Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 17-10-2016
Uruchomiony przez Leszek (administrator)  LESZEK-KOMPUTER (23-10-2016 11:24:43)
Uruchomiony z D:\EXE
Załadowane profile: Leszek (Dostępne profile: Leszek)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 8 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(AnVir Software) C:\Program Files (x86)\AnVir Task Manager\anvirlauncher.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Bongiovi Acoustics) D:\PROGRAMY\Bongiovi DPS\Bongiovi DPS.exe
(Winstep Software Technologies) C:\Program Files (x86)\Winstep\Nexus.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(WestByte) C:\Program Files (x86)\IDA\ida.exe


==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13733616 2016-09-23] (Zemana Ltd.)
HKLM\...\Run: [] => D:\PROGRAMY\Bongiovi DPS\Bongiovi DPS.exe [1933840 2016-09-12] (Bongiovi Acoustics)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-04-01] (QFX Software Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [29469312 2016-03-08] (Winstep Software Technologies)
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5608440 2016-08-26] (Performix LLC)
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Run: [XDM] => D:\PROGRAMY\xdm.exe [726016 2016-07-15] (Subhra Das Gupta)
AppInit_DLLs: C:\PROGRA~2\KeyCryptSDK\KeyCrypt64(4).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(4).dll [95712 2016-08-11] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KeyCryptSDK\KeyCrypt32(4).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(4).dll [86936 2016-08-11] (Zemana Ltd.)
GroupPolicy: Ograniczenia <======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.220 208.67.220.222
Tcpip\..\Interfaces\{D1430F22-71B9-470D-8DB9-D51523E4BD41}: [NameServer] 208.67.222.222,208.67.220.220,93.174.25.97
Tcpip\..\Interfaces\{D1430F22-71B9-470D-8DB9-D51523E4BD41}: [DhcpNameServer] 208.67.222.220 208.67.220.222

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: IE 4.x-6.x BHO for Internet Download Accelerator -> {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} -> C:\Program Files (x86)\IDA\idaiehlp.dll [2016-04-01] (WestByte)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 15eunx8e.default
FF ProfilePath: C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\15eunx8e.default [2016-10-23]
FF Extension: (Adguard AdBlocker) - C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\15eunx8e.default\Extensions\adguardadblocker@adguard.com.xpi [2016-06-11]
FF Extension: (VTzilla) - C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\15eunx8e.default\Extensions\info@virustotal.com.xpi [2016-07-30]
FF Extension: (FlashGot) - C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\15eunx8e.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-09-17]
FF Extension: (FT DeepDark) - C:\Users\Leszek\AppData\Roaming\Mozilla\Firefox\Profiles\15eunx8e.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2016-10-10]
FF Extension: (IDA Remote Download) - C:\Program Files (x86)\IDA\distribution\bundles\idaremote@westbyte.com [2016-09-16]
FF HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Firefox\Extensions: [idapluginff@westbyte.com] - C:\Program Files (x86)\IDA\distribution\bundles\idapluginff@westbyte.com
FF Extension: (Internet Download Accelerator Plugin) - C:\Program Files (x86)\IDA\distribution\bundles\idapluginff@westbyte.com [2016-09-16]
FF HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Firefox\Extensions: [idamm@westbyte.com] - C:\Program Files (x86)\IDA\distribution\bundles\idamm@westbyte.com
FF Extension: (Internet Download Accelerator Media Monitor) - C:\Program Files (x86)\IDA\distribution\bundles\idamm@westbyte.com [2016-09-16]
FF HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Firefox\Extensions: [idabarff@westbyte.com] - C:\Program Files (x86)\IDA\distribution\bundles\idabarff@westbyte.com
FF Extension: (Internet Download Accelerator Toolbar) - C:\Program Files (x86)\IDA\distribution\bundles\idabarff@westbyte.com [2016-09-16]
FF HKU\S-1-5-21-1953485706-3048050180-2069795806-1000\...\Firefox\Extensions: [idaremote@westbyte.com] - C:\Program Files (x86)\IDA\distribution\bundles\idaremote@westbyte.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <Brak Path/update_url>

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [149496 2016-08-26] (Performix LLC)
S3 AnviCsbSvc; D:\PROGRAMY\Cloud System Booster\CSBSvc.exe [42768 2015-04-27] (Anvisoft)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [2050040 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5332384 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-10-13] (AVG Technologies CZ, s.r.o.)
S3 Chemtable Startup Checking; D:\PROGRAMY\Reg Organizer\StartupCheckingService.exe [1075968 2015-06-27] (Chemtable Software)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2016-01-29] (NVIDIA Corporation)
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2016-01-29] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2016-01-29] (NVIDIA Corporation)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [Brak podpisu cyfrowego]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2016-10-01] (Microsoft Corporation) [Brak podpisu cyfrowego]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13733616 2016-09-23] (Zemana Ltd.)
U4 CmdAgent; Brak ImagePath
S3 myTuningSvc; Brak ImagePath
S4 WiseBootAssistant; Brak ImagePath

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [62536 2016-07-21] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [73480 2016-06-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [311552 2016-09-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [265472 2016-09-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 bbwfp; D:\PROGRAMY\Cloud System Booster\wfp\x64\BBWFP.sys [40720 2015-03-24] (Anvisoft)
S3 dfg; C:\Windows\SysWOW64\drivers\dfg.sys [23552 2015-08-10] (defrag Development Team) [Brak podpisu cyfrowego]
R3 digitalpower; C:\Windows\System32\drivers\digitalpower.sys [29184 2015-09-10] (Bongiovi Acoustics)
R1 dvdfabio; C:\Windows\system32\drivers\dvdfabio.sys [12704 2014-08-29] (DVDFab Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-17] (REALiX(tm))
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [158848 2016-08-11] (Zemana Ltd.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2016-01-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-06-13] (NVIDIA Corporation)
R3 vdrive; C:\Windows\System32\DRIVERS\vdrive.sys [44960 2014-08-29] (DVDFab Software)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-01] (Zemana Ltd.)
U3 DfSdkS; Brak ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-10-23 11:19 - 2016-10-23 11:24 - 00000000 ____D C:\FRST
2016-10-23 10:57 - 2016-10-23 10:57 - 00000313 _____ C:\Users\Leszek\Desktop\blad.txt
2016-10-23 10:41 - 2016-10-23 10:41 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\abelhadigital.com
2016-10-23 10:41 - 2016-10-23 10:41 - 00000000 ____D C:\ProgramData\abelhadigital.com
2016-10-23 10:36 - 2016-10-23 10:36 - 00000000 ____D C:\Users\Public\Documents\HostsMan Backups
2016-10-23 10:36 - 2016-10-23 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HostsMan
2016-10-22 21:37 - 2016-10-22 21:37 - 00003258 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-10-22 12:59 - 2016-10-22 12:59 - 00284968 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-22 11:56 - 2016-10-22 11:56 - 00061624 _____ C:\Users\Leszek\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-22 10:46 - 2016-10-22 10:46 - 00000000 ____D C:\Users\Leszek\Documents\Steganos Safe
2016-10-22 10:40 - 2016-10-22 10:40 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\extensions
2016-10-22 10:39 - 2016-10-23 10:09 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\Steganos
2016-10-21 16:50 - 2016-10-21 16:50 - 00000651 _____ C:\Users\Leszek\Desktop\firefox.txt
2016-10-21 16:10 - 2016-10-21 16:10 - 00000259 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2016-10-16 14:42 - 2016-10-16 14:42 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\ERS Game Studios
2016-10-15 20:57 - 2016-10-15 20:57 - 00000713 _____ C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
2016-10-15 20:57 - 2016-10-15 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loaris Trojan Remover
2016-10-15 20:56 - 2016-10-15 20:56 - 00000000 ____D C:\ProgramData\Loaris
2016-10-14 17:21 - 2016-10-14 17:21 - 00000000 ____D C:\Users\Leszek\AppData\Local\Bongiovi_Acoustics
2016-10-14 17:21 - 2016-10-14 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bongiovi Acoustics
2016-10-14 17:21 - 2016-10-14 17:21 - 00000000 ____D C:\ProgramData\Bongiovi Acoustics
2016-10-14 17:21 - 2015-09-10 14:31 - 00029184 _____ (Bongiovi Acoustics) C:\Windows\system32\Drivers\digitalpower.sys
2016-10-14 16:19 - 2016-10-14 16:19 - 00000000 ____D C:\Windows\IObit
2016-10-12 22:32 - 2016-10-12 22:32 - 00000000 ____D C:\Users\Leszek\Desktop\f
2016-10-12 18:00 - 2016-10-12 18:00 - 00000000 ____D C:\Users\Leszek\AppData\Local\RegistryBackups
2016-10-12 18:00 - 2016-10-12 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager (64-bit)
2016-10-11 21:05 - 2016-10-11 21:05 - 00000000 ____D C:\ProgramData\Arcabit
2016-10-11 21:05 - 2016-10-11 21:05 - 00000000 ____D C:\Program Files\ArcabitSkanerOnline
2016-10-02 16:01 - 2010-11-20 05:27 - 14174208 _____ (Microsoft Corporation) C:\Windows\system32\Shell32.dll.backup
2016-10-02 16:01 - 2010-11-20 05:27 - 01808384 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll.backup
2016-10-02 16:01 - 2010-11-20 05:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll.backup
2016-10-02 16:01 - 2010-11-20 05:27 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll.backup
2016-10-02 16:01 - 2010-11-20 05:26 - 01866240 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll.backup
2016-10-02 16:01 - 2010-11-20 05:25 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll.backup
2016-10-02 16:01 - 2010-11-20 05:24 - 02872320 _____ (Microsoft Corporation) C:\Windows\Explorer.exe.backup
2016-10-02 16:01 - 2009-07-14 03:28 - 20268032 _____ (Microsoft Corporation) C:\Windows\system32\ImageRes.dll.backup
2016-10-01 08:04 - 2016-10-01 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunrise Seven
2016-09-30 19:27 - 2016-10-21 17:20 - 00000000 ___RD C:\Users\Leszek\Desktop\HTM
2016-09-30 16:42 - 2016-09-30 16:42 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paste As File
2016-09-30 16:42 - 2016-09-30 16:42 - 00000000 ____D C:\Program Files (x86)\PasteAsFile
2016-09-26 18:19 - 2016-09-26 18:19 - 00254208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2016-09-25 10:46 - 2016-09-25 10:46 - 00000653 _____ C:\Users\Leszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Run XP Repair Pro 4.0.lnk
2016-09-25 10:46 - 2016-09-25 10:46 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Repair Pro 4.0
2016-09-25 10:44 - 2016-09-25 10:44 - 00000000 ____D C:\Users\Leszek\AppData\Local\{42FFD6CD-1797-4302-8C84-959BECBCDA13}
2016-09-24 13:03 - 2016-09-24 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-24 07:48 - 2016-10-15 21:46 - 00000000 __SHD C:\Users\Leszek\AppData\Roaming\wyUpdate AU
2016-09-24 07:48 - 2016-09-24 07:48 - 00000000 __SHD C:\Users\Leszek\wc

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-10-23 11:25 - 2016-08-08 21:17 - 00151254 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-10-23 11:25 - 2016-08-08 21:17 - 00097934 _____ C:\Windows\ZAM.krnl.trace
2016-10-23 11:24 - 2016-06-12 23:06 - 00000000 ____D C:\ProgramData\Adguard
2016-10-23 11:20 - 2016-04-08 13:31 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-23 11:06 - 2009-07-14 06:45 - 00020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-23 11:06 - 2009-07-14 06:45 - 00020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-23 10:59 - 2016-08-19 17:13 - 00000000 ____D C:\Program Files (x86)\Adguard
2016-10-23 10:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-23 10:51 - 2016-04-08 16:29 - 00000000 ____D C:\ProgramData\MFAData
2016-10-23 08:02 - 2016-09-20 18:31 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-10-23 07:48 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-22 21:37 - 2016-04-17 09:26 - 00002890 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Leszek)
2016-10-22 21:29 - 2016-07-13 11:28 - 00000414 __RSH C:\ProgramData\ntuser.pol
2016-10-22 11:53 - 2016-05-21 07:48 - 00000000 ____D C:\Users\Leszek\AppData\Local\CrashDumps
2016-10-22 11:53 - 2016-04-17 17:26 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\uTorrent
2016-10-22 07:05 - 2016-08-28 16:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-21 16:41 - 2016-08-28 16:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-20 21:32 - 2016-07-23 21:23 - 43479040 _____ C:\Windows\system32\config\PuranRegCSoft.pur
2016-10-20 21:32 - 2016-07-23 21:23 - 36503552 _____ C:\Windows\system32\config\PuranRegCCOM.pur
2016-10-20 21:32 - 2016-07-23 21:23 - 15237120 _____ C:\Windows\system32\config\PuranRegCSys.pur
2016-10-20 21:32 - 2016-07-23 21:23 - 02637824 _____ C:\Windows\system32\config\PuranRegCUserClass.pur
2016-10-20 21:32 - 2016-07-23 21:23 - 01953792 _____ C:\Windows\system32\config\PuranRegCUser.pur
2016-10-20 21:32 - 2016-07-23 21:23 - 00241664 _____ C:\Windows\system32\config\PuranRegCNetwork.pur
2016-10-20 21:32 - 2016-07-23 21:23 - 00241664 _____ C:\Windows\system32\config\PuranRegCLocal.pur
2016-10-20 21:32 - 2016-07-23 21:23 - 00143360 _____ C:\Windows\system32\config\PuranRegCDefault.pur
2016-10-20 21:32 - 2016-07-23 21:23 - 00065536 _____ C:\Windows\system32\config\PuranRegCSam.pur
2016-10-20 21:32 - 2016-07-23 21:23 - 00028672 _____ C:\Windows\system32\config\PuranRegCBCD.pur
2016-10-20 21:32 - 2016-07-23 21:23 - 00000010 _____ C:\Windows\system32\config\PuranBackupTime.pur
2016-10-20 21:31 - 2016-06-04 08:54 - 00000000 ____D C:\Program Files (x86)\System Ninja
2016-10-20 21:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-10-20 18:26 - 2016-04-16 17:13 - 00000000 ____D C:\AdwCleaner
2016-10-18 19:05 - 2016-06-08 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-10-16 14:42 - 2016-04-23 22:45 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\NVIDIA
2016-10-16 12:36 - 2016-04-08 12:32 - 00000000 ____D C:\Program Files\WinRAR
2016-10-15 14:41 - 2016-04-08 18:24 - 00000000 ____D C:\Users\Leszek\AppData\Roaming\foobar2000
2016-10-15 14:08 - 2009-07-14 19:55 - 00907852 _____ C:\Windows\system32\perfh015.dat
2016-10-15 14:08 - 2009-07-14 19:55 - 00209762 _____ C:\Windows\system32\perfc015.dat
2016-10-15 14:08 - 2009-07-14 07:13 - 01901878 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-14 17:38 - 2016-04-17 09:27 - 00000000 ____D C:\ProgramData\ProductData
2016-10-14 16:19 - 2016-04-17 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-10-11 19:20 - 2016-04-08 13:31 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-11 19:20 - 2016-04-08 13:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-11 19:20 - 2016-04-08 13:31 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-11 19:20 - 2016-04-08 13:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-11 19:20 - 2016-04-08 13:31 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-05 19:39 - 2016-04-17 07:17 - 00000000 ____D C:\Users\Public\Documents\Winstep
2016-10-01 17:18 - 2016-09-17 21:43 - 00000000 ___RD C:\Users\Leszek\Desktop\KEY
2016-10-01 16:35 - 2016-04-08 12:35 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2016-10-01 16:35 - 2009-07-14 01:55 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2016-10-01 16:35 - 2009-07-14 01:54 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll
2016-10-01 08:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2016-09-24 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2016-09-24 13:03 - 2016-09-05 18:01 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-24 12:52 - 2016-08-08 21:17 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2016-09-24 07:48 - 2016-04-08 12:20 - 00000000 ____D C:\Users\Leszek

==================== Pliki w katalogu głównym wybranych folderów =======

2016-07-24 15:59 - 2016-07-24 16:23 - 0000534 _____ () C:\Users\Leszek\AppData\Roaming\burnaware.ini
2016-06-12 23:07 - 2016-08-19 17:13 - 0000257 _____ () C:\ProgramData\fontcacheev1.dat

Pliki do przeniesienia lub usunięcia:
====================
C:\ProgramData\fontcacheev1.dat
C:\Users\Leszek\language90.dll


==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2016-10-22 23:14

==================== Koniec  FRST.txt ============================