Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:31-12-2015 Uruchomiony przez GuiDesign (administrator) GUIDESIGN (06-01-2016 12:34:34) Uruchomiony z C:\FRST Załadowane profile: GuiDesign (Dostępne profile: GuiDesign & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe () G:\Safe in cloud\SafeInCloud.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (Logitech, Inc.) G:\Logitech Mouse\SetPoint\SetPoint.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe (D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Nitro PDF Software) G:\Nitro\NitroPDFDriverService9x64.exe () G:\Nitro\Nitro_UpdateService.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-02-03] (COMODO) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1720488 2015-12-14] (Bitdefender) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => G:\QuickTime\QTTask.exe [421888 2015-11-26] (Apple Inc.) HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-141216083-1399068327-2884399744-1003\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company) HKU\S-1-5-21-141216083-1399068327-2884399744-1003\...\Run: [Agent Portfela Bitdefender] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1423288 2015-12-14] (Bitdefender) HKU\S-1-5-21-141216083-1399068327-2884399744-1003\...\Run: [SafeInCloud] => G:\Safe in cloud\SafeInCloud.exe [2560000 2014-10-21] () HKU\S-1-5-21-141216083-1399068327-2884399744-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd) HKU\S-1-5-21-141216083-1399068327-2884399744-1003\...\Run: [CCleaner Monitoring] => G:\CCleaner\CCleaner64.exe [8591272 2015-11-29] (Piriform Ltd) HKU\S-1-5-21-141216083-1399068327-2884399744-1003\...\Policies\Explorer: [] HKU\S-1-5-21-141216083-1399068327-2884399744-1003\...\MountPoints2: {1ca50bff-ce52-11e4-a322-f46d04b01276} - F:\autorun.exe HKU\S-1-5-21-141216083-1399068327-2884399744-1003\...\MountPoints2: {51605bd1-201a-11e5-99e7-5cd9989e7140} - I:\autorun.exe HKU\S-1-5-21-141216083-1399068327-2884399744-1003\...\MountPoints2: {51605bdc-201a-11e5-99e7-5cd9989e7140} - J:\autorun.exe HKU\S-1-5-18\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2015-03-21] ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2012-12-02] ShortcutTarget: Logitech SetPoint.lnk -> G:\Logitech Mouse\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2015-03-21] ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2015-02-26] ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe (D-Link Corp.) Startup: C:\Users\Gui Design\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder [2014-11-29] () BootExecute: autocheck autochk * sh4native Sh4Removal ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{45002162-23B9-4B85-98C5-E3646352F7B9}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{B2218790-3422-4C11-867F-6F33E997D939}: [DhcpNameServer] 217.116.100.65 79.163.127.70 Tcpip\..\Interfaces\{DBC9115A-706F-4A06-866D-785FEB558F71}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-141216083-1399068327-2884399744-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> DefaultScope - brak wartości BHO: Portfel Bitdefender -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-12-14] (Bitdefender) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Portfel Bitdefender -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-12-14] (Bitdefender) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-12] (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-12] (Oracle Corporation) Toolbar: HKLM - Portfel Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-12-14] (Bitdefender) Toolbar: HKLM-x32 - Portfel Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-12-14] (Bitdefender) FireFox: ======== FF ProfilePath: C:\Users\GuiDesign\AppData\Roaming\Mozilla\Firefox\Profiles\c0kje1u7.default FF DefaultSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] () FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\Windows\system32\npDeployJava1.dll [2011-11-08] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll [2011-11-08] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> G:\Vl Player\VLC\npvlc.dll [2013-12-09] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-141216083-1399068327-2884399744-1003: @citrixonline.com/appdetectorplugin -> C:\Users\GuiDesign\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-03] (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-11-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-11-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-11-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-11-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-11-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-09-30] FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\\antispam32\bdwteff FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\\antispam32\bdwteff [2015-12-15] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-11-25] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\\antispam32\bdwteff FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Profile: C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04] CHR Extension: (Dokumenty Google) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Dysk Google) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (uBlock Origin) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-12-30] CHR Extension: (Google Search) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Bitdefender Wallet) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2015-11-29] CHR Extension: (Axure RP Extension for Chrome) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogkpdfcklifaemcdfbildhcofnopogp [2015-05-01] CHR Extension: (Rapideo.pl) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\elpdjcjlbmambiaahbcjphfdnpclaeec [2015-05-30] CHR Extension: (Arkusze Google) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04] CHR Extension: (Dokumenty Google offline) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Window Resizer) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2015-10-28] CHR Extension: (SafeInCloud Password Manager) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchdigjbcmdgcfeijpfkpadacbijihjl [2015-11-19] CHR Extension: (Sprawdzanie poczty Google) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-24] CHR Extension: (Edge: The Web Ruler) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\njlkegdphefeellhaongiopcfgcinikh [2015-08-24] CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2015-12-15] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29] CHR Extension: (Gmail) - C:\Users\GuiDesign\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-12-07] (Lavasoft Limited) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] () R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] () R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-03] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-03] (COMODO) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-03-19] (Disc Soft Ltd) S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-547 revA\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [Brak podpisu cyfrowego] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [Brak podpisu cyfrowego] R2 NitroDriverReadSpool9; G:\Nitro\NitroPDFDriverService9x64.exe [230920 2015-01-03] (Nitro PDF Software) R2 NitroUpdateService; G:\Nitro\Nitro_UpdateService.exe [418312 2015-01-03] () R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Brak podpisu cyfrowego] R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [857288 2015-12-08] (Bitdefender) R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2015-11-29] (Enigma Software Group USA, LLC.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [124488 2015-09-29] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1604080 2015-12-14] (Bitdefender) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2015-10-28] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [282000 2015-11-29] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2015-11-29] (BitDefender) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC) S4 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-14] (BitDefender) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-01-30] (COMODO) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-19] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2015-11-29] () R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-16] (GFI Software) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC) S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [Brak podpisu cyfrowego] R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [271808 2015-11-29] (Bitdefender) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-01-30] (COMODO) R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-05-15] (Atheros Communications, Inc.) S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [28160 2009-07-07] (hxxp://libusb-win32.sourceforge.net) [Brak podpisu cyfrowego] S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [Brak podpisu cyfrowego] R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.) R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [106760 2013-12-18] (WIBU-SYSTEMS AG) S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X] S3 motandroidusb; System32\Drivers\motoandroid.sys [X] S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X] S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X] S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X] S3 SANDRA; \??\G:\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-06 12:30 - 2016-01-06 12:31 - 00000000 ____D C:\Users\GuiDesign\Desktop\Nowy folder 2016-01-06 12:12 - 2016-01-06 12:12 - 00000000 ____D C:\Users\GuiDesign\Desktop\gmer 2016-01-06 12:00 - 2016-01-06 12:34 - 00000000 ____D C:\FRST 2016-01-06 11:13 - 2016-01-06 11:13 - 00000000 ____H C:\ProgramData\cm-lock 2016-01-04 21:08 - 2016-01-04 21:09 - 00000000 ____D C:\Users\GuiDesign\Desktop\Projekt bud New 2016-01-03 16:05 - 2016-01-03 16:05 - 00000000 _____ C:\Windows\MEMORY.DMP 2016-01-03 12:00 - 2016-01-03 12:00 - 00000000 _____ C:\Windows\system32\SBRC.dat 2016-01-02 14:57 - 2016-01-02 14:57 - 00001190 _____ C:\Windows\SysWOW64\ServiceConfig.xml 2016-01-01 19:35 - 2016-01-01 19:35 - 00000000 ____D C:\Users\GuiDesign\Desktop\Projekt Budowlany 2015-12-30 22:19 - 2015-12-30 22:19 - 00747567 _____ C:\Users\GuiDesign\Desktop\Faktura_6V_137509_12_2015_01134340.pdf 2015-12-30 18:46 - 2015-12-30 18:46 - 00088565 _____ C:\Users\GuiDesign\Desktop\faktura-vat-nr-02-12-201561-afaktury.pl.pdf 2015-12-30 18:40 - 2015-12-30 18:40 - 00088473 _____ C:\Users\GuiDesign\Desktop\faktura-vat-nr-01-12-201584-afaktury.pl.pdf 2015-12-30 17:24 - 2015-12-30 17:24 - 00050320 _____ C:\Users\GuiDesign\Desktop\WyciagZRachunku_20151230_172449.pdf 2015-12-30 17:23 - 2015-12-30 17:23 - 00050348 _____ C:\Users\GuiDesign\Desktop\WyciagZRachunku_20151230_172349.pdf 2015-12-30 16:29 - 2015-12-30 16:29 - 00039814 _____ C:\Users\GuiDesign\Desktop\Konto_Raiffeisen.pdf 2015-12-30 16:28 - 2015-12-30 16:28 - 00040008 _____ C:\Users\GuiDesign\Desktop\Konto2_Raiffeisen.pdf 2015-12-29 13:12 - 2015-12-29 13:12 - 00092169 _____ C:\Users\GuiDesign\Desktop\bgzoptima.pdf 2015-12-27 20:21 - 2015-12-27 20:21 - 00234342 _____ C:\Users\GuiDesign\Desktop\RB26x40-K40-00112W-F0-STR-10.pdf 2015-12-27 14:24 - 2015-12-27 16:34 - 00000000 ____D C:\Users\GuiDesign\Desktop\Programy do projektowania 2015-12-26 16:05 - 2015-12-26 16:05 - 00000165 ____H C:\Users\GuiDesign\Desktop\~$Kosztorys.xlsx 2015-12-20 22:28 - 2015-12-20 22:28 - 00000025 _____ C:\Users\GuiDesign\Desktop\Kod Allergro.txt 2015-12-20 14:43 - 2015-12-26 17:51 - 00009703 _____ C:\Users\GuiDesign\Desktop\Kosztorys.xlsx 2015-12-19 20:04 - 2015-12-19 20:04 - 02315937 _____ C:\Users\GuiDesign\Desktop\REGULAMIN_SWIADCZENIA_USLUGI_KONTO_PAYU.pdf 2015-12-17 22:34 - 2015-12-17 22:34 - 00000000 ____D C:\Users\GuiDesign\AppData\Local\CEF 2015-12-17 21:20 - 2015-12-17 21:20 - 00000000 ____D C:\My Snapshots 2015-12-13 16:13 - 2016-01-02 21:41 - 00000290 _____ C:\Users\GuiDesign\Desktop\Materiały na dom.txt 2015-12-13 16:11 - 2015-12-30 20:10 - 00001198 _____ C:\Users\GuiDesign\Desktop\Ekipa budowlana.txt 2015-12-13 16:07 - 2016-01-02 22:28 - 00000631 _____ C:\Users\GuiDesign\Desktop\Kierownik Budowy.txt 2015-12-13 12:44 - 2015-12-18 19:51 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-12-13 12:44 - 2015-12-13 12:44 - 00002055 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-12-09 09:14 - 2015-12-09 09:14 - 00047832 _____ C:\Users\GuiDesign\Desktop\wyniki Ania.pdf 2015-12-08 19:52 - 2015-12-08 19:52 - 00025202 _____ C:\ProgramData\1449600767.bdinstall.bin 2015-12-08 19:52 - 2015-12-08 19:52 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-06 12:29 - 2015-11-29 19:22 - 00000000 ____D C:\Program Files\Bitdefender Agent 2016-01-06 12:29 - 2015-06-01 19:18 - 00000642 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-141216083-1399068327-2884399744-1003.job 2016-01-06 12:26 - 2011-08-04 19:45 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-06 12:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-06 12:24 - 2012-04-22 21:16 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-06 12:02 - 2011-08-04 19:45 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-06 12:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2016-01-06 11:35 - 2014-12-03 19:44 - 00000546 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-141216083-1399068327-2884399744-1003.job 2016-01-06 11:24 - 2014-12-02 21:15 - 00000000 ____D C:\Users\GuiDesign\AppData\Local\Adobe 2016-01-06 11:21 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-06 11:21 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-06 11:15 - 2014-12-01 18:40 - 00000390 _____ C:\Windows\Tasks\update-sys.job 2016-01-05 21:11 - 2014-11-29 12:11 - 00497321 _____ C:\bdlog.txt 2016-01-04 21:28 - 2014-11-30 21:41 - 00000398 _____ C:\Windows\Tasks\update-S-1-5-21-141216083-1399068327-2884399744-1000.job 2016-01-02 21:52 - 2015-11-28 21:08 - 00002584 _____ C:\Users\GuiDesign\Desktop\Namiary na firmy bud.txt 2016-01-02 13:24 - 2012-04-22 21:16 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-01-02 13:24 - 2012-04-22 21:16 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-01-02 13:24 - 2011-08-20 20:43 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-01 18:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-01-01 15:24 - 2014-12-13 20:56 - 00000000 ____D C:\Users\GuiDesign\AppData\Roaming\Media Player Classic 2015-12-31 12:41 - 2015-06-01 19:18 - 00003682 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-141216083-1399068327-2884399744-1003 2015-12-31 12:41 - 2014-12-03 19:44 - 00003586 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-141216083-1399068327-2884399744-1003 2015-12-28 19:58 - 2012-01-10 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axure 2015-12-17 22:04 - 2011-08-04 19:48 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-17 21:21 - 2015-01-22 12:53 - 00000020 _____ C:\Users\GuiDesign\AppData\Roaming\AVSDVDPlayer.m3u 2015-12-14 19:18 - 2015-11-29 23:03 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys 2015-12-13 12:45 - 2014-12-30 18:24 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-12-13 12:44 - 2011-08-04 20:28 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-12-13 12:44 - 2011-08-04 20:24 - 00000000 ____D C:\ProgramData\Adobe ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-04-19 21:03 - 2014-05-30 21:26 - 0003624 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml 2014-12-08 17:32 - 2015-08-24 20:16 - 0000132 _____ () C:\Users\GuiDesign\AppData\Roaming\Adobe PNG Format CS5 Prefs 2015-01-22 12:53 - 2015-12-17 21:21 - 0000020 _____ () C:\Users\GuiDesign\AppData\Roaming\AVSDVDPlayer.m3u 2014-12-08 18:58 - 2015-10-22 17:11 - 0001456 _____ () C:\Users\GuiDesign\AppData\Local\Adobe Save for Web 12.0 Prefs 2015-04-10 19:27 - 2015-04-10 19:27 - 0003584 _____ () C:\Users\GuiDesign\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-08 16:44 - 2014-12-08 16:44 - 0000032 RSHOT () C:\Users\GuiDesign\AppData\Local\t65s2tb.dat 2015-05-01 17:19 - 2015-05-01 17:19 - 0000032 RSHOT () C:\Users\GuiDesign\AppData\Local\t70rc.dat 2015-11-29 23:04 - 2015-11-29 23:04 - 0403431 _____ () C:\ProgramData\1448834568.bdinstall.bin 2015-12-08 19:52 - 2015-12-08 19:52 - 0025202 _____ () C:\ProgramData\1449600767.bdinstall.bin 2016-01-06 11:13 - 2016-01-06 11:13 - 0000000 ____H () C:\ProgramData\cm-lock 2015-03-19 18:20 - 2015-03-19 18:20 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-12-30 18:06 ==================== Koniec FRST.txt ============================