FRST.txt

Reimgae Repair + google - prośba o analizę logów

Proszę o analize logów. Wirus usuwany wszelkimi sposobami, ale nadal wyskakują reklamy.


Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:23-05-2016
Uruchomiony przez Maurocy (administrator) MAUROCY-PC (24-05-2016 18:26:57)
Uruchomiony z C:\Users\Maurocy\Downloads
Załadowane profile: Maurocy (Dostępne profile: Maurocy)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Język: Polski (Polska)
Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Maurocy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RtHDVCpl] = & gt; C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7858720 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] = & gt; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] = & gt; C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] = & gt; C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] = & gt; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-3678977833-761364585-3522991751-1000\...\Run: [ALLUpdate] = & gt; C:\Program Files\ALLPlayer\ALLUpdate.exe [2765256 2015-01-24] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-3678977833-761364585-3522991751-1000\...\Run: [Napisy24Update] = & gt; " C:\Program Files\Napisy24\Napisy24Update.exe " " sleep "
HKU\S-1-5-21-3678977833-761364585-3522991751-1000\...\Run: [ALLPlayer WiFi Remote] = & gt; C:\Program Files\ALLPlayer Remote\ALLPlayerRemoteControl.exe
HKU\S-1-5-21-3678977833-761364585-3522991751-1000\...\Run: [Spotify Web Helper] = & gt; C:\Users\Maurocy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-01] (Spotify Ltd)
HKU\S-1-5-21-3678977833-761364585-3522991751-1000\...\Run: [Spotify] = & gt; C:\Users\Maurocy\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-05-01] (Spotify Ltd)
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-02] (AVAST Software)
Startup: C:\Users\Maurocy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2015-11-06]
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - & gt; C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Ograniczenia - Chrome & lt; ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia & lt; ======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{6997FDB1-66CC-4D52-B748-4AA4EAA0415D}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{6997FDB1-66CC-4D52-B748-4AA4EAA0415D}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{7BABF9B6-0DED-4750-BB0F-26B04A3EC03E}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{D4FB1DFA-6152-4884-BF77-7207B33AFD91}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{D4FB1DFA-6152-4884-BF77-7207B33AFD91}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/yhs/web?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wbf_ir_16_06 & param1=1 & param2=f%3D1%26b%3DIE%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyDtDyDtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtA0F0C0AzyyD0BtGyByEzytBtGtDzy0ByBtGyEtDtByCtGzyzy0C0CyD0EyByC0ByDtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D331271840%26a%3Dwbf_ir_16_06%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKU\S-1-5-21-3678977833-761364585-3522991751-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/yhs/web?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wbf_ir_16_06 & param1=1 & param2=f%3D1%26b%3DIE%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyDtDyDtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtA0F0C0AzyyD0BtGyByEzytBtGtDzy0ByBtGyEtDtByCtGzyzy0C0CyD0EyByC0ByDtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D331271840%26a%3Dwbf_ir_16_06%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://no.search.yahoo.com/yhs/search?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wncy_ir_15_47 & param1=1 & param2=f%3D4%26b%3DIE%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyCtB0EtC0E0A0DtGyDtBtB0DtGyBzz0CzytGtC0B0A0EtGyCyCtD0AyB0FyD0D0A0AtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D1140690722%26a%3Dwncy_ir_15_47%26os%3DWindows%2B7%2BHome%2BPremium & p={searchTerms}
SearchScopes: HKLM - & gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://no.search.yahoo.com/yhs/search?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wncy_ir_15_47 & param1=1 & param2=f%3D4%26b%3DIE%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyCtB0EtC0E0A0DtGyDtBtB0DtGyBzz0CzytGtC0B0A0EtGyCyCtD0AyB0FyD0D0A0AtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D1140690722%26a%3Dwncy_ir_15_47%26os%3DWindows%2B7%2BHome%2BPremium & p={searchTerms}
SearchScopes: HKLM - & gt; {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://no.search.yahoo.com/yhs/search?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wbf_ir_16_06 & param1=1 & param2=f%3D4%26b%3DIE%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyDtDyDtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtA0F0C0AzyyD0BtGyByEzytBtGtDzy0ByBtGyEtDtByCtGzyzy0C0CyD0EyByC0ByDtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D331271840%26a%3Dwbf_ir_16_06%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium & p={searchTerms}
SearchScopes: HKLM - & gt; {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://no.search.yahoo.com/yhs/search?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wny_ir_15_47 & param1=1 & param2=f%3D4%26b%3DIE%26cc%3Dno%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StByBtA0C0B0C0FzztGyEtDtB0DtGyCyB0D0BtGtAyD0AyEtGyBtDzy0BtAyBtBtByCtCtDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D1740416208%26a%3Dwny_ir_15_47%26os%3DWindows%2B7%2BHome%2BPremium & p={searchTerms}
SearchScopes: HKU\S-1-5-21-3678977833-761364585-3522991751-1000 - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://no.search.yahoo.com/yhs/search?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wncy_ir_15_47 & param1=1 & param2=f%3D4%26b%3DIE%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyCtB0EtC0E0A0DtGyDtBtB0DtGyBzz0CzytGtC0B0A0EtGyCyCtD0AyB0FyD0D0A0AtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D1140690722%26a%3Dwncy_ir_15_47%26os%3DWindows%2B7%2BHome%2BPremium & p={searchTerms}
SearchScopes: HKU\S-1-5-21-3678977833-761364585-3522991751-1000 - & gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://no.search.yahoo.com/yhs/search?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wncy_ir_15_47 & param1=1 & param2=f%3D4%26b%3DIE%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyCtB0EtC0E0A0DtGyDtBtB0DtGyBzz0CzytGtC0B0A0EtGyCyCtD0AyB0FyD0D0A0AtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D1140690722%26a%3Dwncy_ir_15_47%26os%3DWindows%2B7%2BHome%2BPremium & p={searchTerms}
SearchScopes: HKU\S-1-5-21-3678977833-761364585-3522991751-1000 - & gt; {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://no.search.yahoo.com/yhs/search?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wbf_ir_16_06 & param1=1 & param2=f%3D4%26b%3DIE%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyDtDyDtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtA0F0C0AzyyD0BtGyByEzytBtGtDzy0ByBtGyEtDtByCtGzyzy0C0CyD0EyByC0ByDtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D331271840%26a%3Dwbf_ir_16_06%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium & p={searchTerms}
SearchScopes: HKU\S-1-5-21-3678977833-761364585-3522991751-1000 - & gt; {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://no.search.yahoo.com/yhs/search?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wny_ir_15_47 & param1=1 & param2=f%3D4%26b%3DIE%26cc%3Dno%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StByBtA0C0B0C0FzztGyEtDtB0DtGyCyB0D0BtGtAyD0AyEtGyBtDzy0BtAyBtBtByCtCtDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D1740416208%26a%3Dwny_ir_15_47%26os%3DWindows%2B7%2BHome%2BPremium & p={searchTerms}
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-30] (Oracle Corporation)
BHO: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-02] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer - & gt; {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - & gt; C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO: Brak nazwy - & gt; {d00ab4cc-662c-40b6-a85f-d53086f4bb16} - & gt; Brak pliku
BHO: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-30] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Maurocy\AppData\Roaming\Mozilla\Firefox\Profiles\ka6albsi.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 - & gt; C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 - & gt; C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - & gt; C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - & gt; C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - & gt; C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - & gt; C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: Adobe Reader - & gt; C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-02]

Chrome:
=======
CHR HomePage: Default - & gt; hxxp://www.google.com
CHR StartupUrls: Default - & gt; " hxxp://www.google.pl/ " , " hxxp://wp.pl/ " , " hxxp://pl-pl.facebook.com/ " , " hxxp://allegro.pl/ " , " hxxp://www.msn.com/pl-pl/?pc=UP97 & ocid=UP97DHP " , " hxxps://no.search.yahoo.com/yhs/web?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wncy_ir_15_47 & param1=1 & param2=f%3D7%26b%3DChrome%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyCtB0EtC0E0A0DtGyDtBtB0DtGyBzz0CzytGtC0B0A0EtGyCyCtD0AyB0FyD0D0A0AtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D1140690722%26a%3Dwncy_ir_15_47%26os%3DWindows%2B7%2BHome%2BPremium " , " hxxps://no.search.yahoo.com/yhs/web?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wny_ir_15_47 & param1=1 & param2=f%3D7%26b%3DChrome%26cc%3Dno%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDzztByD0AyBzyyEtGtD0DyB0DtGtDyByBzytGtCzztC0FtGzyzztB0EyBzzzzzy0FtB0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D421142489%26a%3Dwny_ir_15_47%26os%3DWindows%2B7%2BHome%2BPremium " , " hxxps://no.search.yahoo.com/yhs/web?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wncy_ir_15_47 & param1=1 & param2=f%3D7%26b%3DChrome%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtDzytA0FtCtDyCtGyD0CtAtAtGtC0FzztBtGyE0D0AzztGzztCzztCtDtAtBtCzz0Fzz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D1085830547%26a%3Dwncy_ir_15_47%26os%3DWindows%2B7%2BHome%2BPremium " , " hxxps://no.search.yahoo.com/yhs/web?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wny_ir_15_47 & param1=1 & param2=f%3D7%26b%3DChrome%26cc%3Dno%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StByBtA0C0B0C0FzztGyEtDtB0DtGyCyB0D0BtGtAyD0AyEtGyBtDzy0BtAyBtBtByCtCtDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D1740416208%26a%3Dwny_ir_15_47%26os%3DWindows%2B7%2BHome%2BPremium " , " hxxps://no.search.yahoo.com/yhs/web?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wncy_ir_15_47 & param1=1 & param2=f%3D7%26b%3Dchmm%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyCtB0EtC0E0A0DtGyDtBtB0DtGyBzz0CzytGtC0B0A0EtGyCyCtD0AyB0FyD0D0A0AtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D1140690722%26a%3Dwncy_ir_15_47%26os%3DWindows%2B7%2BHome%2BPremium & uref=chmm " , " hxxps://no.search.yahoo.com/yhs/web?hspart=iry & hsimp=yhs-fullyhosted_003 & type=wbf_ir_16_06 & param1=1 & param2=f%3D7%26b%3DChrome%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyByDtDzztB0AyD0EtCtD0E0DtD0EtN0D0Tzu0StCyDtDyDtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtA0F0C0AzyyD0BtGyByEzytBtGtDzy0ByBtGyEtDtByCtGzyzy0C0CyD0EyByC0ByDtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0Ezy0BtC0FtDtGtAtA0A0AtGyEtAyByEtG0BtAyBtCtG0AtA0DyByCzzyCzytD0D0C0D2QtN0A0LzuyE%26cr%3D331271840%26a%3Dwbf_ir_16_06%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium "
CHR Profile: C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Dokumenty Google) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Dysk Google) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (SmarterPassword) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahdkacgpocedihpehmmhbcadaaacdmf [2016-04-24]
CHR Extension: (Arkusze Google) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (AdBlock) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-14]
CHR Extension: (Avast Online Security) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-09]
CHR Extension: (Skype) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-24]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Maurocy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-02]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-02] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
U4 AvastVBoxSvc; " C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe " [X]

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-05-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-05-02] (AVAST Software)
S3 ALSysIO; \??\C:\Users\Maurocy\AppData\Local\Temp\ALSysIO.sys [X]
S3 cpuz134; \??\C:\Users\Maurocy\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-05-24 18:26 - 2016-05-24 18:27 - 00024588 _____ C:\Users\Maurocy\Downloads\FRST.txt
2016-05-24 18:26 - 2016-05-24 18:26 - 00000000 ____D C:\FRST
2016-05-24 18:22 - 2016-05-24 18:26 - 01733632 _____ (Farbar) C:\Users\Maurocy\Downloads\FRST.exe
2016-05-21 10:27 - 2016-05-21 10:27 - 00054126 _____ C:\Users\Maurocy\Downloads\Oppdragsbekreftelse (8).pdf
2016-05-17 12:07 - 2016-05-17 12:07 - 00054122 _____ C:\Users\Maurocy\Downloads\Oppdragsbekreftelse (7).pdf
2016-05-16 23:22 - 2016-05-16 23:23 - 00009312 _____ C:\Users\Maurocy\Downloads\PaySlip_20_18523945_201605_1 (5).PDF
2016-05-13 15:45 - 2016-05-13 15:45 - 00009312 _____ C:\Users\Maurocy\Downloads\PaySlip_20_18523945_201605_1 (4).PDF
2016-05-13 15:44 - 2016-05-13 15:44 - 00054122 _____ C:\Users\Maurocy\Downloads\Oppdragsbekreftelse (6).pdf
2016-05-12 22:55 - 2016-05-12 22:55 - 00009312 _____ C:\Users\Maurocy\Downloads\PaySlip_20_18523945_201605_1 (3).PDF
2016-05-12 22:49 - 2016-05-12 22:49 - 00009312 _____ C:\Users\Maurocy\Downloads\PaySlip_20_18523945_201605_1 (2).PDF
2016-05-12 22:49 - 2016-05-12 22:49 - 00009312 _____ C:\Users\Maurocy\Downloads\PaySlip_20_18523945_201605_1 (1).PDF
2016-05-12 22:40 - 2016-05-12 22:40 - 00009312 _____ C:\Users\Maurocy\Downloads\PaySlip_20_18523945_201605_1.PDF
2016-05-12 15:32 - 2016-05-12 15:32 - 00053962 _____ C:\Users\Maurocy\Downloads\Oppdragsbekreftelse (5).pdf
2016-05-11 19:25 - 2016-05-11 19:25 - 00039328 _____ C:\Users\Maurocy\Downloads\Tilsendt Selvangivelse 2015 (4).pdf
2016-05-11 19:20 - 2016-05-11 19:20 - 00039328 _____ C:\Users\Maurocy\Downloads\Tilsendt Selvangivelse 2015 (3).pdf
2016-05-11 01:03 - 2016-05-11 01:03 - 00001071 _____ C:\Users\Maurocy\Desktop\Dokumenty -- skrót.lnk
2016-05-02 18:50 - 2016-05-02 18:50 - 00147741 _____ C:\Users\Maurocy\Downloads\1562_001 (2) (1).pdf
2016-05-02 18:41 - 2016-05-02 18:41 - 00147741 _____ C:\Users\Maurocy\Desktop\1562_001 (2).pdf
2016-05-02 18:40 - 2016-05-02 18:40 - 00147741 _____ C:\Users\Maurocy\Downloads\1562_001 (2).pdf
2016-05-02 18:39 - 2016-05-02 18:39 - 00033417 _____ C:\Users\Maurocy\Downloads\wiadomosc.eml
2016-05-02 17:52 - 2016-05-02 17:52 - 00147741 _____ C:\Users\Maurocy\Downloads\1562_001 (1).pdf
2016-05-02 14:00 - 2016-05-02 14:00 - 00147741 _____ C:\Users\Maurocy\Downloads\1562_001.pdf
2016-05-02 06:50 - 2016-05-02 06:50 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-05-02 06:50 - 2016-05-02 06:50 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-05-02 06:47 - 2016-05-02 06:47 - 05168776 _____ (AVAST Software) C:\Users\Maurocy\Downloads\avast_free_antivirus_setup_online.exe
2016-04-28 17:13 - 2016-04-28 17:13 - 00105186 _____ C:\Users\Maurocy\Downloads\Adecco Arbeidsavtale (4).pdf
2016-04-28 17:11 - 2016-04-28 17:11 - 00105186 _____ C:\Users\Maurocy\Downloads\Adecco Arbeidsavtale (3).pdf
2016-04-27 20:12 - 2016-04-27 20:12 - 00054293 _____ C:\Users\Maurocy\Downloads\Oppdragsbekreftelse (4).pdf
2016-04-24 12:00 - 2016-04-24 12:00 - 00055203 _____ C:\Users\Maurocy\Downloads\Oppdragsbekreftelse (3).pdf
2016-04-24 11:59 - 2016-04-24 11:59 - 00105220 _____ C:\Users\Maurocy\Downloads\Adecco Arbeidsavtale (2).pdf

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-05-24 18:26 - 2015-02-06 21:32 - 00000000 ____D C:\Users\Maurocy\AppData\Roaming\Skype
2016-05-24 18:11 - 2009-07-14 06:34 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-24 18:11 - 2009-07-14 06:34 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-24 18:06 - 2016-04-02 16:34 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-24 18:05 - 2015-02-06 09:37 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-24 14:33 - 2016-04-02 16:34 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-22 19:12 - 2015-02-08 19:37 - 00000000 ____D C:\Users\Maurocy\AppData\Local\Spotify
2016-05-22 19:11 - 2015-02-08 19:36 - 00000000 ____D C:\Users\Maurocy\AppData\Roaming\Spotify
2016-05-22 19:11 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-22 15:23 - 2016-02-20 16:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-13 15:36 - 2016-04-02 16:35 - 00002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 15:36 - 2016-04-02 16:35 - 00002095 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 22:38 - 2015-02-06 09:37 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-12 22:38 - 2015-02-06 09:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-10 19:59 - 2016-04-19 20:21 - 00003708 _____ C:\Windows\system32\ScanResults.xml
2016-05-10 19:55 - 2016-04-19 20:16 - 00000464 _____ C:\Windows\system32\ScannerSettings
2016-05-10 11:22 - 2015-11-23 05:33 - 00000149 _____ C:\Windows\Reimage.ini
2016-05-07 18:26 - 2015-02-06 21:32 - 00000000 ___RD C:\Program Files\Skype
2016-05-05 07:15 - 2016-03-19 16:24 - 00000000 ____D C:\ProgramData\9e1ecf5c-1605-0
2016-05-03 07:18 - 2011-02-04 16:37 - 00687828 _____ C:\Windows\system32\perfh015.dat
2016-05-03 07:18 - 2011-02-04 16:37 - 00131382 _____ C:\Windows\system32\perfc015.dat
2016-05-03 07:18 - 2010-11-20 23:01 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-03 07:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-05-02 06:51 - 2016-03-30 18:32 - 00002035 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-05-02 06:50 - 2015-02-06 09:59 - 00124808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-05-02 06:50 - 2015-02-06 09:59 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-05-02 06:50 - 2015-02-06 09:55 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-05-02 06:50 - 2015-02-06 09:55 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-05-02 06:50 - 2015-02-06 09:52 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-05-02 06:50 - 2015-02-06 09:52 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-05-02 06:50 - 2015-02-06 09:51 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-05-02 06:49 - 2016-03-03 15:15 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-05-02 06:49 - 2015-02-06 09:52 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-05-01 20:05 - 2015-02-06 21:31 - 00000000 ____D C:\ProgramData\Skype

==================== Pliki w katalogu głównym wybranych folderów =======

2016-02-15 12:50 - 2016-03-30 18:20 - 0000171 _____ () C:\Users\Maurocy\AppData\Roaming\WB.CFG
2016-03-19 16:11 - 2016-03-19 16:11 - 0000000 _____ () C:\Users\Maurocy\AppData\Local\{FDE8C13E-E05E-4181-BC2C-0C06D3B89BBF}

Niektóre pliki w TEMP:
====================
C:\Users\Maurocy\AppData\Local\Temp\49gwoawa.dll
C:\Users\Maurocy\AppData\Local\Temp\4yafuoli.dll
C:\Users\Maurocy\AppData\Local\Temp\d0ruwitl.dll
C:\Users\Maurocy\AppData\Local\Temp\DriverReviverSetup.exe
C:\Users\Maurocy\AppData\Local\Temp\ICReinstall_Core-Temp-setup_0.99.8.0(dobreprogramy.pl).exe
C:\Users\Maurocy\AppData\Local\Temp\izwadorm.dll
C:\Users\Maurocy\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Maurocy\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Maurocy\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Maurocy\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Maurocy\AppData\Local\Temp\mbyvhn-f.dll
C:\Users\Maurocy\AppData\Local\Temp\ohsp-kzr.dll
C:\Users\Maurocy\AppData\Local\Temp\paczgtjm.dll
C:\Users\Maurocy\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Maurocy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Maurocy\AppData\Local\Temp\sqlite3.exe
C:\Users\Maurocy\AppData\Local\Temp\u9911aw_.dll
C:\Users\Maurocy\AppData\Local\Temp\xeyh8u0x.dll
C:\Users\Maurocy\AppData\Local\Temp\xkqu2vql.dll
C:\Users\Maurocy\AppData\Local\Temp\{255E4611-AE6D-4A23-8DA0-2B6EADDF425D}.dll
C:\Users\Maurocy\AppData\Local\Temp\{25770311-D4C6-4EC5-8CD4-00A2621A8BE9}.dll
C:\Users\Maurocy\AppData\Local\Temp\{2FBC0178-0463-4A6F-833A-BA5865E9275C}.dll
C:\Users\Maurocy\AppData\Local\Temp\{3BCBBBCB-F890-4719-AAAB-3970DFB9CFFA}.dll
C:\Users\Maurocy\AppData\Local\Temp\{5DAB619D-3099-4B76-8180-15736F17A67F}.dll
C:\Users\Maurocy\AppData\Local\Temp\{6D426571-4674-41AC-89BD-6578CAF94844}.dll
C:\Users\Maurocy\AppData\Local\Temp\{9E76A86B-788F-4500-AF33-66CC565739F8}.dll
C:\Users\Maurocy\AppData\Local\Temp\{A4F32872-7548-46BE-B35C-3CC4395172D9}.dll
C:\Users\Maurocy\AppData\Local\Temp\{D254F164-9A97-488D-BDF5-5D6553444C03}.dll
C:\Users\Maurocy\AppData\Local\Temp\{EE7BF83E-318C-4B0C-86A1-32CB76530035}.dll
C:\Users\Maurocy\AppData\Local\Temp\{F5447B52-8B51-45C0-B92E-908F6331B4AD}.dll


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo


LastRegBack: 2016-05-18 18:36

==================== Koniec FRST.txt ============================


Download file - link to post