Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 04-11-2016 Uruchomiony przez Miski (administrator) MISKI-KOMPUTER (10-11-2016 13:01:30) Uruchomiony z C:\antywirrr Załadowane profile: Miski (Dostępne profile: Miski) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ASUSTeK Computer Inc.) D:\Windows\System32\FBAgent.exe (ASUSTek Computer Inc.) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe (ASUS) D:\Windows\AsScrPro.exe (Realtek Semiconductor) D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUS) D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (CrypKey (Canada) Ltd.) D:\Windows\System32\Crypserv.exe (ASUS) D:\Program Files\ASUS\P4G\BatteryLife.exe (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (ASUS) D:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK) D:\Windows\SysWOW64\ACEngSvr.exe (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Acresso) D:\Program Files (x86)\Vivid WorkshopData ATI\WorkshopDBServer.exe (Sun Microsystems, Inc.) D:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe (ASUS) D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUSTek Computer Inc.) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUSTek Computer Inc.) D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Synaptics Incorporated) D:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) D:\Windows\System32\igfxtray.exe (Intel Corporation) D:\Windows\System32\hkcmd.exe (Intel Corporation) D:\Windows\System32\igfxpers.exe (Synaptics Incorporated) D:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ASUSTek Computer Inc.) D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (AVAST Software) D:\Program Files\AVAST Software\Avast\avastui.exe (Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (SurfRight B.V.) D:\Program Files\HitmanPro\hmpsched.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SynTPEnh] => D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [SynAsusAcpi] => D:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [RtHDVBg] => D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor) HKLM-x32\...\Run: [ATKOSD2] => D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064 2012-09-14] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] => D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [HControlUser] => D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-10] (AVAST Software) Winlogon\Notify\igfxcui: D:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: H - H:\AutoRun.exe /s HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: I - I:\AutoRun.exe /s HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: J - J:\DTLplus_Launcher.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {11df410f-8d87-11e3-b3f5-806e6f6e6963} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {1a6f2a9b-8d6c-11e3-b999-9346a180706c} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {355a64a2-0802-11e3-bbb3-af0f3218e90a} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {4ad68b58-0810-11e3-ba26-c3b775be6c0b} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {56edb09b-1a48-11e3-bf57-8f87ef533714} - H:\AutoRun.exe /s HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {7a76bfe7-96ae-11e4-a33d-918beb7fad17} - J:\DTLplus_Launcher.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {888e4a2a-8d85-11e3-8948-c597478ee114} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {8b3ae7c0-2363-11e2-b5dc-aab8166d1e0b} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {93b5fa2f-52e5-11e3-899c-806e6f6e6963} - I:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {93b5fa8f-52e5-11e3-899c-a2a197f68d14} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {984a13dc-7bb4-11e3-a30d-eea16c83246e} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {a62feea6-5f10-11e1-9796-5404a6366e63} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {a62feeb4-5f10-11e1-9796-5404a6366e63} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {a6b0505e-2373-11e2-8d24-9590837e370b} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {af1bdc6f-8e85-11e3-82d3-8c4be7213914} - I:\AutoRun.exe /s HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {b0970505-15e7-11e2-8313-ef9db8d7ed0b} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {b1636c60-5a26-11e1-b6f8-5404a6366e63} - G:\autorun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {b47446c0-a7c0-11e4-b2b5-9458d18cbb15} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {b7062ea7-22c7-11e2-8621-ed0e9937f338} - H:\AutoRun.exe /s HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {bfe24472-2501-11e2-9894-cf3cbd5c120a} - I:\AutoRun.exe /s HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {cf1fb04a-0802-11e3-9261-e08591a9640b} - H:\AutoRun.exe HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {d0ea8a83-7bba-11e3-a2b2-dc314be1998c} - H:\AutoRun.exe /s HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\...\MountPoints2: {fa89d7b1-542a-11e3-8a7e-c373e0eeb215} - H:\AutoRun.exe /s HKU\S-1-5-18\...\RunOnce: [SPReview] => D:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-11-10] (AVAST Software) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\..\Interfaces\{5FB8EDF1-8BC1-4FAE-AFC0-784F79CA5C78}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{64D4D481-1FDA-48E7-91E3-DA8A9C884500}: [DhcpNameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{77F81C2C-F5F0-49FB-B91C-A79D2A257D8F}: [DhcpNameServer] 212.2.96.53 212.2.96.54 Tcpip\..\Interfaces\{AF0DCE69-76E7-4CD6-AA5C-FB92C3E4DCD9}: [NameServer] 194.204.159.1 Internet Explorer: ================== HKU\S-1-5-21-1031250892-1764762001-3562258087-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ SearchScopes: HKLM-x32 -> DefaultScope - brak wartości BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-10] (AVAST Software) BHO-x32: Brak nazwy -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> Brak pliku BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-10] (AVAST Software) BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> D:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.) Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku FireFox: ======== FF ProfilePath: D:\Users\Miski\AppData\Roaming\Mozilla\Firefox\Profiles\qqojthu1.default [2016-11-10] FF user.js: detected! => D:\Users\Miski\AppData\Roaming\Mozilla\Firefox\Profiles\qqojthu1.default\user.js [2014-11-28] FF Homepage: Mozilla\Firefox\Profiles\qqojthu1.default -> hxxp://www.google.pl/ FF Extension: (Firefox Hotfix) - D:\Users\Miski\AppData\Roaming\Mozilla\Firefox\Profiles\qqojthu1.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-10] FF Extension: (Video DownloadHelper) - D:\Users\Miski\AppData\Roaming\Mozilla\Firefox\Profiles\qqojthu1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-11-10] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - D:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - D:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-10] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - D:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-10] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: (RealPlayer Browser Record Plugin) - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2015-01-26] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - D:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono FF Plugin: @adobe.com/FlashPlayer -> D:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-27] () FF Plugin-x32: @adobe.com/FlashPlayer -> D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-27] () FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-02-18] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-02-18] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-02-18] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-02-18] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-02-18] (RealNetworks, Inc.) FF Plugin-x32: Adobe Reader -> D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-02-18] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ASUS InstantOn; D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [92800 2011-11-30] (ASUS) R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-10] (AVAST Software) R2 Crypkey License; D:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [Brak podpisu cyfrowego] R2 HitmanProScheduler; D:\Program Files\HitmanPro\hmpsched.exe [135496 2016-11-10] (SurfRight B.V.) S3 IDriverT; D:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Brak podpisu cyfrowego] R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 WinDefend; D:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WorkshopDBService; D:\Program Files (x86)\Vivid WorkshopData ATI\WorkshopDBServer.exe [114688 2011-02-22] (Acresso) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 aswHwid; D:\Windows\system32\drivers\aswHwid.sys [37656 2016-11-10] (AVAST Software) R1 aswKbd; D:\Windows\system32\drivers\aswKbd.sys [37144 2016-11-10] (AVAST Software) R2 aswMonFlt; D:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-11-10] (AVAST Software) R1 aswRdr; D:\Windows\system32\drivers\aswRdr2.sys [103064 2016-11-10] (AVAST Software) R0 aswRvrt; D:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-10] (AVAST Software) R1 aswSnx; D:\Windows\system32\drivers\aswSnx.sys [969184 2016-11-10] (AVAST Software) R1 aswSP; D:\Windows\system32\drivers\aswSP.sys [513632 2016-11-10] (AVAST Software) R2 aswStm; D:\Windows\system32\drivers\aswStm.sys [163416 2016-11-10] (AVAST Software) R0 aswVmm; D:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-10] (AVAST Software) R1 dtsoftbus01; D:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-18] (DT Soft Ltd) S3 ebdrv; D:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ewusbnet; D:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2010-01-04] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] S3 hwdatacard; D:\Windows\System32\DRIVERS\ewusbmdm.sys [117120 2010-01-04] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] S3 hwusbdev; D:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-01-04] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] R3 kbfiltr; D:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 massfilter_lte; D:\Windows\system32\drivers\massfilter_lte.sys [18456 2012-03-13] (HandSet Incorporated) R3 MBAMProtector; D:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; D:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2016-11-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; D:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R1 NetworkX; D:\Windows\system32\ckldrv.sys [28664 2008-03-17] () R2 Sentinel64; D:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.) S3 zgdcat; D:\Windows\System32\DRIVERS\zgdcat.sys [130200 2012-03-13] (ZTE Incorporated) S3 zgdcdiag; D:\Windows\System32\DRIVERS\zgdcdiag.sys [130200 2012-03-13] (ZTE Incorporated) S3 zgdcmdm; D:\Windows\System32\DRIVERS\zgdcmdm.sys [130200 2012-03-13] (ZTE Incorporated) S3 zgdcnet; D:\Windows\System32\DRIVERS\zgdcnet.sys [169496 2012-03-13] (ZTE Incorporated) S3 zgdcnmea; D:\Windows\System32\DRIVERS\zgdcnmea.sys [130200 2012-03-13] (ZTE Incorporated) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-11-10 12:39 - 2016-11-10 12:43 - 00000000 ____D D:\Program Files\Recuva 2016-11-10 12:39 - 2016-11-10 12:39 - 00001618 _____ D:\Users\Public\Desktop\Recuva.lnk 2016-11-10 12:39 - 2016-11-10 12:39 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2016-11-10 10:35 - 2016-11-10 10:36 - 03910208 _____ D:\Users\Miski\Downloads\adwcleaner_6.030.exe 2016-11-10 10:29 - 2016-11-10 12:38 - 00134240 _____ D:\Windows\ntbtlog.txt 2016-11-10 09:55 - 2016-11-10 09:55 - 00000000 ____D D:\Windows\System32\Tasks\AVAST Software 2016-11-10 09:55 - 2016-11-10 09:55 - 00000000 ____D D:\Program Files\Common Files\AV 2016-11-10 09:54 - 2016-11-10 09:54 - 00000000 ____D D:\Users\Miski\AppData\Local\CEF 2016-11-10 09:50 - 2016-11-10 09:50 - 00000000 ____D D:\Users\Miski\AppData\Roaming\AVAST Software 2016-11-10 09:49 - 2016-11-10 09:49 - 00003960 _____ D:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1478767756 2016-11-10 09:49 - 2016-11-10 09:49 - 00001882 _____ D:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-11-10 09:49 - 2016-11-10 09:49 - 00001003 _____ D:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-11-10 09:49 - 2016-11-10 09:49 - 00001003 _____ D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-11-10 09:49 - 2016-11-10 09:49 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-11-10 09:48 - 2016-11-10 09:56 - 00969184 _____ (AVAST Software) D:\Windows\system32\Drivers\aswsnx.sys 2016-11-10 09:48 - 2016-11-10 09:56 - 00513632 _____ (AVAST Software) D:\Windows\system32\Drivers\aswsp.sys 2016-11-10 09:48 - 2016-11-10 09:56 - 00293352 _____ (AVAST Software) D:\Windows\system32\Drivers\aswvmm.sys 2016-11-10 09:48 - 2016-11-10 09:48 - 00004180 _____ D:\Windows\System32\Tasks\avast! Emergency Update 2016-11-10 09:48 - 2016-11-10 09:47 - 00163416 _____ (AVAST Software) D:\Windows\system32\Drivers\aswStm.sys 2016-11-10 09:48 - 2016-11-10 09:47 - 00108816 _____ (AVAST Software) D:\Windows\system32\Drivers\aswMonFlt.sys 2016-11-10 09:48 - 2016-11-10 09:47 - 00103064 _____ (AVAST Software) D:\Windows\system32\Drivers\aswRdr2.sys 2016-11-10 09:48 - 2016-11-10 09:47 - 00074544 _____ (AVAST Software) D:\Windows\system32\Drivers\aswRvrt.sys 2016-11-10 09:48 - 2016-11-10 09:47 - 00037656 _____ (AVAST Software) D:\Windows\system32\Drivers\aswHwid.sys 2016-11-10 09:48 - 2016-11-10 09:47 - 00037144 _____ (AVAST Software) D:\Windows\system32\Drivers\aswKbd.sys 2016-11-10 09:47 - 2016-11-10 09:47 - 00992960 _____ (Microsoft Corporation) D:\Windows\system32\ucrtbase.dll 2016-11-10 09:47 - 2016-11-10 09:47 - 00921280 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ucrtbase.dll 2016-11-10 09:47 - 2016-11-10 09:47 - 00391496 _____ (AVAST Software) D:\Windows\system32\aswBoot.exe 2016-11-10 09:47 - 2016-11-10 09:47 - 00053208 _____ (AVAST Software) D:\Windows\avastSS.scr 2016-11-10 09:47 - 2016-11-10 09:47 - 00000000 ____D D:\Program Files\AVAST Software 2016-11-10 09:27 - 2016-11-10 12:51 - 00001899 _____ D:\Users\Public\Desktop\HitmanPro.lnk 2016-11-10 09:27 - 2016-11-10 09:27 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-11-10 09:26 - 2016-11-10 09:36 - 00000000 ____D D:\ProgramData\HitmanPro 2016-11-10 09:26 - 2016-11-10 09:27 - 00000000 ____D D:\Program Files\HitmanPro 2016-11-10 08:21 - 2016-11-10 08:21 - 00001011 _____ D:\Users\Miski\Desktop\SpyHunter4.lnk 2016-11-10 08:21 - 2016-11-10 08:21 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4 2016-11-10 07:39 - 2016-11-10 10:31 - 00000000 ____D D:\Program Files\Plumbytes Software 2016-11-10 07:38 - 2016-11-10 07:38 - 00000000 ____D D:\Program Files (x86)\Mozilla Firefox 2016-11-08 19:49 - 2016-11-08 19:50 - 00000000 ____D D:\Users\Miski\Desktop\cos 2016-10-30 14:48 - 2016-10-30 14:48 - 169732219 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-FBB8-9662C6ABF019.thor 2016-10-30 14:48 - 2016-10-30 14:48 - 12017547 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-AB8A-AB16E3DCD473.thor 2016-10-30 14:47 - 2016-10-30 14:47 - 07407380 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-4614-423FEED8001E.thor 2016-10-30 14:47 - 2016-10-30 14:47 - 03898738 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-2DA3-88698D2C6C14.thor 2016-10-30 14:47 - 2016-10-30 14:47 - 03171700 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-EECB-1E8827667552.thor 2016-10-30 14:47 - 2016-10-30 14:47 - 00780908 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-4643-F50A3B8EB92A.thor 2016-10-30 14:47 - 2016-10-30 14:47 - 00369541 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-3F8C-2184E6BD9FA5.thor 2016-10-30 14:47 - 2016-10-30 14:47 - 00369541 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-1E96-171310BBC0D0.thor 2016-10-30 14:46 - 2016-10-30 14:46 - 01768717 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-F6E9-93B02513DBEB.thor 2016-10-30 14:42 - 2016-10-30 14:42 - 01199586 _____ D:\Users\Miski\Desktop\CA0F2273-3C16-6A13-E313-C781D0001ABA.thor 2016-10-30 14:39 - 2016-10-30 14:39 - 01308525 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-2EB6-E7EBCBF79B43.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 01028578 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-93FD-FB7FA6ADFEAA.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00597759 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-24F7-413BBCB49BDA.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00402080 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-D5FD-1306CF596C39.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00178775 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-7632-25EF1B8EAA31.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00140162 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-D3A9-6A1FBA3CFE22.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00118193 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-8F2A-6BB86C80503D.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00111436 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-B833-3BC855BA471A.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00038260 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-EF0C-4E89891AEBB5.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00036636 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-EE5B-C49EDD6A20B4.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00024834 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-7FE0-8FD2CC8FBEDE.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00020977 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-29F4-D3C7A39F8E19.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00012994 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-9DEF-89BFA64994B0.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00007481 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-C62E-B98BAFBF2395.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00003668 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-E4A9-8808C58A024B.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00001647 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-E888-CB36E0A6F251.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00001376 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-5569-CA732A1A7256.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00001011 _____ D:\Users\Miski\Documents\CA0F2273-3C16-6A13-B973-3A9A504507E0.thor 2016-10-30 14:38 - 2016-10-30 14:38 - 00000960 _____ D:\Users\Miski\Documents\CA0F2273-3C16-6A13-3F26-8418C22E7F9B.thor 2016-10-30 14:33 - 2016-10-30 14:33 - 00049988 _____ D:\Users\Miski\Documents\CA0F2273-3C16-6A13-49C8-F39326946601.thor 2016-10-30 14:33 - 2016-10-30 14:33 - 00014351 _____ D:\Users\Miski\Downloads\CA0F2273-3C16-6A13-46FA-F0784A1EEDCB.thor 2016-10-30 14:33 - 2016-10-30 14:33 - 00010093 _____ D:\Users\Miski\Downloads\_2_WHAT_is.html 2016-10-30 14:33 - 2016-10-30 14:33 - 00010093 _____ D:\Users\Miski\Documents\_3_WHAT_is.html 2016-10-30 14:33 - 2016-10-30 14:33 - 00010093 _____ D:\Users\Miski\Desktop\_4_WHAT_is.html ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-11-10 13:01 - 2014-11-28 05:24 - 00000000 ____D D:\FRST 2016-11-10 12:53 - 2009-07-14 05:45 - 00017072 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-10 12:53 - 2009-07-14 05:45 - 00017072 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-10 12:46 - 2014-11-26 17:19 - 00129752 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-11-10 12:46 - 2011-02-22 07:38 - 00000000 ____D D:\ProgramData\organiser 2016-11-10 12:45 - 2009-07-14 06:08 - 00000006 ____H D:\Windows\Tasks\SA.DAT 2016-11-10 12:45 - 2009-07-14 04:20 - 00000000 ____D D:\Windows\PLA 2016-11-10 10:54 - 2014-02-25 13:56 - 00000000 ____D D:\AdwCleaner 2016-11-10 10:04 - 2013-08-07 17:12 - 00000930 _____ D:\Windows\Tasks\Adobe Flash Player Updater.job 2016-11-10 09:47 - 2014-02-25 14:24 - 00000000 ____D D:\ProgramData\AVAST Software 2016-11-10 09:44 - 2012-02-18 10:14 - 00001235 _____ D:\Windows\system32\ServiceFilter.ini 2016-11-10 09:24 - 2012-02-18 11:16 - 00045056 _____ D:\Windows\SysWOW64\acovcnt.exe 2016-11-10 08:15 - 2009-07-14 18:55 - 00743696 _____ D:\Windows\system32\perfh015.dat 2016-11-10 08:15 - 2009-07-14 18:55 - 00157146 _____ D:\Windows\system32\perfc015.dat 2016-11-10 08:15 - 2009-07-14 06:13 - 01702722 _____ D:\Windows\system32\PerfStringBackup.INI 2016-11-10 08:15 - 2009-07-14 04:20 - 00000000 ____D D:\Windows\inf 2016-11-10 08:09 - 2013-02-12 06:57 - 00000000 ____D D:\Program Files (x86)\Mozilla Maintenance Service 2016-11-10 07:25 - 2009-07-14 06:32 - 00000000 ____D D:\Windows\addins 2016-10-30 14:49 - 2016-09-29 14:12 - 00000000 ____D D:\Users\Miski\Desktop\Kamica szczawianowo-wapniowa – Zasady żywienia_pliki 2016-10-30 14:49 - 2012-02-18 14:09 - 00000000 ____D D:\ProgramData\DAEMON Tools Lite 2016-10-30 14:49 - 2012-02-18 10:02 - 00000000 ____D D:\ProgramData\SonicFocus 2016-10-30 14:48 - 2012-02-18 09:58 - 00000000 ____D D:\ProgramData\AmUStor 2016-10-30 14:47 - 2015-05-16 17:19 - 00000000 ____D D:\Users\Miski\Desktop\części 2016-10-30 14:47 - 2015-01-15 18:07 - 00000000 ____D D:\Users\Miski\Desktop\do wywołania 2016-10-30 14:47 - 2013-02-11 18:36 - 00000000 ____D D:\Users\Miski\Downloads\Hotfix_Microsoft_KB2502789_SP1_Win7_32_64_z10 2016-10-30 14:47 - 2012-02-29 19:21 - 00000000 ____D D:\Users\Miski\dwhelper 2016-10-30 14:46 - 2016-07-12 19:06 - 00000000 ____D D:\Users\Miski\Desktop\PASSAT 2016-10-27 19:05 - 2013-08-07 17:12 - 00796352 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerApp.exe 2016-10-27 19:05 - 2013-08-07 17:12 - 00003868 _____ D:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-10-27 19:05 - 2012-02-18 10:55 - 00142528 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-10-27 19:04 - 2012-02-18 10:55 - 00000000 ____D D:\Windows\system32\Macromed 2016-10-27 19:04 - 2012-02-18 10:13 - 00000000 ____D D:\Windows\SysWOW64\Macromed 2016-10-13 19:21 - 2009-07-14 06:08 - 00032608 _____ D:\Windows\Tasks\SCHEDLGU.TXT 2016-10-11 17:34 - 2012-02-18 11:56 - 00000000 ____D D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office ==================== Pliki w katalogu głównym wybranych folderów ======= 2012-02-18 12:13 - 2012-02-24 19:53 - 0000187 _____ () D:\Users\Miski\AppData\Roaming\burnaware.ini 2012-02-18 11:35 - 2014-11-28 10:09 - 0007602 _____ () D:\Users\Miski\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) D:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo D:\Windows\system32\wininit.exe => Plik podpisany cyfrowo D:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo D:\Windows\explorer.exe => Plik podpisany cyfrowo D:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo D:\Windows\system32\svchost.exe => Plik podpisany cyfrowo D:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo D:\Windows\system32\services.exe => Plik podpisany cyfrowo D:\Windows\system32\User32.dll => Plik podpisany cyfrowo D:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo D:\Windows\system32\userinit.exe => Plik podpisany cyfrowo D:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo D:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo D:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo D:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo D:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-10-31 23:34 ==================== Koniec FRST.txt ============================