Załączam jeszcze logi z FRST. Przepraszam za niedopatrzenie.
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 25-02-2017
Uruchomiony przez Kinga D (administrator) KINGA (25-02-2017 15:41:01)
Uruchomiony z C:\Users\Kinga D\Downloads
Załadowane profile: Kinga D (Dostępne profile: Kinga D)
Platform: Windows 8.1 Pro (Update) (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesy (filtrowane) =================
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ALLPlayer Group Ltd.) C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Akamai Technologies, Inc.) C:\Users\Kinga D\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\DC@ms\dtella.exe
(Akamai Technologies, Inc.) C:\Users\Kinga D\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Rejestr (filtrowane) ====================
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
HKLM\...\Run: [RtHDVCpl] = & gt; C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] = & gt; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2793200 2013-11-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] = & gt; C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] = & gt; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [AvastUI.exe] = & gt; C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-338431111-4270550262-3382333762-1001\...\Run: [ALLUpdate] = & gt; C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-338431111-4270550262-3382333762-1001\...\Run: [Napisy24Update] = & gt; " C:\Program Files (x86)\Napisy24\Napisy24Update.exe " " sleep "
HKU\S-1-5-21-338431111-4270550262-3382333762-1001\...\Run: [ALLPlayer WiFi Remote] = & gt; C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [6168768 2016-09-15] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-338431111-4270550262-3382333762-1001\...\Run: [Autodesk Sync] = & gt; C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-21-338431111-4270550262-3382333762-1001\...\Run: [Napisy24.pl] = & gt; " C:\Program Files (x86)\Napisy24\Napisy24.exe " AutoStart
HKU\S-1-5-21-338431111-4270550262-3382333762-1001\...\Run: [Akamai NetSession Interface] = & gt; C:\Users\Kinga D\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-338431111-4270550262-3382333762-1001\...\Run: [GoogleChromeAutoLaunch_5624A4A7183224D632336A9704FCCB17] = & gt; C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-338431111-4270550262-3382333762-1001\Control Panel\Desktop\\SCRNSAVE.EXE - & gt; C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Autodesk Sync] = & gt; C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00asw] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] - & gt; {36A21736-36C2-4C11-8ACB-D4136F2B57BD} = & gt; C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
Startup: C:\Users\Kinga D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtella.lnk [2016-09-29]
ShortcutTarget: dtella.lnk - & gt; C:\Program Files (x86)\DC@ms\dtella.exe ()
==================== Internet (filtrowane) ====================
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
Tcpip\Parameters: [DhcpNameServer] 192.168.184.2 192.168.192.2
Tcpip\..\Interfaces\{0DBA1D0C-4434-42CF-8B2E-CC318208472E}: [DhcpNameServer] 192.168.184.2 192.168.192.2
Tcpip\..\Interfaces\{54E889A6-610D-41F3-AF94-BB1B36A591D2}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-30] (Oracle Corporation)
BHO: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-08] (AVAST Software)
BHO: AVG Web TuneUp - & gt; {95B7759C-8C7F-4BF1-B163-73684A933233} - & gt; C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll = & gt; Brak pliku
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-30] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-08] (AVAST Software)
BHO-x32: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-13]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @java.com/DTPlugin,version=11.121.2 - & gt; C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 - & gt; C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-30] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default - & gt; " hxxp://safesearchr.lavasoft.com/?source=3336ca5f & tbp=homepage & toolbarid=adawaretb & v=2_2 & u=EA41023D6CE903583D3E7250EC4DE01D " , " hxxp://www.gazeta.pl/0,0.html?p=150 " , " hxxp://www.istartsurf.com/?type=hp & ts=1424038902 & from=squadm & uid=ST500LM012XHN-M500MBB_S2RSJ9FC917929 " , " hxxp://www.istartsurf.com/?type=hppp & ts=1424038953 & from=squadm & uid=ST500LM012XHN-M500MBB_S2RSJ9FC917929 " , " hxxp://www.sweet-page.com/?type=hp & ts=1435931989 & z=ab83f30c03b5eed9aea8f61gfz4c9wdtbc7get9t9g & from=cor & uid=ST500LM012XHN-M500MBB_S2RSJ9FC917929 " , " hxxp://www.istartsurf.com/?type=hp & ts=1447023276 & z=7dad6e3cc6b3496039b1688gez0z5m9e8oaoft4tac & from=cor & uid=ST500LM012XHN-M500MBB_S2RSJ9FC917929 "
CHR Profile: C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default [2017-02-25]
CHR Extension: (Prezentacje Google) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-17]
CHR Extension: (Dokumenty Google) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-17]
CHR Extension: (Dysk Google) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-17]
CHR Extension: (YouTube) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-17]
CHR Extension: (uBlock Origin) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Arkusze Google) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-18]
CHR Extension: (Avast Online Security) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-15]
CHR Extension: (Google Hangouts) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-17]
CHR Extension: (Google Play Books) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-07-17]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-17]
CHR Extension: (Chrome Media Router) - C:\Users\Kinga D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Usługi (filtrowane) ====================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-17] (AVAST Software s.r.o.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 mitsijm2016; C:\Program Files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe [968480 2014-09-30] (Autodesk, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
===================== Sterowniki (filtrowane) ======================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-17] (AVAST Software)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [32168 2015-07-16] (Windows (R) Win 7 DDK provider)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [425216 2016-05-25] (Realsil Semiconductor Corporation)
R3 TSVAD_PCM; C:\Windows\system32\drivers\tsvadpcm.sys [33552 2016-02-09] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
==================== Jeden miesiąc - utworzone pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2017-02-25 15:41 - 2017-02-25 15:42 - 00017821 _____ C:\Users\Kinga D\Downloads\FRST.txt
2017-02-25 15:39 - 2017-02-25 15:39 - 02423296 _____ (Farbar) C:\Users\Kinga D\Downloads\FRST64.exe
2017-02-25 15:09 - 2017-02-25 15:09 - 00001977 _____ C:\Users\Kinga D\Desktop\AdwCleaner[S0].txt
2017-02-25 15:06 - 2017-02-25 15:06 - 00001986 _____ C:\Users\Kinga D\Desktop\AdwCleaner[C0].txt
2017-02-25 14:56 - 2017-02-25 14:56 - 00000000 ____D C:\Users\Kinga D\Doctor Web
2017-02-25 14:54 - 2017-02-25 14:55 - 148140440 _____ C:\Users\Kinga D\Downloads\launch (1).exe
2017-02-25 14:21 - 2017-02-25 14:21 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-25 14:01 - 2017-02-25 14:04 - 00000000 ____D C:\AdwCleaner
2017-02-25 14:01 - 2017-02-25 14:01 - 04015056 _____ C:\Users\Kinga D\Downloads\AdwCleaner.exe
2017-02-24 19:04 - 2017-02-24 19:04 - 00202017 _____ C:\Users\Kinga D\Desktop\wiadomosc.pdf
2017-02-17 22:10 - 2017-02-17 22:10 - 00000000 ____D C:\Users\Kinga D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome
2017-02-17 21:04 - 2017-02-25 14:10 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-17 11:30 - 2017-02-17 11:31 - 13004800 _____ C:\Users\Kinga D\Downloads\AirServer-5.1.2-x64.msi
2017-02-17 11:04 - 2017-02-17 22:26 - 00037364 _____ C:\Users\Kinga D\AppData\Roaming\net.telestream.wirecast.xml
2017-02-17 11:04 - 2017-02-17 21:31 - 00000000 ____D C:\Users\Kinga D\AppData\Roaming\Wirecast Play
2017-02-17 11:04 - 2017-02-17 11:04 - 00000000 ____D C:\Users\Kinga D\AppData\Roaming\Vara Software
2017-02-17 11:04 - 2017-02-17 11:04 - 00000000 ____D C:\ProgramData\Telestream
2017-02-17 11:00 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-02-17 11:00 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-02-17 11:00 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-02-17 11:00 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-02-17 11:00 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-02-17 11:00 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-02-17 11:00 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-02-17 11:00 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-02-17 11:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-02-17 11:00 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-02-17 11:00 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-02-17 11:00 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-02-17 11:00 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-02-17 11:00 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-02-17 11:00 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-02-17 11:00 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-02-17 10:58 - 2017-02-17 10:58 - 00001992 _____ C:\Users\Public\Desktop\Wirecast.lnk
2017-02-17 10:58 - 2017-02-17 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telestream
2017-02-17 10:58 - 2017-02-17 10:58 - 00000000 ____D C:\Program Files\Telestream
2017-02-17 10:54 - 2017-02-17 10:55 - 156071875 _____ C:\Users\Kinga D\Downloads\Wirecast-Play-6.0.7.zip
2017-02-08 00:48 - 2017-02-08 00:48 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-08 00:48 - 2017-02-08 00:48 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-08 00:48 - 2017-02-08 00:46 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-08 00:48 - 2017-02-08 00:46 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-08 00:48 - 2017-02-08 00:46 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-08 00:48 - 2017-02-08 00:46 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-07 19:16 - 2017-02-07 19:16 - 00082739 _____ C:\Users\Kinga D\Desktop\podanie_690.pdf
2017-02-07 19:16 - 2017-02-07 19:16 - 00042193 _____ C:\Users\Kinga D\Desktop\690.pdf
2017-02-06 19:11 - 2017-02-06 19:11 - 00114845 _____ C:\Users\Kinga D\Desktop\umowa_stacjonarne.pdf
2017-02-06 19:04 - 2017-02-06 19:04 - 00006160 _____ C:\Users\Kinga D\AppData\Local\recently-used.xbel
2017-01-30 20:44 - 2017-01-30 20:44 - 00000000 ____D C:\Users\Kinga D\AppData\LocalLow\Oracle
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2017-02-25 15:41 - 2016-07-17 17:53 - 00000000 ____D C:\FRST
2017-02-25 14:57 - 2016-05-27 16:06 - 00000000 ____D C:\Users\Kinga D
2017-02-25 14:28 - 2016-05-27 16:12 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-338431111-4270550262-3382333762-1001
2017-02-25 14:07 - 2016-05-27 16:24 - 00000000 __SHD C:\Users\Kinga D\IntelGraphicsProfiles
2017-02-25 14:06 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-25 13:49 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\security
2017-02-25 13:49 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-25 13:22 - 2016-12-03 22:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-25 12:04 - 2016-09-25 13:47 - 00000000 ____D C:\Users\Kinga D\AppData\Local\Akamai
2017-02-25 11:02 - 2016-05-27 16:13 - 00003980 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{186047CB-64EE-478F-8468-167ED93A5AF8}
2017-02-23 18:19 - 2016-05-27 16:42 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 18:17 - 2016-05-27 16:42 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 17:09 - 2016-09-13 20:02 - 00000000 ____D C:\ProgramData\Skype
2017-02-23 16:55 - 2016-07-08 21:10 - 00003954 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468008597
2017-02-23 16:55 - 2016-07-08 21:10 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-23 00:04 - 2016-09-29 13:04 - 00000000 ____D C:\Users\Kinga D\AppData\Roaming\DC++
2017-02-22 16:13 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-22 15:59 - 2016-05-30 13:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-17 21:25 - 2016-05-27 16:05 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-17 21:25 - 2013-08-23 00:12 - 00807160 _____ C:\Windows\system32\perfh015.dat
2017-02-17 21:25 - 2013-08-23 00:12 - 00163478 _____ C:\Windows\system32\perfc015.dat
2017-02-17 21:25 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-02-17 12:48 - 2016-07-08 21:05 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-02-13 20:29 - 2016-09-13 20:02 - 00000000 ____D C:\Users\Kinga D\AppData\Roaming\Skype
2017-02-12 15:36 - 2016-07-08 21:03 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-09 17:35 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2017-02-08 00:48 - 2016-07-08 21:05 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-08 00:48 - 2016-07-08 21:05 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-08 00:48 - 2016-07-08 21:05 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-08 00:48 - 2016-07-08 21:05 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-08 00:48 - 2016-07-08 21:05 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-08 00:48 - 2016-07-08 21:05 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-08 00:47 - 2016-07-08 21:09 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-08 00:47 - 2016-07-08 21:05 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-07 17:16 - 2016-07-17 21:05 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 17:16 - 2016-07-17 21:05 - 00002209 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 20:41 - 2016-11-13 08:31 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:41 - 2016-11-13 08:31 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 19:30 - 2016-06-13 18:29 - 00000000 ____D C:\Users\Kinga D\.gimp-2.8
2017-02-06 19:04 - 2016-06-13 18:38 - 00000000 ____D C:\Users\Kinga D\AppData\Local\gtk-2.0
2017-02-06 18:50 - 2016-06-17 08:16 - 00000000 ____D C:\Users\Kinga D\.thumbnails
2017-02-03 16:29 - 2016-09-13 20:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-01 22:29 - 2016-09-29 13:04 - 00000000 ____D C:\Users\Kinga D\AppData\Local\DC++
2017-02-01 00:50 - 2016-05-31 14:01 - 00000000 ____D C:\Users\Kinga D\Documents\Inventor
2017-01-30 20:46 - 2016-06-03 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-30 20:46 - 2016-06-03 20:20 - 00000000 ____D C:\ProgramData\Oracle
2017-01-30 20:46 - 2016-06-03 20:20 - 00000000 ____D C:\Program Files\Java
2017-01-30 20:44 - 2016-06-03 20:21 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-30 10:52 - 2017-01-04 20:44 - 00000000 ____D C:\Users\Kinga D\Desktop\infografiki
==================== Pliki w katalogu głównym wybranych folderów =======
2017-02-17 11:04 - 2017-02-17 22:26 - 0037364 _____ () C:\Users\Kinga D\AppData\Roaming\net.telestream.wirecast.xml
2016-11-20 23:07 - 2016-11-20 23:07 - 0003584 _____ () C:\Users\Kinga D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-06 19:04 - 2017-02-06 19:04 - 0006160 _____ () C:\Users\Kinga D\AppData\Local\recently-used.xbel
2016-06-04 10:54 - 2016-06-04 10:54 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Niektóre pliki w TEMP:
====================
2016-09-25 14:52 - 2015-01-26 06:59 - 0060296 _____ (Autodesk, Inc.) C:\Users\Kinga D\AppData\Local\Temp\AcDeltree.exe
2016-09-19 17:15 - 2016-09-20 20:24 - 2200144 _____ (ALLPlayer ) C:\Users\Kinga D\AppData\Local\Temp\ALLRemote.exe
2017-01-30 20:44 - 2017-01-30 20:44 - 0739904 _____ (Oracle Corporation) C:\Users\Kinga D\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-10-04 21:57 - 2017-02-22 21:01 - 0086883 _____ () C:\Users\Kinga D\AppData\Local\Temp\t.dll
==================== Bamital & volsnap ======================
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo
LastRegBack: 2017-02-20 19:10
==================== Koniec FRST.txt ============================