Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 21-12-2016 Uruchomiony przez Monika (administrator) MONIKA-KOMPUTER (25-12-2016 19:28:20) Uruchomiony z C:\Users\Monika\Downloads Załadowane profile: UpdatusUser & Monika (Dostępne profile: UpdatusUser & Monika & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] () HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-25] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2967411305-4074242493-2484364347-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation) HKU\S-1-5-21-2967411305-4074242493-2484364347-1001\...\MountPoints2: {4c02e08b-911f-11e1-867d-742f68f787bb} - F:\Startme.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-05-10] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-05-10] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-25] (AVAST Software) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8F452638-BB66-430C-94E4-1E522259935C}: [DhcpNameServer] 89.231.1.206 217.172.224.160 Tcpip\..\Interfaces\{B756A15C-D23F-4BF7-B2CC-57DEB6A921C2}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKU\S-1-5-21-2967411305-4074242493-2484364347-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com HKU\S-1-5-21-2967411305-4074242493-2484364347-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKU\S-1-5-21-2967411305-4074242493-2484364347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\S-1-5-21-2967411305-4074242493-2484364347-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\S-1-5-21-2967411305-4074242493-2484364347-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\S-1-5-21-2967411305-4074242493-2484364347-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2967411305-4074242493-2484364347-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2967411305-4074242493-2484364347-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-12-25] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-25] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) DPF: HKLM-x32 {7818D12F-8769-4A58-AE82-81EBE897F4E4} hxxp://sip.asus.com/Windows7_Activation/DllFloder/WinActivateCom.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\mw49hoam.default [2016-12-25] FF Homepage: Mozilla\Firefox\Profiles\mw49hoam.default -> about:home FF Extension: (Adblock Plus) - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\mw49hoam.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-04] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-25] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-25] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-31] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-31] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-11] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-11] (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.449 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2009-11-04] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2009-11-04] (RealNetworks, Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation) ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [Brak podpisu cyfrowego] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [Brak podpisu cyfrowego] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-25] (AVAST Software) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [82936 2016-12-25] (AVAST Software) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-12-25] (AVAST Software) S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-12-25] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-12-25] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-12-25] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-25] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-12-25] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-12-25] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-12-25] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-25] (AVAST Software) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation) S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation) S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation) S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation) S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation) S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation) S3 AIDA64Driver; \??\F:\_testy\aida64extreme4\kerneld.x64 [X] S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X] S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-25 19:28 - 2016-12-25 19:29 - 00017618 _____ C:\Users\Monika\Downloads\FRST.txt 2016-12-25 19:27 - 2016-12-25 19:28 - 00000000 ____D C:\FRST 2016-12-25 19:25 - 2016-12-25 19:25 - 00000000 ____D C:\Users\Monika\AppData\Local\CEF 2016-12-25 19:23 - 2016-12-25 19:23 - 00371411 _____ C:\Users\Monika\Downloads\gm.zip 2016-12-25 19:22 - 2016-12-25 19:23 - 02420736 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe 2016-12-25 19:19 - 2016-12-25 19:19 - 00000000 ____D C:\Users\Monika\AppData\LocalLow\Mozilla 2016-12-25 19:18 - 2016-12-25 19:18 - 00003972 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1482689917 2016-12-25 19:18 - 2016-12-25 19:18 - 00001045 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-12-25 19:18 - 2016-12-25 19:18 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-12-25 19:17 - 2016-12-25 19:17 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-12-25 19:14 - 2016-12-25 19:14 - 00000000 ___RD C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-12-25 19:10 - 2016-12-25 19:10 - 00001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-12-25 19:10 - 2016-12-25 19:10 - 00000000 ____D C:\Users\Monika\AppData\Roaming\AVAST Software 2016-12-25 19:10 - 2016-12-25 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-12-25 19:09 - 2016-12-25 19:10 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2016-12-25 19:09 - 2016-12-25 19:10 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2016-12-25 19:09 - 2016-12-25 19:10 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2016-12-25 19:09 - 2016-12-25 19:09 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-12-25 19:09 - 2016-12-25 19:09 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-12-25 19:09 - 2016-12-25 19:09 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-12-25 19:09 - 2016-12-25 19:09 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-12-25 19:09 - 2016-12-25 19:09 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-12-25 19:09 - 2016-12-25 19:09 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-12-25 19:09 - 2016-12-25 19:09 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-12-25 19:09 - 2016-12-25 19:09 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-12-25 19:09 - 2016-12-25 19:09 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-12-25 19:09 - 2016-12-25 19:09 - 00000000 ____D C:\Program Files\Common Files\AV 2016-12-25 19:07 - 2016-12-25 19:17 - 00000000 ____D C:\Program Files\AVAST Software 2016-12-25 19:06 - 2016-12-25 19:17 - 00000000 ____D C:\ProgramData\AVAST Software 2016-12-25 19:06 - 2016-12-25 19:06 - 06253648 _____ (AVAST Software) C:\Users\Monika\Downloads\avast_free_antivirus_setup_online.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-25 19:25 - 2015-12-19 20:41 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-12-25 19:25 - 2012-08-22 16:03 - 00000000 ____D C:\ProgramData\Skype 2016-12-25 19:24 - 2009-07-14 05:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-25 19:24 - 2009-07-14 05:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-25 19:19 - 2016-02-21 12:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-25 19:19 - 2012-04-28 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-12-25 19:14 - 2012-04-28 11:48 - 00045056 _____ C:\Windows\system32\acovcnt.exe 2016-12-25 19:14 - 2011-11-04 13:25 - 00000000 ____D C:\ProgramData\NVIDIA 2016-12-25 19:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-25 19:13 - 2016-08-21 15:26 - 00035805 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-12-25 19:13 - 2016-08-21 15:26 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-12-25 19:03 - 2016-09-02 11:34 - 00000000 ____D C:\Program Files (x86)\Knight System Protector 2016-12-25 19:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-12-25 18:59 - 2011-11-04 13:43 - 00000000 ____D C:\ProgramData\Temp 2016-12-25 18:58 - 2016-08-21 15:26 - 00052430 _____ C:\Windows\ZAM.krnl.trace 2016-12-25 18:52 - 2012-04-28 12:31 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-17 20:01 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-10 19:34 - 2011-02-19 06:31 - 00752552 _____ C:\Windows\system32\perfh015.dat 2016-12-10 19:34 - 2011-02-19 06:31 - 00160176 _____ C:\Windows\system32\perfc015.dat 2016-12-10 19:34 - 2009-07-14 06:13 - 01702902 _____ C:\Windows\system32\PerfStringBackup.INI ==================== Pliki w katalogu głównym wybranych folderów ======= 2011-04-01 10:21 - 2010-07-07 00:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe 2011-11-04 13:43 - 2011-11-04 13:44 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-11-04 13:43 - 2011-11-04 13:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Niektóre pliki w TEMP: ==================== C:\Users\Monika\AppData\Local\Temp\DriverBoosterInstaller.exe C:\Users\Monika\AppData\Local\Temp\Install.exe C:\Users\Monika\AppData\Local\Temp\ipl1016.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl144A.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl1860.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl19A7.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl1A83.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl1AC0.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl1CD2.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl21F1.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl24ED.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl250D.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl25C8.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl28B6.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl2943.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl2C5D.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl2E.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl2EFB.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl2FE5.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl30DF.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl31B.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl34D5.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl3542.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl3681.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl3A70.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl3C83.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl3D5F.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl3D9B.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl3DBA.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl3DF9.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl3E6.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl3FA0.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl3FB1.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl41DF.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl45F6.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl49BC.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl4B36.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl4BAF.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl4C0C.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl50F0.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl52FF.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl532F.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl556F.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl5D5B.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl5F10.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl605B.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl6112.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl6518.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl6631.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl6806.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl69AA.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl6DBF.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl6E1D.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl7051.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl706E.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl71A6.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl736A.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl7925.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl7945.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl7CCD.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl7CD.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl7EDF.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl8046.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl817E.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl81FB.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl8786.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl8796.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl8AA2.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl93A7.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl9452.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl96C2.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl98E4.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl9C4E.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl9DB.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl9E71.tmp.exe C:\Users\Monika\AppData\Local\Temp\ipl9F69.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA015.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA0D0.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA12F.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA19B.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA360.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA469.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA4E5.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA60E.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA60F.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA69A.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA6DA.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA755.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA968.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplA9B6.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplAA33.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplAA81.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplAD7D.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplAE96.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB08.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB127.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB163.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB21F.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB25D.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB318.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB3C4.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB46.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB598.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB8E2.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB94F.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplB9EB.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplBA0B.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplBAA7.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplBB33.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplBCAB.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplBCC9.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplBDE1.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplBE01.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplBE5E.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplBE6E.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplBECB.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplC34E.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplC3EB.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplC467.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplC4C4.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplC5AE.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplC64A.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplC68A.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplC6B7.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplC7EF.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplC7FF.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplC8F9.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplCCFE.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplCFAD.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD068.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD104.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD20D.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD211.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD317.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD345.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD44E.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD538.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD6DD.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD863.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD8D1.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplD9AB.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplDBBD.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplDBFC.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplDC69.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplDD24.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplDDD0.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplDEAA.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplE09D.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplE1A7.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplE455.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplE6B6.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplE71.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplE752.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplEB48.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplEC32.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplECCE.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplEEE.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplEFDA.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplF076.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplF085.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplF1C.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplF1FC.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplF40F.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplF5E2.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplF758.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplFB3F.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplFD32.tmp.exe C:\Users\Monika\AppData\Local\Temp\iplFF73.tmp.exe C:\Users\Monika\AppData\Local\Temp\KSPSetup.exe C:\Users\Monika\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-12-18 11:04 ==================== Koniec FRST.txt ============================