Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 02-02-2020 02 Uruchomiony przez SKP (administrator) BIURO (MSI MS-7788) (06-02-2020 14:57:09) Uruchomiony z C:\Users\SKP\Desktop Załadowane profile: SKP (Dostępne profile: SKP & Gość) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Hewlett-Packard) [Brak podpisu cyfrowego] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Paweł Witas -> ) C:\DIAGOGOL\PATRONAT.exe (Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2005-03-18] (Hewlett-Packard) [Brak podpisu cyfrowego] HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6318696 2011-12-05] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-954639384-3558611586-2921392561-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) HKU\S-1-5-21-954639384-3558611586-2921392561-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {0F1BB7E4-9968-485E-B3CF-EF15470843B2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1542536 2019-09-18] (AVAST Software s.r.o. -> AVAST Software) Task: {27D4F146-0B98-4FD1-9DED-3C99522BF34D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {3D6F3B6A-6837-4C13-9E36-136C6292A79F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3250056 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) Task: {4B666F39-2282-47D6-A9D7-95ACF5A08C5F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {83D35934-692A-489D-96B2-D229E5DEF4E1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime Task: {83D35934-692A-489D-96B2-D229E5DEF4E1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [286720 [2016-07-14]] (Microsoft Windows -> Microsoft Corporation) Task: {98BCDA3F-A911-4EA5-A325-261DC78420A2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_321_Plugin.exe [1458232 2020-01-22] (Adobe Inc. -> Adobe) Task: {A05E2028-B113-45EB-8D3C-10E7D2CD68FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-22] (Adobe Inc. -> Adobe) Task: {D001B60F-FC85-4DF3-835F-A7F2C4A09C28} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig Task: {D001B60F-FC85-4DF3-835F-A7F2C4A09C28} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [286720 [2016-07-14]] (Microsoft Windows -> Microsoft Corporation) Task: {DB83D2F9-D3D5-49B0-9AB8-8DFC901BE38D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig Task: {DB83D2F9-D3D5-49B0-9AB8-8DFC901BE38D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent Task: {DB83D2F9-D3D5-49B0-9AB8-8DFC901BE38D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [286720 [2016-07-14]] (Microsoft Windows -> Microsoft Corporation) Task: {DC82C305-C8AB-4DD4-AEE5-3D556B6C7DC7} - System32\Tasks\AdwCleaner_onReboot => C:\Users\SKP\Pictures\adwcleaner_8.0.2.exe [8356016 2020-02-06] (Malwarebytes Inc -> Malwarebytes) Task: {DFA18CF1-5215-4458-A6F3-A4855A6ECE32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) Task: {DFA9278F-041E-4068-98F4-AA587A4D6B7A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd) Task: {EDA79012-FA86-4016-9EEE-A4DFFFE16D40} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent Task: {EDA79012-FA86-4016-9EEE-A4DFFFE16D40} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [286720 [2016-07-14]] (Microsoft Windows -> Microsoft Corporation) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{6BD113C9-3E43-458E-B0B1-FBFEBC29FF8C}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{BE8FA10B-C002-48CD-9F53-82429B5F07BB}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-004-752 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-954639384-3558611586-2921392561-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms} HKU\S-1-5-21-954639384-3558611586-2921392561-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms} SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms} SearchScopes: HKU\S-1-5-21-954639384-3558611586-2921392561-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms} SearchScopes: HKU\S-1-5-21-954639384-3558611586-2921392561-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-954639384-3558611586-2921392561-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-954639384-3558611586-2921392561-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = SearchScopes: HKU\S-1-5-21-954639384-3558611586-2921392561-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-08-19] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-19] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKU\S-1-5-21-954639384-3558611586-2921392561-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF DefaultProfile: 3xxasp03.default FF ProfilePath: C:\Users\SKP\AppData\Roaming\Mozilla\Firefox\Profiles\3xxasp03.default [2020-02-06] FF Homepage: Mozilla\Firefox\Profiles\3xxasp03.default -> hxxp://tvpstream.vod.tvp.pl/ FF Extension: (Avast SafePrice | Porównania, promocje, kupony) - C:\Users\SKP\AppData\Roaming\Mozilla\Firefox\Profiles\3xxasp03.default\Extensions\sp@avast.com.xpi [2020-01-23] FF Extension: (Avast Online Security) - C:\Users\SKP\AppData\Roaming\Mozilla\Firefox\Profiles\3xxasp03.default\Extensions\wrc@avast.com.xpi [2020-02-03] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_321.dll [2020-01-22] (Adobe Inc. -> ) FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [Brak podpisu cyfrowego] FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation -> Cuminas Corporation) FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-19] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-19] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\SKP\AppData\Local\Google\Chrome\User Data\Default [2020-02-05] CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Extension: (Dokumenty Google) - C:\Users\SKP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10] CHR Extension: (Dysk Google) - C:\Users\SKP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10] CHR Extension: (YouTube) - C:\Users\SKP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10] CHR Extension: (Google Search) - C:\Users\SKP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10] CHR Extension: (Dokumenty Google offline) - C:\Users\SKP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-10] CHR Extension: (Avast Online Security) - C:\Users\SKP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-10] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\SKP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-10] CHR Extension: (Gmail) - C:\Users\SKP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5106064 2019-12-19] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [859096 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation - pGFX -> Intel Corporation) R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc. -> Cisco Systems, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5570712 2019-11-30] (Malwarebytes Inc -> Malwarebytes) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [12758528 2019-12-16] (TeamViewer GmbH -> TeamViewer Germany GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation) U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 androidusb; C:\Windows\System32\Drivers\ssadadb.sys [30312 2011-05-13] (MCCI Internal Testing Software -> Google Inc) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35512 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [174712 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [224008 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [169408 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [59368 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [211088 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41200 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [145048 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [95168 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73312 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [691528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394856 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [176760 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [277408 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) S3 cdcacmpo; C:\Windows\System32\DRIVERS\cdcacmpo.sys [88168 2016-07-12] (DATALOGIC ADC, INC. -> ) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [Brak podpisu cyfrowego] S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [112688 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks -> Deterministic Networks, Inc.) S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [24197 2003-01-24] (FTDI Ltd.) [Brak podpisu cyfrowego] R3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [99968 2014-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [178952 2020-02-06] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [213912 2020-02-06] (Malwarebytes Inc -> Malwarebytes) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [148536 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 MSICDSetup; \??\D:\CDriver.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib.sys [X] U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) =================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-02-06 14:57 - 2020-02-06 14:57 - 000019420 _____ C:\Users\SKP\Desktop\FRST.txt 2020-02-06 14:52 - 2020-02-06 14:57 - 000000000 ____D C:\FRST 2020-02-06 14:51 - 2020-02-06 14:52 - 002008064 _____ (Farbar) C:\Users\SKP\Desktop\FRST.exe 2020-02-06 14:46 - 2020-02-06 14:46 - 000178952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-02-06 14:45 - 2020-02-06 14:45 - 000213912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-02-06 14:43 - 2020-02-06 14:43 - 000003096 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot 2020-01-30 20:47 - 2020-01-30 20:47 - 000000000 ____D C:\S7A7AFE 2020-01-23 06:40 - 2020-01-30 06:52 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-01-15 20:59 - 2020-01-30 07:34 - 000000000 ____D C:\S7A7AFE43860 2020-01-13 13:28 - 2020-01-13 13:28 - 000001205 _____ C:\Users\SKP\Desktop\OŚWIADCZENIE.pdf — skrót.lnk 2020-01-09 14:10 - 2020-01-09 14:10 - 000066184 _____ C:\Users\SKP\Downloads\Wydruk.pdf 2020-01-07 14:03 - 2020-01-07 14:03 - 000046950 _____ C:\Users\SKP\Downloads\Druk ZAW-NR_01-14.pdf 2020-01-07 07:08 - 2020-01-07 07:08 - 000001996 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2020-01-07 07:08 - 2020-01-07 07:08 - 000001996 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk 2020-01-07 07:06 - 2019-10-03 05:38 - 000305032 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-02-06 14:53 - 2009-07-14 05:34 - 000028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-02-06 14:53 - 2009-07-14 05:34 - 000028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-02-06 14:51 - 2011-04-12 06:08 - 000740196 _____ C:\Windows\system32\perfh015.dat 2020-02-06 14:51 - 2011-04-12 06:08 - 000155770 _____ C:\Windows\system32\perfc015.dat 2020-02-06 14:51 - 2010-11-20 22:01 - 001669606 _____ C:\Windows\system32\PerfStringBackup.INI 2020-02-06 14:51 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf 2020-02-06 14:48 - 2013-10-02 13:57 - 000003964 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{CCC66F18-054D-4FBE-AEE8-56229C49CEA1} 2020-02-06 14:47 - 2017-11-13 07:20 - 000000000 ____D C:\Users\SKP\Documents\CEPIKpatronat 2020-02-06 14:47 - 2012-06-20 06:03 - 000000000 ____D C:\DIAGOGOL 2020-02-06 14:45 - 2019-12-27 18:21 - 000000000 ____D C:\Program Files\TeamViewer 2020-02-06 14:45 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-02-06 14:43 - 2017-01-23 07:57 - 000000000 ____D C:\AdwCleaner 2020-02-06 06:36 - 2016-11-17 12:20 - 000000000 ____D C:\Users\SKP\AppData\LocalLow\Mozilla 2020-02-05 14:41 - 2018-06-21 16:32 - 000000000 ____D C:\Users\SKP\AppData\Local\AVAST Software 2020-01-31 08:35 - 2019-01-11 08:15 - 000000000 ____D C:\Users\SKP\Desktop\WYKAZ STACJI 2020-01-30 06:56 - 2017-03-17 19:04 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update 2020-01-30 06:52 - 2012-06-21 10:41 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service 2020-01-29 20:47 - 2019-07-05 17:18 - 000129056 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys 2020-01-29 13:02 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF 2020-01-22 08:02 - 2018-08-28 15:32 - 000004424 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater 2020-01-22 08:02 - 2018-05-08 15:52 - 000004552 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-01-22 08:02 - 2012-06-21 09:46 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe 2020-01-22 08:02 - 2012-06-21 09:46 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl 2020-01-22 08:02 - 2012-06-21 09:45 - 000000000 ____D C:\Windows\system32\Macromed 2020-01-20 16:21 - 2015-05-07 05:59 - 000000000 ____D C:\Users\SKP\AppData\Roaming\TeamViewer 2020-01-15 17:01 - 2019-12-10 20:48 - 000000000 ____D C:\S7A7AFE43845 2020-01-13 17:37 - 2012-07-04 08:19 - 000000000 ____D C:\Users\SKP\AppData\Local\ElevatedDiagnostics 2020-01-13 13:27 - 2019-01-11 08:31 - 000000000 ___RD C:\Users\SKP\Desktop\DZIENIKI_USTAW 2020-01-10 13:49 - 2018-08-31 13:28 - 000000724 _____ C:\Users\SKP\Desktop\Charakterystyki techniczne, Zużycie paliwa samochodu.website 2020-01-08 14:06 - 2017-11-13 07:26 - 000000000 ____D C:\Users\SKP\AppData\Roaming\CEPIKuploader 2020-01-07 08:02 - 2019-12-27 18:22 - 000000000 ____D C:\Users\SKP\AppData\Local\TeamViewer 2020-01-07 07:08 - 2012-06-21 09:18 - 000000000 ____D C:\ProgramData\AVAST Software 2020-01-07 07:05 - 2012-06-19 12:22 - 000000000 ____D C:\Users\SKP 2020-01-07 07:03 - 2015-04-07 05:43 - 000000000 ___SD C:\Windows\system32\GWX 2020-01-07 07:03 - 2013-08-24 05:42 - 000000000 ____D C:\Users\Gość 2020-01-07 07:02 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\registration ==================== Pliki w katalogu głównym wybranych folderów ======== 2014-04-01 17:17 - 2014-04-01 19:15 - 000000425 _____ () C:\Users\SKP\AppData\Roaming\burnaware.ini 2012-10-02 11:23 - 2013-07-05 14:51 - 000014336 _____ () C:\Users\SKP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-09-14 06:56 - 2017-09-14 06:56 - 000038611 _____ () C:\Users\SKP\AppData\Local\Perfmon.PerfmonCfg 2017-04-14 16:28 - 2017-04-14 16:28 - 000000017 _____ () C:\Users\SKP\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2020-01-28 16:01 ==================== Koniec FRST.txt ========================