Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 21-09-2016 Uruchomiony przez ULA (administrator) DESKTOP-ATFN99U (22-09-2016 23:11:14) Uruchomiony z C:\Users\ULA\Downloads Załadowane profile: ULA (Dostępne profile: ULA) Platform: Windows 10 Pro Wersja 1511 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe (Microsoft Corporation) E:\Config.Msi\f7a538a.rbf (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe () C:\Users\ULA\AppData\Local\Temp\6677-7e05-f38f-bb14.exe (Microsoft Corporation) C:\Windows\System32\wimserv.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Boomzap Pte Ltd) E:\Gry\Cathy's Crafts Platinum Edition\cathy.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Windows\System32\LockAppHost.exe () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242712 2016-02-12] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2016-02-13] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1806136 2015-09-13] (NVIDIA Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3731761838-2529421182-3744087246-1001\...\Run: [Steam] => "E:\Programy\steam.exe" -silent HKU\S-1-5-21-3731761838-2529421182-3744087246-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29538432 2016-08-17] (Skype Technologies S.A.) AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [185816 2015-09-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164192 2015-09-13] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-08] (AVAST Software) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) AutoConfigURL: [S-1-5-21-3731761838-2529421182-3744087246-1001] => hxxp://un-stop.net/wpad.dat?ae9fc464412773eaabf015c34a14ad8d16912299 Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{845ed8dd-4095-4afc-b08c-e80f7e794f05}: [DhcpNameServer] 192.168.2.1 ManualProxies: 0hxxp://un-stop.net/wpad.dat?ae9fc464412773eaabf015c34a14ad8d16912299 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Programy\Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation) BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> E:\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Programy\Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\Programy\Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-08] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-08] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF Chrome: ======= CHR Profile: C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default [2016-09-22] CHR Extension: (Prezentacje Google) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-12] CHR Extension: (Dokumenty Google) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-12] CHR Extension: (Dysk Google) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-12] CHR Extension: (YouTube) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-12] CHR Extension: (Adblock Plus) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-26] CHR Extension: (Google Search) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-12] CHR Extension: (BitComet Download Extension for Chrome) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhigneefebkcagnpnpbibganpmfgebnk [2016-02-20] CHR Extension: (Ocean Pacific) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecaabliejjdikjnkahhikeelbblahgoi [2016-02-14] CHR Extension: (Arkusze Google) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-12] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-12] CHR Extension: (Chrome Media Router) - C:\Users\ULA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22] CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-08] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-08] (AVAST Software) S3 BITCOMET_HELPER_SERVICE; E:\Programy\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [131288 2016-02-12] (ELAN Microelectronics Corp.) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] () R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3199184 2016-01-15] (Samsung Electronics Co., Ltd.) S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-08] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-08] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-08] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-08] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-08] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-08] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-08] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-06] (AVAST Software) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.) S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-04-07] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-04-07] (Disc Soft Ltd) S3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [32328 2016-02-12] (ELAN Microelectronic Corp.) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-02-13] (REALiX(tm)) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2016-02-13] (Realtek ) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-22 23:11 - 2016-09-22 23:11 - 00014381 _____ C:\Users\ULA\Downloads\FRST.txt 2016-09-22 23:03 - 2016-09-22 23:11 - 00000000 ____D C:\FRST 2016-09-22 23:02 - 2016-09-22 23:02 - 02402816 _____ (Farbar) C:\Users\ULA\Downloads\FRST64.exe 2016-09-22 20:46 - 2016-09-22 20:46 - 42166487 _____ C:\Users\ULA\Downloads\Shop-n-spree.rar 2016-09-21 16:12 - 2016-09-21 16:12 - 00000791 _____ C:\Users\Public\Desktop\Cathy's Crafts Platinum Edition.lnk 2016-09-21 16:12 - 2016-09-21 16:12 - 00000000 ____D C:\Users\ULA\AppData\Roaming\boomzap 2016-09-21 16:12 - 2016-09-21 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cathy's Crafts Platinum Edition 2016-09-21 16:11 - 2016-07-07 18:44 - 00000000 ____D C:\Users\ULA\Downloads\Cathys.Crafts.Platinum.Edition.v1.0-ZEKE 2016-09-21 13:46 - 2016-09-21 13:46 - 00000000 ____D C:\ProgramData\Webitar Production Inc 2016-09-20 11:55 - 2016-09-20 11:55 - 00162146 _____ C:\Users\ULA\Desktop\CV Urszula Muśnicka.pdf 2016-09-19 15:57 - 2016-09-19 15:57 - 00015603 _____ C:\Users\ULA\Downloads\zleceniobiorcy - zestawienie.xlsx 2016-09-19 13:06 - 2016-09-19 13:20 - 00000000 ____D C:\Users\ULA\Desktop\ślub magdy 2016-09-18 11:28 - 2016-09-18 11:28 - 00003246 _____ C:\WINDOWS\System32\Tasks\{8EE5C568-6B5F-47E7-AAF1-6A4A7CF0F86B} 2016-09-18 11:27 - 2016-09-18 11:27 - 00003242 _____ C:\WINDOWS\System32\Tasks\{41107203-F5ED-4F01-87D5-C9820B27554F} 2016-09-18 10:04 - 2016-09-18 10:05 - 00000000 ____D C:\Users\ULA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games 2016-09-17 17:31 - 2016-09-17 17:31 - 00000000 ____D C:\Users\ULA\AppData\Roaming\MysteryStudio 2016-09-17 17:30 - 2016-09-17 17:31 - 24288379 _____ C:\Users\ULA\Downloads\Lavenders Botanicals.exe 2016-09-17 17:08 - 2016-09-17 17:08 - 00000000 ____D C:\Users\ULA\AppData\Roaming\PlayFirst 2016-09-17 17:08 - 2016-09-17 17:08 - 00000000 ____D C:\ProgramData\PlayFirst 2016-09-16 10:55 - 2013-11-02 15:49 - 93599350 _____ C:\Users\ULA\Downloads\Winemaker Extraordinaire.exe 2016-09-16 10:29 - 2016-09-16 10:30 - 00000000 ____D C:\Users\ULA\AppData\Roaming\HuruBeachParty 2016-09-04 18:03 - 2016-09-04 18:28 - 76759263 _____ C:\Users\ULA\Downloads\Nanny911GameAB.rar 2016-09-04 01:00 - 2016-09-04 01:00 - 00000000 ____D C:\Users\ULA\AppData\Roaming\iWin 2016-08-28 17:18 - 2016-08-28 17:18 - 00000000 ____D C:\Users\ULA\AppData\Roaming\Boolat Games 2016-08-28 12:35 - 2016-09-17 18:34 - 00000000 ____D C:\Users\ULA\AppData\Roaming\ViquaSoft 2016-08-28 12:35 - 2016-08-28 12:35 - 00000000 ____D C:\ProgramData\TEMP 2016-08-27 22:18 - 2016-08-27 22:18 - 00000000 ____D C:\Users\ULA\Desktop\wycieczka 2016-08-26 23:30 - 2016-09-02 19:51 - 00000000 ____D C:\Users\ULA\AppData\Roaming\AlawarEntertainment 2016-08-26 23:30 - 2016-05-24 23:06 - 00000000 ____D C:\Users\ULA\Downloads\Prehistoric Tales 2016-08-25 21:02 - 2016-08-25 21:02 - 00000000 ____D C:\Users\Public\Documents\Buildalot2 2016-08-25 21:02 - 2016-08-25 21:02 - 00000000 ____D C:\ProgramData\iWin Games 2016-08-25 21:02 - 2016-08-25 21:02 - 00000000 ____D C:\ProgramData\HipSoft 2016-08-25 20:59 - 2016-09-18 10:05 - 00000000 ____D C:\Users\ULA\AppData\Local\GamesManager 2016-08-25 20:59 - 2016-08-25 21:02 - 00000000 ____D C:\Users\ULA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin Games 2016-08-25 20:59 - 2016-08-25 20:59 - 00002207 _____ C:\Users\ULA\Desktop\Play iWin Games.lnk ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-22 22:33 - 2016-02-13 19:55 - 00004222 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EBA2C3BB-8DA4-42F1-BE25-663B8EFE8BC8} 2016-09-22 22:19 - 2016-02-12 23:56 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-22 22:14 - 2016-02-13 21:45 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-09-22 20:46 - 2016-04-12 20:34 - 00000000 ____D C:\Users\ULA\AppData\Roaming\TS3Client 2016-09-22 15:19 - 2016-02-12 23:56 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-22 11:17 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-22 11:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-22 10:53 - 2016-02-13 19:21 - 00000000 ___DC C:\WINDOWS\Panther 2016-09-22 10:48 - 2016-07-17 00:43 - 00000000 ___HD C:\$WINDOWS.~BT 2016-09-21 13:46 - 2016-03-19 23:29 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-09-21 13:46 - 2016-02-12 23:57 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-20 23:05 - 2016-02-12 23:47 - 01755848 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-20 23:05 - 2015-10-30 21:19 - 00781672 _____ C:\WINDOWS\system32\perfh015.dat 2016-09-20 23:05 - 2015-10-30 21:19 - 00150190 _____ C:\WINDOWS\system32\perfc015.dat 2016-09-20 23:05 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-09-19 15:58 - 2016-02-12 23:45 - 00000000 ____D C:\Users\ULA\AppData\Local\Packages 2016-09-18 10:05 - 2016-03-19 02:01 - 00000000 ____D C:\Games 2016-09-17 18:09 - 2016-02-13 00:40 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-09-17 18:00 - 2016-02-13 00:40 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-09-16 17:30 - 2016-04-17 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-09-16 17:30 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-16 17:19 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-09-16 17:17 - 2015-10-30 21:23 - 00000000 ____D C:\WINDOWS\ShellNew 2016-09-15 19:55 - 2015-11-13 02:45 - 00000000 ___RD C:\Users\ULA\Downloads\Kurator 2016-09-13 17:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-09-13 17:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-09-13 17:05 - 2016-03-14 20:37 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-09-13 16:56 - 2016-02-13 20:21 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-09-13 16:54 - 2016-02-13 19:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-07 03:00 - 2015-10-30 09:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-09-07 03:00 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-03 14:07 - 2016-02-13 19:31 - 00000000 ____D C:\Users\ULA 2016-09-01 22:00 - 2016-02-20 14:37 - 00000000 ____D C:\Users\ULA\Desktop\Pobrane 2016-09-01 20:52 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache 2016-08-30 19:36 - 2016-04-01 22:30 - 00000000 ____D C:\Users\ULA\AppData\Roaming\Skype 2016-08-29 23:50 - 2016-04-01 22:30 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-08-29 23:50 - 2016-04-01 22:30 - 00000000 ____D C:\ProgramData\Skype 2016-08-28 12:33 - 2016-04-24 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst 2016-08-26 20:43 - 2016-02-12 23:45 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-08-26 20:39 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-08-26 20:38 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-07-12 20:32 - 2016-07-12 20:32 - 0000976 _____ () C:\Users\ULA\AppData\Local\recently-used.xbel 2016-02-13 19:27 - 2016-02-13 19:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Niektóre pliki w TEMP: ==================== C:\Users\ULA\AppData\Local\Temp\6677-7e05-f38f-bb14.exe C:\Users\ULA\AppData\Local\Temp\bitool.dll C:\Users\ULA\AppData\Local\Temp\ICReinstall_exe.exe C:\Users\ULA\AppData\Local\Temp\MSETUP4.EXE C:\Users\ULA\AppData\Local\Temp\PhysxInstaller.exe C:\Users\ULA\AppData\Local\Temp\preinstall-options.exe C:\Users\ULA\AppData\Local\Temp\setup.exe C:\Users\ULA\AppData\Local\Temp\Uninstall.exe C:\Users\ULA\AppData\Local\Temp\UninstallOldVersion.exe C:\Users\ULA\AppData\Local\Temp\{680E29F3-1393-4792-83AA-D50A2175CBEB}-52.0.2743.116_51.0.2704.103_chrome_updater.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-09-13 19:15 ==================== Koniec FRST.txt ============================