Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:01-12-2015 Uruchomiony przez boczek1984 (administrator) BOCZEK (01-12-2015 18:51:22) Uruchomiony z C:\Users\boczek1984\Downloads Załadowane profile: boczek1984 (Dostępne profile: boczek1984 & besty_000) Platform: Windows 10 Home (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.0.0\ToolbarUpdater.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.0.0\loggingserver.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [383544 2014-05-30] (Acronis) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2570128 2015-11-30] () HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2245542573-2779261186-3183875247-1001\...\Run: [Spotify Web Helper] => C:\Users\boczek1984\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-13] (Spotify Ltd) HKU\S-1-5-21-2245542573-2779261186-3183875247-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1963912 2015-07-23] (TomTom) HKU\S-1-5-21-2245542573-2779261186-3183875247-1001\...\Run: [Spotify] => C:\Users\boczek1984\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-13] (Spotify Ltd) HKU\S-1-5-21-2245542573-2779261186-3183875247-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom) HKU\S-1-5-21-2245542573-2779261186-3183875247-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.) HKU\S-1-5-21-2245542573-2779261186-3183875247-1001\...\RunOnce: [Uninstall C:\Users\boczek1984\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\boczek1984\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-2245542573-2779261186-3183875247-1001\...\RunOnce: [Uninstall C:\Users\boczek1984\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\boczek1984\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" HKU\S-1-5-21-2245542573-2779261186-3183875247-1001\...\RunOnce: [Uninstall C:\Users\boczek1984\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\boczek1984\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-2245542573-2779261186-3183875247-1001\...\RunOnce: [Uninstall C:\Users\boczek1984\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\boczek1984\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\spotify.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0840776c-0867-4e07-9266-adb514b86caa}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2245542573-2779261186-3183875247-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://windows.microsoft.com/pl-pl/internet-explorer/browser-ie#touchweb=touchvidtab1 HKU\S-1-5-21-2245542573-2779261186-3183875247-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPALL13/178 SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKLM -> {CDE4CC88-16DD-4431-BECB-16E31CB56D88} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKLM-x32 -> {CDE4CC88-16DD-4431-BECB-16E31CB56D88} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2245542573-2779261186-3183875247-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKU\S-1-5-21-2245542573-2779261186-3183875247-1001 -> {CDE4CC88-16DD-4431-BECB-16E31CB56D88} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\19.0.0.10\AVG SafeGuard toolbar_toolbar.dll [2015-11-30] (AVG Secure Search) Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.0.0.10\AVG SafeGuard toolbar_toolbar.dll [2015-11-30] (AVG Secure Search) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.0.0\ViProtocol.dll [2015-11-30] (AVG Secure Search) Chrome: ======= CHR Profile: C:\Users\boczek1984\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Brak nazwy) - C:\Users\boczek1984\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-04] CHR Extension: (Tux Joker Dark Theme) - C:\Users\boczek1984\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgenhbcaefgdnnkppjllhmfjgjnacnng [2015-11-04] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\boczek1984\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-01] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2217416 2007-02-22] () R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-07] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1563664 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.) S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [Brak podpisu cyfrowego] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4378024 2015-11-23] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48552 2015-11-23] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [42408 2015-11-23] (AVG Technologies CZ, s.r.o.) R2 vToolbarUpdater19.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.0.0\ToolbarUpdater.exe [1863056 2015-11-30] (AVG Secure Search) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-05] (Qualcomm Atheros Communications, Inc.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-07] (Atheros) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-11] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated) R0 sptd2; C:\Windows\System32\Drivers\sptd2.sys [179768 2015-11-29] (Duplex Secure Ltd) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-10-14] (TuneUp Software) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-01 18:42 - 2015-12-01 18:42 - 00016148 _____ C:\WINDOWS\system32\BOCZEK_boczek1984_HistoryPrediction.bin 2015-12-01 18:38 - 2015-12-01 18:39 - 00023274 _____ C:\Users\boczek1984\Downloads\Fixlog.txt 2015-12-01 18:30 - 2015-12-01 18:36 - 02350080 _____ (Farbar) C:\Users\boczek1984\Downloads\FRST64.exe 2015-12-01 18:21 - 2015-12-01 18:21 - 00000000 ___HD C:\OneDriveTemp 2015-11-29 19:32 - 2015-12-01 18:39 - 00000000 ____D C:\Users\boczek1984\AppData\LocalLow\Temp 2015-11-29 18:22 - 2015-11-29 18:22 - 00179768 _____ (Duplex Secure Ltd) C:\WINDOWS\system32\Drivers\sptd2.sys 2015-11-29 18:20 - 2015-11-29 18:21 - 00337168 _____ (Duplex Secure Ltd) C:\Users\boczek1984\Downloads\SPTD2inst-v205-x64.exe 2015-11-29 17:23 - 2015-11-29 17:24 - 00371057 _____ C:\Users\boczek1984\Downloads\gm.zip 2015-11-29 16:47 - 2015-11-29 16:47 - 00045680 _____ C:\Users\boczek1984\Downloads\Shortcut.txt 2015-11-29 16:45 - 2015-12-01 18:51 - 00031751 _____ C:\Users\boczek1984\Downloads\Addition.txt 2015-11-29 16:43 - 2015-12-01 18:51 - 00018243 _____ C:\Users\boczek1984\Downloads\FRST.txt 2015-11-29 16:39 - 2015-12-01 18:51 - 00000000 ____D C:\FRST 2015-11-28 23:37 - 2015-11-28 23:37 - 00000000 ___RD C:\Users\boczek1984\3D Objects 2015-11-28 12:31 - 2015-11-28 12:31 - 00001285 _____ C:\Users\Public\Desktop\Autorun Organizer.lnk 2015-11-28 12:31 - 2015-11-28 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autorun Organizer 2015-11-28 12:31 - 2015-11-28 12:31 - 00000000 ____D C:\ProgramData\Chemtable Software 2015-11-28 12:31 - 2015-11-28 12:31 - 00000000 ____D C:\Program Files (x86)\Autorun Organizer 2015-11-27 21:44 - 2015-11-27 21:48 - 00000162 _____ C:\Users\boczek1984\Downloads\NETFramework4.zip 2015-11-27 21:44 - 2015-11-27 21:45 - 01847888 _____ C:\Users\boczek1984\Downloads\WinRAR.exe 2015-11-25 22:50 - 2015-11-25 22:50 - 20395761 _____ C:\Users\boczek1984\Downloads\unhackme.zip 2015-11-25 19:40 - 2015-11-25 19:40 - 00000000 _____ C:\autoexec.bat 2015-11-25 18:41 - 2015-11-25 18:41 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance 2015-11-24 19:16 - 2015-11-28 12:31 - 00000000 ____D C:\Users\boczek1984\AppData\Local\ChemTable Software 2015-11-24 19:11 - 2015-11-24 19:11 - 00001219 _____ C:\Users\Public\Desktop\Registry Life.lnk 2015-11-24 19:11 - 2015-11-24 19:11 - 00000000 ____D C:\Users\boczek1984\AppData\Roaming\ChemTable Software 2015-11-24 19:11 - 2015-11-24 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Life 2015-11-24 19:11 - 2015-11-24 19:11 - 00000000 ____D C:\Program Files (x86)\Registry Life 2015-11-24 19:08 - 2015-11-24 19:08 - 15212568 _____ (ChemTable Software ) C:\Users\boczek1984\Desktop\registry-life-setup.exe 2015-11-24 19:07 - 2015-11-24 19:07 - 00962128 _____ (Installer Soft Program ) C:\Users\boczek1984\Desktop\Registry-Life-18391-dp.exe 2015-11-24 17:39 - 2015-11-23 16:37 - 00048552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\uxtuneup.dll 2015-11-24 17:38 - 2015-11-24 17:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVG 2015-11-24 17:38 - 2015-11-24 17:38 - 00000000 ____D C:\Users\Default\AppData\Local\AVG 2015-11-24 17:38 - 2015-11-24 17:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVG 2015-11-24 17:38 - 2015-11-24 17:38 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG 2015-11-11 23:17 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-11-11 23:17 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-11-11 23:17 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-11-11 23:17 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-11-11 23:17 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-11-11 23:17 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-11-11 23:17 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-11-11 23:17 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-11-11 23:17 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2015-11-11 23:17 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-11-11 23:17 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-11-11 23:17 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-11-11 23:17 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-11-11 23:17 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2015-11-11 23:16 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-11-11 23:16 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-11-11 23:16 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-11-11 23:16 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-11-11 23:16 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-11-11 23:16 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-11-11 23:16 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-11-11 23:16 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-11-11 23:16 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-11-11 23:16 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-11-11 23:16 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-11-11 23:16 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2015-11-11 23:16 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-11-11 23:16 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-11-11 23:16 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll 2015-11-11 23:16 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2015-11-11 23:16 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-11-11 23:16 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-11-11 23:16 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll 2015-11-11 23:16 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-11-11 23:16 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-11-11 23:16 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-11-11 23:16 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-11-11 23:16 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-11-11 23:16 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-11-11 23:16 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-11-11 23:16 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-11-11 23:16 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2015-11-11 23:16 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2015-11-11 23:16 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-11-11 23:16 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-11-11 23:16 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-11-11 23:16 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll 2015-11-11 23:16 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-11-11 23:16 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-11-11 23:16 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-11-11 23:16 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-11-11 23:16 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-11-11 23:16 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2015-11-08 20:20 - 2015-11-08 20:20 - 00336956 _____ C:\Users\boczek1984\Downloads\O06_Faktura_indywidualna_000-037-0032-1035_15_11_F004_Z.pdf 2015-11-01 22:18 - 2015-11-01 22:18 - 31109864 _____ C:\Users\boczek1984\Downloads\TomTomHOME2winlatest (1).exe 2015-11-01 10:41 - 2015-11-01 10:41 - 02923776 _____ (AVG Technologies) C:\Users\boczek1984\Downloads\AVG_PCTuneUp_765.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-01 18:50 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-12-01 18:43 - 2015-08-06 15:19 - 00000000 ___RD C:\Users\boczek1984\OneDrive 2015-12-01 18:43 - 2013-07-08 19:27 - 00001066 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-01 18:41 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-01 18:40 - 2015-08-06 14:38 - 00000000 ____D C:\Users\besty_000 2015-12-01 18:40 - 2015-07-10 10:05 - 05767168 ___SH C:\WINDOWS\system32\config\BBI 2015-12-01 18:32 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-01 18:31 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-01 18:26 - 2014-07-29 20:54 - 00000000 ____D C:\ProgramData\MFAData 2015-12-01 18:23 - 2013-11-19 00:17 - 00004218 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{97BBCB8A-51BA-4DF3-A6C2-24D09499031B} 2015-11-30 22:58 - 2013-07-08 19:27 - 00001070 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-30 22:18 - 2014-09-21 16:00 - 00003278 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForboczek1984 2015-11-30 22:18 - 2013-09-01 16:45 - 00000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleForboczek1984.job 2015-11-30 21:32 - 2013-07-08 19:45 - 00000000 ____D C:\PLIKI SCIAGANE 2015-11-30 20:57 - 2013-07-06 14:31 - 00000000 ____D C:\Program Files (x86)\ALLYouTubeDownloader 2015-11-30 20:55 - 2013-07-06 14:31 - 00000000 ____D C:\Program Files (x86)\NapiProjekt 2015-11-30 17:24 - 2015-07-10 10:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-11-30 17:19 - 2015-08-06 14:38 - 00000000 ____D C:\Users\boczek1984 2015-11-30 17:19 - 2014-08-07 21:37 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar 2015-11-30 17:19 - 2014-08-07 21:37 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar 2015-11-27 21:21 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-11-25 23:02 - 2015-02-18 18:53 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-24 21:34 - 2015-07-10 13:20 - 00200648 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-11-24 17:39 - 2015-10-30 21:34 - 00002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk 2015-11-24 17:39 - 2015-10-30 21:34 - 00002130 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk 2015-11-23 16:41 - 2015-10-30 21:34 - 00046504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe 2015-11-23 16:37 - 2015-02-06 10:01 - 00042408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\uxtuneup.dll 2015-11-23 16:37 - 2015-01-24 18:21 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll 2015-11-23 16:37 - 2015-01-24 18:21 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll 2015-11-18 17:41 - 2013-08-04 15:17 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-18 17:30 - 2015-07-16 17:49 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-14 15:26 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-11-14 13:34 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-11-11 23:26 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-11-11 23:06 - 2013-07-08 19:28 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-10 18:46 - 2015-08-06 16:30 - 00001068 _____ C:\Users\Public\Desktop\AVG 2015.lnk 2015-11-10 18:46 - 2014-07-29 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-11-09 20:15 - 2015-08-06 15:27 - 00000000 ___DC C:\WINDOWS\Panther 2015-11-09 20:15 - 2014-01-07 19:41 - 00000000 ____D C:\Users\boczek1984\AppData\Roaming\Skype 2015-11-04 22:04 - 2013-09-28 15:21 - 00002422 _____ C:\Users\boczek1984\Desktop\Program uruchamiający aplikacje Chrome.lnk 2015-11-04 20:41 - 2015-08-06 14:37 - 02037190 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-04 20:41 - 2015-07-10 17:30 - 00885018 _____ C:\WINDOWS\system32\perfh015.dat 2015-11-04 20:41 - 2015-07-10 17:30 - 00191462 _____ C:\WINDOWS\system32\perfc015.dat 2015-11-03 19:20 - 2015-10-04 02:36 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-11-03 19:20 - 2015-10-04 02:36 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-01 10:43 - 2015-10-30 21:31 - 00000000 ____D C:\Users\boczek1984\AppData\Local\AvgSetupLog ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-11-08 18:49 - 2013-11-08 18:49 - 0000017 _____ () C:\Users\boczek1984\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-11-28 13:01 ==================== Koniec FRST.txt ============================