Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 09-01-2019 01 Uruchomiony przez Witek (administrator) WITEK-KOMPUTER (10-01-2019 09:53:18) Uruchomiony z C:\Users\Witek\Desktop Załadowane profile: Witek (Dostępne profile: Witek) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Users\Witek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (MetaQuotes Software Corp.) C:\Program Files\Armada Markets MT4\terminal.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-12-09] (AVAST Software) HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-45829594-2792181951-1326844454-1000\...\MountPoints2: {9984ee93-1852-11e7-9fb5-001e3760f7ac} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-45829594-2792181951-1326844454-1000\...\MountPoints2: {9984ee9b-1852-11e7-9fb5-001e3760f7ac} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-45829594-2792181951-1326844454-1000\...\MountPoints2: {b7e1c3d8-bedf-11e7-8603-001e3760f7ac} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-45829594-2792181951-1326844454-1000\...\MountPoints2: {e0bb9fe6-1125-11e7-b53b-001e3760f7ac} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-45829594-2792181951-1326844454-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> C:\Windows\System32\iedkcs32.dll [2010-11-20] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-09-06] () Startup: C:\Users\Witek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe [2009-12-31] () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{34B0B830-E596-4576-B9F0-4A5C800B6039}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Filter: AutorunsDisabled\text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [2010-02-28] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: y35vxcon.default-1491569921313-1518545931560 FF ProfilePath: C:\Users\Witek\AppData\Roaming\TomTom\HOME\Profiles\7s9pw55k.default [2015-07-04] FF Extension: (Brak nazwy) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [nie znaleziono] FF ProfilePath: C:\Users\Witek\AppData\Roaming\Mozilla\Firefox\Profiles\hr7qsz7r.default-1418451700533 [2019-01-03] FF Homepage: Mozilla\Firefox\Profiles\hr7qsz7r.default-1418451700533 -> hxxps://start.mozilla.org/pl FF Extension: (Avast Online Security) - C:\Users\Witek\AppData\Roaming\Mozilla\Firefox\Profiles\hr7qsz7r.default-1418451700533\Extensions\wrc@avast.com.xpi [2018-06-20] FF ProfilePath: C:\Users\Witek\AppData\Roaming\Mozilla\Firefox\Profiles\y35vxcon.default-1491569921313-1518545931560 [2019-01-10] FF Extension: (uBlock Origin) - C:\Users\Witek\AppData\Roaming\Mozilla\Firefox\Profiles\y35vxcon.default-1491569921313-1518545931560\Extensions\uBlock0@raymondhill.net.xpi [2018-12-01] FF Extension: (Avast Online Security) - C:\Users\Witek\AppData\Roaming\Mozilla\Firefox\Profiles\y35vxcon.default-1491569921313-1518545931560\Extensions\wrc@avast.com.xpi [2019-01-04] FF HKU\S-1-5-21-45829594-2792181951-1326844454-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Witek\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Witek\AppData\Roaming\IDM\idmmzcc5 [2015-07-03] [Przestarzałe] [Brak podpisu cyfrowego] FF HKU\S-1-5-21-45829594-2792181951-1326844454-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Witek\AppData\Roaming\IDM\idmmzcc5 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-17] (Google Inc.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) Chrome: ======= CHR Profile: C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default [2019-01-08] CHR Extension: (Prezentacje) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-13] CHR Extension: (Dokumenty) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-13] CHR Extension: (Dysk Google) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-31] CHR Extension: (Beauty) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbbelgoeoihcmnkgkeanmogncgkfichm [2018-10-18] CHR Extension: (YouTube) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-31] CHR Extension: (Adblock Plus) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-10] CHR Extension: (Dokumenty Google offline) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-30] CHR Extension: (Mate Translate – translator, dictionary) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2019-01-08] CHR Extension: (Smooth Scrollerator) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmicgfcegednlkdhgbhgickcgndjeeig [2018-12-10] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06] CHR Extension: (Gmail) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-31] CHR Extension: (Chrome Media Router) - C:\Users\Witek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-21] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 2018-12-09] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-12-09] (AVAST Software) S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [Brak podpisu cyfrowego] S4 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-04-25] (Garmin Ltd. or its subsidiaries) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-11-14] (NVIDIA Corporation) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-11-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-11-14] (NVIDIA Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [266992 2015-08-27] (Realtek Semiconductor) S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.) S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-08] (TeamViewer GmbH) R2 Themes; C:\Windows\system32\themeservice.dll [37376 2018-04-08] (Microsoft Corporation) [Brak podpisu cyfrowego] S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] S4 TomTomHOMEService; Brak ImagePath ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167480 2018-12-09] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188976 2018-12-09] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165384 2018-12-09] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284256 2018-12-09] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57904 2018-12-09] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183176 2018-12-09] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42736 2018-12-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2018-12-09] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135200 2018-12-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100984 2018-12-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2018-12-09] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784560 2018-12-09] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [397992 2018-12-09] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [156936 2018-12-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310200 2018-12-09] (AVAST Software) S4 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [Brak podpisu cyfrowego] S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [199680 2017-07-26] (Huawei Technologies Co., Ltd.) R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO32.SYS [48272 2018-12-11] (REALiX(tm)) R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-11-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-11-14] (NVIDIA Corporation) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation) R1 vmtdi; C:\Windows\system32\drivers\vmtdi.sys [40488 2016-10-15] (Promosoft Software Limited) S4 cpuz139; Brak ImagePath U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2017-07-26] (Huawei Technologies Co., Ltd.) S4 NEWDRIVER; Brak ImagePath U5 usbser; C:\Windows\System32\Drivers\usbser.sys [28160 2017-07-26] (Microsoft Corporation) [Brak podpisu cyfrowego] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) S4 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X] S4 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-01-10 09:52 - 2019-01-10 09:52 - 000000000 ____D C:\Users\Witek\Desktop\FRST-OlderVersion 2019-01-08 18:28 - 2019-01-08 18:28 - 002105760 _____ (Trend Micro Inc.) C:\Users\Witek\Downloads\HousecallLauncher(1).exe 2019-01-08 18:13 - 2019-01-08 18:13 - 002105760 _____ (Trend Micro Inc.) C:\Users\Witek\Downloads\HousecallLauncher.exe 2019-01-08 18:13 - 2019-01-08 18:13 - 000000036 _____ C:\Users\Witek\AppData\Local\housecall.guid.cache 2019-01-08 18:13 - 2017-10-17 17:40 - 000326288 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2019-01-08 17:05 - 2019-01-08 17:05 - 007320272 _____ (Malwarebytes) C:\Users\Witek\Downloads\AdwCleaner.exe 2019-01-08 17:02 - 2019-01-10 09:54 - 000016693 _____ C:\Users\Witek\Desktop\FRST.txt 2019-01-08 17:02 - 2019-01-08 17:02 - 000036043 _____ C:\Users\Witek\Desktop\Addition.txt 2019-01-08 16:59 - 2019-01-08 17:00 - 000036040 _____ C:\Users\Witek\Downloads\Addition.txt 2019-01-08 16:57 - 2019-01-08 17:00 - 000028305 _____ C:\Users\Witek\Downloads\FRST.txt 2019-01-08 16:52 - 2019-01-08 16:52 - 000000000 ____D C:\Users\Witek\Downloads\FRST-OlderVersion 2019-01-08 16:51 - 2019-01-10 09:52 - 001785344 _____ (Farbar) C:\Users\Witek\Desktop\FRST.exe 2019-01-08 16:47 - 2019-01-08 16:47 - 000002078 _____ C:\Users\Witek\Desktop\kkkk.txt 2019-01-08 16:26 - 2019-01-08 16:27 - 081227760 _____ (Malwarebytes ) C:\Users\Witek\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe 2018-12-11 12:31 - 2018-12-11 12:31 - 000000000 ____D C:\Users\Witek\AppData\Local\Macromedia 2018-12-11 00:28 - 2018-12-11 00:28 - 000048272 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS 2018-12-11 00:28 - 2018-12-11 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32 2018-12-11 00:28 - 2018-12-11 00:28 - 000000000 ____D C:\Program Files\HWiNFO32 ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-01-10 09:53 - 2016-01-05 20:43 - 000000000 ____D C:\FRST 2019-01-10 09:28 - 2014-12-07 23:50 - 000000000 ___RD C:\Users\Witek\Documents\wydatki 2019-01-10 08:16 - 2009-07-14 05:34 - 000017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-01-10 08:16 - 2009-07-14 05:34 - 000017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-01-10 08:13 - 2014-09-01 21:34 - 001676910 _____ C:\Windows\system32\PerfStringBackup.INI 2019-01-10 08:13 - 2009-07-14 09:07 - 000743280 _____ C:\Windows\system32\perfh015.dat 2019-01-10 08:13 - 2009-07-14 09:07 - 000156730 _____ C:\Windows\system32\perfc015.dat 2019-01-10 08:13 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf 2019-01-10 08:07 - 2016-11-20 10:15 - 000000000 ____D C:\Users\Witek\AppData\LocalLow\Mozilla 2019-01-10 08:05 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-01-09 08:28 - 2018-12-10 18:21 - 000000000 ____D C:\Windows\system32\Macromed 2019-01-09 08:28 - 2016-01-02 15:44 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2019-01-09 08:28 - 2016-01-02 15:44 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2019-01-08 20:29 - 2016-09-07 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2019-01-08 17:06 - 2017-07-16 12:21 - 000000000 ____D C:\AdwCleaner 2019-01-06 13:40 - 2014-10-19 10:58 - 000000082 _____ C:\Users\Public\Documents\SP701A.dat 2019-01-04 10:02 - 2014-09-01 21:49 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service 2019-01-03 16:20 - 2014-09-02 00:30 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2018-12-28 10:50 - 2014-09-02 00:30 - 000000000 ____D C:\Users\Witek\AppData\Roaming\Thunderbird 2018-12-24 09:46 - 2014-09-02 17:50 - 000000000 ____D C:\Program Files\Armada Markets MT4 2018-12-14 21:05 - 2018-06-26 16:54 - 000000000 ____D C:\Users\Witek\AppData\Roaming\vlc 2018-12-12 08:35 - 2014-09-01 21:49 - 000000000 ____D C:\Program Files\Mozilla Firefox ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-08-31 15:42 - 2017-08-31 15:42 - 007649280 _____ () C:\Program Files\GUT4D65.tmp 2014-09-02 19:41 - 2014-09-02 19:41 - 000000000 _____ () C:\Users\Witek\AppData\Local\AtStart.txt 2014-09-02 19:41 - 2014-09-02 19:41 - 000000000 _____ () C:\Users\Witek\AppData\Local\DSwitch.txt 2019-01-08 18:13 - 2019-01-08 18:13 - 000000036 _____ () C:\Users\Witek\AppData\Local\housecall.guid.cache 2014-09-02 19:41 - 2014-09-02 19:41 - 000000000 _____ () C:\Users\Witek\AppData\Local\QSwitch.txt 2017-07-15 09:26 - 2017-07-15 09:29 - 000007604 _____ () C:\Users\Witek\AppData\Local\resmon.resmoncfg 2016-10-01 20:45 - 2016-10-14 07:58 - 000000700 ___SH () C:\Users\Witek\AppData\Local\systemFL7.dat Niektóre pliki w TEMP: ==================== 2019-01-08 20:29 - 2019-01-08 20:29 - 007127416 _____ (VS Revo Group ) C:\Users\Witek\AppData\Local\Temp\VSUSetup.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-12-25 15:20 ==================== Koniec FRST.txt ============================