Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 22-01-2017 Uruchomiony przez Jacek (administrator) JACEK-KOMPUTER (22-01-2017 18:59:55) Uruchomiony z C:\Users\Jacek\Desktop Załadowane profile: Jacek (Dostępne profile: Jacek) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Safe Mode (minimal) Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-22] (AVAST Software) HKU\S-1-5-21-2320623359-3011444700-1779620929-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C2].txt [1403 2017-01-22] () HKU\S-1-5-21-2320623359-3011444700-1779620929-1000\...\RunOnce: [Application Restart #0] => C:\Windows\System32\ctfmon.exe ctfmon.exe HKU\S-1-5-21-2320623359-3011444700-1779620929-1000\...\MountPoints2: {ab482dcb-529b-11e4-9a2b-782bcbd5fa37} - F:\LaunchU3.exe -a Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-22] (AVAST Software) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2A73671F-AE4D-4132-B2D3-DF9CFC8D82D6}: [DhcpNameServer] 10.10.0.1 Tcpip\..\Interfaces\{8C5102C6-A102-4639-BB4C-C2E9B56CA269}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207494964958065&GUID=BF7D58A0-EE49-4034-9469-671DA04BA740 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207494964958065&GUID=BF7D58A0-EE49-4034-9469-671DA04BA740 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207494970730076&GUID=BF7D58A0-EE49-4034-9469-671DA04BA740 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207494965114066&GUID=BF7D58A0-EE49-4034-9469-671DA04BA740 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207494965114066&GUID=BF7D58A0-EE49-4034-9469-671DA04BA740 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\Jacek\AppData\Roaming\Mozilla\Firefox\Profiles\xgd18ips.default [2017-01-22] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xgd18ips.default -> Yahoo® FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xgd18ips.default -> Yahoo® FF Extension: (Bing Search) - C:\Users\Jacek\AppData\Roaming\Mozilla\Firefox\Profiles\xgd18ips.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-26] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2320623359-3011444700-1779620929-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jacek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2320623359-3011444700-1779620929-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jacek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Users\Jacek\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Profile 2 CHR DefaultSearchURL: Profile 2 -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr CHR DefaultSearchKeyword: Profile 2 -> NortonSafe CHR DefaultSuggestURL: Profile 2 -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff CHR Profile: C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-22] CHR Profile: C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-22] CHR Extension: (Dokumenty Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09] CHR Extension: (Dysk Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-09] CHR Extension: (YouTube) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-09] CHR Extension: (Google Search) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-29] CHR Extension: (Norton Home Page for Chrome) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-03-24] CHR Extension: (Norton Identity Safe) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-11] CHR Extension: (Norton Security Toolbar) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-11] CHR Extension: (Norton Safe) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-12] CHR Extension: (Gmail) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR Extension: (Wallpaper Homepage) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppifkfolbcccajbajmlfemjgecpgoafa [2015-04-22] CHR Profile: C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-01-22] CHR Extension: (Prezentacje Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-26] CHR Extension: (Dokumenty Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-26] CHR Extension: (Dysk Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-27] CHR Extension: (YouTube) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Norton Security Toolbar) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-22] CHR Extension: (Google Search) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-28] CHR Extension: (Norton Home Page for Chrome) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-27] CHR Extension: (Arkusze Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-26] CHR Extension: (Dokumenty Google offline) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27] CHR Extension: (Skype) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-20] CHR Extension: (Norton Safe) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-12-20] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22] CHR Extension: (Gmail) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-28] CHR Extension: (Chrome Media Router) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20] CHR Extension: (Wallpaper Homepage) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ppifkfolbcccajbajmlfemjgecpgoafa [2015-07-27] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (Adblock Plus) - C:\Users\Jacek\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-11-02] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-22] (AVAST Software) S2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1032680 2014-10-03] (Camshare Inc.) S2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-22] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-22] (AVAST Software) S3 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-22] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-22] (AVAST Software) S3 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-01-22] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-01-22] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-22] (AVAST Software) S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-22] (AVAST Software) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-22 18:52 - 2017-01-22 18:52 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-22 18:52 - 2017-01-22 18:52 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-01-22 18:52 - 2017-01-22 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-01-22 18:52 - 2017-01-22 18:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-22 18:52 - 2017-01-22 18:52 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-22 18:52 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-01-22 18:49 - 2017-01-22 18:49 - 00557008 _____ C:\Windows\Minidump\012217-20014-01.dmp 2017-01-22 18:47 - 2017-01-22 18:47 - 00004936 _____ C:\Users\Jacek\Desktop\Fixlog.txt 2017-01-22 18:04 - 2017-01-22 18:04 - 00000000 ____D C:\Users\Jacek\Desktop\Jacek 2017-01-22 17:32 - 2017-01-22 17:29 - 00380928 _____ C:\Users\Jacek\Desktop\xhcjgitm.exe 2017-01-22 17:26 - 2017-01-22 18:59 - 00014989 _____ C:\Users\Jacek\Desktop\FRST.txt 2017-01-22 17:26 - 2017-01-22 17:26 - 00051629 _____ C:\Users\Jacek\Desktop\Shortcut.txt 2017-01-22 17:26 - 2017-01-22 17:26 - 00029419 _____ C:\Users\Jacek\Desktop\Addition.txt 2017-01-22 17:25 - 2017-01-22 18:59 - 00000000 ____D C:\FRST 2017-01-22 17:24 - 2017-01-22 16:24 - 02420736 _____ (Farbar) C:\Users\Jacek\Desktop\FRST64.exe 2017-01-22 17:03 - 2017-01-22 17:03 - 00054938 _____ C:\Users\Jacek\Desktop\Extras.Txt 2017-01-22 17:02 - 2017-01-22 17:02 - 00063806 _____ C:\Users\Jacek\Desktop\OTL.Txt 2017-01-22 16:51 - 2017-01-22 16:51 - 00602112 _____ (OldTimer Tools) C:\Users\Jacek\Desktop\OTL.exe 2017-01-22 16:42 - 2017-01-22 16:42 - 00000000 ____D C:\rsit 2017-01-22 16:42 - 2017-01-22 16:42 - 00000000 ____D C:\Program Files\trend micro 2017-01-22 16:42 - 2017-01-22 16:39 - 01222144 _____ C:\Users\Jacek\Desktop\RSITx64.exe 2017-01-22 16:37 - 2017-01-22 16:37 - 00557008 _____ C:\Windows\Minidump\012217-20155-01.dmp 2017-01-22 16:32 - 2017-01-22 16:33 - 00557008 _____ C:\Windows\Minidump\012217-21294-01.dmp 2017-01-22 16:23 - 2017-01-22 16:24 - 00557008 _____ C:\Windows\Minidump\012217-22620-01.dmp 2017-01-22 16:09 - 2017-01-22 18:49 - 299282373 _____ C:\Windows\MEMORY.DMP 2017-01-22 16:09 - 2017-01-22 16:09 - 00557008 _____ C:\Windows\Minidump\012217-20295-01.dmp 2017-01-22 15:34 - 2017-01-22 15:34 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\AVAST Software 2017-01-22 15:33 - 2017-01-22 15:33 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2017-01-22 15:33 - 2017-01-22 15:33 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2017-01-22 15:33 - 2017-01-22 15:33 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-01-22 15:33 - 2017-01-22 15:33 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-01-22 15:33 - 2017-01-22 15:33 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-01-22 15:33 - 2017-01-22 15:33 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-01-22 15:33 - 2017-01-22 15:33 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-01-22 15:33 - 2017-01-22 15:33 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-01-22 15:33 - 2017-01-22 15:33 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2017-01-22 15:33 - 2017-01-22 15:33 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-01-22 15:33 - 2017-01-22 15:33 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-01-22 15:33 - 2017-01-22 15:33 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job 2017-01-22 15:33 - 2017-01-22 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2017-01-22 15:32 - 2017-01-22 15:32 - 00000000 ____D C:\Program Files\AVAST Software 2017-01-22 15:31 - 2017-01-22 15:31 - 06253648 _____ (AVAST Software) C:\Users\Jacek\Downloads\avast_free_antivirus_setup_online.exe 2017-01-22 15:31 - 2017-01-22 15:31 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-22 15:16 - 2017-01-22 15:16 - 00279245 ____N C:\Windows\Minidump\012217-23758-01.dmp 2017-01-22 14:55 - 2017-01-22 16:36 - 00000000 ____D C:\AdwCleaner 2017-01-22 14:55 - 2017-01-22 14:55 - 03988944 _____ C:\Users\Jacek\Downloads\adwcleaner_6.042.exe 2017-01-22 14:34 - 2017-01-22 14:37 - 00000000 ____D C:\Windows\pss 2017-01-22 14:20 - 2017-01-22 18:59 - 02578162 _____ C:\Windows\ntbtlog.txt 2017-01-21 09:48 - 2017-01-21 09:48 - 00006576 ____N C:\bootsqm.dat 2017-01-21 09:39 - 2017-01-21 09:39 - 00557008 _____ C:\Windows\Minidump\012117-37409-01.dmp 2017-01-21 09:38 - 2017-01-21 09:38 - 00557008 _____ C:\Windows\Minidump\012117-39187-01.dmp 2017-01-21 09:36 - 2017-01-21 09:36 - 00557008 _____ C:\Windows\Minidump\012117-35271-01.dmp 2017-01-21 09:27 - 2017-01-21 09:27 - 00556288 _____ C:\Windows\Minidump\012117-37877-01.dmp 2017-01-21 09:26 - 2017-01-21 09:26 - 00556432 _____ C:\Windows\Minidump\012117-80948-01.dmp 2017-01-21 09:24 - 2017-01-21 09:24 - 00557008 _____ C:\Windows\Minidump\012117-34991-01.dmp 2017-01-21 09:23 - 2017-01-21 09:48 - 00278669 ____N C:\Windows\Minidump\012117-24211-01.dmp 2017-01-21 09:23 - 2017-01-21 09:23 - 00557008 _____ C:\Windows\Minidump\012117-35334-01.dmp 2017-01-17 09:24 - 2017-01-20 11:29 - 00000000 ____D C:\Users\Jacek\Desktop\Robby 2017-01-08 14:03 - 2017-01-20 14:03 - 00000000 ____D C:\Users\Jacek\Desktop\Jacek dzwonek kogut 2017-01-06 13:30 - 2017-01-15 20:19 - 00000000 ____D C:\Users\Jacek\Desktop\Bartek ur.18 lat 2017-01-01 14:06 - 2017-01-01 14:07 - 04754032 _____ C:\Users\Jacek\Downloads\CpWzPrM.exe 2016-12-30 16:22 - 2017-01-20 12:00 - 00000000 ____D C:\Users\Jacek\Desktop\Nowy folder (2) 2016-12-29 18:31 - 2017-01-07 18:44 - 00000000 ____D C:\Users\Jacek\Desktop\Wesołych Świąt.i,t.p 2016-12-28 13:28 - 2016-12-28 13:28 - 02490760 _____ C:\Users\Jacek\Downloads\adobe-photoshop-elements.exe 2016-12-23 15:17 - 2017-01-10 21:45 - 00000000 ____D C:\Users\Jacek\Desktop\Karp wpuszic ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-22 18:49 - 2014-12-22 21:43 - 00000000 ____D C:\Windows\Minidump 2017-01-22 16:13 - 2009-07-14 18:55 - 00752890 _____ C:\Windows\system32\perfh015.dat 2017-01-22 16:13 - 2009-07-14 18:55 - 00160236 _____ C:\Windows\system32\perfc015.dat 2017-01-22 16:13 - 2009-07-14 06:13 - 01696318 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-22 16:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-01-22 15:37 - 2014-10-10 21:19 - 00000000 ____D C:\ProgramData\NortonInstaller 2017-01-22 15:33 - 2015-06-12 19:12 - 00000000 ____D C:\Program Files\Common Files\AV 2017-01-22 14:57 - 2016-07-07 22:50 - 00000000 ____D C:\searchplugins 2017-01-22 14:57 - 2016-04-15 20:36 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Lavasoft 2017-01-22 14:57 - 2016-04-15 20:35 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2017-01-22 14:57 - 2016-04-15 20:34 - 00000000 ____D C:\ProgramData\Lavasoft 2017-01-22 14:57 - 2014-10-12 19:59 - 00001250 _____ C:\Users\Jacek\Desktop\stanisław - Chrome.lnk 2017-01-22 14:57 - 2014-10-11 10:41 - 00001308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-22 14:57 - 2014-10-11 02:00 - 00001154 _____ C:\Users\Jacek\Desktop\Internet Explorer.lnk 2017-01-22 14:55 - 2014-10-11 10:40 - 00000000 ____D C:\Users\Jacek\AppData\Local\Google 2017-01-22 14:22 - 2014-10-11 01:59 - 00000000 ____D C:\Users\Jacek 2017-01-21 09:20 - 2016-12-11 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2017-01-21 09:20 - 2016-04-15 20:35 - 00000000 ____D C:\ProgramData\ManyCam 2017-01-21 09:20 - 2015-12-07 09:59 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2017-01-21 09:20 - 2014-10-10 21:33 - 00000000 ____D C:\Program Files (x86)\ManyCam 2017-01-21 09:20 - 2014-10-10 21:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-21 09:20 - 2014-10-10 21:31 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-21 09:20 - 2014-10-10 21:28 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Skype 2017-01-21 09:20 - 2014-10-10 21:25 - 00000000 ____D C:\ProgramData\Norton 2017-01-21 09:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2017-01-20 14:05 - 2016-11-16 20:56 - 00000000 ____D C:\Users\Jacek\AppData\LocalLow\Mozilla 2017-01-20 12:02 - 2016-05-31 13:40 - 00000000 ____D C:\Users\Jacek\Desktop\Jacek foto i.t.p 2017-01-20 11:58 - 2016-08-15 12:33 - 00000000 ____D C:\Users\Jacek\Desktop\Nowy folder 2017-01-20 11:28 - 2016-12-14 22:17 - 00000000 ____D C:\Users\Jacek\Desktop\----- 2017-01-18 21:08 - 2014-10-10 21:33 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\ManyCam 2017-01-16 17:56 - 2015-06-14 13:53 - 00000000 ____D C:\Users\Jacek\Desktop\Ręka=Super 2017-01-13 17:21 - 2016-07-28 06:36 - 00000000 ____D C:\Users\Jacek\Desktop\Goole i.t.p. inne 2017-01-13 15:33 - 2016-12-15 07:11 - 00000737 _____ C:\Users\Jacek\Desktop\Nowy dokument tekstowy.txt 2017-01-11 08:39 - 2014-10-10 21:31 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-11 08:13 - 2009-07-14 05:45 - 00023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-11 08:13 - 2009-07-14 05:45 - 00023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-11 08:07 - 2014-10-10 22:18 - 00000000 ____D C:\Program Files (x86)\Opera 2017-01-11 08:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-10 22:16 - 2014-10-11 18:10 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2320623359-3011444700-1779620929-1000UA.job 2017-01-10 19:16 - 2014-10-11 18:10 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2320623359-3011444700-1779620929-1000Core.job 2017-01-10 17:28 - 2014-10-10 21:51 - 00000000 ____D C:\Users\Jacek\AppData\Local\Windows Live 2017-01-08 12:25 - 2016-03-22 20:17 - 00000000 ____D C:\Users\Jacek\Desktop\Smaczego 2017-01-08 09:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2017-01-07 22:20 - 2015-07-27 17:31 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-01-03 19:27 - 2016-09-09 11:02 - 00000000 ____D C:\Users\Jacek\Desktop\Tapety komuter 2016-12-30 16:23 - 2014-10-11 01:59 - 00000000 ___RD C:\Users\Jacek\Links 2016-12-29 10:26 - 2014-10-11 01:59 - 00000000 ___SD C:\Users\Jacek\AppData\Roaming\Microsoft 2016-12-29 10:17 - 2014-10-11 01:59 - 00000000 ___RD C:\Users\Jacek\Pictures 2016-12-29 10:02 - 2016-12-13 12:00 - 00000000 ____D C:\Users\Jacek\Desktop\histora wedkarski 2016-12-28 20:28 - 2014-10-11 01:59 - 00000000 ____D C:\Users\Jacek\AppData\Local\Microsoft 2016-12-28 13:30 - 2014-10-10 21:36 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Adobe 2016-12-28 13:30 - 2014-10-10 21:31 - 00000000 ____D C:\Users\Jacek\AppData\Local\Adobe ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-10-10 22:24 - 2016-12-06 08:38 - 0000308 _____ () C:\Users\Jacek\AppData\Roaming\burnaware.ini ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-01-06 10:25 ==================== Koniec FRST.txt ============================