Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20.06.2018
- Uruchomiony przez Marta (administrator) MARTA (20-06-2018 17:26:47)
- Uruchomiony z C:\Users\Marta\Desktop
- Załadowane profile: Marta & (Dostępne profile: Marta)
- Platform: Windows 8.1 Connected (Update) (X64) Język: Polski (Polska)
- Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
- Tryb startu: Normal
- Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Procesy (filtrowane) =================
- (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
- (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
- (Arcabit) C:\Program Files\Arcabit\bin\arcasv.exe
- (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
- (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
- (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
- (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
- (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
- (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
- (Arcabit) C:\Program Files\Arcabit\bin\arcamon.exe
- (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
- (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
- () C:\Program Files\Arcabit\bin\scanenginecon.exe
- (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
- (Intel Corporation) C:\Windows\System32\igfxEM.exe
- (Intel Corporation) C:\Windows\System32\igfxHK.exe
- (Intel Corporation) C:\Windows\System32\igfxTray.exe
- (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
- (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
- (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
- (Arcabit) C:\Program Files\Arcabit\bin\awsc.exe
- (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
- (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
- (Arcabit) C:\Program Files\Arcabit\bin\arcamenu.exe
- () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
- (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
- (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
- (Intel Corporation) C:\Windows\System32\igfxext.exe
- (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
- (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
- (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
- (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
- (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
- (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
- (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
- (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
- (Microsoft Corporation) C:\Windows\System32\cmd.exe
- (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
- ==================== Rejestr (filtrowane) ===========================
- (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
- HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
- HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
- HKLM\...\Run: [arcamenu] => C:\Program Files\Arcabit\bin\arcamenu.exe [388288 2018-06-20] (Arcabit)
- HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
- HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Atheros Communications)
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\chomikbox.exe [3941376 2017-02-21] ( )
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001\...\MountPoints2: {1f6ac8c9-d4c7-11e6-828a-2c600c68b6b1} - "D:\autorun.exe"
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001\...\MountPoints2: {43493374-8ce8-11e7-8294-2c600c68b6b1} - "D:\autorun.exe"
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001\...\MountPoints2: {53bc485e-35cb-11e7-8290-2c600c68b6b1} - "D:\autorun.exe"
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Fliqlo.scr [679936 2017-09-28] (ScreenTime Media)
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018165208498\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\chomikbox.exe [3941376 2017-02-21] ( )
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018165208498\...\MountPoints2: {1f6ac8c9-d4c7-11e6-828a-2c600c68b6b1} - "D:\autorun.exe"
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018165208498\...\MountPoints2: {43493374-8ce8-11e7-8294-2c600c68b6b1} - "D:\autorun.exe"
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018165208498\...\MountPoints2: {53bc485e-35cb-11e7-8290-2c600c68b6b1} - "D:\autorun.exe"
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018165208498\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Fliqlo.scr [679936 2017-09-28] (ScreenTime Media)
- ==================== Internet (filtrowane) ====================
- (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
- Tcpip\..\Interfaces\{3BF61BFF-8D9B-49D2-8856-1383F01D9396}: [DhcpNameServer] 37.8.214.2 31.11.202.254
- Internet Explorer:
- ==================
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
- HKU\S-1-5-21-3235453208-3398187264-552297352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018165208498\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
- SearchScopes: HKU\S-1-5-21-3235453208-3398187264-552297352-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3235453208-3398187264-552297352-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3235453208-3398187264-552297352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018165208498 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3235453208-3398187264-552297352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018165208498 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
- BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
- BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
- FireFox:
- ========
- FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
- FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
- FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
- FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
- FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
- FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
- Chrome:
- =======
- CHR Profile: C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default [2018-06-20]
- CHR Extension: (Prezentacje) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
- CHR Extension: (Dokumenty) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
- CHR Extension: (Dysk Google) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
- CHR Extension: (YouTube) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
- CHR Extension: (Adblock Plus) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-16]
- CHR Extension: (Google Search) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
- CHR Extension: (Arkusze) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
- CHR Extension: (Peony) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebicjjmadngcokehioegckmpjamdbn [2017-11-21]
- CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
- CHR Extension: (Gmail) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-25]
- CHR Extension: (Chrome Media Router) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-20]
- ==================== Usługi (filtrowane) ====================
- (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
- R2 arcabitsv; C:\Program Files\Arcabit\bin\arcasv.exe [215392 2018-06-20] (Arcabit)
- R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego]
- R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-26] (Acer Incorporated)
- R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
- R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
- R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
- R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-30] (Intel Corporation)
- R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [Brak podpisu cyfrowego]
- S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
- R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
- R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
- R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
- R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
- S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
- S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
- S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
- ===================== Sterowniki (filtrowane) ======================
- (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
- R3 ArcaFsAv; C:\Windows\System32\DRIVERS\arcafsav.sys [44880 2018-06-20] ()
- R1 arcawfp; C:\Windows\System32\drivers\arcawfp.sys [79664 2018-03-12] (Windows (R) Win 7 DDK provider)
- S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
- R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
- R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
- S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2013-09-17] (Intel Corporation)
- S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2013-09-17] (Intel Corporation)
- S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2013-09-17] (Intel Corporation)
- R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
- S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2013-09-17] (Intel Corporation)
- S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2013-09-17] (Intel Corporation)
- R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
- S3 dtultrascsibus; C:\Windows\System32\drivers\dtultrascsibus.sys [30264 2016-02-21] (Disc Soft Ltd)
- S3 dtultrausbbus; C:\Windows\System32\drivers\dtultrausbbus.sys [47672 2016-02-21] (Disc Soft Ltd)
- R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
- R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
- R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated)
- R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-20] (Malwarebytes)
- R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
- S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
- R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated)
- R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
- R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
- S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
- S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
- S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
- S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
- U0 aswVmm; Brak ImagePath
- ==================== NetSvcs (filtrowane) ===================
- (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
- ==================== Jeden miesiąc - utworzone pliki i foldery ========
- (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
- 2018-06-20 17:26 - 2018-06-20 17:27 - 000016708 _____ C:\Users\Marta\Desktop\FRST.txt
- 2018-06-20 16:44 - 2018-06-20 16:44 - 000013794 _____ C:\Users\Marta\Desktop\mal.txt
- 2018-06-20 16:34 - 2018-06-20 22:06 - 002412544 _____ (Farbar) C:\Users\Marta\Desktop\FRST64.exe
- 2018-06-20 16:32 - 2018-06-20 16:41 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
- 2018-06-20 16:32 - 2018-06-20 16:32 - 000001887 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
- 2018-06-20 16:32 - 2018-06-20 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
- 2018-06-20 16:32 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
- 2018-06-20 16:31 - 2018-06-20 21:55 - 078101496 _____ (Malwarebytes ) C:\Users\Marta\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5526.exe
- 2018-06-20 16:31 - 2018-06-20 16:31 - 000000000 ____D C:\ProgramData\Malwarebytes
- 2018-06-20 16:31 - 2018-06-20 16:31 - 000000000 ____D C:\Program Files\Malwarebytes
- 2018-06-20 16:08 - 2018-06-20 21:31 - 147436040 _____ (K7 Computing Pvt. Ltd.) C:\Users\Marta\Desktop\setup-eng-avp.exe
- 2018-06-20 16:06 - 2018-06-20 21:32 - 141032688 _____ (Arcabit Ltd.) C:\Users\Marta\Desktop\arcabitsetup2_av_trial.exe
- 2018-06-20 15:32 - 2018-06-20 15:48 - 000000000 ____D C:\ProgramData\Norton
- 2018-06-20 15:31 - 2018-06-20 15:31 - 000000000 ____D C:\ProgramData\NortonInstaller
- 2018-06-20 13:33 - 2018-06-20 17:26 - 000000000 ____D C:\FRST
- 2018-06-20 13:20 - 2018-06-20 14:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
- 2018-06-20 13:20 - 2018-06-20 13:21 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
- 2018-06-20 13:19 - 2018-06-20 13:22 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
- 2018-06-19 18:30 - 2018-06-19 18:30 - 000262598 _____ C:\Users\Marta\Desktop\WZÓR-2-CHORĄGIEWKI.pdf
- 2018-06-19 18:30 - 2018-06-19 18:30 - 000257517 _____ C:\Users\Marta\Desktop\WZÓR-2-LITERKI.pdf
- 2018-06-18 19:48 - 2018-06-18 19:48 - 000016747 ____H C:\Users\Marta\Desktop\~WRL0005.tmp
- 2018-06-13 10:33 - 2018-06-20 15:10 - 000000000 ____D C:\Users\Marta\Documents\MAGIX Downloads
- 2018-06-13 10:33 - 2018-06-13 10:33 - 000000000 ____D C:\Users\Marta\AppData\Roaming\MAGIX
- 2018-06-05 20:11 - 2018-06-05 20:11 - 000000000 ____D C:\Program Files\Common Files\Avast Software
- ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
- (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
- 2018-06-20 16:48 - 2016-05-08 08:48 - 001817498 _____ C:\Windows\system32\PerfStringBackup.INI
- 2018-06-20 16:48 - 2015-02-16 00:57 - 000802570 _____ C:\Windows\system32\perfh015.dat
- 2018-06-20 16:48 - 2015-02-16 00:57 - 000161578 _____ C:\Windows\system32\perfc015.dat
- 2018-06-20 16:48 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
- 2018-06-20 16:46 - 2015-08-25 20:38 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3235453208-3398187264-552297352-1001
- 2018-06-20 16:41 - 2018-03-12 14:32 - 000044880 _____ C:\Windows\system32\Drivers\arcafsav.sys
- 2018-06-20 16:41 - 2015-08-25 20:33 - 000000000 ___RD C:\Users\Marta\OneDrive
- 2018-06-20 16:40 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
- 2018-06-20 16:29 - 2014-08-11 19:21 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
- 2018-06-20 16:28 - 2014-08-11 19:22 - 000000000 ____D C:\ProgramData\CyberLink
- 2018-06-20 16:17 - 2014-08-11 19:19 - 000000000 ____D C:\Program Files (x86)\Acer
- 2018-06-20 16:16 - 2014-08-11 19:31 - 000000000 ____D C:\Program Files\Acer
- 2018-06-20 16:07 - 2018-03-12 14:29 - 000000000 ____D C:\ProgramData\Arcabit
- 2018-06-20 16:07 - 2018-03-12 14:29 - 000000000 ____D C:\Program Files\Arcabit
- 2018-06-20 15:48 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
- 2018-06-20 15:46 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\ELAMBKUP
- 2018-06-20 15:46 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
- 2018-06-20 15:43 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF
- 2018-06-20 15:26 - 2017-11-02 09:36 - 000000000 ____D C:\Users\Marta\Documents\Bluetooth Folder
- 2018-06-20 15:19 - 2015-08-25 20:04 - 000000000 ____D C:\Users\Marta
- 2018-06-20 15:11 - 2015-12-12 08:41 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
- 2018-06-20 15:11 - 2015-08-28 23:36 - 000000000 ____D C:\Windows\system32\appraiser
- 2018-06-20 15:11 - 2013-08-22 17:36 - 000000000 __RSD C:\Windows\Media
- 2018-06-20 15:11 - 2013-08-22 17:36 - 000000000 ___RD C:\Windows\ToastData
- 2018-06-20 15:11 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\PolicyDefinitions
- 2018-06-20 15:11 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Windows Defender
- 2018-06-20 15:10 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
- 2018-06-20 15:06 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
- 2018-06-20 15:00 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\registration
- 2018-06-20 14:57 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\system32\Sysprep
- 2018-06-20 14:54 - 2016-02-21 21:44 - 000000000 __RHD C:\MSOCache
- 2018-06-20 14:54 - 2015-12-12 08:41 - 000000000 ____D C:\Program Files\Common Files\AV
- 2018-06-20 13:21 - 2015-09-25 17:12 - 026478592 ___SH C:\Users\Marta\Desktop\Thumbs.db
- 2018-06-20 12:53 - 2015-09-01 06:26 - 000000000 ____D C:\Users\Marta\AppData\Local\CrashDumps
- 2018-06-15 12:57 - 2017-11-03 11:24 - 000000000 ____D C:\Users\Marta\Desktop\przedszkole
- 2018-06-13 08:35 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
- 2018-06-10 21:34 - 2018-01-04 19:55 - 000012800 ___SH C:\Users\Marta\Downloads\Thumbs.db
- 2018-06-05 14:42 - 2015-08-25 20:45 - 000000000 ____D C:\Users\Marta\Desktop\save
- ==================== Pliki w katalogu głównym wybranych folderów =======
- 2015-08-25 21:26 - 2015-08-25 20:52 - 001123840 _____ (Karol Winnicki) C:\Program Files\BESTplayer.exe
- ==================== Bamital & volsnap ======================
- (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
- C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
- C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
- C:\Windows\explorer.exe => Plik podpisany cyfrowo
- C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
- C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
- C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
- C:\Windows\system32\services.exe => Plik podpisany cyfrowo
- C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
- C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
- C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
- C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
- C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
- C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
- C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
- C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo
- LastRegBack: 2018-06-10 09:55
- ==================== Koniec FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement