Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:31-12-2015 Uruchomiony przez user (administrator) USER-KOMPUTER (01-01-2016 18:31:49) Uruchomiony z C:\Users\user\Desktop\FIX Załadowane profile: user (Dostępne profile: user & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 10 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Program Files (x86)\FFFFFFFF-1451339953-FFFF-FFFF-FFFFFFFFFFFF\knsh5FEF.tmp (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Sysinternals process Explorer) C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe () C:\Users\user\AppData\Local\Temp\nso9753.tmp () C:\Program Files (x86)\gmsd_pl_005010193\gmsd_pl_005010193.exe () C:\Users\user\AppData\Local\Temp\setup_ra.exe (DotCash Limited) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_267_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM-x32\...\Run: [ospd_us_013010190] => [X] HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly HKLM-x32\...\Run: [gmsd_pl_005010192] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-31] (AVAST Software) HKLM-x32\...\Run: [gmsd_pl_005010193] => C:\Program Files (x86)\gmsd_pl_005010193\gmsd_pl_005010193.exe [3614896 2015-12-31] () HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6dd28d90-a215-427c-8e3e-790b64ed060b.exe [183232 2016-01-01] (AVAST Software) HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o HKU\S-1-5-21-3902127326-1100159256-351901547-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd) HKU\S-1-5-21-3902127326-1100159256-351901547-1000\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-04] (BitTorrent Inc.) HKU\S-1-5-21-3902127326-1100159256-351901547-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-3902127326-1100159256-351901547-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.) HKU\S-1-5-21-3902127326-1100159256-351901547-1000\...\Run: [Ukmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\Ehtion\frxnyvpt.dll AppInit_DLLs: C:\ProgramData\Bamcof\Zummatone.dll => C:\ProgramData\Bamcof\Zummatone.dll [805376 2015-12-29] () AppInit_DLLs-x32: C:\ProgramData\Bamcof\Lightcom.dll => C:\ProgramData\Bamcof\Lightcom.dll [257536 2015-12-29] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-31] (AVAST Software) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-31] ShortcutTarget: SmartWeb.lnk -> C:\Users\user\AppData\Local\SmartWeb\SmartWebHelper.exe (Brak pliku) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2015-12-27] ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{E52B4B85-6D17-426C-887F-81DCC7877CA1}: [NameServer] 8.8.4.4,8.8.8.8 Tcpip\..\Interfaces\{E52B4B85-6D17-426C-887F-81DCC7877CA1}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3902127326-1100159256-351901547-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUT3Yy6QtMHcZqJGM4SftFyngTwbPnccpuHIKu1qxH_Ah-vgdy6F6eDcmH_hXEE5z2B-NiKt8moN8g0l3Y99B1OAHQE-6z4ylY2tHQv0lm5paa8N0LF_CzIIp4IFE9IjJwSQ,,&q={searchTerms} HKU\S-1-5-21-3902127326-1100159256-351901547-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUT3Yy6QtMHcZqJGM4SftFyngTwbPnccpuHIKu1qxH_Ah-vgdy6F6eDcmH_hXEE5z2C6rqsQIVHdroNuI6dk5RJ0UKfbpdZxIGpGbJmGt4olNq5vArR9H2HwkyyUdgvfF-Gw,, HKU\S-1-5-21-3902127326-1100159256-351901547-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUT3Yy6QtMHcZqJGM4SftFyngTwbPnccpuHIKu1qxH_Ah-vgdy6F6eDcmH_hXEE5z2B-NiKt8moN8g0l3Y99B1OAHQE-6z4ylY2tHQv0lm5paa8N0LF_CzIIp4IFE9IjJwSQ,,&q={searchTerms} HKU\S-1-5-21-3902127326-1100159256-351901547-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUT3Yy6QtMHcZqJGM4SftFyngTwbPnccpuHIKu1qxH_Ah-vgdy6F6eDcmH_hXEE5z2B-NiKt8moN8g0l3Y99B1OAHQE-6z4ylY2tHQv0lm5paa8N0LF_CzIIp4IFE9IjJwSQ,,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUT3Yy6QtMHcZqJGM4SftFyngTwbPnccpuHIKu1qxH_Ah-vgdy6F6eDcmH_hXEE5z2B-NiKt8moN8g0l3Y99B1OAHQE-6z4ylY2tHQv0lm5paa8N0LF_CzIIp4IFE9IjJwSQ,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-3902127326-1100159256-351901547-1000 -> DefaultScope {2EEDB05B-F899-4320-997B-851E396470C6} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3902127326-1100159256-351901547-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3902127326-1100159256-351901547-1000 -> {2EEDB05B-F899-4320-997B-851E396470C6} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-12-26] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-31] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-12-26] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-31] (AVAST Software) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1451558742&z=3e71ca22bff8bd4d77c1144g1zbw9gcw5web4mdw1o&from=cmi&uid=ST3320620AS_9QFABFGMXXXX9QFABFGM FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sprclry5.default-1449689815806 FF NewTab: hxxp://www.istartpageing.com/newtab/?type=nt&ts=1451668310&z=95cb3c8a38d29b0716b21b7gczbw7gcq4q9bac9o5o&from=cmi&uid=ST3320620AS_9QFABFGMXXXX9QFABFGM FF Homepage: hxxp://www.istartpageing.com/?type=hp&ts=1451558742&z=3e71ca22bff8bd4d77c1144g1zbw9gcw5web4mdw1o&from=cmi&uid=ST3320620AS_9QFABFGMXXXX9QFABFGM FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] () FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-12-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-12-26] (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] () FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-06-14] (Nexon) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3902127326-1100159256-351901547-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-18] (Unity Technologies ApS) FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sprclry5.default-1449689815806\user.js [2016-01-01] FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sprclry5.default-1449689815806\searchplugins\findit.xml [2015-12-29] FF Extension: FirefixTab - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sprclry5.default-1449689815806\extensions\deskCutv2@gmail.com [2015-12-31] [Brak podpisu cyfrowego] FF Extension: YahooToolsProtected - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sprclry5.default-1449689815806\extensions\yahooprotected@gmail.com [2015-12-31] [Brak podpisu cyfrowego] FF Extension: Enhanced Steam - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sprclry5.default-1449689815806\Extensions\jid1-YdiFiTEkQgInxA@jetpack.xpi [2015-12-24] FF HKLM\...\Firefox\Extensions: [{5BC2BC93-5D7F-40E3-9BBD-056750F1AE78}] - C:\Program Files\groover010120161754\Firefox\{5BC2BC93-5D7F-40E3-9BBD-056750F1AE78}.xpi => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sprclry5.default-1449689815806\extensions\deskCutv2@gmail.com FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sprclry5.default-1449689815806\extensions\yahooprotected@gmail.com FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-01] FF HKLM-x32\...\Firefox\Extensions: [{5BC2BC93-5D7F-40E3-9BBD-056750F1AE78}] - C:\Program Files\groover010120161754\Firefox\{5BC2BC93-5D7F-40E3-9BBD-056750F1AE78}.xpi => nie znaleziono StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.istartpageing.com/?type=sc&ts=1451558742&z=3e71ca22bff8bd4d77c1144g1zbw9gcw5web4mdw1o&from=cmi&uid=ST3320620AS_9QFABFGMXXXX9QFABFGM Chrome: ======= CHR HomePage: Profile 1 -> hxxp://www.istartpageing.com/?type=hp&ts=1451558742&z=3e71ca22bff8bd4d77c1144g1zbw9gcw5web4mdw1o&from=cmi&uid=ST3320620AS_9QFABFGMXXXX9QFABFGM CHR StartupUrls: Profile 1 -> "hxxp://www.istartpageing.com/?type=hp&ts=1451558742&z=3e71ca22bff8bd4d77c1144g1zbw9gcw5web4mdw1o&from=cmi&uid=ST3320620AS_9QFABFGMXXXX9QFABFGM" CHR DefaultSearchURL: Profile 1 -> hxxp://istartpageing.com/web?type=ds&ts=1451558742&z=3e71ca22bff8bd4d77c1144g1zbw9gcw5web4mdw1o&from=cmi&uid=ST3320620AS_9QFABFGMXXXX9QFABFGM&q={searchTerms} CHR DefaultSearchKeyword: Profile 1 -> istartpageing CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Prezentacje Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-09] CHR Extension: (Dokumenty Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-09] CHR Extension: (Dysk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-09] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-09] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-09] CHR Extension: (Arkusze Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-09] CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-10] CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-10] CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-31] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-09] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-09] CHR Extension: (Style Food) - C:\Users\user\AppData\Local\Style Food\Component [2016-01-01] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-31] StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.istartpageing.com/?type=sc&ts=1451558742&z=3e71ca22bff8bd4d77c1144g1zbw9gcw5web4mdw1o&from=cmi&uid=ST3320620AS_9QFABFGMXXXX9QFABFGM ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-31] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-12-31] (AVAST Software) R2 gihifumy; C:\Program Files (x86)\FFFFFFFF-1451339953-FFFF-FFFF-FFFFFFFFFFFF\knsh5FEF.tmp [570368 2015-12-30] () [Brak podpisu cyfrowego] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [Brak podpisu cyfrowego] R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [349152 2016-01-01] (DotCash Limited) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4600264 2013-11-05] (INCA Internet Co., Ltd.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [183968 2016-01-01] (TODO: <公司名>) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [343688 2016-01-01] (Sysinternals process Explorer) <==== UWAGA S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-31] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-12-31] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-31] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-12-31] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-31] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-31] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-31] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-31] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-31] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-31] (AVAST Software) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2013-03-28] () S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-09] (Disc Soft Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-28] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-03-28] () R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [55016 2016-01-01] (DotCash) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2015-07-09] (Duplex Secure Ltd.) R1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-01 18:19 - 2016-01-01 18:19 - 00003886 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1451668754 2016-01-01 18:19 - 2016-01-01 18:19 - 00001095 _____ C:\Users\Public\Desktop\Opera.lnk 2016-01-01 18:19 - 2016-01-01 18:19 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-01-01 18:17 - 2016-01-01 18:17 - 00003336 _____ C:\Windows\System32\Tasks\Garnubn 2016-01-01 18:17 - 2016-01-01 18:17 - 00000000 ____D C:\Users\user\AppData\LocalLow\Company 2016-01-01 18:17 - 2016-01-01 18:17 - 00000000 ____D C:\Users\user\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} 2016-01-01 18:17 - 2016-01-01 18:17 - 00000000 ____D C:\uninst 2016-01-01 18:16 - 2016-01-01 18:16 - 00055016 _____ (DotCash) C:\Windows\system32\Drivers\MPCKpt.sys 2016-01-01 18:16 - 2016-01-01 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP 2016-01-01 18:16 - 2016-01-01 18:16 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2016-01-01 18:16 - 2016-01-01 18:16 - 00000000 _____ C:\Windows\SysWOW64\Number of results 2016-01-01 18:15 - 2016-01-01 18:16 - 00000000 ____D C:\Users\user\AppData\Local\gmsd_pl_005010193 2016-01-01 18:15 - 2016-01-01 18:16 - 00000000 ____D C:\Program Files (x86)\gmsd_pl_005010193 2016-01-01 18:12 - 2016-01-01 18:14 - 00000000 ____D C:\Program Files (x86)\SFK 2016-01-01 18:12 - 2016-01-01 18:12 - 00000000 ____D C:\ProgramData\Tmp0x0x 2016-01-01 17:43 - 2016-01-01 17:43 - 00003110 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1451666590 2016-01-01 17:43 - 2016-01-01 17:43 - 00000997 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-01-01 17:43 - 2016-01-01 17:43 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-01-01 17:41 - 2015-12-31 12:15 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9073.tmp 2016-01-01 17:41 - 2015-12-31 12:04 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\asw95E5.tmp 2016-01-01 17:41 - 2015-12-31 12:04 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw940F.tmp 2016-01-01 17:41 - 2015-12-31 12:03 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-01-01 17:41 - 2015-12-31 12:03 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw979B.tmp 2016-01-01 17:41 - 2015-12-31 12:03 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9809.tmp 2016-01-01 17:41 - 2015-12-31 12:03 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw91DB.tmp 2016-01-01 17:41 - 2015-12-31 12:03 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9529.tmp 2016-01-01 17:41 - 2015-12-31 12:03 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw924A.tmp 2016-01-01 17:41 - 2015-12-31 12:02 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9110.tmp 2016-01-01 16:57 - 2016-01-01 18:17 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys 2016-01-01 11:46 - 2016-01-01 11:46 - 00380416 _____ C:\Users\user\Downloads\jygqggls.exe 2016-01-01 11:35 - 2016-01-01 11:35 - 00003158 _____ C:\Windows\System32\Tasks\{2EEEBC60-A0C5-464D-BEAE-A0CAC0129AE5} 2016-01-01 11:05 - 2016-01-01 11:05 - 00001107 _____ C:\Windows\system32\Opera.lnk 2015-12-31 13:07 - 2016-01-01 18:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Opera Software 2015-12-31 13:07 - 2016-01-01 18:19 - 00000000 ____D C:\Users\user\AppData\Local\Opera Software 2015-12-31 13:01 - 2016-01-01 18:19 - 00000000 ____D C:\Program Files (x86)\Opera 2015-12-31 12:16 - 2015-12-31 12:15 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2015-12-31 12:07 - 2015-12-31 12:07 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software 2015-12-31 12:05 - 2015-12-31 12:05 - 00001882 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk 2015-12-31 12:05 - 2015-12-31 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-12-31 12:03 - 2016-01-01 17:42 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-12-31 12:03 - 2015-12-31 12:04 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-12-31 12:03 - 2015-12-31 12:04 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-12-31 12:03 - 2015-12-31 12:03 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-12-31 12:03 - 2015-12-31 12:03 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-12-31 12:03 - 2015-12-31 12:03 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-12-31 12:03 - 2015-12-31 12:03 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-12-31 12:03 - 2015-12-31 12:03 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-12-31 12:03 - 2015-12-31 12:03 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-31 12:03 - 2015-12-31 12:02 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-12-31 12:02 - 2015-12-31 12:02 - 00466400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2015-12-31 12:02 - 2015-12-31 12:02 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-31 11:57 - 2015-12-31 12:15 - 00000000 ____D C:\ProgramData\AVAST Software 2015-12-31 11:57 - 2015-12-31 12:14 - 00000000 ____D C:\Program Files\AVAST Software 2015-12-31 11:55 - 2016-01-01 17:41 - 00000000 ____D C:\Program Files (x86)\SwiftSearch_1.10.0.25 2015-12-31 11:46 - 2016-01-01 18:12 - 00000000 ____D C:\Users\user\AppData\Roaming\istartpageing 2015-12-31 11:45 - 2016-01-01 18:11 - 00000633 _____ C:\istartpageing.xml 2015-12-31 11:45 - 2015-12-31 11:45 - 00004040 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task 2015-12-31 11:45 - 2015-12-31 11:45 - 00000000 ____D C:\Users\user\AppData\LocalLow\SmartWeb 2015-12-30 16:55 - 2015-12-30 16:55 - 00000219 _____ C:\Users\user\Desktop\Counter-Strike Global Offensive.url 2015-12-29 16:13 - 2016-01-01 13:03 - 00000000 ____D C:\ProgramData\ohnuze 2015-12-29 11:30 - 2015-12-31 11:14 - 00001403 _____ C:\Windows\system32\Google Chrome.lnk 2015-12-29 11:27 - 2015-12-31 12:29 - 00000000 ____D C:\Users\user\AppData\Local\Ehtion 2015-12-29 11:22 - 2016-01-01 12:32 - 00000000 ____D C:\Program Files (x86)\Windows Loader 2015-12-29 00:02 - 2016-01-01 13:40 - 00000000 ____D C:\Program Files\Common Files\js3r0p5d 2015-12-29 00:02 - 2016-01-01 13:03 - 00000000 ____D C:\ProgramData\Bamcof 2015-12-28 23:07 - 2015-12-28 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-12-28 23:05 - 2015-12-28 23:12 - 00000000 ____D C:\Program Files (x86)\AVG 2015-12-28 23:05 - 2015-12-28 23:07 - 00000000 ____D C:\ProgramData\Avg 2015-12-28 23:03 - 2015-12-28 23:07 - 00000000 ____D C:\Users\user\AppData\Local\AvgSetupLog 2015-12-28 23:03 - 2015-12-28 23:03 - 00000000 ____D C:\Users\user\AppData\Roaming\OpenCandy 2015-12-28 23:03 - 2015-12-28 23:03 - 00000000 ____D C:\Users\user\AppData\Local\Avg 2015-12-28 23:02 - 2016-01-01 11:31 - 00000000 ____D C:\Program Files\amdidx 2015-12-28 23:01 - 2015-12-28 23:01 - 00000187 _____ C:\Users\user\AppData\Local\Scotcane.exe.config 2015-12-28 23:00 - 2016-01-01 12:37 - 00000000 ____D C:\Users\user\AppData\Local\FFFFFFFF-1451343605-FFFF-FFFF-FFFFFFFFFFFF 2015-12-28 22:59 - 2016-01-01 11:31 - 00000000 ____D C:\Program Files (x86)\FFFFFFFF-1451339953-FFFF-FFFF-FFFFFFFFFFFF 2015-12-28 22:59 - 2015-12-28 22:59 - 00003152 _____ C:\Windows\System32\Tasks\Style Food 2015-12-28 22:59 - 2015-12-28 22:59 - 00003140 _____ C:\Windows\System32\Tasks\Style Food2 2015-12-28 22:59 - 2015-12-28 22:59 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2015-12-28 22:59 - 2015-12-28 22:59 - 00000000 ____D C:\Users\user\AppData\Local\Style Food 2015-12-28 22:59 - 2015-12-28 22:58 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-12-28 22:58 - 2016-01-01 12:17 - 00000000 ____D C:\ProgramData\ApplicationHosting 2015-12-28 22:58 - 2015-12-29 16:14 - 00002369 _____ C:\Windows\SysWOW64\findit.xml 2015-12-28 22:58 - 2015-12-28 22:58 - 00000000 ____D C:\ProgramData\Zoobams 2015-12-28 22:57 - 2015-12-28 23:03 - 00000000 ____D C:\Program Files (x86)\Removewat 2.2.7 2015-12-27 19:48 - 2015-12-27 19:48 - 00000000 ____D C:\Users\user\Documents\Notesy programu OneNote 2015-12-26 20:08 - 2015-12-26 20:08 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-12-26 20:08 - 2015-12-26 20:08 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-12-26 20:08 - 2015-12-26 20:08 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-12-26 20:08 - 2015-12-26 20:08 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-12-24 12:15 - 2015-12-29 15:48 - 00000000 ____D C:\Users\user\Desktop\leauge of legends 2015-12-17 16:07 - 2015-12-17 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-12 18:35 - 2015-12-12 18:35 - 00000728 _____ C:\Users\Public\Desktop\Kingo ROOT.lnk 2015-12-12 18:35 - 2015-12-12 18:35 - 00000000 ____D C:\Users\user\AppData\Local\Kingosoft 2015-12-12 18:35 - 2015-12-12 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT 2015-12-12 18:34 - 2015-12-12 18:35 - 19523944 _____ (Kingosoft Technology Ltd. ) C:\Users\user\Downloads\android_root.exe 2015-12-10 20:39 - 2015-12-10 20:39 - 00000000 ____D C:\AdwCleaner 2015-12-10 20:38 - 2015-12-10 20:38 - 01738240 _____ C:\Users\user\Downloads\adwcleaner_5.024.exe 2015-12-09 20:27 - 2015-12-09 20:28 - 24120584 _____ (SUPERAntiSpyware) C:\Users\user\Downloads\SUPERAntiSpyware.exe 2015-12-09 18:04 - 2016-01-01 18:31 - 00000000 ____D C:\Users\user\Desktop\FIX 2015-12-06 10:27 - 2016-01-01 18:31 - 00000000 ____D C:\FRST 2015-12-03 13:57 - 2015-12-31 12:03 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-02 08:51 - 2015-12-02 08:51 - 00294968 _____ C:\Users\user\Downloads\UPOWAŻNIENIE.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-01 18:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2016-01-01 18:27 - 2013-04-21 16:20 - 00000000 ____D C:\Program Files (x86)\Steam 2016-01-01 18:01 - 2014-07-11 11:56 - 00004000 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BC4783FD-33CE-4A26-8054-9C6FB8A2CE4F} 2016-01-01 17:46 - 2014-08-22 10:43 - 00000000 ____D C:\Users\user\Documents\majesty2 2016-01-01 17:42 - 2015-11-24 20:43 - 00000812 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-01-01 17:42 - 2013-03-27 22:16 - 00001431 _____ C:\Users\user\Desktop\Internet Explorer (No Add-ons).lnk 2016-01-01 17:42 - 2013-03-27 22:16 - 00001421 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-01 17:40 - 2014-10-12 12:45 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent 2016-01-01 17:40 - 2013-05-14 12:15 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2016-01-01 17:38 - 2013-03-27 22:42 - 00000000 ____D C:\ProgramData\NVIDIA 2016-01-01 17:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-01 14:35 - 2009-07-14 05:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-01 14:35 - 2009-07-14 05:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-01 11:37 - 2013-05-15 20:55 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-31 12:29 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-12-31 12:17 - 2013-04-12 18:41 - 00000000 ____D C:\Program Files (x86)\Google 2015-12-31 12:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-29 16:13 - 2015-06-13 19:16 - 00000000 ____D C:\Users\user\AppData\Roaming\SmartSteamEmu 2015-12-28 19:37 - 2013-05-15 20:55 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-28 19:37 - 2013-03-27 22:53 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-28 19:37 - 2013-03-27 22:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-27 19:49 - 2014-05-25 20:18 - 00000000 ____D C:\Users\user\Desktop\Jakieś dokumenty 2015-12-24 20:29 - 2015-02-19 18:53 - 00000000 ____D C:\Users\user\AppData\Local\Steam 2015-12-24 20:17 - 2013-05-14 12:15 - 00000000 ____D C:\ProgramData\Skype 2015-12-17 16:07 - 2014-07-22 18:24 - 00000000 ____D C:\Users\user\AppData\Local\Skype 2015-12-17 16:07 - 2014-07-22 18:23 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-09 15:43 - 2013-08-03 10:30 - 00000000 ____D C:\Windows\Minidump 2015-12-09 14:24 - 2013-09-20 14:13 - 00000000 ____D C:\Users\user\AppData\Local\PMB Files 2015-12-09 13:53 - 2013-09-20 14:13 - 00000000 ____D C:\ProgramData\PMB Files 2015-12-06 19:35 - 2011-04-12 14:21 - 00737942 _____ C:\Windows\system32\perfh015.dat 2015-12-06 19:35 - 2011-04-12 14:21 - 00154630 _____ C:\Windows\system32\perfc015.dat 2015-12-06 19:35 - 2009-07-14 06:13 - 01663412 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-05 12:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2015-12-05 11:54 - 2009-07-14 03:34 - 00000219 _____ C:\Windows\system.ini 2015-12-05 11:51 - 2013-03-28 12:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-05 11:32 - 2015-10-03 12:07 - 00000000 ____D C:\ProgramData\DatacardService ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-03-21 09:22 - 2014-10-27 21:17 - 0010240 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-14 14:05 - 2015-06-14 14:05 - 0000000 ___SH () C:\Users\user\AppData\Local\LumaEmu 2015-04-22 12:51 - 2015-04-22 12:51 - 0003373 _____ () C:\Users\user\AppData\Local\recently-used.xbel 2014-09-13 06:39 - 2014-09-13 06:39 - 0000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg 2015-12-28 23:01 - 2015-12-28 23:01 - 0000187 _____ () C:\Users\user\AppData\Local\Scotcane.exe.config 2014-02-26 20:36 - 2015-02-27 17:36 - 0015826 _____ () C:\Users\user\AppData\Local\unins000.dat 2015-02-27 17:36 - 2015-02-27 17:36 - 0707744 _____ () C:\Users\user\AppData\Local\unins000.exe 2014-02-26 20:36 - 2015-02-27 17:36 - 0011761 _____ () C:\Users\user\AppData\Local\unins000.msg Niektóre pliki w TEMP: ==================== C:\Users\user\AppData\Local\Temp\fsd1313.exe C:\Users\user\AppData\Local\Temp\Groovedantough.exe C:\Users\user\AppData\Local\Temp\nsa738C.exe C:\Users\user\AppData\Local\Temp\nsq1630.exe C:\Users\user\AppData\Local\Temp\nsq7976.exe C:\Users\user\AppData\Local\Temp\nsw7540.exe C:\Users\user\AppData\Local\Temp\oo2.exe C:\Users\user\AppData\Local\Temp\SaltLab.exe C:\Users\user\AppData\Local\Temp\setup_758.exe C:\Users\user\AppData\Local\Temp\setup_ra.exe C:\Users\user\AppData\Local\Temp\sqlite3.exe C:\Users\user\AppData\Local\Temp\SSUPDATE64.EXE ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-11-14 13:04 ==================== Koniec FRST.txt ============================