Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:27-01-2016 Uruchomiony przez User (administrator) USER-PC (31-01-2016 12:19:57) Uruchomiony z C:\Users\User\Desktop Załadowane profile: User (Dostępne profile: User) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVerMedia) C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe () C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe (AVerMedia TECHNOLOGIES, Inc.) C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe (Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe () C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (WiseCleaner.com) C:\Program Files\Wise\Wise Care 365\WiseTray.exe (Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe (Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe (AVerMedia TECHNOLOGIES, Inc.) C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_20_0_0_286_ActiveX.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1433692 2012-07-24] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-10-19] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-1478389184-2235289212-306251700-1000\...\Run: [C] => C:\Windows\system32\GroupPolicy\Machine\Registry.pol [750 2016-01-30] () HKU\S-1-5-21-1478389184-2235289212-306251700-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [Uchwyt nakładania ikony podpisu cyfrowego] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2015-02-04] ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2015-02-04] ShortcutTarget: AVerQuick.lnk -> C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.) GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 192.168.0.1 Tcpip\..\Interfaces\{57D181D4-84AC-4E6C-BE08-721E0B7144E3}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{CAAD1F55-A0D9-4DBC-ABCB-4B5B2B77C732}: [DhcpNameServer] 62.179.1.63 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKU\S-1-5-21-1478389184-2235289212-306251700-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={89F5F343-111D-4CE2-ACBD-692E11331BDB}&mid=717e4e1fe2b947cdbdb6d1572e78ef17-8f15886f106625561057cd13bc9337b43f44c325&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-05-06 19:17:56&v=4.2.4.155&pid=wtu&sg=&sap=hp URLSearchHook: [S-1-5-21-1478389184-2235289212-306251700-1000] UWAGA => Brak domyślnego URLSearchHook URLSearchHook: HKU\S-1-5-21-1478389184-2235289212-306251700-1000 - (Brak nazwy) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - Brak pliku SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1478389184-2235289212-306251700-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\krxz2cdq.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Extension: Brak nazwy - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\krxz2cdq.default\extensions\deskCutv2@gmail.com [nie znaleziono] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-04] [Brak podpisu cyfrowego] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4 CHR Extension: (Dokumenty Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31] CHR Extension: (Dysk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31] CHR Extension: (Dokumenty Google offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-31] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-31] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [368640 2013-06-26] (AVerMedia) [Brak podpisu cyfrowego] R2 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [Brak podpisu cyfrowego] R2 AVerUpdateServer; C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [Brak podpisu cyfrowego] S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [865704 2016-01-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.) R3 Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3511888 2010-11-30] (Motorola, Inc.) R3 Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [901384 2010-11-30] (Motorola, Inc.) R2 Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [508680 2010-11-30] (Motorola, Inc.) S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [Brak podpisu cyfrowego] R3 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [Brak podpisu cyfrowego] S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) S3 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [303186 2012-07-24] (IDT, Inc.) R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1664304 2010-06-03] (Validity Sensors, Inc.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2014-10-28] (WiseCleaner.com) [Brak podpisu cyfrowego] R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-31] () ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 AVerPola; C:\Windows\System32\DRIVERS\AVerPola.sys [767360 2013-12-18] (AVerMedia TECHNOLOGIES, Inc.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [257456 2015-12-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [194992 2015-12-04] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.) R3 AVPolCIR; C:\Windows\System32\DRIVERS\AVPolCIR.sys [48640 2013-12-18] (AVerMedia TECHNOLOGIES, Inc.) S3 BTMCOM; C:\Windows\System32\Drivers\btmcom.sys [41344 2010-11-30] (Motorola, Inc.) R3 BTMUSB; C:\Windows\System32\Drivers\btmusb.sys [402432 2010-11-30] (Motorola, Inc.) S2 Kmm4xNT; C:\Windows\system32\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) [Brak podpisu cyfrowego] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-01-31] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) S3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [3630080 2008-06-26] (Intel Corporation) R3 WiseHDInfo; C:\Windows\WiseHDInfo32.dll [11816 2015-04-13] (wisecleaner.com) [Brak podpisu cyfrowego] U1 eabfiltr; Brak ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-31 12:19 - 2016-01-31 12:20 - 00016815 _____ C:\Users\User\Desktop\FRST.txt 2016-01-31 12:18 - 2016-01-31 12:19 - 00000000 ____D C:\FRST 2016-01-31 12:16 - 2016-01-31 12:17 - 01721856 _____ (Farbar) C:\Users\User\Desktop\FRST.exe 2016-01-31 12:13 - 2016-01-31 12:13 - 00000442 _____ C:\DelFix.txt 2016-01-31 12:02 - 2016-01-31 12:02 - 00001991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-01-31 12:02 - 2016-01-31 12:02 - 00001979 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-01-31 12:01 - 2016-01-31 12:06 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-31 12:01 - 2016-01-31 12:06 - 00001028 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-31 11:58 - 2016-01-31 11:58 - 00000000 ____D C:\Users\User\Desktop\Nowy folder (3) 2016-01-31 11:45 - 2016-01-31 11:46 - 00000000 ____D C:\Users\User\Desktop\Nowy folder (2) 2016-01-31 08:42 - 2016-01-31 08:42 - 00093456 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-31 08:40 - 2016-01-31 08:41 - 00345728 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-30 23:46 - 2016-01-31 00:18 - 00000266 __RSH C:\ProgramData\ntuser.pol 2016-01-30 23:46 - 2016-01-30 23:46 - 00000008 __RSH C:\Users\User\ntuser.pol 2016-01-20 22:03 - 2016-01-20 22:03 - 04705508 _____ C:\Users\User\Desktop\PIG PIB Warszawa.dwg 2016-01-20 22:03 - 2016-01-20 22:03 - 01008609 _____ C:\Users\User\Desktop\Projekt szynoprzewodow - PIG PIB Jagiellonska w Warszawie.dwg 2016-01-17 20:33 - 2016-01-17 20:33 - 00018944 _____ C:\Users\User\Desktop\Godziny Mateusz.xls 2016-01-17 19:46 - 2016-01-17 20:32 - 00068608 _____ C:\Users\User\Desktop\Wypłaty.xls 2016-01-17 19:04 - 2016-01-17 19:04 - 00218612 _____ C:\Users\User\Desktop\Historia_Rachunku_160117_190024 (1).pdf 2016-01-16 19:44 - 2016-01-16 16:44 - 00000000 ____D C:\Users\User\Desktop\Zamek Rysy 2016-01-16 19:43 - 2016-01-16 22:51 - 00000000 ____D C:\Users\User\Desktop\Zamek Nizio 2016-01-16 16:45 - 2016-01-16 16:47 - 480619790 _____ C:\Users\User\Desktop\zamek.rar 2016-01-06 23:05 - 2016-01-06 23:05 - 00000189 ____H C:\Users\User\Documents\Rysunek1.dwl2 2016-01-06 23:05 - 2016-01-06 23:05 - 00000039 ____H C:\Users\User\Documents\Rysunek1.dwl 2016-01-01 21:03 - 2016-01-01 21:51 - 00000000 ____D C:\Users\User\Desktop\Zdjęcia 2016-01-01 10:56 - 2016-01-01 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-01-01 10:56 - 2016-01-01 10:56 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-01-01 10:56 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-01-01 10:56 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-01-01 10:55 - 2016-01-31 11:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2016-01-01 10:55 - 2016-01-01 10:56 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-01-01 10:55 - 2016-01-01 10:56 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes 2016-01-01 10:55 - 2016-01-01 10:56 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-01-01 10:55 - 2016-01-01 10:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2016-01-01 10:55 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-01-01 10:34 - 2016-01-01 10:44 - 00000000 ____D C:\Users\User\Desktop\Pulpit 2016-01-01 10:31 - 2016-01-01 10:33 - 00000000 ____D C:\Users\User\Desktop\Nowy folder ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-31 12:07 - 2015-02-04 16:04 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-31 12:01 - 2015-02-04 22:04 - 00000000 ____D C:\Program Files\Google 2016-01-31 12:00 - 2015-02-04 22:04 - 00000000 ____D C:\Users\User\AppData\Local\Deployment 2016-01-31 11:38 - 2015-02-04 14:31 - 00169888 _____ C:\ProgramData\nvModes.dat 2016-01-31 11:38 - 2015-02-04 14:31 - 00169888 _____ C:\ProgramData\nvModes.001 2016-01-31 11:37 - 2015-04-13 20:59 - 00000396 _____ C:\Windows\Tasks\Wise Care 365.job 2016-01-31 11:37 - 2015-04-13 20:51 - 00000000 ____D C:\Users\User\AppData\Roaming\Wise Care 365 2016-01-31 11:37 - 2015-04-13 20:50 - 00001837 _____ C:\Users\Public\Desktop\Wise Care 365.lnk 2016-01-31 11:37 - 2015-02-04 21:19 - 00000000 ____D C:\ProgramData\MFAData 2016-01-31 11:37 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-31 11:37 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-31 11:36 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-31 11:35 - 2015-02-04 12:28 - 00000012 _____ C:\Windows\bthservsdp.dat 2016-01-31 11:35 - 2006-11-02 14:01 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-01-31 11:34 - 2015-02-04 20:20 - 00000000 ____D C:\Users\User\Documents\AVerTV 2016-01-31 00:25 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf 2016-01-31 00:15 - 2015-04-15 19:34 - 00000793 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-01-31 00:15 - 2015-02-04 15:48 - 00000860 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-01-31 00:15 - 2015-02-04 15:48 - 00000848 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-01-30 23:46 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\GroupPolicy 2016-01-30 21:05 - 2015-04-13 20:59 - 00000376 _____ C:\Windows\Tasks\Wise Turbo Checker.job 2016-01-30 14:06 - 2008-01-21 07:24 - 01613794 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-30 14:06 - 2008-01-21 07:24 - 00714160 _____ C:\Windows\system32\perfh015.dat 2016-01-30 14:06 - 2008-01-21 07:24 - 00151000 _____ C:\Windows\system32\perfc015.dat 2016-01-21 21:11 - 2015-04-15 19:33 - 00000000 ____D C:\Program Files\Opera 2016-01-20 23:28 - 2015-02-08 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-01-19 21:07 - 2015-02-04 16:04 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-01-19 21:07 - 2015-02-04 16:04 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-01-17 16:40 - 2015-02-08 12:37 - 00002619 _____ C:\Users\User\Desktop\Microsoft Office Excel 2007.lnk 2016-01-17 13:55 - 2015-02-08 12:37 - 00002625 _____ C:\Users\User\Desktop\Microsoft Office Word 2007.lnk 2016-01-13 20:48 - 2015-03-22 22:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-13 20:44 - 2015-03-22 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-13 20:42 - 2015-02-04 14:20 - 00000000 ____D C:\Windows\system32\MRT 2016-01-13 20:17 - 2006-11-02 11:24 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2016-01-06 10:12 - 2015-11-21 08:23 - 00000735 _____ C:\Users\Public\Desktop\AVG.lnk 2016-01-06 10:12 - 2015-11-21 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-01-02 21:06 - 2015-02-04 20:43 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps 2016-01-02 21:06 - 2015-02-04 12:49 - 00000000 ____D C:\Windows\Minidump 2016-01-01 11:14 - 2015-12-31 12:07 - 00000000 ____D C:\Users\User\AppData\Local\BankruptciesBaulkiest 2016-01-01 11:14 - 2006-11-02 12:18 - 00000000 ___SD C:\Windows\Downloaded Program Files ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-02-04 16:16 - 2015-02-04 16:16 - 0000000 _____ () C:\Users\User\AppData\Local\AtStart.txt 2015-02-04 12:33 - 2015-09-14 18:16 - 0001356 _____ () C:\Users\User\AppData\Local\d3d9caps.dat 2015-02-04 16:16 - 2015-02-04 16:16 - 0000000 _____ () C:\Users\User\AppData\Local\DSwitch.txt 2015-02-04 16:16 - 2015-02-04 16:16 - 0000000 _____ () C:\Users\User\AppData\Local\QSwitch.txt 2015-02-26 20:43 - 2015-02-26 20:43 - 0003208 _____ () C:\Users\User\AppData\Local\unins000.dat 2015-02-26 20:43 - 2015-02-26 20:43 - 0707744 _____ () C:\Users\User\AppData\Local\unins000.exe 2015-02-26 20:43 - 2015-02-26 20:43 - 0011761 _____ () C:\Users\User\AppData\Local\unins000.msg 2015-02-04 14:31 - 2016-01-31 11:38 - 0169888 _____ () C:\ProgramData\nvModes.001 2015-02-04 14:31 - 2016-01-31 11:38 - 0169888 _____ () C:\ProgramData\nvModes.dat Niektóre pliki w TEMP: ==================== C:\Users\USER~1.AVE\AppData\Local\Temp\RegCheck.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-01-31 11:42 ==================== Koniec FRST.txt ============================