Anonim / 1 rok, 1 miesiąc temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 01-01-2017
Uruchomiony przez TM1BAT1 (administrator)  TM1BAT (03-01-2017 13:34:52)
Uruchomiony z C:\Users\TM1BAT1\Downloads
Załadowane profile: TM1BAT1 (Dostępne profile: TM1BAT1 & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-05-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2092317740-2117680968-1451664878-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2092317740-2117680968-1451664878-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2092317740-2117680968-1451664878-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-01] (AVAST Software)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 83.175.144.9 83.175.144.14
Tcpip\..\Interfaces\{A32A59D1-F6E5-4FBF-B32C-BD32955AF047}: [DhcpNameServer] 83.175.144.9 83.175.144.14
Tcpip\..\Interfaces\{B4CE2DA7-3E3B-478D-AB8A-1235E1C80ADE}: [DhcpNameServer] 83.175.144.9 83.175.144.14

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL14/175
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL14/175
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {42EDB3FD-8249-4A95-9FA3-0B48707D43AF} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2092317740-2117680968-1451664878-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2092317740-2117680968-1451664878-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2092317740-2117680968-1451664878-1001 -> {42EDB3FD-8249-4A95-9FA3-0B48707D43AF} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-01] (AVAST Software)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-01] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\TM1BAT1\AppData\Roaming\Mozilla\Firefox\Profiles\t1jksoh6.default-1456679312305 [2017-01-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-01]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-01]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-12-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-01]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S2 0145131483363914mcinstcleanup; C:\WINDOWS\TEMP\014513~1.EXE [883024 2017-01-02] (McAfee, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-01] (AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Brak podpisu cyfrowego]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [Brak podpisu cyfrowego]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-06-24] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-05-06] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-06-01] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-06-01] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [107792 2016-06-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-06-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-01] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1070904 2016-06-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [465792 2016-06-01] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [166432 2016-06-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-06] (AVAST Software)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [573144 2014-06-17] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [3463896 2014-06-21] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-06] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2016-11-10] (BigNox Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-03 13:34 - 2017-01-03 13:36 - 00017130 _____ C:\Users\TM1BAT1\Downloads\FRST.txt
2017-01-03 13:34 - 2017-01-03 13:34 - 02418176 _____ (Farbar) C:\Users\TM1BAT1\Downloads\FRST64.exe
2017-01-03 13:34 - 2017-01-03 13:34 - 00000000 ____D C:\FRST
2016-12-22 08:25 - 2016-12-29 19:49 - 00000232 _____ C:\WINDOWS\setupact.log
2016-12-22 08:25 - 2016-12-22 08:25 - 00003262 _____ C:\WINDOWS\PFRO.log
2016-12-22 08:25 - 2016-12-22 08:25 - 00000000 _____ C:\WINDOWS\setuperr.log
2016-12-22 08:14 - 2016-12-01 15:13 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-12-22 08:14 - 2016-12-01 15:13 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-12-22 08:14 - 2016-12-01 15:11 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-12-22 08:14 - 2016-12-01 15:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-12-22 08:14 - 2016-10-20 14:14 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-12-22 08:14 - 2016-10-20 14:10 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-12-14 12:45 - 2016-11-19 22:24 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 12:45 - 2016-11-19 22:24 - 00152856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 12:45 - 2016-11-19 20:29 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-12-14 12:45 - 2016-11-19 19:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-12-14 12:45 - 2016-11-19 18:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-12-14 12:45 - 2016-11-19 18:22 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 12:45 - 2016-11-16 22:49 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 12:45 - 2016-11-12 22:06 - 00738104 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-12-14 12:45 - 2016-11-12 20:38 - 00613632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-12-14 12:45 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-12-14 12:45 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 12:45 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-12-14 12:45 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 12:45 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-12-14 12:45 - 2016-11-12 19:23 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-12-14 12:45 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 12:45 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-12-14 12:45 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-14 12:45 - 2016-11-12 18:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-12-14 12:45 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 12:45 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-14 12:45 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 12:45 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-14 12:45 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 12:45 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-14 12:45 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-14 12:45 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-14 12:45 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-14 12:45 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-14 12:45 - 2016-11-11 03:33 - 01541240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 12:45 - 2016-11-09 18:25 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 12:45 - 2016-11-05 21:46 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-12-14 12:45 - 2016-11-05 19:35 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 12:45 - 2016-11-05 18:57 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 12:45 - 2016-11-05 18:11 - 03606528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 12:45 - 2016-11-05 16:56 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-12-14 12:45 - 2016-11-05 16:46 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-12-14 12:45 - 2016-10-28 03:56 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-14 12:45 - 2016-10-27 15:28 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-14 12:45 - 2016-10-12 22:49 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-12-14 12:45 - 2016-10-12 22:11 - 00922968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-12-14 12:45 - 2016-10-11 17:45 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-12-14 12:45 - 2016-10-11 00:31 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-12-14 12:45 - 2016-10-10 19:18 - 00069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-12-14 12:45 - 2016-10-10 19:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-12-14 12:45 - 2016-10-09 15:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-12-14 12:45 - 2016-10-09 15:08 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-12-14 12:45 - 2016-10-09 15:08 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2016-12-14 12:45 - 2016-10-08 23:24 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-12-14 12:45 - 2016-10-08 22:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-12-14 12:45 - 2016-10-08 22:10 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-12-14 12:45 - 2016-10-05 15:01 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-12-14 12:45 - 2016-10-05 15:00 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-12-14 12:45 - 2016-10-05 15:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-12-14 12:45 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-12-14 12:45 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-12-14 12:45 - 2016-10-05 05:15 - 01969944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-12-14 12:45 - 2016-10-05 05:15 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-12-14 12:45 - 2016-10-05 05:15 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-12-14 12:45 - 2016-10-05 05:15 - 00245320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-12-14 12:45 - 2016-09-27 21:16 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-12-14 12:45 - 2016-09-20 23:30 - 02462040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-12-09 12:38 - 2017-01-03 13:25 - 00000000 ____D C:\Users\TM1BAT1\AppData\LocalLow\Mozilla
2016-12-06 11:23 - 2016-12-06 11:24 - 00000000 ____D C:\Users\TM1BAT1\Desktop\Camera

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-03 10:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-02 14:31 - 2016-09-12 13:24 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-30 09:07 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-30 09:07 - 2013-08-22 14:25 - 108527616 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-30 08:56 - 2015-02-27 14:09 - 00000000 ____D C:\Users\TM1BAT1\Documents\Youcam
2016-12-29 20:00 - 2015-07-08 13:05 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2016-12-29 20:00 - 2015-06-23 20:27 - 01310720 ___SH C:\Users\TM1BAT1\NTUSER.DAT
2016-12-29 19:50 - 2014-04-03 00:01 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{42b82173-0b2e-11e3-93f4-90b11c2eb9f2}.TMContainer00000000000000000002.regtrans-ms
2016-12-29 19:50 - 2014-04-03 00:01 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{42b82173-0b2e-11e3-93f4-90b11c2eb9f2}.TM.blf
2016-12-29 19:50 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-29 19:49 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-29 19:49 - 2013-08-22 15:44 - 00353384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-29 19:49 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-12-29 19:46 - 2016-03-08 17:54 - 738197504 ___SH C:\pagefile.sys
2016-12-29 19:46 - 2016-03-08 17:54 - 268435456 ___SH C:\swapfile.sys
2016-12-29 19:45 - 2016-03-08 17:54 - 3340566528 ___SH C:\hiberfil.sys
2016-12-29 19:44 - 2013-08-22 14:25 - 84410368 _____ C:\WINDOWS\system32\config\SOFTWARE
2016-12-29 19:44 - 2013-08-22 14:25 - 58195968 _____ C:\WINDOWS\system32\config\SYSTEM
2016-12-29 19:44 - 2013-08-22 14:25 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT
2016-12-29 19:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-12-29 19:44 - 2013-08-22 14:25 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY
2016-12-29 19:44 - 2013-08-22 14:25 - 00024576 _____ C:\WINDOWS\system32\config\SAM
2016-12-29 19:43 - 2014-04-02 23:59 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms
2016-12-29 19:43 - 2014-04-02 23:59 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf
2016-12-28 11:05 - 2015-06-23 20:47 - 00011970 ____H C:\Users\TM1BAT1\AppData\Local\IconCache.db
2016-12-28 11:05 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\pl-PL
2016-12-28 11:05 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\pl-PL
2016-12-28 11:05 - 2013-08-22 16:31 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-28 11:05 - 2013-08-22 14:36 - 00000000 ___RD C:\WINDOWS\System32
2016-12-28 11:05 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64
2016-12-28 11:05 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-28 11:05 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-28 11:05 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\drivers
2016-12-27 15:42 - 2013-08-22 14:36 - 00000000 ___HD C:\ProgramData
2016-12-27 15:22 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-27 15:17 - 2014-09-04 17:11 - 00000000 __SHD C:\System Volume Information
2016-12-27 15:14 - 2015-06-24 15:44 - 00000000 ____D C:\Users\TM1BAT1\AppData\Roaming\Skype
2016-12-22 10:50 - 2014-09-05 02:14 - 00839840 _____ C:\WINDOWS\system32\perfh015.dat
2016-12-22 10:50 - 2014-09-05 02:14 - 00179982 _____ C:\WINDOWS\system32\perfc015.dat
2016-12-22 10:50 - 2014-03-18 10:53 - 01968030 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-22 10:50 - 2013-08-22 16:39 - 00786952 _____ C:\WINDOWS\system32\perfh009.dat
2016-12-22 10:50 - 2013-08-22 16:39 - 00161212 _____ C:\WINDOWS\system32\perfc009.dat
2016-12-22 08:25 - 2016-10-20 11:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-22 08:25 - 2016-06-09 12:52 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTM1BAT1.job
2016-12-22 08:25 - 2015-06-24 15:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-22 08:21 - 2015-07-02 22:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-22 08:20 - 2014-04-03 00:02 - 00786432 ___SH C:\Users\Administrator\NTUSER.DAT
2016-12-22 08:18 - 2015-07-02 22:22 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-22 08:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-18 09:08 - 2015-08-24 09:03 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-12-14 17:48 - 2015-06-23 20:45 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2092317740-2117680968-1451664878-1001
2016-12-14 16:54 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-14 12:07 - 2015-06-23 20:29 - 00000000 ____D C:\WINDOWS\SoftwareDistribution
2016-12-14 11:15 - 2016-06-09 12:52 - 00003172 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForTM1BAT1
2016-12-14 11:15 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-14 11:15 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Tasks
2016-12-14 07:23 - 2013-08-22 14:36 - 00000000 ___RD C:\Program Files (x86)
2016-12-12 00:00 - 2016-11-18 10:18 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:00 - 2016-11-18 10:18 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-09 12:38 - 2015-02-27 14:07 - 00000000 ____D C:\Users\TM1BAT1\AppData\LocalLow
2016-12-06 11:23 - 2015-06-23 20:27 - 00000000 ___RD C:\Users\TM1BAT1\Desktop
2016-12-04 15:25 - 2016-04-24 05:53 - 00000000 ____D C:\zdjęcia Seba Klaudia

Niektóre pliki w TEMP:
====================
C:\Users\TM1BAT1\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo
C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2015-12-15 14:55

==================== Koniec  FRST.txt ============================