Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 15-06-2017 01 Uruchomiony przez pc (administrator) ASUS (16-06-2017 17:25:26) Uruchomiony z C:\Users\pc\Downloads Załadowane profile: pc (Dostępne profile: pc) Platform: Windows 8.1 Connected (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.203.0\McCSPServiceHost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] () HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [1941064 2016-05-15] () HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-876498069-4098261809-3182321574-1001\...\Run: [BingSvc] => C:\Users\pc\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-876498069-4098261809-3182321574-1001\...\MountPoints2: {008e2117-758b-11e5-8267-1cb72c12a0e4} - "F:\AutoRun.exe" HKU\S-1-5-21-876498069-4098261809-3182321574-1001\...\MountPoints2: {008e2183-758b-11e5-8267-1cb72c12a0e4} - "F:\AutoRun.exe" HKU\S-1-5-21-876498069-4098261809-3182321574-1001\...\MountPoints2: {008e220a-758b-11e5-8267-1cb72c12a0e4} - "F:\AutoRun.exe" HKU\S-1-5-21-876498069-4098261809-3182321574-1001\...\MountPoints2: {1d457198-eacf-11e5-8285-1cb72c12a0e4} - "F:\Startme.exe" HKU\S-1-5-21-876498069-4098261809-3182321574-1001\...\MountPoints2: {3829bb86-e792-11e6-82d8-1cb72c12a0e4} - "F:\Startme.exe" HKU\S-1-5-21-876498069-4098261809-3182321574-1001\...\MountPoints2: {90beaaf6-b24f-11e5-8272-1cb72c12a0e4} - "F:\AutoRun.exe" HKU\S-1-5-21-876498069-4098261809-3182321574-1001\...\MountPoints2: {90beac33-b24f-11e5-8272-1cb72c12a0e4} - "F:\AutoRun.exe" HKU\S-1-5-21-876498069-4098261809-3182321574-1001\...\MountPoints2: {b60f2c04-847d-11e5-826b-1cb72c12a0e4} - "H:\Startme.exe" HKU\S-1-5-21-876498069-4098261809-3182321574-1001\...\MountPoints2: {de7993df-dd3e-11e5-8281-1cb72c12a0e4} - "F:\AutoRun.exe" ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{505006F2-063B-4F6E-AD24-5C904EC88BAB}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-876498069-4098261809-3182321574-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-876498069-4098261809-3182321574-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB SearchScopes: HKU\S-1-5-21-876498069-4098261809-3182321574-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={D5F04A1F-A2D5-465A-8EF9-169C3E6E0D56}&mid=b1c814fdcd9b47cda1e7cdfe6af64917-4614e3f55e3b1ec888f81eb6eeb246a02df4691c&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2015-08-30 19:25:01&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation) BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-05-15] (AVG) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-05-15] (AVG) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-01-08] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.) FireFox: ======== FF DefaultProfile: rnxgyjuv.default FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\rnxgyjuv.default [2017-01-27] FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\rnxgyjuv.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\rnxgyjuv.default -> Bing FF Keyword.URL: Mozilla\Firefox\Profiles\rnxgyjuv.default -> hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q= FF Extension: (AVG Web TuneUp) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\rnxgyjuv.default\Extensions\avg@toolbar.xpi [2016-05-15] FF Extension: (Bing Search) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\rnxgyjuv.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-10-31] FF Extension: (Aktualizacja dodatku Adobe Flash) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\rnxgyjuv.default\Extensions\dodatek@flash2.pl.xpi [2016-08-16] FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-05-04] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-02-14] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [Brak pliku] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.pl/" CHR NewTab: Default -> Not-active:"chrome-extension://fnifdleifikpcahfddmdgohgemfiogho/index.html" CHR DefaultSearchURL: Default -> hxxp://movix.searchalgo.com/go/?category=web&s=mmdp&vert=movies&var=plus&q={searchTerms} CHR DefaultSearchKeyword: Default -> myMovie Plus CHR DefaultSuggestURL: Default -> hxxp://sug.searchalgo.com/search/index_sg.php?q={searchTerms} CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2017-06-16] CHR Extension: (Prezentacje Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-27] CHR Extension: (Dokumenty Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-27] CHR Extension: (Dysk Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-27] CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-27] CHR Extension: (Arkusze Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-27] CHR Extension: (McAfee® WebAdvisor) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-06-07] CHR Extension: (LiveSportTV Now) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnifdleifikpcahfddmdgohgemfiogho [2017-04-23] CHR Extension: (Dokumenty Google offline) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-27] CHR Extension: (One-Click-Fresh) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmfoepiegpclnlicncmmcehaefmhdej [2017-04-19] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-27] CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-21] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-21] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [Brak podpisu cyfrowego] R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.) R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-04] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.) S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [651856 2013-10-26] () R2 SpeedOptc; C:\ProgramData\SpeedOptcTool\SpeedOptcTool.dll [492544 2017-04-24] () [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [972872 2016-05-15] () S2 avgfws; "C:\Program Files (x86)\AVG\AVG2015\avgfws.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-01-23] (AVG Technologies CZ, s.r.o.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.) R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.) S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [121728 2013-12-10] (Huawei Technologies Co., Ltd.) S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [376704 2013-12-10] (Huawei Technologies Co., Ltd.) R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-28] (Intel Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) U4 Avgfwfd; \SystemRoot\system32\DRIVERS\avgfwd6a.sys [X] U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-06-16 17:25 - 2017-06-16 17:28 - 00024386 _____ C:\Users\pc\Downloads\FRST.txt 2017-06-16 17:24 - 2017-06-16 17:25 - 00000000 ____D C:\FRST 2017-06-16 17:22 - 2017-06-16 17:23 - 02438656 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe 2017-06-16 17:19 - 2017-06-16 17:20 - 01777152 _____ (Farbar) C:\Users\pc\Downloads\FRST.exe 2017-06-16 16:51 - 2017-06-16 16:51 - 00000448 _____ C:\Users\pc\Desktop\Ten Komputer.lnk 2017-06-16 16:51 - 2017-06-16 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-06-07 16:10 - 2017-06-07 16:10 - 00337920 _____ C:\Users\pc\Downloads\04_grupa rów..ppt 2017-06-07 16:02 - 2017-06-07 16:02 - 00331776 _____ C:\Users\pc\Downloads\04-rodzina.ppt 2017-06-07 15:43 - 2017-06-07 15:43 - 00795648 _____ C:\Users\pc\Downloads\03_diagnostyka.ppt 2017-06-07 15:18 - 2017-06-07 15:18 - 00294400 _____ C:\Users\pc\Downloads\04_szkoła.ppt 2017-06-04 21:34 - 2017-06-04 21:36 - 64025992 _____ (Malwarebytes ) C:\Users\pc\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.139-1.0.2060 (1).exe 2017-06-04 12:28 - 2017-06-04 12:28 - 00000000 ____D C:\Program Files\Plumbytes Software 2017-06-04 12:24 - 2017-06-04 12:24 - 03625080 _____ C:\Users\pc\Downloads\chrome_cleanup_tool.exe 2017-06-04 12:24 - 2017-06-04 12:24 - 03625080 _____ C:\Users\pc\Downloads\chrome_cleanup_tool (2).exe 2017-06-04 12:24 - 2017-06-04 12:24 - 03625080 _____ C:\Users\pc\Downloads\chrome_cleanup_tool (1).exe 2017-05-29 20:07 - 2017-05-29 20:07 - 00005758 _____ C:\Users\pc\Downloads\Socjologia-edukacji.txt ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-06-16 17:14 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2017-06-16 17:10 - 2015-04-05 13:17 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-876498069-4098261809-3182321574-1001 2017-06-16 16:51 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2017-06-16 16:49 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2017-06-16 16:43 - 2015-04-05 13:14 - 00000093 _____ C:\Users\pc\AppData\Roaming\sp_data.sys 2017-06-16 16:43 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-16 16:33 - 2016-03-02 08:24 - 00000000 ____D C:\Program Files (x86)\Ares 2017-06-16 16:29 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2017-06-16 16:13 - 2014-10-28 17:01 - 00000000 ____D C:\ProgramData\Skype 2017-06-16 16:10 - 2015-04-03 22:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-06-16 16:02 - 2015-04-05 13:58 - 00003956 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{65033F2F-4BCE-4FE2-94CD-64283E3D1FB4} 2017-06-16 16:01 - 2015-09-02 19:16 - 00004388 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-06-16 16:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-06-16 16:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-06-16 15:49 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2017-06-10 19:05 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-10 19:04 - 2015-04-05 13:11 - 00000000 ____D C:\Users\pc\AppData\Local\Packages 2017-06-07 20:57 - 2014-10-28 22:53 - 00730734 _____ C:\Windows\system32\perfh005.dat 2017-06-07 20:57 - 2014-10-28 22:53 - 00151480 _____ C:\Windows\system32\perfc005.dat 2017-06-07 20:57 - 2014-10-28 22:43 - 00807160 _____ C:\Windows\system32\perfh015.dat 2017-06-07 20:57 - 2014-10-28 22:43 - 00163478 _____ C:\Windows\system32\perfc015.dat 2017-06-07 20:57 - 2014-03-18 17:25 - 02707466 _____ C:\Windows\system32\PerfStringBackup.INI 2017-06-06 14:59 - 2017-01-27 12:41 - 00000000 ____D C:\Program Files (x86)\Solvusoft 2017-06-06 14:57 - 2017-01-27 12:41 - 00000000 ____D C:\Program Files\Solvusoft 2017-06-06 14:54 - 2016-03-25 16:33 - 00000000 ____D C:\Program Files (x86)\Booking.com 2017-06-01 21:51 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2017-06-01 20:11 - 2015-09-04 17:49 - 00000000 ____D C:\Windows\system32\MRT 2017-06-01 20:03 - 2015-09-04 17:49 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-06-01 20:00 - 2015-08-31 16:56 - 05518336 ___SH C:\Users\pc\Desktop\Thumbs.db ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-04-05 13:14 - 2017-06-16 16:43 - 0000093 _____ () C:\Users\pc\AppData\Roaming\sp_data.sys 2015-04-03 22:29 - 2015-04-03 22:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-10-28 17:00 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-10-28 17:00 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-10-28 17:00 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Niektóre pliki w TEMP: ==================== 2016-11-23 20:36 - 2012-11-03 05:33 - 0178776 ____R (Microsoft Corporation) C:\Users\pc\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-06-04 14:37 ==================== Koniec FRST.txt ============================