Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 26-12-2017 Uruchomiony przez mariusz (administrator) MARIUSZ-KOMP (26-12-2017 17:55:36) Uruchomiony z C:\Users\mariusz\Downloads Załadowane profile: mariusz (Dostępne profile: mariusz & NINA) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Safe Mode (with Networking) Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (FSPro Labs) C:\Windows\System32\fsproflt2.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (FSPro Labs) C:\Program Files\Hide Folders 2012\hf.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2147328 2011-04-06] (VIA) HKLM\...\Run: [] => [X] HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-11-30] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-23] (AVAST Software) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [261432 2017-12-05] (Apple Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44016 2017-08-21] (Glarysoft Ltd) HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.) HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\Run: [HP DeskJet 4530 series (NET)] => C:\Program Files\HP\HP DeskJet 4530 series\Bin\ScanToPCActivationApp.exe [2544648 2015-03-09] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.) HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\MountPoints2: G - G:\LaunchU3.exe -a HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\MountPoints2: {3886fc2c-8761-11e2-b583-8c89a55bc4f6} - F:\SETUP.EXE HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\MountPoints2: {7dd87bef-a75e-11e2-8df3-8c89a55bc4f6} - F:\setup.exe HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\MountPoints2: {95fbfd5b-515d-11e5-a7aa-8c89a55bc4f6} - F:\AutoRun.exe HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\MountPoints2: {fb6a82e1-82c0-11e3-9530-8c89a55bc4f6} - G:\LaunchU3.exe -a HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe [67384 2017-10-19] (Apple Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-01-03] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2013-01-14] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\NINA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2016-11-06] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () BootExecute: autocheck autochk * BootDefrag.exeSmartDefragBootTime.exe GroupPolicy\User: Ograniczenia ? <==== UWAGA GroupPolicyUsers\S-1-5-21-3311954108-2881230977-2648112473-1004\User: Ograniczenia <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.12.1 Tcpip\..\Interfaces\{7C7618BA-075A-4CF1-BF63-65636C3E7563}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{7E0C2C05-DCC3-48D1-BF1C-DBABDCC767D5}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{A0A59FFC-7779-4328-AF2E-F6170044DC87}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{D4F79E8E-D7D1-4ADE-AAD5-F6DCCCCBD05E}: [DhcpNameServer] 192.168.12.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKLM -> DefaultScope - brak wartości BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-12] (AVAST Software) BHO: Brak nazwy -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> Brak pliku BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\el7e5k6i.default [2017-12-24] FF Homepage: Mozilla\Firefox\Profiles\el7e5k6i.default -> about:home FF Extension: (ADB Helper) - C:\Users\mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\el7e5k6i.default\Extensions\adbhelper@mozilla.org [2017-09-26] [Przestarzałe] FF Extension: (Valence) - C:\Users\mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\el7e5k6i.default\Extensions\fxdevtools-adapters@mozilla.org [2017-08-06] [Przestarzałe] FF Extension: (Rapideo.pl) - C:\Users\mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\el7e5k6i.default\Extensions\jid1-MVBjD3PCN9WVIQ@jetpack.xpi [2017-10-01] FF Extension: (Polski Language Pack) - C:\Users\mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\el7e5k6i.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-11-19] [Przestarzałe] FF Extension: (Avast SafePrice) - C:\Users\mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\el7e5k6i.default\Extensions\sp@avast.com.xpi [2017-12-05] FF Extension: (Avast Online Security) - C:\Users\mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\el7e5k6i.default\Extensions\wrc@avast.com.xpi [2017-10-06] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-03] [Przestarzałe] [Brak podpisu cyfrowego] FF HKU\S-1-5-21-3311954108-2881230977-2648112473-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] () FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=8214aa570000000000008c89a55bc4f6 CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=8214aa570000000000008c89a55bc4f6" CHR Profile: C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default [2017-12-26] CHR Extension: (Dysk Google) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26] CHR Extension: (YouTube) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Google Search) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Adobe Acrobat) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04] CHR Extension: (Booking.com for Chrome™) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2017-03-14] CHR Extension: (Avast Online Security) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-11] CHR Extension: (SimilarWeb - Traffic Rank & Website Analysis) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoklmmgfnpapgjgcpechhaamimifchmp [2017-11-27] CHR Extension: (Rapidox.pl) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjjdbijelmchigncnmfknbdckcolaeai [2017-10-24] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR Extension: (Chrome Media Router) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5906816 2017-12-23] (AVAST Software) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-23] (AVAST Software) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation) S2 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-04-25] (Digital Wave Ltd.) [Brak podpisu cyfrowego] R2 fsproflt2; C:\Windows\system32\fsproflt2.exe [49512 2012-07-12] (FSPro Labs) S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes) S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego] S2 NovaPdf9Server; C:\Program Files\Softland\novaPDF 9\Server\novapdfs.exe [56248 2017-11-06] (Microsoft) S2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Microsoft) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego] S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [158224 2017-12-23] (AVAST Software) S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [255584 2017-12-23] (AVAST Software) S0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157376 2017-12-23] (AVAST Software) S0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276696 2017-12-23] (AVAST Software) S0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50344 2017-12-23] (AVAST Software) S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [118144 2017-12-23] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42824 2017-12-23] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39784 2017-09-06] (AVAST Software) S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124408 2017-12-23] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [99528 2017-12-23] (AVAST Software) S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70832 2017-12-23] (AVAST Software) S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783104 2017-12-23] (AVAST Software) S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [390272 2017-12-23] (AVAST Software) S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [151328 2017-12-23] (AVAST Software) S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [294680 2017-12-23] (AVAST Software) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-06-03] (Glarysoft Ltd) R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [51760 2011-06-03] (FSPro Labs) S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2015-05-11] (Glarysoft Ltd) S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-09-19] (REALiX(tm)) S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI) S2 Kmm4xNT; C:\Windows\system32\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) [Brak podpisu cyfrowego] R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [168376 2017-12-26] (Malwarebytes) S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-12-26] (Malwarebytes) S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2017-12-26] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-12-26] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-12-26] (Malwarebytes) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18800 2016-03-22] (IObit) S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1804400 2011-03-29] (VIA Technologies, Inc.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-12-26 17:55 - 2017-12-26 17:57 - 000018755 _____ C:\Users\mariusz\Downloads\FRST.txt 2017-12-26 17:55 - 2017-12-26 17:55 - 000000000 ____D C:\FRST 2017-12-26 17:46 - 2017-12-26 17:46 - 001752064 _____ (Farbar) C:\Users\mariusz\Downloads\FRST.exe 2017-12-26 17:45 - 2017-12-26 17:52 - 601608590 _____ C:\Users\mariusz\Downloads\Stranger.Things.S02E08.PL.720p.WEB.x264.AC3-KiT.mkv 2017-12-26 16:37 - 2017-12-26 17:49 - 000236246 _____ C:\Windows\ntbtlog.txt 2017-12-26 14:19 - 2017-12-26 16:45 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-12-26 13:40 - 2017-12-26 13:40 - 000000000 ____D C:\ProgramData\SWCUTemp 2017-12-23 17:47 - 2017-12-23 17:45 - 000118144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2017-12-23 17:46 - 2017-12-23 17:46 - 000305840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-12-23 16:39 - 2017-12-26 16:45 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-12-23 15:11 - 2017-12-26 17:42 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-12-23 15:11 - 2017-12-26 17:42 - 000168376 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2017-12-23 15:11 - 2017-12-26 17:42 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-12-23 15:11 - 2017-12-23 15:11 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-12-23 15:11 - 2017-12-23 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-23 15:11 - 2017-12-23 15:11 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-23 15:11 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys 2017-12-23 15:10 - 2017-12-23 15:10 - 000000000 ____D C:\ProgramData\MB2Migration 2017-12-23 14:56 - 2017-12-23 15:04 - 690333168 _____ C:\Users\mariusz\Downloads\Stranger.Things.S02E07.PL.720p.WEB.x264.AC3-KiT.mkv 2017-12-22 15:35 - 2017-12-22 15:46 - 923400668 _____ C:\Users\mariusz\Downloads\Stranger.Things.S02E06.PL.720p.WEB.x264.AC3-KiT.mkv 2017-12-21 15:19 - 2017-12-21 15:19 - 000000000 ____D C:\Users\mariusz\Desktop\5c 2017-12-21 13:54 - 2017-12-21 13:54 - 004370953 _____ C:\Users\mariusz\Desktop\cennik 2017 Parotec.pdf 2017-12-21 13:51 - 2017-12-21 13:52 - 004370953 _____ C:\Users\mariusz\Downloads\cennik 2017 (1).pdf 2017-12-18 08:42 - 2017-12-18 08:42 - 004370953 _____ C:\Users\mariusz\Downloads\cennik 2017.pdf 2017-12-12 14:16 - 2017-12-12 14:16 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-12-12 14:16 - 2017-12-12 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-12-12 13:25 - 2017-12-12 13:25 - 001707296 _____ C:\Users\mariusz\Downloads\el716us-bez-wartosci-GitNm.pdf 2017-12-06 23:07 - 2017-12-06 23:07 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2017-11-29 13:22 - 2017-11-29 13:22 - 000198704 _____ C:\Users\mariusz\Documents\Scan0002.pdf 2017-11-29 13:07 - 2017-11-29 13:07 - 000000845 _____ C:\Users\mariusz\AppData\Local\recently-used.xbel 2017-11-29 12:59 - 2017-11-29 12:59 - 000056654 _____ C:\Users\mariusz\Downloads\506352121017_faktura.pdf 2017-11-27 10:02 - 2017-11-27 10:02 - 000532085 _____ C:\Users\mariusz\Documents\wcserwis_gwizdanów_11.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-12-26 16:42 - 2017-09-26 16:36 - 000000000 ___RD C:\Users\mariusz\iCloudDrive 2017-12-26 16:41 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-12-26 13:40 - 2015-11-02 10:46 - 000000000 ____D C:\ProgramData\ProductData 2017-12-26 13:38 - 2014-03-19 12:00 - 000000000 ____D C:\Users\mariusz\AppData\Roaming\DiskDefrag 2017-12-24 10:16 - 2016-11-20 23:33 - 000000000 ____D C:\Users\mariusz\AppData\LocalLow\Mozilla 2017-12-23 17:52 - 2009-07-14 05:34 - 000019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-12-23 17:52 - 2009-07-14 05:34 - 000019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-12-23 17:46 - 2017-11-12 22:52 - 000158224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2017-12-23 17:46 - 2015-03-30 18:16 - 000390272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-12-23 17:46 - 2015-03-30 18:16 - 000294680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2017-12-23 17:46 - 2015-03-30 18:16 - 000151328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-12-23 17:46 - 2015-03-30 18:16 - 000124408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-12-23 17:46 - 2015-03-30 18:16 - 000099528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-12-23 17:46 - 2015-03-30 18:16 - 000070832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-12-23 17:46 - 2015-03-30 18:16 - 000042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-12-23 17:45 - 2017-04-07 11:21 - 000276696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys 2017-12-23 17:45 - 2017-04-07 11:21 - 000255584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys 2017-12-23 17:45 - 2017-04-07 11:21 - 000157376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys 2017-12-23 17:45 - 2017-04-07 11:21 - 000050344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys 2017-12-23 17:45 - 2015-03-30 18:16 - 000783104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-12-23 15:11 - 2014-12-23 17:25 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-23 15:11 - 2014-12-23 17:25 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2017-12-19 07:49 - 2013-01-14 22:22 - 000000000 ____D C:\Users\mariusz\Documents\Nini 2017-12-12 14:16 - 2016-09-17 17:48 - 000000000 ____D C:\Program Files\iPod 2017-12-12 14:16 - 2013-03-13 14:17 - 000000000 ____D C:\Program Files\iTunes 2017-12-12 13:18 - 2013-01-03 13:35 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-12-12 13:18 - 2013-01-03 13:35 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-12-12 13:18 - 2013-01-03 13:35 - 000000000 ____D C:\Windows\system32\Macromed 2017-12-12 13:11 - 2013-01-03 13:41 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-12-11 15:37 - 2016-11-20 22:47 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-12-11 15:37 - 2013-01-03 18:19 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-12-10 13:56 - 2013-01-03 12:45 - 001669190 _____ C:\Windows\system32\PerfStringBackup.INI 2017-12-10 13:56 - 2009-07-14 09:07 - 000740098 _____ C:\Windows\system32\perfh015.dat 2017-12-10 13:56 - 2009-07-14 09:07 - 000155672 _____ C:\Windows\system32\perfc015.dat 2017-12-10 13:56 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf 2017-12-03 12:31 - 2016-09-30 10:44 - 000000000 ____D C:\Users\mariusz\Downloads\kst 2017-12-03 08:53 - 2015-11-22 14:21 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-11-29 13:24 - 2013-01-13 23:51 - 000000000 ____D C:\Users\mariusz\.gimp-2.8 ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-01-18 21:31 - 2017-09-15 12:55 - 000003584 _____ () C:\Users\mariusz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-11-29 13:07 - 2017-11-29 13:07 - 000000845 _____ () C:\Users\mariusz\AppData\Local\recently-used.xbel Niektóre pliki w TEMP: ==================== 2017-07-17 10:42 - 2017-11-22 14:54 - 050126880 _____ (Softland) C:\Users\mariusz\AppData\Local\Temp\dopdf-full.exe 2017-12-26 16:40 - 2017-12-26 16:40 - 000986923 _____ (DVDVideoSoft_DLM) C:\Users\mariusz\AppData\Local\Temp\ICReinstall_FreeVideoFlipAndRotate_2.2.20.425.exe 2016-10-17 16:53 - 2016-10-17 16:53 - 000741440 _____ (Oracle Corporation) C:\Users\mariusz\AppData\Local\Temp\jre-8u101-windows-au.exe 2016-10-21 15:43 - 2016-10-21 15:43 - 000737856 _____ (Oracle Corporation) C:\Users\mariusz\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-01-19 08:41 - 2017-01-19 08:41 - 000739904 _____ (Oracle Corporation) C:\Users\mariusz\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-04-21 09:00 - 2017-04-21 09:00 - 000739904 _____ (Oracle Corporation) C:\Users\mariusz\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-07-25 07:07 - 2017-07-25 07:07 - 000739904 _____ (Oracle Corporation) C:\Users\mariusz\AppData\Local\Temp\jre-8u141-windows-au.exe 2017-10-21 08:11 - 2017-10-21 08:11 - 001856576 _____ (Oracle Corporation) C:\Users\mariusz\AppData\Local\Temp\jre-8u151-windows-au.exe 2016-06-04 05:36 - 2016-06-04 05:36 - 012829272 _____ (Google Inc.) C:\Users\mariusz\AppData\Local\Temp\{B5D21BE3-6CBD-4AD3-9F7A-821834FFC116}-51.0.2704.84_50.0.2661.102_chrome_updater.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-12-19 14:51 ==================== Koniec FRST.txt ============================