Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 25-02-2017 Uruchomiony przez Ewelinka (administrator) VESTI (25-02-2017 17:09:20) Uruchomiony z C:\Users\Ewelinka\Desktop\Programy naprawcze Załadowane profile: Ewelinka (Dostępne profile: Ewelinka) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ECAREME) C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ASUS) C:\Windows\AsScrPro.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [619392 2009-06-12] (ELAN Microelectronic Corp.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-02-13] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe [9511480 2017-02-16] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [OverlayIconExtension1] -> {fe25455d-b4c2-4e32-97d2-92632ec1c224} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [OverlayIconExtension2] -> {1fae2d88-a78e-4f03-909f-be818a3c1ce6} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) GroupPolicyScripts-x32: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 217.144.192.2 217.144.192.33 Tcpip\..\Interfaces\{53504E3D-6B87-4F3B-A5F6-A71AAA11F0BC}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{62A2060B-A707-4C6E-B366-9D605C07F707}: [DhcpNameServer] 217.144.192.2 217.144.192.33 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-510500092-1245391945-1137826833-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-510500092-1245391945-1137826833-1000\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-510500092-1245391945-1137826833-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-510500092-1245391945-1137826833-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM -> OldSearch URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-510500092-1245391945-1137826833-1000 -> DefaultScope {3ea37a0c-053f-4217-aace-30da00c4ea82} URL = SearchScopes: HKU\S-1-5-21-510500092-1245391945-1137826833-1000 -> {3ea37a0c-053f-4217-aace-30da00c4ea82} URL = SearchScopes: HKU\S-1-5-21-510500092-1245391945-1137826833-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation) BHO: Pomocnik rejestrowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> Brak pliku BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-12] (Oracle Corporation) BHO-x32: Pomocnik rejestrowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-12] (Oracle Corporation) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Ewelinka\AppData\Roaming\Mozilla\Firefox\Profiles\uz6rte3f.default-1475073376464 [2017-02-25] FF Homepage: Mozilla\Firefox\Profiles\uz6rte3f.default-1475073376464 -> hxxp://www.google.pl/ FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Ewelinka\AppData\Roaming\Mozilla\Firefox\Profiles\uz6rte3f.default-1475073376464\features\{93a81b59-a1d0-4a04-985f-82324b933044}\disableSHA1rollout@mozilla.org.xpi [2017-02-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml [2014-04-28] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-12] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-07-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-07-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-07-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-07-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-07-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-07-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-07-18] (Apple Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.pl/ CHR Profile: C:\Users\Ewelinka\AppData\Local\Google\Chrome\User Data\Default [2017-02-25] CHR Extension: (Dokumenty Google) - C:\Users\Ewelinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-25] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Ewelinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-24] CHR Extension: (Gmail) - C:\Users\Ewelinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-24] CHR Extension: (Chrome Media Router) - C:\Users\Ewelinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-24] CHR HKU\S-1-5-21-510500092-1245391945-1137826833-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bbiilhoacmmppcmcogfmaailncbelbgn] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [blmlepcapjlbgcpkdlffnhibhpecongp] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [Brak podpisu cyfrowego] R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [260080 2017-02-16] (AVG Technologies CZ, s.r.o.) R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [275616 2017-02-16] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [6183576 2017-02-16] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1256872 2017-02-13] (AVG Technologies CZ, s.r.o.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [165624 2017-02-16] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [311592 2017-02-16] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-02-16] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336920 2017-02-16] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-02-16] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-02-16] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [127072 2017-02-16] (AVG Technologies CZ, s.r.o.) R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2017-02-16] (AVG Technologies CZ, s.r.o.) R1 avgNetSec; C:\Windows\system32\drivers\avgNetSec.sys [456936 2017-02-16] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [101624 2017-02-16] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [75664 2017-02-16] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [992488 2017-02-16] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [555152 2017-02-16] (AVG Technologies CZ, s.r.o.) R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [163512 2017-02-16] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [311472 2017-02-16] (AVG Technologies CZ, s.r.o.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-02] () [Brak podpisu cyfrowego] U0 aswVmm; Brak ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 lvupdtio; \??\C:\Program Files (x86)\ASUS\ASUS Live Update\SYS64\lvupdtio.sys [X] S0 PSBoot; windows\system32\Drivers\PsBoot.sys [X] U3 tmlwf; Brak ImagePath U3 tmwfp; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-25 16:00 - 2017-02-25 17:09 - 00000000 ____D C:\FRST 2017-02-25 15:54 - 2017-02-25 15:54 - 00000099 _____ C:\Windows\Reimage.ini 2017-02-25 15:37 - 2017-02-25 15:37 - 00019846 _____ C:\ComboFix.txt 2017-02-25 15:25 - 2017-02-25 15:37 - 00000000 ____D C:\Qoobox 2017-02-25 15:25 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2017-02-25 15:25 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2017-02-25 15:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-02-25 15:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-02-25 15:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-02-25 15:25 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2017-02-25 15:25 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2017-02-25 15:25 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2017-02-25 15:24 - 2017-02-25 17:09 - 00000000 ____D C:\Users\Ewelinka\Desktop\Programy naprawcze 2017-02-25 15:07 - 2017-02-25 15:11 - 00001680 _____ C:\DelFix.txt 2017-02-25 15:04 - 2017-02-25 15:04 - 00797760 _____ C:\Users\Ewelinka\Downloads\delfix_1.013 (1).exe 2017-02-25 15:02 - 2017-02-25 15:03 - 00000000 ____D C:\Users\Ewelinka\Downloads\backups 2017-02-25 14:10 - 2017-02-25 14:10 - 01382070 ____H C:\Users\Ewelinka\AppData\Local\IconCache.db.backup 2017-02-25 05:02 - 2017-02-25 05:02 - 00020989 _____ C:\Users\Ewelinka\Downloads\Gmer.txt..txt 2017-02-25 04:43 - 2017-02-25 04:43 - 00000270 _____ C:\Users\Ewelinka\Downloads\fix.reg 2017-02-25 04:41 - 2017-02-25 04:41 - 00004544 _____ C:\Users\Ewelinka\Downloads\Nowy dokument dziennika.jnt 2017-02-24 22:02 - 2017-02-25 15:54 - 00754352 _____ C:\Windows\ntbtlog.txt 2017-02-24 20:50 - 2017-02-24 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2017-02-24 20:50 - 2017-02-24 20:50 - 00000000 ____D C:\Program Files\VS Revo Group 2017-02-24 20:46 - 2017-02-24 20:47 - 07097928 _____ (VS Revo Group ) C:\Users\Ewelinka\Downloads\revosetup.exe 2017-02-24 20:12 - 2017-02-24 20:12 - 55566792 _____ (Malwarebytes ) C:\Users\Ewelinka\Downloads\mb3-setup-consumer-3.0.6.1469.exe 2017-02-24 19:16 - 2017-02-24 19:17 - 00000000 ____D C:\Users\Ewelinka\Desktop\Pulpit 2017-02-24 19:08 - 2017-02-24 19:09 - 00604928 _____ (Reimage) C:\Users\Ewelinka\Downloads\ReimageRepair (1).exe 2017-02-16 14:56 - 2017-02-16 14:55 - 00456936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys 2017-02-16 14:56 - 2017-02-16 14:24 - 00397800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe 2017-02-16 14:55 - 2017-02-16 14:55 - 00029944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetNd6.sys 2017-02-16 14:31 - 2017-02-16 14:31 - 07680000 _____ C:\Program Files (x86)\GUT2185.tmp 2017-02-16 14:31 - 2017-02-16 14:31 - 00000000 ____D C:\Program Files (x86)\GUM2184.tmp 2017-02-16 14:28 - 2017-02-16 14:28 - 00002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-16 14:28 - 2017-02-16 14:28 - 00002223 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-16 14:26 - 2017-02-16 14:35 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-02-16 14:26 - 2017-02-16 14:35 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-02-16 14:25 - 2017-02-22 11:21 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update 2017-02-16 14:25 - 2017-02-16 14:25 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00555152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00311472 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00165624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00163512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00127072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00101624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00075664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys 2017-02-16 14:25 - 2017-02-16 14:24 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys 2017-02-16 14:23 - 2017-02-16 14:23 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk 2017-02-16 14:23 - 2017-02-16 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2017-02-16 14:22 - 2017-02-18 16:56 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2017-02-16 14:21 - 2017-02-16 14:21 - 03449448 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ewelinka\Downloads\Antivirus_Free_1866.exe 2017-02-16 14:20 - 2017-02-16 14:20 - 06655184 _____ (AVAST Software) C:\Users\Ewelinka\Downloads\avast_free_antivirus_setup_online_u0b.exe 2017-02-12 17:45 - 2017-02-12 17:45 - 00277696 _____ C:\Windows\Minidump\021217_5ef7aa95-41e6-43df-830b-e45e96bfc193.dmp 2017-02-09 21:23 - 2017-02-09 21:23 - 00539406 _____ C:\Users\Ewelinka\Downloads\Rechung 2_2017 Frau Graciela.pdf 2017-02-09 21:23 - 2017-02-09 21:23 - 00534682 _____ C:\Users\Ewelinka\Downloads\Rechung 2_2017 Frau Graciela..pdf 2017-02-09 21:15 - 2017-02-09 21:15 - 00540798 _____ C:\Users\Ewelinka\Downloads\Rechung 1_2017 Frau Graciela.pdf 2017-01-27 19:19 - 2017-01-28 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-25 17:07 - 2017-01-09 22:16 - 00000000 ____D C:\Users\Ewelinka\AppData\LocalLow\Mozilla 2017-02-25 17:04 - 2014-11-23 20:51 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2017-02-25 17:03 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-25 16:49 - 2013-01-19 20:51 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-25 16:49 - 2009-11-11 13:56 - 00000000 ____D C:\Program Files (x86)\ASUS 2017-02-25 16:49 - 2009-11-11 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2017-02-25 16:40 - 2009-12-13 15:47 - 00000000 ____D C:\Program Files (x86)\AVG 2017-02-25 16:37 - 2015-10-17 11:58 - 00000000 ____D C:\Users\Ewelinka\AppData\Local\AvgSetupLog 2017-02-25 16:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2017-02-25 16:04 - 2009-07-14 05:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-25 16:04 - 2009-07-14 05:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-25 15:34 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2017-02-25 15:03 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2017-02-25 14:40 - 2009-12-10 17:46 - 00000000 ____D C:\Users\Ewelinka 2017-02-24 22:56 - 2016-04-18 07:25 - 00000000 ____D C:\Program Files\COMODO 2017-02-24 20:30 - 2009-11-11 13:55 - 00002947 _____ C:\Windows\system32\ServiceFilter.ini 2017-02-24 20:30 - 2009-11-11 13:55 - 00002688 _____ C:\Windows\system32\AutoRunFilter.ini 2017-02-24 19:03 - 2010-02-16 08:49 - 00000000 ____D C:\Users\Ewelinka\AppData\Local\Google 2017-02-24 17:04 - 2014-08-05 18:16 - 00003984 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA1231DF-7A79-4266-B84C-B1A986B39768} 2017-02-17 17:39 - 2010-08-03 18:04 - 00000000 ____D C:\Windows\Minidump 2017-02-16 17:53 - 2015-10-17 11:59 - 00000000 ____D C:\ProgramData\Avg 2017-02-16 17:39 - 2016-04-03 16:44 - 00003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater 2017-02-16 17:38 - 2013-01-23 21:43 - 00000000 ____D C:\Users\Ewelinka\.thumbnails 2017-02-16 17:38 - 2010-10-19 11:49 - 00000000 ____D C:\Users\Ewelinka\AppData\Roaming\Skype 2017-02-16 17:38 - 2009-12-10 21:00 - 00000000 ____D C:\Users\Ewelinka\AppData\Local\Microsoft Help 2017-02-16 17:38 - 2009-11-11 13:56 - 00000000 ____D C:\ProgramData\Temp 2017-02-16 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep 2017-02-16 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-02-16 14:46 - 2013-01-10 15:27 - 00000000 ____D C:\ProgramData\AVAST Software 2017-02-16 14:27 - 2015-10-17 12:04 - 00000000 ____D C:\Users\Ewelinka\AppData\Roaming\AVG 2017-02-14 21:49 - 2013-01-19 20:51 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-02-14 21:49 - 2012-12-23 19:59 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-02-14 21:49 - 2011-11-22 17:15 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-14 21:49 - 2011-10-15 08:27 - 00000000 ____D C:\Windows\system32\Macromed 2017-02-14 21:49 - 2009-11-11 14:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-02-12 17:45 - 2012-07-20 20:00 - 442690727 _____ C:\Windows\MEMORY.DMP 2017-02-03 21:37 - 2013-11-05 19:02 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-03 21:37 - 2010-10-19 11:48 - 00000000 ____D C:\ProgramData\Skype 2017-01-28 13:50 - 2012-06-04 21:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Pliki w katalogu głównym wybranych folderów ======= 2011-02-14 13:09 - 2007-03-14 13:58 - 0006509 _____ () C:\Program Files\0x0405.ini 2011-02-14 13:09 - 2007-03-14 13:58 - 0006715 _____ () C:\Program Files\0x0415.ini 2011-02-14 13:09 - 2008-03-13 15:22 - 0047104 _____ () C:\Program Files\1029.mst 2011-02-14 13:09 - 2008-03-13 15:22 - 0055808 _____ () C:\Program Files\1045.mst 2011-02-14 13:09 - 2008-03-13 15:22 - 164558771 _____ () C:\Program Files\Data1.cab 2011-02-14 13:09 - 2008-03-13 15:22 - 0279880 _____ (Corel Corporation) C:\Program Files\installer.exe 2011-02-14 13:09 - 2008-03-13 15:05 - 0008900 _____ () C:\Program Files\Installer.lang 2011-02-14 13:09 - 2007-03-14 14:07 - 2584848 _____ (Microsoft Corporation) C:\Program Files\msi31.exe 2011-02-14 13:09 - 2008-03-13 15:23 - 43050496 _____ () C:\Program Files\psppx2.msi 2011-02-14 13:09 - 2008-03-13 15:22 - 0316744 _____ () C:\Program Files\setup.exe 2011-02-14 13:09 - 2008-03-13 15:22 - 0001938 _____ () C:\Program Files\Setup.ini 2017-02-16 14:31 - 2017-02-16 14:31 - 7680000 _____ () C:\Program Files (x86)\GUT2185.tmp 2014-04-28 20:16 - 2014-04-28 20:16 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxnation-secure-search.xml 2008-05-22 17:35 - 2008-05-22 17:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg 2009-04-08 19:31 - 2009-04-08 19:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll 2008-08-12 06:45 - 2008-08-12 06:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll 2016-09-27 10:54 - 2016-08-25 10:22 - 2685216 _____ (COMODO) C:\Users\Ewelinka\AppData\Roaming\temp~ccavstart.exe 2016-09-27 10:53 - 2016-08-25 10:23 - 3856040 _____ (Terra Informatica Software, Inc.) C:\Users\Ewelinka\AppData\Roaming\temp~cmdhtml.dll 2009-12-10 21:42 - 2009-12-10 21:42 - 0033134 _____ () C:\Users\Ewelinka\AppData\Roaming\UserTile.png 2013-07-31 13:16 - 2014-01-28 14:16 - 0000154 _____ () C:\Users\Ewelinka\AppData\Roaming\WB.CFG 2009-12-17 14:01 - 2016-03-23 15:30 - 0015872 _____ () C:\Users\Ewelinka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-19 13:47 - 2013-09-19 13:47 - 0361117 _____ () C:\Users\Ewelinka\AppData\Local\newhb2.crx 2016-02-10 13:56 - 2016-02-10 13:56 - 0001459 _____ () C:\Users\Ewelinka\AppData\Local\recently-used.xbel 2014-06-04 22:10 - 2014-06-04 22:10 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl 2010-10-19 11:52 - 2010-10-19 11:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2009-11-11 14:03 - 2009-09-10 18:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2009-11-11 13:57 - 2009-11-11 13:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2009-11-11 13:56 - 2009-11-11 13:57 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Niektóre pliki w TEMP: ==================== 2016-08-16 08:48 - 2016-08-16 08:48 - 0488960 _____ () C:\Users\Ewelinka\AppData\Local\Temp\sqlite3.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-02-12 12:35 ==================== Koniec FRST.txt ============================