Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:28-11-2015 Uruchomiony przez Komp (administrator) KOMP-KOMPUTER (29-11-2015 12:46:47) Uruchomiony z C:\Users\Komp\Downloads Załadowane profile: Komp (Dostępne profile: Komp) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Program Files\Intel\Bluetooth\devmonsrv.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv32.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files\Intel\Bluetooth\obexsrv.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (Intel Corporation) C:\Program Files\Intel\Bluetooth\mediasrv.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Intel Corporation) C:\Program Files\Intel\Bluetooth\btplayerctrl.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Users\Komp\Downloads\adwcleaner_5.022.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11487848 2011-12-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-29] (Avast Software s.r.o.) HKU\S-1-5-21-536628420-718030827-1668445544-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom) HKU\S-1-5-21-536628420-718030827-1668445544-1000\...\MountPoints2: {63df05fb-3495-11e5-aa00-00c2c648fc7d} - G:\AutoRun.exe HKU\S-1-5-21-536628420-718030827-1668445544-1000\...\MountPoints2: {63df060a-3495-11e5-aa00-00c2c648fc7d} - G:\AutoRun.exe HKU\S-1-5-21-536628420-718030827-1668445544-1000\...\MountPoints2: {6bb48515-1e91-11e5-bd73-806e6f6e6963} - F:\start.exe HKU\S-1-5-21-536628420-718030827-1668445544-1000\...\MountPoints2: {df236d76-6553-11e5-a690-00c2c648fc7d} - G:\AutoRun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-29] (Avast Software s.r.o.) Startup: C:\Users\Komp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2015-11-07] ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 127.0.0.1 validation.sls.microsoft.com Tcpip\Parameters: [DhcpNameServer] 192.168.15.2 Tcpip\..\Interfaces\{55FE366E-1FEE-4B22-BF31-B60B26406C37}: [DhcpNameServer] 192.168.15.2 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1438540791&z=bde6cdc342601007c9448f1g6z2c8bfwbz3e6m2bct&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1438540791&z=bde6cdc342601007c9448f1g6z2c8bfwbz3e6m2bct&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1438540791&z=bde6cdc342601007c9448f1g6z2c8bfwbz3e6m2bct&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1438540791&z=bde6cdc342601007c9448f1g6z2c8bfwbz3e6m2bct&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994&q={searchTerms} HKU\S-1-5-21-536628420-718030827-1668445544-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1438540791&z=bde6cdc342601007c9448f1g6z2c8bfwbz3e6m2bct&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994 HKU\S-1-5-21-536628420-718030827-1668445544-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1438540791&z=bde6cdc342601007c9448f1g6z2c8bfwbz3e6m2bct&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1438540791&z=bde6cdc342601007c9448f1g6z2c8bfwbz3e6m2bct&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1438540791&z=bde6cdc342601007c9448f1g6z2c8bfwbz3e6m2bct&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994&q={searchTerms} SearchScopes: HKU\S-1-5-21-536628420-718030827-1668445544-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994&ts=1438540825&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-536628420-718030827-1668445544-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994&ts=1438540825&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-536628420-718030827-1668445544-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994&ts=1438540825&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-536628420-718030827-1668445544-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994&ts=1438540825&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-536628420-718030827-1668445544-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994&ts=1438540825&type=default&q={searchTerms} BHO: Brak nazwy -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> Brak pliku BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-29] (Avast Software s.r.o.) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1438540791&z=bde6cdc342601007c9448f1g6z2c8bfwbz3e6m2bct&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994 FireFox: ======== FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-29] [Brak podpisu cyfrowego] Chrome: ======= CHR HomePage: Default -> hxxp://www.oursurfing.com/?type=hp&ts=1438540791&z=bde6cdc342601007c9448f1g6z2c8bfwbz3e6m2bct&from=amt&uid=WDCXWD5000LPVX-16V0TT0_WD-WX21A245899458994 CHR StartupUrls: Default -> "hxxp://www.wp.pl/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-29] CHR Extension: (Dokumenty Google) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-29] CHR Extension: (Dysk Google) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Avast SafePrice) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-11-01] CHR Extension: (Arkusze Google) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-29] CHR Extension: (Dokumenty Google offline) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20] CHR Extension: (Avast Online Security) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02] CHR Extension: (Skype Click to Call) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-14] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22] CHR Extension: (Gmail) - C:\Users\Komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-29] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-29] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-29] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509448 2012-03-01] (Intel Corporation) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-29] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-06-29] (Avast Software) R2 Bluetooth Device Monitor; C:\Program Files\Intel\Bluetooth\devmonsrv.exe [1014096 2011-12-19] (Intel Corporation) R3 Bluetooth Media Service; C:\Program Files\Intel\Bluetooth\mediasrv.exe [1304912 2011-12-19] (Intel Corporation) R2 Bluetooth OBEX Service; C:\Program Files\Intel\Bluetooth\obexsrv.exe [1104208 2011-12-19] (Intel Corporation) R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104208 2012-03-08] (Intel(R) Corporation) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-06-28] (Intel Corporation) R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv32.exe [182272 2011-08-05] (DTS, Inc) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation) R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [241936 2012-04-17] () R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2326288 2012-04-17] (Intel® Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [141312 2012-03-01] (Windows (R) Win 7 DDK provider) S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [141312 2012-03-01] (Windows (R) Win 7 DDK provider) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-29] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-29] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-29] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-29] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-29] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-29] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-29] () R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [76800 2011-12-13] (Intel Corporation) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [558592 2011-12-13] (Intel Corporation) R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [17008 2009-06-24] (FUJITSU LIMITED) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [5888 2006-11-01] (FUJITSU LIMITED) S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-30] (Huawei Technologies Co., Ltd.) R3 ibtfltcoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47616 2011-12-14] (Intel Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation) R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10339840 2012-03-12] (Intel Corporation) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-29] (Avast Software) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-11-29 12:46 - 2015-11-29 12:46 - 00018636 _____ C:\Users\Komp\Downloads\FRST.txt 2015-11-29 12:43 - 2015-11-29 12:43 - 01733632 _____ C:\Users\Komp\Downloads\adwcleaner_5.022.exe 2015-11-29 12:43 - 2015-11-29 12:43 - 00000000 ____D C:\AdwCleaner 2015-11-29 12:32 - 2015-11-29 12:46 - 00000000 ____D C:\FRST 2015-11-29 12:31 - 2015-11-29 12:31 - 01720320 _____ (Farbar) C:\Users\Komp\Downloads\FRST.exe 2015-11-25 22:49 - 2015-11-25 22:49 - 00569792 _____ C:\Users\Komp\Desktop\Oferta słodyczy.pdf 2015-11-25 21:56 - 2015-11-25 21:56 - 00214579 _____ C:\Users\Komp\Desktop\Cukierki czekoladowe.pdf 2015-11-25 21:47 - 2015-11-25 21:55 - 00000000 ____D C:\Program Files\MSECache 2015-11-25 21:26 - 2015-11-25 22:32 - 00000000 ____D C:\Users\Komp\Desktop\Nowy folder (4) 2015-11-19 20:51 - 2015-11-20 12:19 - 00000000 ____D C:\Users\Komp\Desktop\115___11 2015-11-10 21:52 - 2015-11-10 21:53 - 00000000 ____D C:\Users\Komp\Desktop\Nowy folder (2) 2015-11-10 21:06 - 2015-11-10 21:08 - 00334229 _____ C:\Users\Komp\Desktop\Faktura FV_2_2015.PDF 2015-11-07 19:50 - 2015-11-07 19:50 - 00000000 ____D C:\Users\Komp\AppData\Roaming\OpenOffice.org 2015-11-07 19:48 - 2015-11-07 19:48 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk 2015-11-07 19:48 - 2015-11-07 19:48 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.2 2015-11-07 19:47 - 2015-11-07 19:48 - 00000000 ____D C:\Program Files\OpenOffice.org 3 2015-10-31 21:30 - 2015-10-31 21:30 - 00000000 ____D C:\Users\Komp\AppData\Roaming\WinRAR 2015-10-31 21:29 - 2015-10-31 21:29 - 00000000 ____D C:\Users\Komp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-10-31 21:29 - 2015-10-31 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-10-31 21:29 - 2015-10-31 21:29 - 00000000 ____D C:\Program Files\WinRAR 2015-10-30 15:19 - 2015-10-30 15:19 - 00001062 _____ C:\Users\Komp\Desktop\FajnaFaktura.lnk 2015-10-30 15:19 - 2015-10-30 15:19 - 00000000 ____D C:\Users\Komp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fajna Faktura Start 2015-10-30 15:19 - 2015-10-30 15:19 - 00000000 ____D C:\Program Files\Fajna Faktura Start ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-11-29 12:41 - 2015-06-29 20:46 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-29 12:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows 2015-11-29 12:00 - 2015-06-29 20:46 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-29 12:00 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-29 11:41 - 2009-07-14 05:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-29 11:41 - 2009-07-14 05:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-27 21:18 - 2011-02-04 15:24 - 00687828 _____ C:\Windows\system32\perfh015.dat 2015-11-27 21:18 - 2011-02-04 15:24 - 00131382 _____ C:\Windows\system32\perfc015.dat 2015-11-27 21:18 - 2010-11-20 22:01 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-27 21:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2015-11-26 22:03 - 2015-08-27 22:26 - 00019058 _____ C:\Users\Komp\Desktop\kasa aktualny.xlsx 2015-11-25 21:42 - 2015-07-01 17:38 - 00000000 ____D C:\Users\Komp\AppData\Local\Microsoft Help 2015-11-24 01:05 - 2015-10-12 00:11 - 00000000 ____D C:\Users\Komp\Desktop\firma ccn 2015-11-22 19:21 - 2015-08-28 19:35 - 00000000 ____D C:\Users\Komp\AppData\Roaming\Skype 2015-11-12 20:44 - 2015-06-29 20:46 - 00002437 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-10 21:08 - 2015-10-18 10:29 - 00000000 ____D C:\firmatec 2015-11-08 11:21 - 2009-07-14 05:33 - 00363752 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-07 22:01 - 2015-06-29 20:42 - 00089512 _____ C:\Users\Komp\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-01 11:35 - 2015-08-28 19:35 - 00000000 ____D C:\ProgramData\Skype 2015-10-31 23:02 - 2015-10-28 19:02 - 00000000 ____D C:\Users\Komp\Desktop\Tom 2015-10-31 19:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF Niektóre pliki w TEMP: ==================== C:\Users\Komp\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => MD5 jest poprawne C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-11-10 23:20 ==================== Koniec FRST.txt ============================