ADVERTISEMENT

FRST.txt

jak usunąć yoursites123 - jak usunąć yoursites123

Bardzo proszę o pomoc w usunięciu wirusa yoursites123, zrobiłem skany FRST, w załącznikach, Pozdrawiam


Download file - link to post

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:10-01-2015 01
Uruchomiony przez Florianska (administrator) FLORIANSKADR (13-01-2016 13:30:09)
Uruchomiony z C:\Users\Florianska\Downloads
Załadowane profile: Florianska (Dostępne profile: Florianska)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [MSC] = & gt; c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] = & gt; C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] = & gt; [X]
HKLM-x32\...\Run: [StatusAlerts] = & gt; C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AvgUi] = & gt; C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1139112 2015-12-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] = & gt; C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3002266513-827496984-2124136170-1000\...\Run: [Skype] = & gt; C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3002266513-827496984-2124136170-1000\...\Run: [CCleaner Monitoring] = & gt; C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3002266513-827496984-2124136170-1000\...\MountPoints2: {be85694d-fe36-11e4-883f-002564d538f7} - F:\Autorun.exe
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; Brak pliku

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{7997CFC1-A95B-456A-8920-E5CF24242C29}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{906767C9-34D0-4F1D-9EDC-4E692084D079}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp & ts=1452597964 & z=1315dfe295dfb61ae41ea83gcz4weo2w3t1m6t5q9z & from=ient12253 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp & ts=1452597964 & z=1315dfe295dfb61ae41ea83gcz4weo2w3t1m6t5q9z & from=ient12253 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds & ts=1449644711 & z=52dce7a1bc28f5a8e47d3cbg2z7z8t6q7zfz9m8e1t & from=ient07021 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN & q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds & ts=1449644711 & z=52dce7a1bc28f5a8e47d3cbg2z7z8t6q7zfz9m8e1t & from=ient07021 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN & q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp & ts=1452597964 & z=1315dfe295dfb61ae41ea83gcz4weo2w3t1m6t5q9z & from=ient12253 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp & ts=1452597964 & z=1315dfe295dfb61ae41ea83gcz4weo2w3t1m6t5q9z & from=ient12253 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1449644711 & z=52dce7a1bc28f5a8e47d3cbg2z7z8t6q7zfz9m8e1t & from=ient07021 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN & q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1449644711 & z=52dce7a1bc28f5a8e47d3cbg2z7z8t6q7zfz9m8e1t & from=ient07021 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN & q={searchTerms}
HKU\S-1-5-21-3002266513-827496984-2124136170-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds & ts=1452597964 & z=1315dfe295dfb61ae41ea83gcz4weo2w3t1m6t5q9z & from=ient12253 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN & q={searchTerms}
HKU\S-1-5-21-3002266513-827496984-2124136170-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3002266513-827496984-2124136170-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp & ts=1452597964 & z=1315dfe295dfb61ae41ea83gcz4weo2w3t1m6t5q9z & from=ient12253 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN
HKU\S-1-5-21-3002266513-827496984-2124136170-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds & ts=1452597964 & z=1315dfe295dfb61ae41ea83gcz4weo2w3t1m6t5q9z & from=ient12253 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN & q={searchTerms}
SearchScopes: HKLM - & gt; DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms} & form=MSSEDF & pc=MSSE
SearchScopes: HKLM - & gt; {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms} & form=MSSEDF & pc=MSSE
SearchScopes: HKLM-x32 - & gt; DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms} & form=MSSEDF & pc=MSSE
SearchScopes: HKLM-x32 - & gt; {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms} & form=MSSEDF & pc=MSSE
SearchScopes: HKU\S-1-5-21-3002266513-827496984-2124136170-1000 - & gt; {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc & ts=1449048061 & z=253b2abb7078f322690708ag5z0z6tce7z7b0edw4t & from=cor & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN

FireFox:
========
FF ProfilePath: C:\Users\Florianska\AppData\Roaming\Mozilla\Firefox\Profiles\m7egy4pu.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://www.google.com/
FF Plugin: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-09] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Default NewTab - C:\Users\Florianska\AppData\Roaming\Mozilla\Firefox\Profiles\m7egy4pu.default\extensions\default_newtabff@gmail.com [2016-01-12] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Florianska\AppData\Roaming\Mozilla\Firefox\Profiles\m7egy4pu.default\extensions\default_newtabff@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc & ts=1452597964 & z=1315dfe295dfb61ae41ea83gcz4weo2w3t1m6t5q9z & from=ient12253 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN

Chrome:
=======
CHR HomePage: Profile 1 - & gt; hxxps://www.google.pl/
CHR StartupUrls: Profile 1 - & gt; " hxxp://www.yoursites123.com/?type=hp & ts=1452597964 & z=1315dfe295dfb61ae41ea83gcz4weo2w3t1m6t5q9z & from=ient12253 & uid=INTELXSSDSA2CT040G3_PEPR40910199040AGN "
CHR Profile: C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-19]
CHR Extension: (Dokumenty Google) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-19]
CHR Extension: (Dysk Google) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-19]
CHR Extension: (YouTube) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-19]
CHR Extension: (Google Search) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-19]
CHR Extension: (Arkusze Google) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-19]
CHR Extension: (AdBlock) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-19]
CHR Extension: (Bookmark Manager) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-22]
CHR Extension: (Google Wallet) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-19]
CHR Extension: (Gmail) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-19]
CHR Profile: C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Prezentacje Google) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-02]
CHR Extension: (Dokumenty Google) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-02]
CHR Extension: (Dysk Google) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-02]
CHR Extension: (Google Search) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Arkusze Google) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-02]
CHR Extension: (Gmail) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-02]
CHR Profile: C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Dokumenty Google) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Dysk Google) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (Google Search) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-09]
CHR Extension: (Gmail) - C:\Users\Florianska\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1049000 2015-12-08] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [Brak podpisu cyfrowego]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [Brak podpisu cyfrowego]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-01-13 13:24 - 2016-01-13 13:25 - 00015616 _____ C:\Users\Florianska\Downloads\Fixlog.txt
2016-01-13 13:15 - 2016-01-13 13:16 - 00024098 _____ C:\Users\Florianska\Downloads\Addition.txt
2016-01-13 13:13 - 2016-01-13 13:30 - 00016720 _____ C:\Users\Florianska\Downloads\FRST.txt
2016-01-13 13:12 - 2016-01-13 13:30 - 00000000 ____D C:\FRST
2016-01-13 13:11 - 2016-01-13 13:11 - 02370560 _____ (Farbar) C:\Users\Florianska\Downloads\FRST64.exe
2016-01-13 13:06 - 2016-01-13 13:06 - 00006832 _____ C:\Users\Florianska\Desktop\fixlist.txt.txt
2016-01-13 13:05 - 2016-01-13 13:05 - 00000000 ____D C:\Users\Florianska\AppData\Roaming\AVG
2016-01-13 13:04 - 2016-01-13 13:04 - 00000000 ___HD C:\$AVG
2016-01-13 13:04 - 2016-01-13 13:04 - 00000000 ____D C:\Users\Florianska\AppData\Roaming\TuneUp Software
2016-01-13 13:04 - 2016-01-13 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-13 13:02 - 2016-01-13 13:26 - 00000000 ____D C:\ProgramData\MFAData
2016-01-13 13:02 - 2016-01-13 13:02 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-13 13:02 - 2016-01-13 13:02 - 00000000 ____D C:\Users\Florianska\AppData\Local\MFAData
2016-01-13 13:02 - 2016-01-13 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-13 13:01 - 2016-01-13 13:04 - 00000000 ____D C:\ProgramData\Avg
2016-01-13 13:01 - 2016-01-13 13:03 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-13 12:56 - 2016-01-13 13:05 - 00000000 ____D C:\Users\Florianska\AppData\Local\Avg
2016-01-13 12:56 - 2016-01-13 13:02 - 00000000 ____D C:\Users\Florianska\AppData\Local\AvgSetupLog
2016-01-13 12:56 - 2016-01-13 12:56 - 02895464 _____ (AVG Technologies) C:\Users\Florianska\Downloads\AVG_Protection_Free_1144.exe
2016-01-13 12:50 - 2016-01-13 12:50 - 00002808 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-13 12:50 - 2016-01-13 12:50 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-13 12:50 - 2016-01-13 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-13 12:50 - 2016-01-13 12:50 - 00000000 ____D C:\Program Files\CCleaner
2016-01-13 12:49 - 2016-01-13 12:49 - 06805440 _____ (Piriform Ltd) C:\Users\Florianska\Downloads\ccsetup513 (1).exe
2016-01-13 11:27 - 2016-01-13 11:27 - 00303475 _____ C:\Users\Florianska\Desktop\K.Surdej.pdf
2016-01-13 10:47 - 2016-01-13 13:00 - 00000001 _____ C:\Windows\SysWOW64\pl.html
2016-01-12 12:26 - 2016-01-13 13:09 - 00000000 ____D C:\Program Files (x86)\SFK
2016-01-12 12:25 - 2016-01-12 12:52 - 00000000 ____D C:\ProgramData\4WdM4
2016-01-07 10:17 - 2016-01-07 10:17 - 00130183 _____ C:\Users\Florianska\Downloads\F-VAT 01000205.pdf
2016-01-04 09:38 - 2016-01-04 09:38 - 00022410 _____ C:\Users\Florianska\Downloads\calendar_2016-01-01_2016-02-01.pdf
2016-01-03 07:47 - 2016-01-03 07:47 - 00127008 _____ C:\Users\Florianska\Downloads\F-VAT 01000040.pdf
2016-01-02 10:33 - 2016-01-02 10:33 - 00130915 _____ C:\Users\Florianska\Downloads\F-VAT 01000021.pdf
2015-12-29 10:50 - 2015-12-29 10:50 - 00134513 _____ C:\Users\Florianska\Downloads\F-VAT 12040877 (1).pdf
2015-12-29 10:02 - 2015-12-29 10:02 - 00134513 _____ C:\Users\Florianska\Downloads\F-VAT 12040877.pdf
2015-12-28 11:24 - 2015-12-28 11:24 - 06805328 _____ (Piriform Ltd) C:\Users\Florianska\Downloads\ccsetup513.exe
2015-12-27 17:41 - 2015-12-27 17:41 - 00022019 _____ C:\Users\Florianska\Downloads\kompendium działu produktu (1).odt
2015-12-27 06:57 - 2015-12-27 06:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-27 06:57 - 2015-12-27 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-26 10:08 - 2015-12-26 10:08 - 00133744 _____ C:\Users\Florianska\Downloads\F-VAT 12040783.pdf
2015-12-26 10:07 - 2015-12-26 10:07 - 00129395 _____ C:\Users\Florianska\Downloads\F-VAT 12040765.pdf
2015-12-22 07:47 - 2015-12-22 07:47 - 00010612 _____ C:\Users\Florianska\Downloads\NOWA STRUKTURA SEEKRAKOW 2015.odt
2015-12-21 06:59 - 2016-01-12 12:26 - 00001369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ff42i15r14e33f26o83x.lnk

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-01-13 13:30 - 2015-05-19 16:13 - 00000000 ____D C:\Users\Florianska\AppData\Roaming\Skype
2016-01-13 13:26 - 2015-12-09 09:13 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-13 13:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-13 13:24 - 2015-12-09 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-13 13:24 - 2015-06-17 08:22 - 00000000 ____D C:\Users\Florianska\AppData\LocalLow\Temp
2016-01-13 13:24 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-13 13:24 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-13 13:18 - 2015-12-09 09:13 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-13 13:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-13 13:14 - 2011-04-12 14:21 - 00697674 _____ C:\Windows\system32\perfh015.dat
2016-01-13 13:14 - 2011-04-12 14:21 - 00134784 _____ C:\Windows\system32\perfc015.dat
2016-01-13 13:14 - 2009-07-14 06:13 - 01549696 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-13 13:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-13 13:09 - 2015-12-09 08:06 - 00000000 ____D C:\Users\Florianska\AppData\Roaming\TSv
2016-01-13 13:04 - 2015-12-09 08:15 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-13 12:59 - 2015-12-09 08:13 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-13 12:55 - 2015-05-19 16:50 - 00000000 ____D C:\Windows\Panther
2016-01-13 10:40 - 2015-05-19 16:09 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 10:40 - 2015-05-19 16:09 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-12 12:26 - 2015-12-09 09:22 - 00001467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-12 12:26 - 2015-12-09 09:22 - 00001455 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-12 12:26 - 2015-12-09 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-12 12:26 - 2015-12-09 09:14 - 00002497 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-12 12:25 - 2015-12-02 10:21 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-01-04 13:16 - 2015-09-17 08:16 - 00000000 ____D C:\Users\Florianska\Desktop\Listy obecności, um. o pracę
2016-01-04 13:01 - 2015-09-17 10:29 - 00000000 ____D C:\Users\Florianska\Desktop\IWONA
2015-12-30 07:08 - 2015-07-27 23:06 - 00000000 ____D C:\Users\Florianska\AppData\Local\ElevatedDiagnostics
2015-12-27 06:57 - 2015-07-14 05:59 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-27 06:57 - 2015-05-19 16:13 - 00000000 ____D C:\Users\Florianska\AppData\Local\Skype
2015-12-27 06:57 - 2015-05-19 16:12 - 00000000 ____D C:\ProgramData\Skype
2015-12-22 10:34 - 2015-12-09 09:22 - 00000000 ____D C:\Users\Florianska\AppData\Local\Mozilla
2015-12-19 03:00 - 2015-05-20 06:21 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-19 03:00 - 2015-05-20 06:21 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-15 11:36 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Pliki w katalogu głównym wybranych folderów =======

2015-12-02 10:21 - 2016-01-12 12:25 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Pliki do przeniesienia lub usunięcia:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo


LastRegBack: 2016-01-11 13:17

==================== Koniec FRST.txt ============================