Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 15-03-2017 Uruchomiony przez Ania (administrator) KACZKA (25-03-2017 08:59:11) Uruchomiony z C:\Users\Ania\Pobrane Załadowane profile: Ania (Dostępne profile: Ania & ja & Administrator) Platform: Windows 10 Home Wersja 1511 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Safe Mode (with Networking) Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738344 2015-10-10] (ELAN Microelectronics Corp.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803392 2015-09-30] (NVIDIA Corporation) HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-02-27] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [snp2uvc] => C:\WINDOWS\vsnp2uvc.exe [569344 2007-03-13] (Sonix) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-02-27] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [254776 2017-03-18] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-2316038708-2798781395-1888791907-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.) HKU\S-1-5-21-2316038708-2798781395-1888791907-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] () ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-02] () ShellIconOverlayIdentifiers: [OverlayIconExtension1] -> {fe25455d-b4c2-4e32-97d2-92632ec1c224} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [OverlayIconExtension2] -> {1fae2d88-a78e-4f03-909f-be818a3c1ce6} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] () ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 217.113.224.135 217.113.224.134 Tcpip\..\Interfaces\{8279145e-8874-485c-8a59-958477a3522a}: [DhcpNameServer] 217.113.224.135 217.113.224.134 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16] (BitComet) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation) BHO-x32: Brak nazwy -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> Brak pliku BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Brak pliku Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Brak pliku FireFox: ======== FF ProfilePath: C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\bmib8pjv.default-1490028349166 [2017-03-25] FF Homepage: Mozilla\Firefox\Profiles\bmib8pjv.default-1490028349166 -> google.pl FF Extension: (HttpFox) - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\bmib8pjv.default-1490028349166\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2017-03-20] FF Extension: (Adblock Plus) - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\bmib8pjv.default-1490028349166\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-22] FF Extension: (Blokowanie banerów) - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2016-11-19] [Brak podpisu cyfrowego] FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2016-11-19] [Brak podpisu cyfrowego] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-19] [Brak podpisu cyfrowego] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-11-19] [Brak podpisu cyfrowego] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-11-19] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Brak pliku] FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Brak pliku] FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Brak pliku] FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Brak pliku] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2316038708-2798781395-1888791907-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ania\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [Brak pliku] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2009-07-17] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npfflivevdoplg.dll [2012-10-29] (LiveVDO.tv) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.) ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [Brak podpisu cyfrowego] S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [Brak podpisu cyfrowego] S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [263720 2017-03-18] (AVG Technologies CZ, s.r.o.) S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7197976 2017-03-18] (AVG Technologies CZ, s.r.o.) S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1257384 2017-02-27] (AVG Technologies CZ, s.r.o.) S2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-10] (ELAN Microelectronics Corp.) S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego] S2 OberonGameConsoleService; C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [44312 2009-09-15] () S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego] S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) S3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4325544 2015-10-11] (Qualcomm Atheros Communications, Inc.) S1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166136 2017-03-18] (AVG Technologies CZ, s.r.o.) S1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [311592 2017-03-18] (AVG Technologies CZ, s.r.o.) S0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192096 2017-03-18] (AVG Technologies CZ, s.r.o.) S0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336920 2017-03-18] (AVG Technologies CZ, s.r.o.) S0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [50848 2017-03-18] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39288 2017-03-18] (AVG Technologies CZ, s.r.o.) S2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [127584 2017-03-18] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [101624 2017-03-18] (AVG Technologies CZ, s.r.o.) S0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76688 2017-03-18] (AVG Technologies CZ, s.r.o.) S1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [994592 2017-03-18] (AVG Technologies CZ, s.r.o.) S1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [549912 2017-03-21] (AVG Technologies CZ, s.r.o.) S2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [163512 2017-03-18] (AVG Technologies CZ, s.r.o.) S0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [338576 2017-03-18] (AVG Technologies CZ, s.r.o.) S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-03-23] () S2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] () R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-25] (Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-25] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-25] (Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-25] (Malwarebytes) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) S3 SNP2UVC; C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U3 idsvc; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-03-25 08:40 - 2017-03-25 08:40 - 00003222 _____ C:\WINDOWS\System32\Tasks\P4GIntlCtrl 2017-03-25 08:14 - 2017-03-25 08:59 - 00000000 ___DC C:\FRST 2017-03-23 19:30 - 2017-03-23 19:30 - 00000977 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk 2017-03-23 19:30 - 2017-03-23 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2017-03-23 19:30 - 2017-03-23 19:30 - 00000000 ____D C:\Program Files\CPUID 2017-03-23 18:04 - 2017-03-25 08:53 - 00248598 _____ C:\WINDOWS\ntbtlog.txt 2017-03-21 19:02 - 2017-03-25 08:53 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-03-21 18:56 - 2017-03-25 08:53 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-03-21 18:56 - 2017-03-25 08:39 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-03-21 18:53 - 2017-03-25 08:53 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-03-21 18:50 - 2017-03-25 08:52 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-03-21 18:45 - 2017-03-21 18:45 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-03-21 18:44 - 2017-03-23 20:11 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-03-21 18:44 - 2017-03-21 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-21 18:43 - 2017-03-21 18:43 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-20 17:46 - 2017-03-20 17:46 - 00000000 ____D C:\Users\Ania\Desktop\Stare dane programu Firefox 2017-03-18 18:05 - 2017-03-21 18:10 - 00549912 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsp.sys 2017-03-18 18:05 - 2017-03-18 18:15 - 00004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update 2017-03-18 18:05 - 2017-03-18 18:06 - 00338576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgvmm.sys 2017-03-18 18:05 - 2017-03-18 18:04 - 00994592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2017-03-18 18:05 - 2017-03-18 18:04 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys 2017-03-18 18:05 - 2017-03-18 18:04 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys 2017-03-18 18:05 - 2017-03-18 18:04 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys 2017-03-18 18:05 - 2017-03-18 18:04 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys 2017-03-18 18:05 - 2017-03-18 18:04 - 00163512 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys 2017-03-18 18:05 - 2017-03-18 18:04 - 00127584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2017-03-18 18:05 - 2017-03-18 18:04 - 00101624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys 2017-03-18 18:05 - 2017-03-18 18:04 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2017-03-18 18:05 - 2017-03-18 18:04 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys 2017-03-18 18:05 - 2017-03-18 18:04 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys 2017-03-18 18:04 - 2017-03-18 18:04 - 00399392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2017-03-18 17:56 - 2017-03-18 18:12 - 00000000 ____D C:\Users\Ania\AppData\Local\AvgSetupLog ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-03-25 08:58 - 2016-11-20 11:48 - 00000000 ____D C:\Users\Ania\AppData\LocalLow\Mozilla 2017-03-25 08:53 - 2015-12-02 16:27 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-03-25 08:52 - 2014-05-11 18:35 - 00000432 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2017-03-25 08:51 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2017-03-25 08:47 - 2015-12-05 21:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-25 08:40 - 2017-01-03 06:31 - 00003158 _____ C:\WINDOWS\System32\Tasks\P4G Sidebar 2017-03-25 08:40 - 2009-12-14 19:30 - 00000000 ____D C:\Users\Ania\AppData\Roaming\Skype 2017-03-25 08:15 - 2009-12-08 12:05 - 00000000 ___RD C:\Users\Ania\Pobrane 2017-03-25 07:41 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-03-24 19:11 - 2012-11-23 19:06 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316038708-2798781395-1888791907-1000UA.job 2017-03-24 19:11 - 2012-11-23 19:06 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316038708-2798781395-1888791907-1000Core.job 2017-03-24 17:25 - 2016-09-28 18:36 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task 2017-03-23 20:22 - 2015-12-05 20:57 - 00000000 ____D C:\Users\Ania 2017-03-23 19:50 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-23 18:55 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-23 18:19 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2017-03-23 18:08 - 2015-12-07 14:07 - 00000000 ____D C:\Users\Ania\AppData\Local\ElevatedDiagnostics 2017-03-22 07:03 - 2013-07-12 14:45 - 00000000 ____D C:\Program Files\Enigma Software Group 2017-03-22 07:03 - 2013-04-14 16:46 - 00000000 ____D C:\ProgramData\Ashampoo 2017-03-22 07:03 - 2012-11-04 09:14 - 00000000 ____D C:\Users\Ania\AppData\Roaming\Carambis 2017-03-22 06:09 - 2015-12-30 16:15 - 00000000 ____D C:\Users\DefaultAppPool 2017-03-22 06:09 - 2015-12-05 20:57 - 00000000 ____D C:\Users\ja 2017-03-22 06:09 - 2015-12-05 20:57 - 00000000 ____D C:\Users\Administrator 2017-03-22 06:03 - 2009-11-03 18:21 - 00002644 _____ C:\WINDOWS\system32\AutoRunFilter.ini 2017-03-22 06:03 - 2009-11-03 18:21 - 00002427 _____ C:\WINDOWS\system32\ServiceFilter.ini 2017-03-22 06:02 - 2015-12-05 20:47 - 00386016 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-03-22 06:01 - 2016-11-19 14:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-03-22 06:01 - 2015-06-03 18:31 - 00000000 ____D C:\Users\Ania\AppData\Local\Avg 2017-03-22 06:01 - 2012-09-09 11:22 - 00000000 ____D C:\ProgramData\MFAData 2017-03-22 06:01 - 2012-05-07 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-21 18:43 - 2013-11-13 19:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-18 19:19 - 2013-01-12 09:29 - 00000000 ____D C:\ProgramData\AVG 2017-03-18 18:20 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2017-03-18 18:10 - 2013-01-12 09:31 - 00000000 ____D C:\Users\Ania\AppData\Roaming\AVG 2017-03-18 18:02 - 2012-09-09 11:29 - 00000000 ____D C:\Program Files (x86)\AVG 2017-03-18 18:00 - 2015-12-14 17:03 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk 2017-03-17 19:50 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2017-03-14 16:04 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-03-14 16:04 - 2015-03-07 19:24 - 00004474 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-03-14 16:03 - 2017-02-14 19:00 - 06847064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2017-03-14 16:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-26 21:23 - 2010-02-11 21:03 - 00045056 _____ C:\WINDOWS\system32\acovcnt.exe ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-07-13 14:26 - 2013-07-13 14:26 - 1231328 _____ (CPUID) C:\Users\Ania\AppData\Roaming\siw_sdk.dll 2013-06-27 12:44 - 2013-06-27 12:49 - 0023040 ___SH () C:\Users\Ania\AppData\Roaming\Thumbs.db 2009-12-08 19:27 - 2009-12-08 19:27 - 12608420 _____ () C:\Users\Ania\AppData\Roaming\UserTile.png 2013-07-12 12:27 - 2013-07-12 12:27 - 0000005 _____ () C:\Users\Ania\AppData\Roaming\WBPU-TTL.DAT 2014-11-22 20:00 - 2015-08-13 17:40 - 0006656 _____ () C:\Users\Ania\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-26 18:34 - 2015-06-21 16:15 - 0007597 _____ () C:\Users\Ania\AppData\Local\Resmon.ResmonCfg 2015-05-04 18:03 - 2015-05-04 18:03 - 0000057 _____ () C:\ProgramData\Ament.ini 2009-12-14 19:34 - 2009-12-14 19:34 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2009-11-03 18:02 - 2009-09-10 18:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2011-04-13 19:22 - 2015-12-02 18:04 - 0005227 _____ () C:\ProgramData\hpzinstall.log 2011-06-07 17:13 - 2012-02-05 18:38 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt 2012-11-04 09:15 - 2012-11-04 09:15 - 0004140 _____ () C:\ProgramData\mtbjfghn.xbe 2015-08-30 18:56 - 2015-08-30 18:56 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2009-11-03 17:51 - 2009-11-03 17:52 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2009-11-03 17:50 - 2009-11-03 17:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-03-15 18:05 ==================== Koniec FRST.txt ============================