Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 15-07-2017 Uruchomiony przez bernadetka (administrator) HALL9000 (17-07-2017 19:22:40) Uruchomiony z C:\Users\bernadetka\Desktop Załadowane profile: bernadetka & test (Dostępne profile: bernadetka & test & Gość) Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Adobe Systems Incorporated) D:\programy\elements ps\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe () C:\Windows\System32\PnkBstrA.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe (ZSMCSNAP) C:\Windows\ZSSnp211.EXE (MM Studio) C:\Windows\schemnt\hpcmsr.exe () C:\Program Files\AVG Web TuneUp\vprot.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Dropbox, Inc.) C:\Users\bernadetka\AppData\Roaming\Dropbox\bin\Dropbox.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgui.exe (Dropbox, Inc.) C:\Users\bernadetka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\bernadetka\AppData\Roaming\Dropbox\bin\Dropbox.exe (MM Studio) C:\Windows\schemnt\sysmvr.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\wercon.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [ZSSnp211] => C:\Windows\ZSSnp211.exe [49152 2006-08-19] (ZSMCSNAP) HKLM\...\Run: [hpcmsr] => C:\Windows\schemnt\hpcmsr.exe [200520 2012-12-05] (MM Studio) HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2184776 2017-07-07] () HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-07-03] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12336856 2015-06-18] (Realtek Semiconductor) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [263232 2017-07-14] (AVG Technologies CZ, s.r.o.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-2943330059-2245157346-32338817-1000\...\Run: [Dropbox Update] => C:\Users\bernadetka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-27] (Dropbox, Inc.) Startup: C:\Users\bernadetka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-07-13] ShortcutTarget: Dropbox.lnk -> C:\Users\bernadetka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) GroupPolicy: Ograniczenia ? <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 195.225.36.2 8.8.8.8 Tcpip\..\Interfaces\{4972B2AB-6E4A-486D-A3BF-FEAE17BED21E}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{4972B2AB-6E4A-486D-A3BF-FEAE17BED21E}: [DhcpNameServer] 195.225.36.2 8.8.8.8 Tcpip\..\Interfaces\{A4A3AA4B-D50E-474B-94A1-5793549C3269}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fr.msn.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2943330059-2245157346-32338817-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fr.msn.com/ HKU\S-1-5-21-2943330059-2245157346-32338817-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope - brak wartości BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\office2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-07] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-07] (Oracle Corporation) BHO: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> D:\programy\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.) Toolbar: HKU\S-1-5-21-2943330059-2245157346-32338817-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\office2007\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.5.0\ViProtocol.dll [2016-04-28] (AVG Secure Search) FireFox: ======== FF ProfilePath: C:\Users\bernadetka\AppData\Roaming\Mozilla\Firefox\Profiles\4zeur4b4.default-1492622704442 [2017-07-17] FF Extension: (uBlock Origin) - C:\Users\bernadetka\AppData\Roaming\Mozilla\Firefox\Profiles\4zeur4b4.default-1492622704442\Extensions\uBlock0@raymondhill.net.xpi [2017-06-27] FF Extension: (Youtube Converter MP3) - C:\Users\bernadetka\AppData\Roaming\Mozilla\Firefox\Profiles\4zeur4b4.default-1492622704442\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2017-06-27] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-17] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-07-08] () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [Brak pliku] FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin: @esn/npbattlelog,version=2.3.2 -> C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB) FF Plugin: @ganymede/GanymedeNetPlugin,version=1.0 -> D:\gry\Ganymede\Plugins\npganymedenet.dll [Brak pliku] FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\programy\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-07] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-12-06] (Nexon) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku] FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> D:\programy\real player\Netscape6\nppl3260.dll [2012-09-01] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> D:\programy\real player\Netscape6\nprjplug.dll [2012-09-01] (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-09-01] (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-09-01] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> D:\programy\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> D:\programy\real player\Netscape6\nprpplugin.dll [2012-09-01] (RealPlayer) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2943330059-2245157346-32338817-1000: @coreonline.com/run3d,version=1.0 -> C:\Users\bernadetka\AppData\LocalLow\Square Enix\nprun3d.dll [2012-09-14] (Square Enix) FF Plugin HKU\S-1-5-21-2943330059-2245157346-32338817-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\bernadetka\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google) FF Plugin HKU\S-1-5-21-2943330059-2245157346-32338817-1000: @talk.google.com/O1DPlugin -> C:\Users\bernadetka\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google) FF Plugin HKU\S-1-5-21-2943330059-2245157346-32338817-1000: @tools.google.com/Google Update;version=3 -> C:\Users\bernadetka\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-07-06] (Google Inc.) FF Plugin HKU\S-1-5-21-2943330059-2245157346-32338817-1000: @tools.google.com/Google Update;version=9 -> C:\Users\bernadetka\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-07-06] (Google Inc.) FF Plugin HKU\S-1-5-21-2943330059-2245157346-32338817-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\bernadetka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2011-08-30] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012-09-01] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-09-01] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012-09-01] (RealPlayer) FF Plugin ProgramFiles/Appdata: C:\Users\bernadetka\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\bernadetka\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://google.pl/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms} CHR Profile: C:\Users\bernadetka\AppData\Local\Google\Chrome\User Data\Default [2017-07-17] CHR Extension: (Adblock Plus) - C:\Users\bernadetka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13] CHR Extension: (Search by Image (by Google)) - C:\Users\bernadetka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-04-18] CHR Extension: (Planetarium) - C:\Users\bernadetka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2016-04-28] CHR Extension: (Youtube-to-MP3) - C:\Users\bernadetka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekmfmemcfggilfpgplgjbfaijgchhfc [2015-03-04] CHR Extension: (Auto HD For YouTube™) - C:\Users\bernadetka\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-02-01] CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\bernadetka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh [2012-11-11] CHR Extension: (Stop Autoplay in Background Tabs for Youtube™) - C:\Users\bernadetka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkfmcciflnlkdheadiffkhjcmalocece [2012-11-13] CHR Extension: (Stop Autoplay for Youtube™ Extended) - C:\Users\bernadetka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnpbhnhmmjioijfgilcohbknkgfmpa [2017-07-06] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\bernadetka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-18] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdobeActiveFileMonitor8.0; D:\programy\elements ps\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-08] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [264432 2017-07-14] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5866488 2017-07-14] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-07-03] (AVG Technologies CZ, s.r.o.) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-04-15] (Creative Labs) [Brak podpisu cyfrowego] S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-02-07] (Creative Labs) [Brak podpisu cyfrowego] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-01] () R2 vToolbarUpdater40.3.8; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1354824 2017-07-07] (AVG Secure Search) R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [Brak podpisu cyfrowego] R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [Brak podpisu cyfrowego] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-07-07] () S4 xsherlock; C:\Windows\system32\xsherlock.xem [665184 2012-07-07] (Wellbia.com Co., Ltd.) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [82960 2011-10-17] (Advanced Micro Devices) S0 auddrive; C:\Windows\System32\drivers\auddrive.SYS [80992 1999-10-08] (ESS Technology, Inc.) [Brak podpisu cyfrowego] R1 avgbdisk; C:\Windows\system32\drivers\avgbdiskx.sys [135872 2017-07-14] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdriverx.sys [260616 2017-07-14] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\Windows\system32\drivers\avgbidshx.sys [151024 2017-07-14] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\Windows\system32\drivers\avgblogx.sys [270344 2017-07-14] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\Windows\system32\drivers\avgbunivx.sys [43992 2017-07-14] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [35264 2017-07-14] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [116344 2017-07-14] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\Windows\system32\drivers\avgRdr.sys [62528 2017-07-14] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [63280 2017-07-14] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [766728 2017-07-14] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [489416 2017-07-14] (AVG Technologies CZ, s.r.o.) R3 avgStmXP; C:\Windows\system32\drivers\avgStmXP.sys [195128 2017-07-14] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [288728 2017-07-14] (AVG Technologies CZ, s.r.o.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-10-07] (DT Soft Ltd) S3 EagleXNt; C:\Windows\system32\drivers\EagleXNt.sys [563552 2014-12-19] (AhnLab, Inc.) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [Brak podpisu cyfrowego] R3 P17; C:\Windows\System32\drivers\P17.sys [1122304 2007-02-05] (Creative Technology Ltd.) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [328552 2011-07-06] (Realtek Semiconductor Corp.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2011-12-31] () [Brak podpisu cyfrowego] S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-23] (DEVGURU Co., LTD.(www.devguru.co.kr)) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [Brak podpisu cyfrowego] S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2008-08-01] (The OpenVPN Project) [Brak podpisu cyfrowego] S3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2011-05-08] (Alcohol Soft Co., Ltd.) [Brak podpisu cyfrowego] S3 ZSMC211; C:\Windows\System32\Drivers\ZS211.sys [391836 2006-08-08] (ZSMC Corporation) [Brak podpisu cyfrowego] U3 adeqnyce; C:\Windows\system32\Drivers\adeqnyce.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-07-17 19:22 - 2017-07-17 19:23 - 00022124 _____ C:\Users\bernadetka\Desktop\FRST.txt 2017-07-17 19:22 - 2017-07-17 19:22 - 00000000 ____D C:\FRST 2017-07-17 19:21 - 2017-07-17 19:11 - 01780736 _____ (Farbar) C:\Users\bernadetka\Desktop\FRST.exe 2017-07-16 10:48 - 2017-07-16 10:48 - 00000000 ____D C:\Users\TEMP\AppData\LocalLow\Adobe 2017-07-16 10:32 - 2017-07-16 10:32 - 00000000 ____D C:\Users\test\AppData\LocalLow\Mozilla 2017-07-16 10:31 - 2017-07-16 10:32 - 00000000 ____D C:\Users\test\AppData\Roaming\Mozilla 2017-07-16 10:31 - 2017-07-16 10:31 - 00000000 ____D C:\Users\test\AppData\Local\Mozilla 2017-07-16 10:28 - 2017-07-16 10:28 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe 2017-07-16 10:28 - 2017-07-16 10:28 - 00000000 ____D C:\Users\test\AppData\LocalLow\Adobe 2017-07-16 10:28 - 2017-07-16 10:28 - 00000000 ____D C:\Users\test\AppData\Local\Adobe 2017-07-16 10:26 - 2017-07-16 10:26 - 00000000 ____D C:\Users\test\AppData\Roaming\AVG 2017-07-16 10:24 - 2017-07-16 10:24 - 00000351 _____ C:\prefs.js 2017-07-16 10:23 - 2017-07-16 10:25 - 00000000 ____D C:\Users\test\AppData\Local\Avg 2017-07-16 10:23 - 2017-07-16 10:24 - 00000000 ____D C:\Users\test\AppData\Local\AVG Web TuneUp 2017-07-16 10:23 - 2017-07-16 10:23 - 00000949 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-07-16 10:23 - 2017-07-16 10:23 - 00000944 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-07-16 10:23 - 2017-07-16 10:23 - 00000915 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2017-07-16 10:23 - 2017-07-16 10:23 - 00000000 ____D C:\Users\test\AppData\Local\CEF 2017-07-16 10:22 - 2017-07-16 10:23 - 00000000 ____D C:\Users\test\AppData\Local\Google 2017-07-16 10:22 - 2017-07-16 10:23 - 00000000 ____D C:\Users\test 2017-07-16 10:22 - 2017-07-16 10:22 - 00000020 ___SH C:\Users\test\ntuser.ini 2017-07-16 10:22 - 2017-07-16 10:22 - 00000000 _SHDL C:\Users\test\Ustawienia lokalne 2017-07-16 10:22 - 2017-07-16 10:22 - 00000000 _SHDL C:\Users\test\Szablony 2017-07-16 10:22 - 2017-07-16 10:22 - 00000000 _SHDL C:\Users\test\Moje dokumenty 2017-07-16 10:22 - 2017-07-16 10:22 - 00000000 _SHDL C:\Users\test\Menu Start 2017-07-16 10:22 - 2017-07-16 10:22 - 00000000 _SHDL C:\Users\test\Documents\Moje wideo 2017-07-16 10:22 - 2017-07-16 10:22 - 00000000 _SHDL C:\Users\test\Documents\Moje obrazy 2017-07-16 10:22 - 2017-07-16 10:22 - 00000000 _SHDL C:\Users\test\Documents\Moja muzyka 2017-07-16 10:22 - 2017-07-16 10:22 - 00000000 _SHDL C:\Users\test\Dane aplikacji 2017-07-16 10:22 - 2017-07-16 10:22 - 00000000 _SHDL C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2017-07-16 10:22 - 2017-07-16 10:22 - 00000000 _SHDL C:\Users\test\AppData\Local\Historia 2017-07-16 10:22 - 2017-07-16 10:22 - 00000000 _SHDL C:\Users\test\AppData\Local\Dane aplikacji 2017-07-16 10:22 - 2012-05-08 13:34 - 00000000 ____D C:\Users\test\AppData\LocalGoogle 2017-07-16 10:22 - 2011-01-10 04:02 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Help 2017-07-16 10:22 - 2010-10-14 18:22 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia 2017-07-15 23:02 - 2017-07-16 09:27 - 00000000 ____D C:\Users\TEMP\AppData\LocalLow\Mozilla 2017-07-15 22:49 - 2017-07-15 22:49 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVG 2017-07-15 22:48 - 2017-07-15 22:49 - 00000000 ____D C:\Users\TEMP\AppData\Local\Avg 2017-07-15 22:48 - 2017-07-15 22:48 - 00000000 ____D C:\Users\TEMP\AppData\Local\Dropbox 2017-07-15 22:48 - 2017-07-15 22:48 - 00000000 ____D C:\Users\TEMP\AppData\Local\CEF 2017-07-15 22:46 - 2017-07-16 10:11 - 00000000 ____D C:\Users\TEMP 2017-07-15 22:46 - 2012-05-08 13:34 - 00000000 ____D C:\Users\TEMP\AppData\LocalGoogle 2017-07-15 22:46 - 2012-05-08 13:34 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google 2017-07-15 22:46 - 2011-01-10 04:02 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help 2017-07-15 22:46 - 2010-10-14 18:22 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia 2017-07-14 22:08 - 2017-07-14 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2017-07-14 21:52 - 2017-07-14 21:52 - 00288728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00766728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00489416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00260616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00195128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStmXP.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00116344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00062528 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys 2017-07-14 21:52 - 2017-07-14 21:51 - 00035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys 2017-07-14 21:51 - 2017-07-14 21:51 - 00304400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe 2017-07-14 21:49 - 2017-07-14 21:49 - 00000747 _____ C:\Users\Public\Desktop\AVG.lnk 2017-07-14 12:48 - 2017-07-14 21:55 - 00000000 ____D C:\Users\bernadetka\AppData\Roaming\AVG 2017-07-13 20:40 - 2017-07-13 20:40 - 00000000 ____D C:\Users\bernadetka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-07-12 17:45 - 2017-07-17 18:36 - 00000584 _____ C:\Windows\Tasks\AVG-SSU_0717tb.job 2017-07-12 17:45 - 2017-07-17 18:24 - 00000446 _____ C:\Windows\Tasks\AVG-SSU_0717tb_DELETE.job 2017-07-12 17:45 - 2017-07-12 17:45 - 00000000 ____D C:\ProgramData\Avg_Update_0717tb_a05356 2017-07-03 15:59 - 2017-07-03 15:59 - 00000000 ____D C:\Users\bernadetka\AppData\LocalLow\uTorrent 2017-07-03 12:30 - 2017-07-03 12:30 - 00000032 _____ C:\Users\bernadetka\Desktop\ipko.txt 2017-06-28 13:26 - 2017-06-28 16:36 - 00000547 _____ C:\Users\bernadetka\Desktop\olecko.txt 2017-06-21 14:12 - 2017-06-21 14:12 - 00000404 _____ C:\Users\bernadetka\Desktop\ing1 tekst.txt 2017-06-19 19:50 - 2017-06-19 19:50 - 00078932 _____ C:\Users\bernadetka\Desktop\zekur 76eu seba.pdf 2017-06-19 19:47 - 2017-06-19 19:47 - 00079063 _____ C:\Users\bernadetka\Desktop\zekur 100eu iza.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-07-17 19:22 - 2017-05-11 10:31 - 00000000 ____D C:\Users\bernadetka\AppData\LocalLow\Mozilla 2017-07-17 19:20 - 2014-03-10 02:54 - 00000000 ___RD C:\Users\bernadetka\Dropbox 2017-07-17 18:52 - 2006-11-02 14:45 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2017-07-17 18:52 - 2006-11-02 14:45 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2017-07-17 18:37 - 2016-04-27 18:14 - 00001182 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2943330059-2245157346-32338817-1000UA.job 2017-07-17 18:25 - 2013-05-28 12:21 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2017-07-17 18:24 - 2010-08-22 09:44 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2017-07-17 18:24 - 2006-11-02 14:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-07-17 14:50 - 2006-11-02 14:58 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-07-17 00:00 - 2012-12-14 22:47 - 00000000 ____D C:\Windows\schemnt 2017-07-16 23:03 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing 2017-07-16 19:36 - 2016-04-27 18:14 - 00001130 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2943330059-2245157346-32338817-1000Core.job 2017-07-16 10:11 - 2011-04-22 15:26 - 00000000 ____D C:\Users\Gość 2017-07-16 10:11 - 2010-02-14 20:25 - 00000000 ____D C:\Users\bernadetka 2017-07-16 10:11 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration 2017-07-16 10:11 - 2006-11-02 12:22 - 62390272 _____ C:\Windows\system32\config\software_previous 2017-07-16 10:11 - 2006-11-02 12:22 - 46137344 _____ C:\Windows\system32\config\components_previous 2017-07-16 10:11 - 2006-11-02 12:22 - 45088768 _____ C:\Windows\system32\config\system_previous 2017-07-16 10:11 - 2006-11-02 12:22 - 00385024 _____ C:\Windows\system32\config\default_previous 2017-07-16 10:11 - 2006-11-02 12:22 - 00131072 _____ C:\Windows\system32\config\sam_previous 2017-07-16 10:11 - 2006-11-02 12:22 - 00028672 _____ C:\Windows\system32\config\security_previous 2017-07-15 08:49 - 2010-02-14 21:44 - 00000000 ____D C:\Windows\system32\Macromed 2017-07-15 08:46 - 2013-05-31 09:59 - 00000000 ____D C:\Program Files\AVG 2017-07-15 08:46 - 2013-05-31 09:53 - 00000000 ____D C:\ProgramData\MFAData 2017-07-14 22:12 - 2016-04-27 18:16 - 00000000 ____D C:\ProgramData\Avg 2017-07-14 21:54 - 2016-04-27 18:32 - 00000000 ____D C:\Users\bernadetka\AppData\Local\Avg 2017-07-13 20:46 - 2017-06-09 13:37 - 00000259 _____ C:\Users\bernadetka\Desktop\ing nl.txt 2017-07-13 20:40 - 2014-03-10 02:28 - 00000000 ____D C:\Users\bernadetka\AppData\Roaming\Dropbox 2017-07-08 22:56 - 2012-06-23 14:36 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-07-08 22:56 - 2012-06-23 14:36 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-07-08 22:56 - 2010-02-17 19:55 - 00000000 ____D C:\Users\bernadetka\AppData\Local\Adobe 2017-07-08 02:09 - 2017-05-11 10:32 - 04981222 ____H C:\Users\bernadetka\AppData\Local\IconCache.db.backup 2017-07-07 20:21 - 2014-09-16 06:48 - 00000000 ____D C:\Users\bernadetka\AppData\Local\AVG Web TuneUp 2017-07-07 20:21 - 2014-09-16 06:48 - 00000000 ____D C:\ProgramData\AVG Web TuneUp 2017-07-07 20:21 - 2014-09-16 06:48 - 00000000 ____D C:\Program Files\AVG Web TuneUp 2017-07-03 16:00 - 2010-08-23 21:33 - 00000000 ____D C:\Users\bernadetka\AppData\Roaming\uTorrent 2017-06-30 18:47 - 2017-05-10 22:36 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-06-29 11:12 - 2017-06-16 21:37 - 00000000 ____D C:\Users\bernadetka\AppData\Roaming\ipla 2017-06-23 23:21 - 2010-10-03 13:40 - 00000000 ____D C:\Users\bernadetka\AppData\Roaming\VSO ==================== Pliki w katalogu głównym wybranych folderów ======= 2010-09-25 18:49 - 2014-01-01 04:03 - 0138056 _____ () C:\Users\bernadetka\AppData\Roaming\PnkBstrK.sys 2010-02-14 20:25 - 2010-02-14 21:18 - 0000680 _____ () C:\Users\bernadetka\AppData\Local\d3d9caps.dat 2010-02-15 14:53 - 2014-08-21 22:42 - 0154624 _____ () C:\Users\bernadetka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-06 20:15 - 2014-03-06 20:15 - 0003215 _____ () C:\Users\bernadetka\AppData\Local\unins000.dat 2014-03-06 20:15 - 2014-03-06 20:15 - 0707504 _____ () C:\Users\bernadetka\AppData\Local\unins000.exe 2014-03-06 20:15 - 2014-03-06 20:15 - 0011761 _____ () C:\Users\bernadetka\AppData\Local\unins000.msg 2012-03-25 19:08 - 2012-03-25 19:09 - 0000041 ___SH () C:\ProgramData\.zreglib 2017-04-18 12:21 - 2017-04-18 12:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2010-08-22 17:01 - 2010-08-22 17:02 - 0000351 _____ () C:\ProgramData\hpzinstall.log 2012-04-10 16:28 - 2012-04-10 17:19 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt 2012-02-04 16:53 - 2012-02-04 16:53 - 0004998 _____ () C:\ProgramData\mtbjfghn.xbe Pliki do przeniesienia lub usunięcia: ==================== C:\Users\bernadetka\jagex_runescape_preferences.dat C:\Users\bernadetka\jagex_runescape_preferences2.dat C:\Users\bernadetka\jagex__preferences3.dat ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-07-17 18:32 ==================== Koniec FRST.txt ============================