Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:14-05-2016 Uruchomiony przez Mateo (2016-05-15 16:33:09) Run:1 Uruchomiony z C:\Users\Mateo\Desktop\FRST Załadowane profile: Mateo & UpdatusUser (Dostępne profile: Mateo & UpdatusUser) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\Methods /s HKU\S-1-5-21-2883393172-2901284561-3789390431-1000\...\Run: [BingSvc] => C:\Users\Mateo\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X] IFEO\bttray.exe: [Debugger] "C:\Program Files (x86)\AVG PC TuneUp 2014\TUAutoReactivator64.exe" IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG PC TuneUp 2014\TUAutoReactivator64.exe" IFEO\imfrmwrk.exe: [Debugger] "C:\Program Files (x86)\AVG PC TuneUp 2014\TUAutoReactivator64.exe" IFEO\pcee4d.exe: [Debugger] "C:\Program Files (x86)\AVG PC TuneUp 2014\TUAutoReactivator64.exe" IFEO\pcee4l.exe: [Debugger] "C:\Program Files (x86)\AVG PC TuneUp 2014\TUAutoReactivator64.exe" IFEO\slimdrivers.exe: [Debugger] "C:\Program Files (x86)\AVG PC TuneUp 2014\TUAutoReactivator64.exe" Task: {1F4FA1A4-5979-46AA-A785-154062E85D8D} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG PC TuneUp 2014\OneClick.exe Task: {3D14D33D-49B1-456C-B5FB-F5C94AB42724} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {77082D5A-D2BC-49B5-AC6E-35769D26A22B} - System32\Tasks\SafeZone scheduled Autoupdate 1459353919 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe Task: {A50359CA-C314-4C2E-8295-2EB94E0FE685} - System32\Tasks\{54BFB163-197F-4F06-8B0E-AF5CDF942822} => pcalua.exe -a "E:\Win7\12. TouchPad\Elantech\11.4.3.3\Setup.exe" -d "E:\Win7\12. TouchPad\Elantech\11.4.3.3" Task: {B411E419-980C-4820-BEDE-49181CE50E51} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software) Task: {C6203A9F-1675-49F8-AF3C-15F66CD22209} - System32\Tasks\{EB564F70-4DC2-469F-B660-9BA1A92A51A3} => pcalua.exe -a E:\setup.exe -d E:\ Task: {D1833C12-D4F0-4334-B8A5-7399B58D73EF} - System32\Tasks\DLL-files.com Fixer => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: {F26A3176-B9CA-4E25-A350-0AAEC28492A6} - System32\Tasks\{C1C24474-7FCA-4563-8F6C-B6C33B741B36} => pcalua.exe -a G:\SETUP.EXE -d G:\ ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku IE trusted site: HKU\S-1-5-21-2883393172-2901284561-3789390431-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2883393172-2901284561-3789390431-1000\...\webcompanion.com -> hxxp://webcompanion.com C:\extensions C:\Program Files\Common Files\AV\avast! Antivirus C:\Program Files (x86)\GUTCEE3.tmp C:\Program Files (x86)\AVG PC TuneUp 2014 C:\Program Files (x86)\Lavasoft C:\ProgramData\AVAST Software C:\ProgramData\AVG C:\searchplugins C:\Users\Mateo\AppData\Local\Microsoft\BingSvc EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\Methods /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311 Name REG_SZ Microsoft HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\254 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\254\14122 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\254\14122\1 PeerFriendlyName REG_SZ Windows Connect Now EAP Peer Properties REG_DWORD 0x848000 PeerInvokeUsernameDialog REG_DWORD 0x0 PeerInvokePasswordDialog REG_DWORD 0x0 PeerRequireConfigUI REG_DWORD 0x1 PeerDllPath REG_EXPAND_SZ %SystemRoot%\System32\WcnEapPeerProxy.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\8086 (domy˜lny) REG_SZ Intel HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\8086\18 (domy˜lny) REG_SZ PeerInteractiveUIPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eapui.dll PeerConfigUIPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eapui.dll PeerRequireConfigUI REG_DWORD 0x0 Properties REG_DWORD 0x280000 PeerFriendlyName REG_SZ EAP-SIM PeerInvokePasswordDialog REG_DWORD 0x0 PeerIdentityPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eapui.dll PeerInvokeUsernameDialog REG_DWORD 0x0 PeerDllPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eh_eap_sim.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\8086\21 (domy˜lny) REG_SZ PeerIdentityPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eapui.dll PeerConfigUIPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eapui.dll Properties REG_DWORD 0x280000 PeerInvokePasswordDialog REG_DWORD 0x0 PeerRequireConfigUI REG_DWORD 0x0 PeerFriendlyName REG_SZ EAP-TTLS PeerDllPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eh_eap_ttls.dll PeerInteractiveUIPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eapui.dll PeerInvokeUsernameDialog REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\8086\23 (domy˜lny) REG_SZ PeerRequireConfigUI REG_DWORD 0x0 PeerConfigUIPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eapui.dll PeerDllPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eh_eap_aka.dll PeerInvokePasswordDialog REG_DWORD 0x0 Properties REG_DWORD 0x280000 PeerInvokeUsernameDialog REG_DWORD 0x0 PeerFriendlyName REG_SZ EAP-AKA PeerInteractiveUIPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eapui.dll PeerIdentityPath REG_EXPAND_SZ C:\Program Files\Intel\WiFi\bin\eapui.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\9 (domy˜lny) REG_EXPAND_SZ Cisco HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\9\17 PeerDllPath REG_EXPAND_SZ C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll PeerFriendlyName REG_SZ @C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll,-117 Properties REG_DWORD 0x32c406e PeerInvokeUsernameDialog REG_DWORD 0x0 PeerInvokePasswordDialog REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\9\25 PeerDllPath REG_EXPAND_SZ C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll PeerFriendlyName REG_SZ @C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll,-119 Properties REG_DWORD 0x173cd9ff PeerInvokeUsernameDialog REG_DWORD 0x0 PeerInvokePasswordDialog REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\9\43 PeerDllPath REG_EXPAND_SZ C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll PeerFriendlyName REG_SZ @C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll,-30119 Properties REG_DWORD 0x173ef9ff PeerInvokeUsernameDialog REG_DWORD 0x0 PeerInvokePasswordDialog REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\9\43\UserData ========= Koniec Reg: ========= HKU\S-1-5-21-2883393172-2901284561-3789390431-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => Wartość pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => klucz pomyślnie usunięto esgiguard => serwis pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bttray.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iastorui.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\imfrmwrk.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pcee4d.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pcee4l.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\slimdrivers.exe" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F4FA1A4-5979-46AA-A785-154062E85D8D}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F4FA1A4-5979-46AA-A785-154062E85D8D}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance2013" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D14D33D-49B1-456C-B5FB-F5C94AB42724}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D14D33D-49B1-456C-B5FB-F5C94AB42724}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\avast! Emergency Update => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77082D5A-D2BC-49B5-AC6E-35769D26A22B}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77082D5A-D2BC-49B5-AC6E-35769D26A22B}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1459353919 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SafeZone scheduled Autoupdate 1459353919" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A50359CA-C314-4C2E-8295-2EB94E0FE685}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A50359CA-C314-4C2E-8295-2EB94E0FE685}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{54BFB163-197F-4F06-8B0E-AF5CDF942822} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{54BFB163-197F-4F06-8B0E-AF5CDF942822}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B411E419-980C-4820-BEDE-49181CE50E51}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B411E419-980C-4820-BEDE-49181CE50E51}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6203A9F-1675-49F8-AF3C-15F66CD22209}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6203A9F-1675-49F8-AF3C-15F66CD22209}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{EB564F70-4DC2-469F-B660-9BA1A92A51A3} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB564F70-4DC2-469F-B660-9BA1A92A51A3}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1833C12-D4F0-4334-B8A5-7399B58D73EF}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1833C12-D4F0-4334-B8A5-7399B58D73EF}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\DLL-files.com Fixer => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DLL-files.com Fixer" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F26A3176-B9CA-4E25-A350-0AAEC28492A6}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F26A3176-B9CA-4E25-A350-0AAEC28492A6}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{C1C24474-7FCA-4563-8F6C-B6C33B741B36} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C1C24474-7FCA-4563-8F6C-B6C33B741B36}" => klucz pomyślnie usunięto "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => klucz pomyślnie usunięto HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono. "HKU\S-1-5-21-2883393172-2901284561-3789390431-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => klucz pomyślnie usunięto "HKU\S-1-5-21-2883393172-2901284561-3789390431-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => klucz pomyślnie usunięto C:\extensions => pomyślnie przeniesiono C:\Program Files\Common Files\AV\avast! Antivirus => pomyślnie przeniesiono C:\Program Files (x86)\GUTCEE3.tmp => pomyślnie przeniesiono C:\Program Files (x86)\AVG PC TuneUp 2014 => pomyślnie przeniesiono C:\Program Files (x86)\Lavasoft => pomyślnie przeniesiono C:\ProgramData\AVAST Software => pomyślnie przeniesiono C:\ProgramData\AVG => pomyślnie przeniesiono C:\searchplugins => pomyślnie przeniesiono C:\Users\Mateo\AppData\Local\Microsoft\BingSvc => pomyślnie przeniesiono EmptyTemp: => 70.3 MB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 16:33:25 ====