Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 26-10-2017 Uruchomiony przez Szymczak (administrator) SZYMCZAKDELL (01-11-2017 10:37:34) Uruchomiony z C:\Users\Szymczak\Desktop\FRST Załadowane profile: Szymczak (Dostępne profile: Szymczak) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe () C:\Program Files\ScreenShooter5\ScreenShooter5.exe (Grupa Onet.pl S.A.) C:\Users\Szymczak\AppData\Local\OnetDysk\OnetDysk.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Solvusoft Corporation) C:\Program Files (x86)\Solvusoft\SuiteService.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-12] (AVAST Software) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-601389225-2260710370-3730533231-1001\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-601389225-2260710370-3730533231-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd) HKU\S-1-5-21-601389225-2260710370-3730533231-1001\...\Run: [ScreenShooter] => C:\Program Files\ScreenShooter5\ScreenShooter5.exe [967680 2015-09-18] () HKU\S-1-5-21-601389225-2260710370-3730533231-1001\...\Run: [OnetDysk] => C:\Users\Szymczak\AppData\Local\OnetDysk\OnetDysk.exe [1472392 2015-07-14] (Grupa Onet.pl S.A.) HKU\S-1-5-21-601389225-2260710370-3730533231-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" Startup: C:\Users\Szymczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet Ink Adv 2060 K110.lnk [2017-11-01] ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet Ink Adv 2060 K110.lnk -> C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{0DCA1E8F-8A0A-4A6C-BE41-89A76AC6471F}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7141FC16-C75B-4566-B403-C4B047968442}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-601389225-2260710370-3730533231-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope - brak wartości BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-10-29] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-10-12] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-10-29] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-10-29] (Microsoft Corporation) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-12] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-10-29] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-10-29] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) Toolbar: HKU\S-1-5-21-601389225-2260710370-3730533231-1001 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 7o106i6m.default FF ProfilePath: C:\Users\Szymczak\AppData\Roaming\Mozilla\Firefox\Profiles\7o106i6m.default [2017-11-01] FF Homepage: Mozilla\Firefox\Profiles\7o106i6m.default -> about:home FF Keyword.URL: Mozilla\Firefox\Profiles\7o106i6m.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B624AC83E-5E53-403B-AA6A-ACDAAFA33BEC%7D&gp=811010 FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Szymczak\AppData\Roaming\Mozilla\Firefox\Profiles\7o106i6m.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-12] FF Extension: (Avast SafePrice) - C:\Users\Szymczak\AppData\Roaming\Mozilla\Firefox\Profiles\7o106i6m.default\Extensions\sp@avast.com.xpi [2017-10-14] FF Extension: (Avast Online Security) - C:\Users\Szymczak\AppData\Roaming\Mozilla\Firefox\Profiles\7o106i6m.default\Extensions\wrc@avast.com.xpi [2017-10-13] FF Extension: (Adobe Flash Player) - C:\Users\Szymczak\AppData\Roaming\Mozilla\Firefox\Profiles\7o106i6m.default\Extensions\{7284399c-6be5-42ff-8ddc-5cc52d46ab40}.xpi [2017-04-26] FF Extension: (iMacros for Firefox) - C:\Users\Szymczak\AppData\Roaming\Mozilla\Firefox\Profiles\7o106i6m.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2017-09-05] FF Extension: (Video DownloadHelper) - C:\Users\Szymczak\AppData\Roaming\Mozilla\Firefox\Profiles\7o106i6m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-10-21] FF Extension: (Adblock Plus) - C:\Users\Szymczak\AppData\Roaming\Mozilla\Firefox\Profiles\7o106i6m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] () FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-19] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-19] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-601389225-2260710370-3730533231-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Szymczak\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-601389225-2260710370-3730533231-1001: @talk.google.com/O1DPlugin -> C:\Users\Szymczak\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-601389225-2260710370-3730533231-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Szymczak\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin HKU\S-1-5-21-601389225-2260710370-3730533231-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Szymczak\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Szymczak\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Szymczak\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR Profile: C:\Users\Szymczak\AppData\Local\Google\Chrome\User Data\Default [2017-10-30] CHR Extension: (Prezentacje) - C:\Users\Szymczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27] CHR Extension: (Dokumenty) - C:\Users\Szymczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27] CHR Extension: (Dysk Google) - C:\Users\Szymczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-18] CHR Extension: (YouTube) - C:\Users\Szymczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-18] CHR Extension: (Adobe Acrobat) - C:\Users\Szymczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-01] CHR Extension: (Arkusze) - C:\Users\Szymczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27] CHR Extension: (Dokumenty Google offline) - C:\Users\Szymczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-18] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Szymczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-22] CHR Extension: (Gmail) - C:\Users\Szymczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-18] CHR Extension: (Chrome Media Router) - C:\Users\Szymczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-05] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-12] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-12] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7923880 2017-10-23] (Microsoft Corporation) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) R2 Solvusoft Suite Service; C:\Program Files (x86)\Solvusoft\SuiteService.exe [1284168 2015-11-14] (Solvusoft Corporation) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-12] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-12] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-12] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-12] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-12] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-08] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-12] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-10-12] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-12] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1029872 2017-10-27] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-12] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [201352 2017-10-12] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-12] (AVAST Software) S3 DCamUSBVM; C:\Windows\System32\Drivers\usbVM31b.sys [142336 2005-09-19] (Vimicro Corporation) R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33592 2017-03-08] (Dev47Apps) R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [229432 2017-03-08] (Dev47Apps) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-01-11] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-01-11] (Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-04] () S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [50088 2017-02-08] (Visicom Media Inc.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-30] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-11-01] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-31] (Malwarebytes) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.) S2 port_nt; c:\windows\SysWOW64\drivers\port_nt.sys [3608 2000-10-23] () [Brak podpisu cyfrowego] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X] S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-11-01 10:28 - 2017-11-01 10:28 - 000001458 _____ C:\Users\Szymczak\Documents\raportMBAM.txt 2017-10-31 20:58 - 2017-10-31 20:58 - 000006625 _____ C:\Users\Szymczak\Desktop\MBMA.txt 2017-10-31 13:07 - 2017-10-31 13:10 - 000002562 _____ C:\Windows\diagwrn.xml 2017-10-31 13:07 - 2017-10-31 13:10 - 000001908 _____ C:\Windows\diagerr.xml 2017-10-31 12:55 - 2017-10-31 12:55 - 000001773 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2017-10-31 12:55 - 2017-10-31 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2017-10-31 12:54 - 2017-10-31 12:55 - 000000000 ____D C:\Program Files\DAEMON Tools Lite 2017-10-31 12:21 - 2017-10-31 12:21 - 003256656 _____ C:\Users\Szymczak\Downloads\aida3942(dobreprogramy.pl)(1).zip 2017-10-31 11:25 - 2017-10-31 11:25 - 000003138 _____ C:\Windows\System32\Tasks\{6DE16A5A-B5C8-4788-8207-7335E62A0B40} 2017-10-30 16:23 - 2017-11-01 10:37 - 000000000 ____D C:\FRST 2017-10-30 16:18 - 2017-10-30 16:18 - 000038793 _____ C:\Users\Szymczak\Desktop\MalwarebytesRaport.txt 2017-10-30 15:47 - 2017-11-01 10:09 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-10-30 15:47 - 2017-10-30 15:47 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2017-10-30 15:46 - 2017-10-31 13:52 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-10-30 15:45 - 2017-10-30 15:45 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-10-30 15:45 - 2017-10-30 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-10-30 15:45 - 2017-10-30 15:45 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-10-30 15:45 - 2017-10-30 15:45 - 000000000 ____D C:\Program Files\Malwarebytes 2017-10-30 15:45 - 2017-10-04 13:15 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-10-30 15:42 - 2017-10-30 15:43 - 071535032 _____ (Malwarebytes ) C:\Users\Szymczak\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe 2017-10-30 12:13 - 2017-10-30 12:14 - 000000787 _____ C:\DelFix.txt 2017-10-28 08:17 - 2017-10-29 10:07 - 000000000 ____D C:\Users\Szymczak\AppData\Roaming\discord 2017-10-28 08:17 - 2017-10-28 08:17 - 000000000 ____D C:\Users\Szymczak\AppData\Local\SquirrelTemp 2017-10-28 08:16 - 2017-10-28 08:17 - 054332920 _____ (Discord Inc.) C:\Users\Szymczak\Downloads\DiscordSetup.exe 2017-10-27 10:37 - 2017-10-27 10:37 - 000000145 _____ C:\Users\Szymczak\Documents\linki.txt 2017-10-27 10:00 - 2017-10-27 10:01 - 002428418 _____ C:\Users\Szymczak\Downloads\Mapa Uniwersum 26-10-2017.xlsx 2017-10-26 22:00 - 2017-10-29 09:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-23 21:03 - 2017-10-23 21:03 - 000001055 _____ C:\Users\Szymczak\Documents\2017-10-24.txt 2017-10-20 09:13 - 2017-10-20 09:13 - 000100038 _____ C:\Users\Szymczak\Downloads\FV_201710_281439928_12641_b.pdf 2017-10-17 09:47 - 2017-10-17 09:47 - 000003371 _____ C:\Users\Szymczak\Documents\2017-10.txt 2017-10-12 01:55 - 2017-10-12 01:55 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-10-05 11:52 - 2017-10-05 11:53 - 046447606 _____ (KLCP ) C:\Users\Szymczak\Downloads\K-Lite_Codec_Pack_1355_Full.exe 2017-10-05 10:45 - 2017-10-05 10:45 - 034299026 _____ C:\Users\Szymczak\Downloads\Imagine Dragons - Demons (Official).mp4 2017-10-05 10:32 - 2017-10-05 10:32 - 027572358 _____ C:\Users\Szymczak\Downloads\Imagine Dragons - Thunder.mp4 2017-10-05 09:43 - 2017-10-05 09:44 - 055100719 _____ C:\Users\Szymczak\Downloads\Calvin Harris - Feels (Official Video) ft. Pharrell Williams, Katy Perry, Big Sean (1).mp4 ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-11-01 10:37 - 2017-08-28 08:19 - 000000000 ____D C:\Users\Szymczak\Desktop\FRST 2017-11-01 10:29 - 2009-07-14 05:45 - 000025488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-01 10:29 - 2009-07-14 05:45 - 000025488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-01 10:17 - 2017-04-24 12:09 - 000000000 ___SD C:\Users\Szymczak\Documents\OnetDysk (stolarz0@vp.pl) 2017-11-01 10:15 - 2011-02-04 18:38 - 000739932 _____ C:\Windows\system32\perfh015.dat 2017-11-01 10:15 - 2011-02-04 18:38 - 000155474 _____ C:\Windows\system32\perfc015.dat 2017-11-01 10:15 - 2009-07-14 06:13 - 001668226 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-01 10:15 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2017-11-01 10:08 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-01 00:32 - 2017-02-16 12:53 - 000000000 ___HD C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9} 2017-10-31 21:34 - 2016-09-27 20:11 - 000000344 _____ C:\Windows\Tasks\HPCeeScheduleForSzymczak.job 2017-10-31 21:24 - 2016-09-27 20:11 - 000003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSzymczak 2017-10-31 13:03 - 2016-12-29 14:15 - 000000000 ____D C:\Users\Szymczak\Documents\Pliki programu Outlook 2017-10-31 12:52 - 2017-01-11 01:08 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite 2017-10-31 12:46 - 2017-01-11 01:09 - 000000000 ____D C:\Users\Szymczak\AppData\Roaming\DAEMON Tools Lite 2017-10-30 10:38 - 2016-09-18 21:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-10-30 10:28 - 2017-02-15 09:21 - 000000000 ____D C:\Users\Szymczak\Documents\CCleaner 2017-10-30 10:19 - 2016-09-18 21:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-10-29 11:24 - 2016-09-19 09:02 - 000000000 ____D C:\Users\Szymczak\AppData\Roaming\vlc 2017-10-29 09:51 - 2016-09-18 21:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-27 01:55 - 2016-09-18 22:07 - 001029872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2017-10-25 19:41 - 2016-09-29 13:38 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-25 19:41 - 2016-09-29 13:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-25 19:41 - 2016-09-29 13:38 - 000004412 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-25 19:41 - 2016-09-29 13:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-25 19:41 - 2016-09-29 13:38 - 000000000 ____D C:\Windows\system32\Macromed 2017-10-25 15:36 - 2017-01-31 14:34 - 000000000 ____D C:\ProgramData\SP_FT_Logs 2017-10-22 05:03 - 2017-03-16 00:07 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-10-12 01:55 - 2016-09-18 22:07 - 000587168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-10-12 01:55 - 2016-09-18 22:07 - 000363440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2017-10-12 01:55 - 2016-09-18 22:07 - 000201352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-10-12 01:55 - 2016-09-18 22:07 - 000147776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-10-12 01:55 - 2016-09-18 22:07 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-10-12 01:55 - 2016-09-18 22:07 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-10-12 01:55 - 2016-09-18 22:07 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-10-12 01:55 - 2016-09-18 22:06 - 000000000 ____D C:\ProgramData\AVAST Software 2017-10-12 01:54 - 2017-03-16 00:07 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-10-12 01:54 - 2017-03-16 00:07 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-10-12 01:54 - 2017-03-16 00:07 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-10-12 01:54 - 2017-03-16 00:07 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-10-05 21:02 - 2016-09-18 22:34 - 000000000 ____D C:\Users\Szymczak\Documents\iMacros ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-09-23 11:12 - 2016-09-23 11:12 - 000007610 _____ () C:\Users\Szymczak\AppData\Local\Resmon.ResmonCfg 2017-03-08 22:20 - 2017-07-04 12:04 - 000000035 _____ () C:\ProgramData\droidcam-settings Niektóre pliki w TEMP: ==================== 2017-10-31 12:44 - 2017-10-31 12:44 - 000791712 _____ (Disc Soft Ltd.) C:\Users\Szymczak\AppData\Local\Temp\dt_3A41.tmp.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-10-31 15:20 ==================== Koniec FRST.txt ============================