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-07] CHR Extension: (YouTube) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-07] CHR Extension: (Arkusze Google) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-07] CHR Extension: (Dokumenty Google offline) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-07] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07] CHR Extension: (Gmail) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-07] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-20] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-20] (AVAST Software) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2015-11-17] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-23] (ELAN Microelectronics Corp.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-09-06] (WildTangent) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Brak podpisu cyfrowego] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation) S4 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [651856 2013-10-26] () R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-10] (Dritek System INC.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-20] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-21] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-20] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-20] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-20] (AVAST Software) S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [121728 2013-12-10] (Huawei Technologies Co., Ltd.) S3 hwusb_wwanecm; C:\Windows\System32\drivers\ew_wwanecm.sys [376704 2013-12-10] (Huawei Technologies Co., Ltd.) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-10] (Dritek System Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-11 16:55 - 2016-04-11 16:55 - 00016623 _____ C:\Users\Franciszek\Desktop\FRST.txt 2016-04-11 16:46 - 2016-04-11 16:48 - 00015957 _____ C:\Users\Franciszek\Desktop\Fixlog.txt 2016-04-11 15:44 - 2016-04-11 15:45 - 00046335 _____ C:\Users\Franciszek\Downloads\Addition.txt 2016-04-11 15:42 - 2016-04-11 16:55 - 00000000 ____D C:\FRST 2016-04-11 15:42 - 2016-04-11 15:45 - 00033935 _____ C:\Users\Franciszek\Downloads\FRST.txt 2016-04-11 15:42 - 2016-04-11 15:42 - 02375168 _____ (Farbar) C:\Users\Franciszek\Desktop\FRST64.exe 2016-04-11 15:41 - 2016-04-11 15:42 - 01725952 _____ (Farbar) C:\Users\Franciszek\Downloads\FRST.exe 2016-04-11 15:37 - 2016-04-11 15:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\Franciszek\Downloads\HijackThis_2.0.4 (2).exe 2016-04-11 15:25 - 2016-04-11 15:25 - 08322138 _____ C:\Users\Franciszek\Downloads\policy_templates.zip 2016-04-11 15:10 - 2016-04-11 15:10 - 01356669 _____ C:\Users\Franciszek\Downloads\tool90.rar 2016-04-11 15:09 - 2016-04-11 15:09 - 00000000 ___HD C:\OneDriveTemp 2016-04-08 18:30 - 2016-04-08 18:30 - 00002058 _____ C:\Users\Public\Desktop\abMusic.lnk 2016-04-08 18:26 - 2016-04-08 18:26 - 00002062 _____ C:\Users\Public\Desktop\abPhoto.lnk 2016-04-07 12:40 - 2016-04-07 12:40 - 00002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-07 12:40 - 2016-04-07 12:40 - 00002346 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-04-07 12:39 - 2016-04-07 12:39 - 00987728 _____ (Google Inc.) C:\Users\Franciszek\Downloads\ChromeSetup.exe 2016-04-07 12:37 - 2016-04-07 12:37 - 00003404 _____ C:\WINDOWS\System32\Tasks\abDocsDllLoader 2016-04-07 12:37 - 2016-04-07 12:37 - 00002026 _____ C:\Users\Public\Desktop\abDocs.lnk 2016-04-07 12:36 - 2016-04-07 12:36 - 00003418 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent 2016-04-07 12:18 - 2016-04-07 12:18 - 00000080 _____ C:\Users\Franciszek\Desktop\Obrazy - skrót.lnk 2016-04-07 11:52 - 2016-04-07 12:18 - 00001179 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-04-07 11:51 - 2016-04-07 11:51 - 22851472 _____ (Malwarebytes ) C:\Users\Franciszek\Downloads\mbam-setup-2.2.1.1043.exe 2016-04-07 11:46 - 2016-04-07 12:18 - 00000911 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-04-07 11:46 - 2016-04-07 11:46 - 00002862 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2016-04-07 11:46 - 2016-04-07 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-04-07 11:46 - 2016-04-07 11:46 - 00000000 ____D C:\Program Files\CCleaner 2016-04-07 11:45 - 2016-04-07 11:46 - 06868672 _____ (Piriform Ltd) C:\Users\Franciszek\Downloads\ccsetup516.exe 2016-03-22 00:46 - 2016-03-22 00:46 - 00000000 ____D C:\Users\Franciszek\AppData\Local\Avast Software 2016-03-21 13:02 - 2016-04-07 12:19 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-03-21 13:02 - 2016-04-07 11:50 - 00002760 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458558172 2016-03-21 13:02 - 2016-03-21 13:02 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2016-03-20 20:07 - 2016-03-20 20:07 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-03-20 20:07 - 2016-03-20 20:07 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-11 16:55 - 2015-12-26 11:54 - 00000000 ____D C:\Program Files (x86)\Steam 2016-04-11 16:54 - 2012-12-29 16:01 - 00001070 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-11 16:53 - 2013-01-04 21:09 - 00000000 ____D C:\Users\Franciszek\AppData\Roaming\Skype 2016-04-11 16:51 - 2014-03-16 10:59 - 00000000 __RDO C:\Users\Franciszek\SkyDrive 2016-04-11 16:51 - 2012-12-29 16:01 - 00001066 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-11 16:50 - 2014-06-21 13:57 - 00000436 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2016-04-11 16:49 - 2015-12-26 14:07 - 00000008 __RSH C:\ProgramData\ntuser.pol 2016-04-11 16:49 - 2015-12-12 19:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-11 16:49 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-04-11 16:48 - 2013-12-20 22:00 - 00000000 ____D C:\Users\Franciszek\AppData\LocalLow\Temp 2016-04-11 16:47 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2016-04-11 16:47 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-04-11 16:27 - 2015-05-09 19:59 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-04-11 16:03 - 2015-12-28 15:35 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1359127692-1463339172-2411425835-1002UA.job 2016-04-11 15:29 - 2014-03-05 16:29 - 00004218 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BF0592DA-CE65-4BBD-9BFA-22C758CDF891} 2016-04-10 12:46 - 2012-12-29 16:02 - 00000000 ____D C:\Users\Franciszek\AppData\Local\clear.fi 2016-04-10 06:12 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-04-09 20:24 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-09 10:45 - 2015-12-26 22:47 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-04-08 23:50 - 2015-10-30 21:19 - 00818302 _____ C:\WINDOWS\system32\perfh015.dat 2016-04-08 23:50 - 2015-10-30 21:19 - 00157970 _____ C:\WINDOWS\system32\perfc015.dat 2016-04-08 23:50 - 2015-08-25 20:27 - 01845594 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-08 18:30 - 2012-09-03 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2016-04-08 18:29 - 2012-09-03 08:47 - 00000000 ____D C:\Program Files (x86)\Acer 2016-04-08 18:21 - 2015-05-07 14:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-04-08 17:27 - 2015-05-09 19:59 - 00003916 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-04-08 17:25 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-07 12:40 - 2012-12-29 16:01 - 00000000 ____D C:\Program Files (x86)\Google 2016-04-07 12:35 - 2012-09-03 09:16 - 00000000 ___HD C:\OEM 2016-04-07 12:29 - 2015-12-12 18:36 - 00194232 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-07 12:19 - 2015-12-26 22:48 - 00002027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2016-04-07 12:19 - 2015-12-12 18:52 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-04-07 12:19 - 2013-07-04 09:54 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-04-07 12:19 - 2012-10-10 02:56 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2016-04-07 12:19 - 2012-09-03 08:52 - 00001685 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer User's Manual.lnk 2016-04-07 12:19 - 2012-09-03 08:52 - 00001667 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Quick Guide.lnk 2016-04-07 12:19 - 2012-09-03 08:40 - 00002632 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk 2016-04-07 12:18 - 2015-12-26 22:48 - 00002015 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-04-07 12:18 - 2015-12-26 11:54 - 00001040 _____ C:\Users\Public\Desktop\Steam.lnk 2016-04-07 12:18 - 2015-11-13 17:01 - 00001120 _____ C:\Users\Public\Desktop\PLAY ONLINE.lnk 2016-04-07 12:18 - 2015-08-25 20:56 - 00002466 _____ C:\Users\Franciszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-04-07 12:18 - 2015-08-25 20:54 - 00001337 _____ C:\Users\Franciszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Menedżer Realtek HD Audio.lnk 2016-04-07 12:18 - 2015-05-09 19:55 - 00001255 _____ C:\Users\Franciszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2016-04-07 12:18 - 2015-02-21 16:50 - 00001051 _____ C:\Users\Franciszek\Desktop\PhotoScape.lnk 2016-04-07 12:18 - 2015-02-21 16:25 - 00001130 _____ C:\Users\Public\Desktop\Picasa 3.lnk 2016-04-07 12:18 - 2012-12-29 17:36 - 00000650 _____ C:\Users\Public\Desktop\Total Commander 64 bit.lnk 2016-04-07 12:18 - 2012-10-10 03:11 - 00001245 _____ C:\Users\Public\Desktop\Help and Support.lnk 2016-04-07 12:03 - 2015-12-28 15:35 - 00001040 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1359127692-1463339172-2411425835-1002Core.job 2016-04-07 11:52 - 2015-05-07 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-04-07 11:52 - 2015-05-07 14:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-04-07 11:49 - 2015-12-12 18:35 - 00000000 ___DC C:\WINDOWS\Panther 2016-04-02 12:40 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-04-02 10:04 - 2012-12-29 15:53 - 00000000 ____D C:\Users\Franciszek\AppData\Local\Packages 2016-03-22 21:15 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-22 00:46 - 2015-12-26 22:48 - 00000000 ____D C:\Users\Franciszek\AppData\Roaming\AVAST Software 2016-03-21 13:02 - 2015-12-26 22:46 - 00000000 ____D C:\ProgramData\AVAST Software 2016-03-21 13:02 - 2015-12-26 22:46 - 00000000 ____D C:\Program Files\AVAST Software 2016-03-20 20:13 - 2015-12-26 22:47 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2016-03-20 20:13 - 2015-12-26 22:47 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2016-03-20 20:12 - 2015-12-26 22:47 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2016-03-20 20:12 - 2015-12-26 22:47 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2016-03-20 20:07 - 2015-12-26 22:47 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2016-03-20 20:07 - 2015-12-26 22:47 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2016-03-20 20:07 - 2015-12-26 22:47 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-03-20 20:07 - 2015-12-26 22:47 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-03-17 16:20 - 2015-12-12 18:44 - 00000000 ____D C:\Users\Franciszek 2016-03-16 22:53 - 2015-06-18 00:05 - 00000000 ____D C:\Users\Franciszek\AppData\Local\ElevatedDiagnostics 2016-03-12 03:00 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-03-12 03:00 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-03-12 03:00 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-03-12 03:00 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-12-21 00:31 - 2013-12-21 00:31 - 0000062 _____ () C:\Users\Franciszek\AppData\Roaming\mbam.context.scan 2015-12-12 18:41 - 2015-12-12 18:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-04-04 19:03 ==================== Koniec FRST.txt ============================