FRST.txt

Re: Chiński wirus, którego nie mogę usunąć.

Bardzo dziękuje za pomoc.Oto nowe skany z frst.


Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 07-06-2017 01
Uruchomiony przez Patryk (administrator) PATRYK-KOMPUTER (10-06-2017 12:14:47)
Uruchomiony z E:\
Załadowane profile: Patryk (Dostępne profile: Patryk)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RTHDVCPL] = & gt; C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] = & gt; C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] = & gt; C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-04-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] = & gt; C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-04-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DFX] = & gt; C:\Program Files (x86)\DFX\DFX.exe [1327096 2015-11-27] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) & lt; ==== UWAGA
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) & lt; ==== UWAGA
HKU\S-1-5-21-2328868302-2970645825-1387881798-1000\...\Run: [Steam] = & gt; f:\gry\Steam\steam.exe [3042592 2017-06-01] (Valve Corporation)
HKU\S-1-5-21-2328868302-2970645825-1387881798-1000\...\Run: [DAEMON Tools Lite Automount] = & gt; C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-07-29] (Disc Soft Ltd)
HKU\S-1-5-21-2328868302-2970645825-1387881798-1000\...\Run: [CCleaner Monitoring] = & gt; C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{19A1CA12-92D1-4917-A709-27CDFDD744D3}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{54C161E0-D3F6-4FE0-9514-F6AFDD2D8C86}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D8F9382B-A2C7-4924-8130-C808E42A140E}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E5C80510-364C-410C-B085-270BE3032E08}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{F2D1B5C4-C05F-4A19-9F64-C5A382D60FF3}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912 & ResetID=131389620294858559 & GUID=3ED9CDEF-EAFE-4270-ABFA-452D85267EF8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912 & ResetID=131389620294868559 & GUID=3ED9CDEF-EAFE-4270-ABFA-452D85267EF8
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-08] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-06-10] & lt; ==== UWAGA
CHR Extension: (Prezentacje Google) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-08]
CHR Extension: (Dokumenty Google) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-08]
CHR Extension: (Dysk Google) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-08]
CHR Extension: (Wheat Spikelets) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bbdajhcnmoaodbanenlnnillmjkjkofm [2017-06-09]
CHR Extension: (YouTube) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-08]
CHR Extension: (Arkusze Google) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-09]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-08]
CHR Extension: (Gmail) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-08]
CHR Extension: (Chrome Media Router) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-08]

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-04-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-04-09] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-04-11] (Avira Operations GmbH & Co. KG) [Brak podpisu cyfrowego]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-07-29] (Disc Soft Ltd)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682064 2014-04-26] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-04-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-04-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-09] (Avira Operations GmbH & Co. KG)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows (R) Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2015-11-12] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-08-17] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-08-17] (Disc Soft Ltd)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [124800 2014-06-11] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [379392 2014-05-04] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-09] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-06-09 05:11 - 2017-06-09 05:17 - 00000080 _____ C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\uTorrent.lnk
2017-06-08 22:13 - 2017-06-09 05:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-08 22:12 - 2017-06-09 05:17 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-06-08 22:12 - 2017-06-08 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-08 22:12 - 2017-06-08 22:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-08 22:12 - 2017-06-08 22:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-06-08 22:12 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-06-08 22:12 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-06-08 22:12 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-08 22:09 - 2017-06-08 22:10 - 22851472 _____ (Malwarebytes ) C:\Users\Patryk\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2017-06-08 21:57 - 2017-06-09 05:17 - 00001696 _____ C:\Users\Public\Desktop\Recuva.lnk
2017-06-08 21:57 - 2017-06-08 22:04 - 00000000 ____D C:\Program Files\Recuva
2017-06-08 21:57 - 2017-06-08 21:57 - 05562976 _____ (Piriform Ltd) C:\Users\Patryk\Downloads\rcsetup153 (1).exe
2017-06-08 21:57 - 2017-06-08 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2017-06-08 21:56 - 2017-06-08 21:56 - 05562976 _____ (Piriform Ltd) C:\Users\Patryk\Downloads\rcsetup153.exe
2017-06-08 21:34 - 2017-06-09 05:17 - 00002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-08 21:34 - 2017-06-09 05:17 - 00002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-08 21:32 - 2017-06-08 21:32 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-08 21:32 - 2017-06-08 21:32 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-08 18:55 - 2017-06-08 19:00 - 00400212 _____ C:\TDSSKiller.3.1.0.15_08.06.2017_18.55.48_log.txt
2017-06-08 17:14 - 2017-06-10 12:14 - 00000000 ____D C:\FRST
2017-06-08 17:08 - 2017-06-08 17:08 - 00000000 ____D C:\Rbackup
2017-06-08 17:07 - 2017-06-08 17:08 - 00000000 ____D C:\Program Files\Perfect Uninstaller
2017-06-08 17:07 - 2017-06-08 17:07 - 00000042 _____ C:\Windows\SysWOW64\AK083E209605E394C.lie
2017-06-08 17:07 - 2017-06-08 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
2017-06-08 16:34 - 2017-06-08 16:34 - 00000000 ____D C:\Users\Patryk\AppData\Local\ElevatedDiagnostics
2017-06-08 16:06 - 2017-06-08 21:43 - 209118078 _____ C:\Windows\ntbtlog.txt
2017-06-08 16:00 - 2017-06-08 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????
2017-05-28 13:47 - 2017-05-28 13:47 - 40800176 _____ (FonePaw ) C:\Users\Patryk\Downloads\android-data-recovery.exe
2017-05-28 13:42 - 2017-05-28 13:42 - 22568112 _____ (MiniTool Solution Ltd. ) C:\Users\Patryk\Downloads\pdr7free.exe
2017-05-28 13:30 - 2017-05-28 13:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2017-05-28 13:20 - 2017-05-28 13:20 - 00000000 ____D C:\Users\Patryk\.android
2017-05-28 13:19 - 2017-05-28 13:19 - 00000000 ____D C:\Users\Patryk\AppData\Local\Aiseesoft Studio
2017-05-28 13:19 - 2017-03-17 01:52 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2017-05-28 13:19 - 2017-03-17 01:52 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2017-05-18 22:17 - 2017-05-18 22:17 - 00166288 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-06-09 14:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2017-06-09 05:24 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-09 05:24 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-09 05:17 - 2017-05-09 21:27 - 00001086 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-06-09 05:17 - 2017-05-07 20:44 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-06-09 05:17 - 2017-05-07 20:44 - 00000965 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-06-09 05:17 - 2017-02-25 19:22 - 00001668 _____ C:\Users\Public\Desktop\DFX.lnk
2017-06-09 05:17 - 2017-02-25 09:18 - 00001088 _____ C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-pity 2016 - program, pity roczne, e-deklaracje.lnk
2017-06-09 05:17 - 2017-02-25 09:18 - 00001058 _____ C:\Users\Patryk\Desktop\e-pity 2016 - program, pity roczne, e-deklaracje.lnk
2017-06-09 05:17 - 2017-02-25 08:28 - 00001196 _____ C:\Users\Patryk\Desktop\PITy 2016.lnk
2017-06-09 05:17 - 2017-02-06 22:06 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-06-09 05:17 - 2017-01-19 00:21 - 00000842 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-09 05:17 - 2017-01-09 13:17 - 00000956 _____ C:\Users\Patryk\Desktop\rozliczenie miesiąca.lnk
2017-06-09 05:17 - 2016-09-12 10:56 - 00000860 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-09 05:17 - 2016-08-17 17:27 - 00001811 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-06-09 05:17 - 2016-07-30 19:12 - 00001239 _____ C:\Users\Public\Desktop\Internet Manager.lnk
2017-06-09 05:17 - 2016-07-09 14:14 - 00000598 _____ C:\Users\Public\Desktop\Steam.lnk
2017-06-09 05:17 - 2016-06-10 22:01 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2017-06-09 05:17 - 2016-06-09 23:04 - 00001042 _____ C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-09 05:17 - 2016-06-09 22:35 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-06-09 05:17 - 2016-06-09 22:35 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-06-09 05:17 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-06-09 05:17 - 2009-07-14 06:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-09 05:17 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2017-06-09 05:17 - 2009-07-14 06:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-06-09 05:17 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-06-09 05:17 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-06-09 05:17 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-06-09 05:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-09 05:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2017-06-09 05:09 - 2017-02-07 18:50 - 00000000 ____D C:\Users\Patryk\AppData\Local\3
2017-06-09 05:09 - 2017-02-07 16:50 - 00000000 ____D C:\Users\Patryk\AppData\Local\1
2017-06-09 05:09 - 2016-10-21 12:07 - 00000000 ____D C:\ProgramData\ehaeh
2017-06-09 05:09 - 2016-08-17 17:26 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-06-09 05:09 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Contacts Toolbox
2017-06-08 21:33 - 2016-06-10 21:34 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-08 21:31 - 2016-06-10 21:32 - 00000000 ____D C:\Users\Patryk\AppData\Local\Deployment
2017-06-08 18:58 - 2011-04-12 15:21 - 00740348 _____ C:\Windows\system32\perfh015.dat
2017-06-08 18:58 - 2011-04-12 15:21 - 00155890 _____ C:\Windows\system32\perfc015.dat
2017-06-08 18:58 - 2009-07-14 07:13 - 01669190 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-08 18:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-06-08 16:02 - 2016-06-12 18:42 - 00000000 ____D C:\Users\Patryk\AppData\Roaming\uTorrent
2017-06-08 16:00 - 2016-09-19 15:00 - 00000000 ____D C:\Windows\system32\log
2017-06-08 15:42 - 2017-03-06 00:26 - 00000000 ____D C:\Users\Patryk\AppData\LocalLow\uTorrent
2017-05-28 13:20 - 2016-06-09 23:03 - 00000000 ____D C:\Users\Patryk
2017-05-28 09:31 - 2017-02-26 04:01 - 00000000 ____D C:\Windows\system32\MRT
2017-05-28 09:28 - 2017-02-18 17:42 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-11 10:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-05-11 10:11 - 2009-07-14 06:45 - 00432392 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 10:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions

==================== Pliki w katalogu głównym wybranych folderów =======

2016-12-23 21:17 - 2016-12-23 21:17 - 0000037 ___SH () C:\Users\Patryk\AppData\Local\20986331705021ca58edc424.96250074

Niektóre pliki w TEMP:
====================
2017-06-08 20:45 - 2017-06-08 20:45 - 0000000 ____D () C:\Users\Patryk\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo

LastRegBack: 2017-06-02 13:37

==================== Koniec FRST.txt ============================


Pobierz plik - link do postu
TME logo Szukaj w ofercie
Zamknij 
Wyszukaj w ofercie 200 tys. produktów TME
TME Logo