Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 09.12.2018 Uruchomiony przez Karol (administrator) ASUS-KAROL (13-12-2018 20:46:57) Uruchomiony z F:\Programy instalacyjne Załadowane profile: Karol & Gość (Dostępne profile: Karol & Gość) Platform: Windows 7 Professional N Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (VMware, Inc.) E:\Programy\VMware\VMware Player\vmware-authd.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe () C:\Program Files\OpenVPN\bin\openvpn-gui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\PubMonitor.exe.temp (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Artificial Spirit) C:\Program Files (x86)\Jaangle\jaangle.exe (Techland) C:\Program Files (x86)\Techland\TKA2\TKAng.exe () C:\Program Files\Ditto\Ditto.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-12-13] (AVAST Software) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-08-18] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation) HKLM-x32\...\RunOnce: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [4745728 2017-12-20] () HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [672384 2018-04-26] () HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd) HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe -update plugin HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\MountPoints2: {12cbd8bf-6eb1-11e8-9e98-409f381bf1b4} - G:\AutoRun.exe HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\MountPoints2: {1654e18e-076c-11e8-b066-409f381bf1b4} - G:\AutoRun.exe HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\MountPoints2: {41ca3c4a-06ff-11e8-93d9-806e6f6e6963} - D:\AsInsWiz.exe HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\MountPoints2: {689c6ec4-0ba7-11e8-a09f-409f381bf1b4} - J:\Setup.exe HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\MountPoints2: {909e4a3f-8fc8-11e8-bf7c-409f381bf1b4} - G:\AutoRun.exe HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\MountPoints2: {a3df6d83-0710-11e8-9d8b-e32d500c4c1c} - E:\AutoRun.exe HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\MountPoints2: {a3df6d8a-0710-11e8-9d8b-e32d500c4c1c} - E:\AutoRun.exe HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\MountPoints2: {c6e56bf8-c0d4-11e8-a11a-806e6f6e6963} - G:\AutoRun.exe HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\...\MountPoints2: {f6b1915c-0c96-11e8-abdd-409f381bf1b4} - G:\AutoRun.exe HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-3225201627-2190115873-3201683631-501\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [672384 2018-04-26] () AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [182600 2018-02-25] (NVIDIA Corporation) AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [182600 2018-02-25] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [159712 2018-02-25] (NVIDIA Corporation) AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [159712 2018-02-25] (NVIDIA Corporation) BootExecute: autocheck autochk * aswBoot.exe /M:10cdd1d8e197 /wow /dir:"C:\Program Files\AVAST Software\Avast" ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 193.2.1.66 193.2.1.72 Tcpip\..\Interfaces\{62FFE486-8EA7-4459-B201-A525B1747641}: [DhcpNameServer] 192.168.194.1 Tcpip\..\Interfaces\{75B57386-C216-43E7-89E4-BF2F3E4FDFAB}: [NameServer] 185.89.185.1 89.108.202.20 Tcpip\..\Interfaces\{962C0018-8C7B-46EB-A005-1DA4C3A4326B}: [DhcpNameServer] 193.2.1.66 193.2.1.72 Tcpip\..\Interfaces\{9C34BC51-FC5D-4F58-9FB8-C41A518D476A}: [NameServer] 89.108.202.20 185.89.185.1 Tcpip\..\Interfaces\{CC2F8F98-DE81-4A4F-91E6-E9AFE0B9D934}: [DhcpNameServer] 192.168.164.2 Internet Explorer: ================== HKU\S-1-5-21-3225201627-2190115873-3201683631-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-12-13] (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-13] (Oracle Corporation) FireFox: ======== FF DefaultProfile: dd0vespw.default FF ProfilePath: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\dd0vespw.default [2018-12-13] FF Extension: (Browser Safety) - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\dd0vespw.default\Extensions\extension@browser-safety.org.xpi [2018-07-24] FF Extension: (YouTube™ Flash® Player) - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\dd0vespw.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2018-02-01] FF Extension: (Avast Online Security) - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\dd0vespw.default\Extensions\wrc@avast.com.xpi [2018-12-13] FF Extension: (Bing Search Engine) - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\dd0vespw.default\Extensions\{8d8ca802-6b23-43ed-9445-e05d48579542}.xpi [2018-12-11] FF Extension: (Adblock Plus – wersja rozwojowa) - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\dd0vespw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-05] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-13] () FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-13] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdvancedSystemCareService11; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1057552 2018-03-21] (IObit) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-12-13] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-12-13] (AVAST Software) R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1419424 2018-02-01] (Intel Corporation) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] () R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [324592 2018-02-01] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-11-12] () R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation) S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] ( ) R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (The OpenVPN Project) S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (The OpenVPN Project) S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [651856 2013-10-26] () R2 VMAuthdService; E:\Programy\VMware\VMware Player\vmware-authd.exe [96232 2018-01-08] (VMware, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-11-12] (Intel® Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-12-13] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-12-13] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-12-13] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-12-13] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-12-13] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-12-13] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-12-13] (AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-12-13] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-12-13] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-12-13] (AVAST Software) S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-12-13] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-12-13] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-12-13] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-12-13] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-12-13] (AVAST Software) R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [601600 2018-02-01] (Qualcomm) R3 dptf_cpu; C:\Windows\System32\DRIVERS\dptf_cpu.sys [52208 2018-02-01] (Intel Corporation) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-02-07] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-02-07] (Disc Soft Ltd) R3 esif_lf; C:\Windows\System32\DRIVERS\esif_lf.sys [260080 2018-02-01] (Intel Corporation) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [246272 2013-11-30] (Huawei Technologies Co., Ltd.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-02-01] (REALiX(tm)) S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [124672 2014-04-16] (Huawei Technologies Co., Ltd.) S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [379392 2014-04-16] (Huawei Technologies Co., Ltd.) R3 iaLPSS2_GPIO2; C:\Windows\System32\DRIVERS\iaLPSS2_GPIO2.sys [83216 2018-02-01] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [41480 2018-02-01] (Intel Corporation) S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [14680 2016-12-21] (IObit) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [201296 2018-02-01] (Intel Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31016 2018-05-20] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [68112 2018-04-28] (NVIDIA Corporation) R3 Qcamain; C:\Windows\System32\DRIVERS\Qcamain7x64.sys [2356736 2018-02-01] (Qualcomm Atheros, Inc.) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2018-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Brak podpisu cyfrowego] R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [36792 2017-08-24] (The OpenVPN Project) R1 vmkbd3; C:\Windows\System32\DRIVERS\vmkbd.sys [52288 2018-01-08] (VMware, Inc.) R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2017-09-05] (VMware, Inc.) S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-12-13 20:42 - 2018-12-13 20:42 - 000007368 _____ C:\Users\Karol\Desktop\UsbFix_Report.txt 2018-12-13 20:42 - 2018-12-13 20:42 - 000001891 _____ C:\Users\Karol\Desktop\UsbFix Anti-Malware.lnk 2018-12-13 20:42 - 2018-12-13 20:42 - 000000000 ____D C:\Program Files (x86)\UsbFix 2018-12-13 20:30 - 2018-12-13 20:46 - 000000000 ____D C:\FRST 2018-12-13 20:09 - 2018-12-13 20:09 - 000004424 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-12-13 19:48 - 2018-12-13 19:48 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2018-12-13 19:48 - 2018-12-13 19:48 - 000000000 ____D C:\Users\Karol\AppData\Roaming\AVAST Software 2018-12-13 19:48 - 2018-12-13 19:48 - 000000000 ____D C:\Users\Karol\AppData\Local\AVAST Software 2018-12-13 19:48 - 2018-12-13 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2018-12-13 19:37 - 2018-12-13 19:37 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2018-12-13 19:35 - 2018-12-13 19:37 - 000239840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 001028680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000469272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000380464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-12-13 19:35 - 2018-12-13 19:35 - 000346592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000230344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000208472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000201768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000201240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000163208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000111800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000087432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000059496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000046384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2018-12-13 19:35 - 2018-12-13 19:35 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-12-13 19:35 - 2018-12-13 19:35 - 000000000 ____D C:\Program Files\Common Files\AVAST Software 2018-12-13 19:24 - 2018-12-13 19:24 - 000000000 ____D C:\Program Files\AVAST Software 2018-12-13 19:22 - 2018-12-13 19:35 - 000000000 ____D C:\ProgramData\AVAST Software 2018-12-13 18:58 - 2018-12-13 18:58 - 000142650 _____ C:\Users\Karol\Desktop\FLIX-Booking-1020563801.pdf 2018-12-07 13:46 - 2018-12-07 13:46 - 001605457 _____ C:\Users\Karol\Desktop\Twenty years of progress- 2010 seminarium.pdf 2018-12-06 23:09 - 2018-12-06 23:09 - 000063530 _____ C:\Users\Karol\Desktop\Karol Pabijan sylwester.pdf 2018-12-03 17:02 - 2018-12-03 17:02 - 006455965 _____ C:\Users\Karol\Desktop\Nasiona drzewa.pdf 2018-12-03 15:32 - 2018-12-03 22:42 - 061888177 _____ C:\Users\Karol\Desktop\Nasiona drzewa.odt 2018-12-03 15:24 - 2018-12-03 17:31 - 000000000 ____D C:\Users\Karol\Desktop\Nasiona 2018-11-30 16:32 - 2018-11-30 16:32 - 000248039 _____ C:\Users\Karol\Desktop\Pabijan Karol Praca magisterska rozdział 1 i 2.pdf 2018-11-29 02:51 - 2018-11-29 02:51 - 000000121 _____ C:\Users\Karol\Desktop\Fototerapia.txt 2018-11-28 23:37 - 2018-12-13 00:36 - 005612851 _____ C:\Users\Karol\Desktop\Denmark 2.0 1444 Ironman_Backup_Backup_Backup_Backup_Backup_Backup_Backup.eu4 2018-11-26 18:11 - 2018-11-26 18:12 - 000000386 _____ C:\Users\Karol\Desktop\Student meals.txt 2018-11-23 20:52 - 2018-11-23 20:53 - 000000000 ____D C:\Users\Karol\AppData\Local\Steam 2018-11-23 20:28 - 2018-11-23 20:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2018-11-20 13:33 - 2018-11-20 13:37 - 000000014 _____ C:\Users\Karol\Desktop\17 730 ZYSK + ~40.txt 2018-11-19 12:49 - 2018-12-12 22:22 - 000000000 ____D C:\Users\Karol\Desktop\Eu4 2018-11-13 12:28 - 2018-11-13 12:28 - 004058925 _____ C:\Users\Karol\Desktop\map_of_daily_city_public_transport_and_integrated_bus_lines_september_2018_.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-12-13 20:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2018-12-13 20:43 - 2018-02-02 12:12 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Ditto 2018-12-13 20:28 - 2018-02-08 07:22 - 000098680 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2018-12-13 20:28 - 2018-02-08 07:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-12-13 20:28 - 2018-02-08 07:22 - 000000000 ____D C:\Program Files (x86)\Java 2018-12-13 20:23 - 2018-02-08 03:55 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-12-13 20:23 - 2018-02-08 03:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-12-13 20:23 - 2018-02-08 03:54 - 000000000 ____D C:\Program Files\WinRAR 2018-12-13 20:12 - 2018-04-19 00:47 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-12-13 20:09 - 2018-09-30 11:59 - 000004566 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-12-13 20:09 - 2018-02-07 06:44 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-12-13 20:09 - 2018-02-07 06:44 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-12-13 20:09 - 2018-02-07 06:44 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-12-13 20:09 - 2018-02-07 06:44 - 000000000 ____D C:\Windows\system32\Macromed 2018-12-13 19:47 - 2018-03-08 12:41 - 000000000 ____D C:\ProgramData\NVIDIA 2018-12-13 19:22 - 2018-06-13 02:59 - 000002266 _____ C:\Users\Public\Desktop\Advanced SystemCare 11.lnk 2018-12-13 19:21 - 2018-02-01 07:14 - 000002890 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Karol) 2018-12-13 15:14 - 2011-04-12 13:11 - 000744052 _____ C:\Windows\system32\perfh015.dat 2018-12-13 15:14 - 2011-04-12 13:11 - 000157104 _____ C:\Windows\system32\perfc015.dat 2018-12-13 15:14 - 2009-07-14 06:12 - 001676344 _____ C:\Windows\system32\PerfStringBackup.INI 2018-12-13 04:35 - 2018-02-08 04:33 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-12-12 14:37 - 2018-02-07 02:58 - 000007600 _____ C:\Users\Karol\AppData\Local\resmon.resmoncfg 2018-12-06 00:26 - 2018-02-01 06:50 - 000000000 ____D C:\Users\Karol\AppData\LocalLow\Mozilla 2018-12-06 00:26 - 2018-02-01 06:50 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-12-06 00:26 - 2018-02-01 06:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-12-03 17:31 - 2018-02-16 03:04 - 000000000 ____D C:\Users\Karol\AppData\Roaming\vlc 2018-11-25 05:25 - 2018-06-14 02:10 - 000000000 ____D C:\Users\Karol\AppData\Local\ElevatedDiagnostics 2018-11-23 20:28 - 2018-02-08 14:22 - 000000000 ___RD C:\Users\Karol\Desktop\Programy 2018-11-14 19:29 - 2018-03-17 04:10 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-02-07 02:49 - 2016-11-09 16:55 - 067440768 _____ () C:\ProgramData\msbnlost.exe 2018-05-24 00:54 - 2018-05-24 00:54 - 000000046 _____ () C:\Users\Karol\AppData\Roaming\Camdata.ini 2018-05-24 00:54 - 2018-05-24 00:54 - 000000408 _____ () C:\Users\Karol\AppData\Roaming\CamLayout.ini 2018-05-24 00:54 - 2018-05-24 00:54 - 000000408 _____ () C:\Users\Karol\AppData\Roaming\CamShapes.ini 2018-05-24 00:54 - 2018-05-24 00:54 - 000004536 _____ () C:\Users\Karol\AppData\Roaming\CamStudio.cfg 2018-05-24 00:53 - 2018-05-24 00:53 - 000000096 _____ () C:\Users\Karol\AppData\Roaming\version2.xml 2018-03-08 14:23 - 2018-03-08 14:23 - 000000218 _____ () C:\Users\Karol\AppData\Local\recently-used.xbel 2018-02-07 02:58 - 2018-12-12 14:37 - 000007600 _____ () C:\Users\Karol\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-12-04 02:33 ==================== Koniec FRST.txt ============================