Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:09-01-2015
Uruchomiony przez Łukasz (administrator)  LAPTOK (16-01-2016 19:48:11)
Uruchomiony z C:\Users\Łukasz\Downloads
Załadowane profile: Łukasz (Dostępne profile: Łukasz)
Platform: Windows 8.1 (Update 1) (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ALLPlayer Group Ltd.) C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5774664 2013-10-21] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-04] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] (Atheros Communications)
HKU\S-1-5-21-2466319396-4157294396-1527453628-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2014-11-03] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-2466319396-4157294396-1527453628-1001\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [5182896 2014-07-23] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-2466319396-4157294396-1527453628-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2466319396-4157294396-1527453628-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1191936 2015-11-19] (Polar Electro Oy)
HKU\S-1-5-21-2466319396-4157294396-1527453628-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2466319396-4157294396-1527453628-1001\...\MountPoints2: {0e164174-72ef-11e4-8266-9cd21e879cb4} - "E:\setup.exe" 
HKU\S-1-5-21-2466319396-4157294396-1527453628-1001\...\MountPoints2: {0e164199-72ef-11e4-8266-9cd21e879cb4} - "F:\setup.exe" 
HKU\S-1-5-21-2466319396-4157294396-1527453628-1001\...\MountPoints2: {5b05ba23-72f1-11e4-8267-9cd21e879cb4} - "G:\autorun.exe" 
HKU\S-1-5-21-2466319396-4157294396-1527453628-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [130048 2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Brak pliku
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D3DBBAAB-098F-475C-87D8-A1E634B8CDC1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2466319396-4157294396-1527453628-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_15_38_orgnl&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpl%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0FyE0B0BzytDyByB0EtByE0DtDyDtN0D0Tzu0StCtAyDtBtN1L2XzutAtFtCtAtFtAtFtCtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2S0ByB0AtB0EyEzztAtGtC0AzzyCtGyEyB0CtBtGzyyBtCtBtG0D0B0D0E0C0C0CyEzyyD0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBzy0F0F0FtBtDtGtAtBzyzztGyEtA0D0AtGzz0D0A0BtG0A0DyEtB0CyCyByEyDyBtD0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyzztB%26cr%3D627881398%26a%3Dhdr_s_15_38_orgnl%26os%3DWindows%2B8.1
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dnldastr_15_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0FyE0B0BzytDyByB0EtByE0DtDyDtN0D0Tzu0StCtByBtDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtDyCtB0FzztA0EtGtAyDtDyEtG0AyBtB0AtGyEtByCzytGtB0D0ByCtB0DyDzzyEtDzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0FyB0BtDtBtDtBtGyB0AyDtDtGyEzy0AtDtGzy0E0AyEtGtCyDyDyEzyzztAyDtA0FyE0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztDtD%26cr%3D865094644%26a%3Dwncy_dnldastr_15_26%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKLM -> {6E82A80A-AE16-45B4-86AA-6C82E9516F5E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_15_38_orgnl&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0FyE0B0BzytDyByB0EtByE0DtDyDtN0D0Tzu0StCtAyDtBtN1L2XzutAtFtCtAtFtAtFtCtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2S0ByB0AtB0EyEzztAtGtC0AzzyCtGyEyB0CtBtGzyyBtCtBtG0D0B0D0E0C0C0CyEzyyD0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBzy0F0F0FtBtDtGtAtBzyzztGyEtA0D0AtGzz0D0A0BtG0A0DyEtB0CyCyByEyDyBtD0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyzztB%26cr%3D627881398%26a%3Dhdr_s_15_38_orgnl%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0FyE0B0BzytDyByB0EtByE0DtDyDtN0D0Tzu0StCtByCtDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyByB0C0BzztDzyyCtGyCzyyDyDtGtCtCzztBtGtDyD0DyDtGtC0AtC0EyEtAzyyDtA0Czyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtC0CyDtC0EzytAtGzz0EzztAtGyEtAtD0DtG0AyEyEyDtG0AtDyD0FyD0BtByEyEtA0AtC2QtN0A0LzuyE%26cr%3D1539620490%26a%3Dwny_ir_15_24%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2466319396-4157294396-1527453628-1001 -> DefaultScope {6E82A80A-AE16-45B4-86AA-6C82E9516F5E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_15_38_orgnl&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0FyE0B0BzytDyByB0EtByE0DtDyDtN0D0Tzu0StCtAyDtBtN1L2XzutAtFtCtAtFtAtFtCtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2S0ByB0AtB0EyEzztAtGtC0AzzyCtGyEyB0CtBtGzyyBtCtBtG0D0B0D0E0C0C0CyEzyyD0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBzy0F0F0FtBtDtGtAtBzyzztGyEtA0D0AtGzz0D0A0BtG0A0DyEtB0CyCyByEyDyBtD0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyzztB%26cr%3D627881398%26a%3Dhdr_s_15_38_orgnl%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2466319396-4157294396-1527453628-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2466319396-4157294396-1527453628-1001 -> {6E82A80A-AE16-45B4-86AA-6C82E9516F5E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_15_38_orgnl&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0FyE0B0BzytDyByB0EtByE0DtDyDtN0D0Tzu0StCtAyDtBtN1L2XzutAtFtCtAtFtAtFtCtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2S0ByB0AtB0EyEzztAtGtC0AzzyCtGyEyB0CtBtGzyyBtCtBtG0D0B0D0E0C0C0CyEzyyD0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBzy0F0F0FtBtDtGtAtBzyzztGyEtA0D0AtGzz0D0A0BtG0A0DyEtB0CyCyByEyDyBtD0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyzztB%26cr%3D627881398%26a%3Dhdr_s_15_38_orgnl%26os%3DWindows%2B8.1&p={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\49395z8g.default-1452200394433
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2466319396-4157294396-1527453628-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-03-13] (Ubisoft)

Chrome: 
=======
CHR Profile: C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25]
CHR Extension: (Dysk Google) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-11]
CHR Extension: (YouTube) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-24]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]
CHR Extension: (Gmail) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR HKLM\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2466319396-4157294396-1527453628-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR StartupUrls:  "hxxp://www.gazeta.pl/0,0.html?p=170" 

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Brak podpisu cyfrowego]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-27] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-12-11] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-12-11] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2013-10-31] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [236888 2013-10-31] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-01-15 19:23 - 2016-01-15 19:23 - 00666879 _____ C:\Users\Łukasz\Downloads\Łukasz_Uracz_2016-01-15_17-59-08.tcx
2016-01-15 12:17 - 2016-01-15 12:17 - 00000000 ___RD C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-14 21:05 - 2016-01-14 21:14 - 181174296 _____ C:\Users\Łukasz\Downloads\cureit.exe
2016-01-09 17:52 - 2016-01-09 17:55 - 00038782 _____ C:\Users\Łukasz\Downloads\Addition.txt
2016-01-09 17:51 - 2016-01-16 19:48 - 00020489 _____ C:\Users\Łukasz\Downloads\FRST.txt
2016-01-09 17:50 - 2016-01-09 17:50 - 02370560 _____ (Farbar) C:\Users\Łukasz\Downloads\FRST64(1).exe
2016-01-09 17:49 - 2016-01-09 17:49 - 02370560 _____ (Farbar) C:\Users\Łukasz\Downloads\FRST64.exe
2016-01-07 22:01 - 2016-01-09 17:45 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\Systweak
2016-01-07 22:01 - 2016-01-07 22:01 - 00000000 ____D C:\Users\Łukasz\AppData\Local\Systweak
2016-01-07 22:00 - 2016-01-07 22:00 - 05822720 _____ (Advanced System Protector ) C:\Users\Łukasz\Downloads\aspsetup.exe
2016-01-07 21:47 - 2016-01-07 21:47 - 00000000 ____H C:\ProgramData\cm-lock
2016-01-07 20:53 - 2016-01-07 20:53 - 00000000 _____ C:\autoexec.bat
2016-01-07 20:51 - 2016-01-07 20:51 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Łukasz\Downloads\sh-remover.exe
2016-01-07 18:49 - 2016-01-07 18:49 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-07 18:49 - 2016-01-07 18:49 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-07 18:39 - 2016-01-07 18:39 - 00248760 _____ C:\Users\Łukasz\Downloads\Firefox Setup Stub 43.0.4.exe
2016-01-07 18:30 - 2016-01-07 18:30 - 00000000 ___HD C:\$Windows.~WS
2016-01-07 18:30 - 2016-01-07 18:30 - 00000000 ____D C:\$WINDOWS.~BT
2016-01-07 17:04 - 2016-01-07 18:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-28 21:34 - 2015-12-28 21:34 - 00358884 _____ C:\Users\Łukasz\Documents\cc_20151228_213422.reg
2015-12-17 21:38 - 2015-12-17 21:38 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-17 21:38 - 2015-12-17 21:38 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-17 21:36 - 2016-01-07 19:10 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-17 21:35 - 2015-12-17 21:35 - 05066104 _____ (AVAST Software) C:\Users\Łukasz\Downloads\avast_free_antivirus_setup_online.exe

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-01-16 19:48 - 2014-11-16 16:54 - 00000000 ____D C:\FRST
2016-01-16 19:43 - 2015-01-29 17:12 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-16 19:27 - 2014-11-16 18:51 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-15 13:06 - 2014-08-04 17:35 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2466319396-4157294396-1527453628-1001
2016-01-15 12:28 - 2014-11-16 18:51 - 00002211 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-15 12:18 - 2014-11-16 18:51 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-15 12:17 - 2014-08-22 17:30 - 00000000 ___RD C:\Users\Łukasz\OneDrive
2016-01-15 12:17 - 2014-08-04 17:29 - 00000000 ____D C:\Users\Łukasz
2016-01-13 17:42 - 2014-03-15 04:45 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-01-09 17:52 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2016-01-08 19:20 - 2015-04-29 18:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-07 22:24 - 2014-08-06 18:33 - 00000000 ____D C:\Users\Łukasz\AppData\Local\CrashDumps
2016-01-07 22:23 - 2015-01-04 15:29 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-07 22:00 - 2015-04-08 19:09 - 00000000 ____D C:\Users\Łukasz\Desktop\Stare dane programu Firefox
2016-01-07 21:47 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-07 21:46 - 2014-08-04 19:37 - 05240320 ___SH C:\Users\Łukasz\Desktop\Thumbs.db
2016-01-07 21:46 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-07 20:50 - 2014-11-18 20:45 - 00000000 ____D C:\AdwCleaner
2016-01-07 18:53 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-01-07 18:49 - 2014-11-16 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-07 18:31 - 2014-03-15 12:09 - 00000000 ____D C:\Windows\Panther
2016-01-07 18:26 - 2014-11-23 09:24 - 00000000 ____D C:\Program Files\MailShare
2016-01-07 18:17 - 2014-08-25 14:51 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-01-07 18:17 - 2014-03-15 04:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-07 18:15 - 2015-12-08 20:06 - 00000000 ____D C:\Users\Łukasz\AppData\Local\ConcussingSeasoner
2016-01-03 12:39 - 2014-08-04 19:36 - 01189376 ___SH C:\Users\Łukasz\Downloads\Thumbs.db
2015-12-28 21:18 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\ModemLogs
2015-12-28 19:43 - 2015-01-29 17:12 - 00003818 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-17 22:06 - 2015-09-14 12:05 - 00000000 ____D C:\Users\Łukasz\AppData\Local\{F9D1CF8D-DD79-A335-B0E1-86DD94897A45}
2015-12-17 13:06 - 2014-12-19 16:26 - 00000239 _____ C:\Users\Łukasz\AppData\Roaming\WB.CFG

==================== Pliki w katalogu głównym wybranych folderów =======

2014-12-17 13:57 - 2014-12-17 13:57 - 0000406 _____ () C:\Users\Łukasz\AppData\Roaming\apachesrvin.vbs
2014-12-15 19:04 - 2014-12-15 19:08 - 0000834 _____ () C:\Users\Łukasz\AppData\Roaming\burnaware.ini
2014-12-17 13:57 - 2014-12-17 13:57 - 0000077 _____ () C:\Users\Łukasz\AppData\Roaming\die.bat
2015-12-08 20:06 - 2015-12-08 20:06 - 0514275 _____ () C:\Users\Łukasz\AppData\Roaming\Setup72494.exe
2014-12-19 16:26 - 2015-12-17 13:06 - 0000239 _____ () C:\Users\Łukasz\AppData\Roaming\WB.CFG
2015-10-18 10:45 - 2015-10-18 10:45 - 0000036 _____ () C:\Users\Łukasz\AppData\Local\giplay_settings
2014-12-06 22:06 - 2014-12-06 22:06 - 0628496 _____ (CMI Limited) C:\Users\Łukasz\AppData\Local\nsd4F96.tmp
2014-12-19 16:56 - 2014-12-19 16:56 - 0613057 _____ (CMI Limited) C:\Users\Łukasz\AppData\Local\nse9FA.tmp
2014-12-18 14:47 - 2014-12-18 14:47 - 0613057 _____ (CMI Limited) C:\Users\Łukasz\AppData\Local\nspB5B.tmp
2016-01-07 21:47 - 2016-01-07 21:47 - 0000000 ____H () C:\ProgramData\cm-lock
2014-03-15 04:11 - 2014-03-15 04:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-15 13:46 - 2014-11-15 13:46 - 0000032 _____ () C:\ProgramData\Temp.log
2014-03-15 04:42 - 2014-03-15 04:43 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-15 04:39 - 2014-03-15 04:40 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-15 04:40 - 2014-03-15 04:41 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-15 04:41 - 2014-03-15 04:42 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-15 04:38 - 2014-03-15 04:38 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Niektóre pliki w TEMP:
====================
C:\Users\Łukasz\AppData\Local\Temp\eauninstall.exe
C:\Users\Łukasz\AppData\Local\Temp\The Sims 2 Double Deluxe_uninst.exe


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2016-01-07 18:44

==================== Koniec  FRST.txt ============================