Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 17.03.2019 Uruchomiony przez kom (administrator) KOMPUTER (21-03-2019 20:34:33) Uruchomiony z D:\Download Załadowane profile: kom (Dostępne profile: kom) Platform: Windows 8.1 Pro (Update) (X64) Język: Polski (Polska) Domyślna przeglądarka: Chrome Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () [Brak podpisu cyfrowego] C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG -> Nero AG) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [AutoEJCD_0ACE20FF] => C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE [40960 2015-10-26] () [Brak podpisu cyfrowego] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\Run: [Steam] => D:\Gry\Steam\steam.exe [3146016 2019-03-06] (Valve -> Valve Corporation) HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {061489b1-44f8-11e9-840c-fcaa1462c4ea} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {16a178e3-780b-11e5-826f-fcaa1462c4ea} - "H:\Setup.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {21dc96a7-2522-11e9-8409-fcaa1462c4ea} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {3d546e6c-36e3-11e5-826c-fcaa1462c4ea} - "V:\autorun.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {4f536e3b-7e0f-11e5-826f-fcaa1462c4ea} - "X:\setup.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {6897e4ad-3f81-11e9-840b-fcaa1462c4ea} - "H:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {6b575c94-5234-11e5-826c-fcaa1462c4ea} - "X:\Setup.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {6bfe044b-c32a-11e7-82ba-fcaa1462c4ea} - "G:\setup.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {8bd9e861-d3a4-11e6-8282-fcaa1462c4ea} - "X:\autorun.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {957de059-b812-11e4-825f-fcaa1462c4ea} - "I:\SISetup.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {968fa5e5-9aa0-11e5-8271-fcaa1462c4ea} - "X:\setup.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {9bbda5b8-deb6-11e5-8275-fcaa1462c4ea} - "X:\Setup.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {9d887b5c-9d61-11e8-8361-fcaa1462c4ea} - "H:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {a4531075-f123-11e6-8289-fcaa1462c4ea} - "E:\Startme.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {a88ddece-0069-11e8-82c7-fcaa1462c4ea} - "H:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {ac8f5ebb-69ac-11e8-8314-fcaa1462c4ea} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {b0e25c3c-6334-11e7-82a6-fcaa1462c4ea} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {b50a6618-dd52-11e6-8287-fcaa1462c4ea} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {b50a6636-dd52-11e6-8287-fcaa1462c4ea} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {ce7a4725-8d48-11e5-8270-fcaa1462c4ea} - "E:\AutoRun.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {e939a978-62f4-11e6-8278-fcaa1462c4ea} - "X:\setup.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {f0d936b3-886d-11e5-826f-fcaa1462c4ea} - "E:\AutoRun.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {f0d936d4-886d-11e5-826f-fcaa1462c4ea} - "E:\AutoRun.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\MountPoints2: {f0d9468c-886d-11e5-826f-fcaa1462c4ea} - "E:\AutoRun.exe" HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\Winlogon: [Shell] %comspec% <==== UWAGA HKU\S-1-5-21-1675646204-173738007-3338979265-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-07] (Google LLC -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.121\Installer\chrmstp.exe [2019-03-08] (AVAST Software s.r.o. -> AVAST Software) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254 Tcpip\..\Interfaces\{5CEE0EBF-7673-45AF-86BF-A4A12A68B488}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{7E7E3C20-15C0-42F7-8FCC-556A703DDB0F}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{F62297EE-1245-4349-ACA4-56B9C3D3F579}: [DhcpNameServer] 37.8.214.2 31.11.202.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301&p_w=y1w08 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301&p_w=y1w08 HKU\S-1-5-21-1675646204-173738007-3338979265-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301&p_w=y1w08&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301&p_w=y1w08&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301&p_w=y1w08&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301&p_w=y1w08&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-25] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-25] (Oracle America, Inc. -> Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: 8qhsgod9.default FF ProfilePath: C:\Users\kom\AppData\Roaming\Mozilla\Firefox\Profiles\8qhsgod9.default [2019-03-21] FF Extension: (United States English Spellchecker) - C:\Users\kom\AppData\Roaming\Mozilla\Firefox\Profiles\8qhsgod9.default\Extensions\en-US@dictionaries.addons.mozilla.org.xpi [2018-11-28] FF Extension: (English (US) Language Pack) - C:\Users\kom\AppData\Roaming\Mozilla\Firefox\Profiles\8qhsgod9.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2019-03-20] FF Extension: (Avast SafePrice | Porównania, promocje, kupony) - C:\Users\kom\AppData\Roaming\Mozilla\Firefox\Profiles\8qhsgod9.default\Extensions\sp@avast.com.xpi [2019-03-20] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json] FF Extension: (uBlock Origin) - C:\Users\kom\AppData\Roaming\Mozilla\Firefox\Profiles\8qhsgod9.default\Extensions\uBlock0@raymondhill.net.xpi [2019-03-13] FF Extension: (Avast Online Security) - C:\Users\kom\AppData\Roaming\Mozilla\Firefox\Profiles\8qhsgod9.default\Extensions\wrc@avast.com.xpi [2019-03-19] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> ) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> ) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-25] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-25] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1675646204-173738007-3338979265-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies SF -> Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\kom\AppData\Local\Google\Chrome\User Data\Default [2019-03-21] CHR Extension: (Adblock Plus - darmowy adblocker) - C:\Users\kom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-03-13] CHR Extension: (Avast SafePrice | Porównania, promocje, kupony) - C:\Users\kom\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-05] CHR Extension: (Avast Online Security) - C:\Users\kom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-02-19] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\kom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Chrome Media Router) - C:\Users\kom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6570352 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) S4 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360440 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) S4 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software s.r.o. -> AVAST Software) S4 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.121\elevation_service.exe [1070600 2019-03-06] (AVAST Software s.r.o. -> AVAST Software) S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-10-25] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S4 HPSIService; C:\Windows\system32\HPSIsvc.exe [126520 2011-05-11] (Hewlett-Packard Company -> HP) S4 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] (Huawei Software Technologies Co., LTD. -> ) [Brak podpisu cyfrowego] S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation - pGFX -> Intel Corporation) S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Brak podpisu cyfrowego] S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [18959360 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [589312 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205608 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254408 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196304 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320904 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58168 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [249152 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42496 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169104 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88152 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034640 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476256 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [220632 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380160 2019-03-18] (AVAST Software s.r.o. -> AVAST Software) S3 athrusb; C:\Windows\system32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-01-06] (Disc Soft Ltd -> Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-01-06] (Disc Soft Ltd -> Disc Soft Ltd) S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 jnprva; C:\Windows\system32\DRIVERS\jnprva.sys [30072 2016-10-06] (Juniper Networks, Inc. -> Juniper Networks, Inc.) S3 JnprVaMgr; C:\Windows\system32\DRIVERS\jnprvamgr.sys [45352 2016-10-06] (Juniper Networks, Inc. -> Juniper Networks, Inc.) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.) S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2408208 2013-06-18] (Mediatek Inc. -> Ralink Technology Corp.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited) R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation ) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2015-02-28] (Duplex Secure Ltd -> Duplex Secure Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Apple, Inc.) [Brak podpisu cyfrowego] S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation -> Intel Corporation) S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 GPU-Z; \??\C:\Users\kom\AppData\Local\Temp\GPU-Z.sys [X] <==== UWAGA S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-03-21 20:23 - 2019-03-21 20:25 - 000000000 ____D C:\AdwCleaner 2019-03-18 22:10 - 2019-03-18 22:10 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2019-03-18 20:49 - 2019-03-18 20:49 - 000000000 ____D C:\Users\kom\AppData\Local\BitTorrentHelper 2019-03-15 22:40 - 2019-03-15 22:37 - 000044591 _____ C:\Users\kom\Desktop\Addition.txt 2019-03-15 22:40 - 2019-03-15 22:37 - 000034937 _____ C:\Users\kom\Desktop\FRST.txt 2019-03-15 22:36 - 2019-03-21 20:34 - 000000000 ____D C:\FRST 2019-03-15 22:19 - 2019-03-15 22:26 - 000000000 ____D C:\Users\kom\AppData\Roaming\Free Window Registry Repair 2019-03-15 22:19 - 2019-03-15 22:19 - 000001003 _____ C:\Users\kom\Desktop\Free Window Registry Repair.lnk 2019-03-15 22:19 - 2019-03-15 22:19 - 000000000 ____D C:\Users\kom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair 2019-03-15 22:19 - 2019-03-15 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair 2019-03-15 22:19 - 2019-03-15 22:19 - 000000000 ____D C:\Program Files (x86)\Free Window Registry Repair 2019-03-15 22:10 - 2019-03-15 22:10 - 000000228 _____ C:\Users\kom\Desktop\FIX.REG 2019-03-15 21:29 - 2019-03-15 21:29 - 000488704 _____ C:\Windows\system32\FNTCACHE.DAT 2019-03-15 21:28 - 2018-02-19 20:33 - 000488704 _____ C:\Users\kom\Desktop\FNTCACHE.DAT 2019-03-15 21:12 - 2019-03-15 21:30 - 000518088 _____ C:\Windows\ntbtlog.txt 2019-03-15 21:09 - 2019-03-15 21:30 - 000000000 ____D C:\Windows\pss 2019-03-15 21:07 - 2019-03-15 21:09 - 000021504 _____ C:\Windows\system32\umstartup.etl 2019-03-15 21:05 - 2019-03-15 21:06 - 000000000 _____ C:\Recovery.txt 2019-03-04 21:34 - 2019-03-04 21:34 - 000000000 ____D C:\Program Files (x86)\e-Deklaracje 2019-03-04 19:33 - 2019-03-04 19:33 - 000015704 _____ C:\Users\kom\AppData\Local\recently-used.xbel 2019-02-19 22:01 - 2019-03-18 22:10 - 000249152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys ==================== Jeden miesiąc (zmodyfikowane) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-03-21 20:31 - 2015-02-07 15:18 - 000000000 ____D C:\Users\kom\AppData\Local\CrashDumps 2019-03-21 20:31 - 2015-01-30 17:51 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1675646204-173738007-3338979265-1001 2019-03-21 20:31 - 2014-11-21 05:46 - 001828496 _____ C:\Windows\system32\PerfStringBackup.INI 2019-03-21 20:31 - 2014-11-21 05:07 - 000806956 _____ C:\Windows\system32\perfh015.dat 2019-03-21 20:31 - 2014-11-21 05:07 - 000163808 _____ C:\Windows\system32\perfc015.dat 2019-03-21 20:31 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2019-03-21 20:26 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-03-21 20:23 - 2015-04-07 20:56 - 000000000 ____D C:\Program Files\CCleaner 2019-03-21 18:56 - 2018-03-13 18:19 - 000004558 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2019-03-21 18:56 - 2017-04-25 18:20 - 000003160 _____ C:\Windows\System32\Tasks\StartCN 2019-03-21 18:56 - 2017-04-18 19:25 - 000004570 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-03-21 18:56 - 2017-04-18 19:25 - 000004424 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-03-21 18:56 - 2016-02-09 17:42 - 000003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-03-21 18:56 - 2016-02-09 17:42 - 000003354 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-03-21 18:56 - 2015-12-03 18:40 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software 2019-03-21 18:56 - 2015-09-21 16:00 - 000003072 _____ C:\Windows\System32\Tasks\{58158D3A-8AA3-4C7B-9C71-B451BD2732A1} 2019-03-21 18:56 - 2015-04-25 07:43 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2019-03-21 18:56 - 2015-01-30 17:58 - 000003976 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA8B8EB1-2869-4EE2-9E53-868BBE418512} 2019-03-20 19:49 - 2017-01-08 16:18 - 000000000 ____D C:\Users\kom\AppData\LocalLow\Mozilla 2019-03-20 19:49 - 2016-02-09 17:46 - 000001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-03-20 19:49 - 2016-02-09 17:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2019-03-18 23:23 - 2015-02-02 20:20 - 000000000 ____D C:\Users\kom\AppData\Roaming\uTorrent 2019-03-18 22:10 - 2019-01-16 23:39 - 000320904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys 2019-03-18 22:10 - 2019-01-16 23:39 - 000254408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys 2019-03-18 22:10 - 2019-01-16 23:39 - 000196304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys 2019-03-18 22:10 - 2019-01-16 23:39 - 000058168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys 2019-03-18 22:10 - 2019-01-16 23:39 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys 2019-03-18 22:10 - 2018-10-22 20:51 - 000042496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2019-03-18 22:10 - 2017-11-18 21:37 - 000205608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2019-03-18 22:10 - 2017-02-08 17:13 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2019-03-18 22:10 - 2015-03-03 19:41 - 001034640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2019-03-18 22:10 - 2015-03-03 19:41 - 000476256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2019-03-18 22:10 - 2015-03-03 19:41 - 000380160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2019-03-18 22:10 - 2015-03-03 19:41 - 000220632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2019-03-18 22:10 - 2015-03-03 19:41 - 000169104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2019-03-18 22:10 - 2015-03-03 19:41 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2019-03-18 22:10 - 2015-03-03 19:41 - 000088152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2019-03-16 13:38 - 2017-03-17 19:43 - 000000000 ____D C:\Users\kom\AppData\Local\Spotify 2019-03-16 11:48 - 2017-03-17 19:38 - 000000000 ____D C:\Users\kom\AppData\Roaming\Spotify 2019-03-14 22:52 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2019-03-12 20:05 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-03-12 20:05 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\Macromed 2019-03-10 23:32 - 2019-01-09 17:57 - 000000000 ____D C:\Users\kom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2019-03-08 20:10 - 2018-03-26 17:27 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2019-03-07 18:05 - 2016-02-09 17:42 - 000002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-03-07 18:05 - 2016-02-09 17:42 - 000002169 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-03-04 21:34 - 2015-03-08 19:58 - 000000895 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Deklaracje.lnk 2019-03-04 19:33 - 2015-09-21 19:15 - 000000000 ____D C:\Users\kom\AppData\Local\gtk-2.0 2019-03-04 19:33 - 2015-09-21 19:13 - 000000000 ____D C:\Users\kom\.gimp-2.8 2019-03-01 21:58 - 2015-01-30 18:07 - 000000000 ____D C:\Users\kom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-03-01 21:58 - 2015-01-30 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-03-01 21:58 - 2015-01-30 18:07 - 000000000 ____D C:\Program Files\WinRAR 2019-02-22 22:51 - 2015-01-30 17:46 - 000000000 ____D C:\Users\kom 2019-02-22 17:55 - 2015-04-25 07:43 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-09-18 20:55 - 2018-09-18 20:55 - 000000001 _____ () C:\Users\kom\AppData\Local\llftool.4.40.agreement 2019-03-04 19:33 - 2019-03-04 19:33 - 000015704 _____ () C:\Users\kom\AppData\Local\recently-used.xbel Niektóre pliki w TEMP: ==================== 2018-08-07 18:13 - 2011-05-11 12:19 - 000607800 ____R (HP) C:\Users\kom\AppData\Local\Temp\siinst.exe 2018-08-07 18:13 - 2011-05-05 22:26 - 000270336 ____R (HP) C:\Users\kom\AppData\Local\Temp\strings.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\dllhost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\dllhost.exe => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2019-03-15 21:53 ==================== Koniec FRST.txt ============================