Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 18-02-2017 01 Uruchomiony przez Luku (administrator) LUKU-PC (19-02-2017 21:58:16) Uruchomiony z C:\Users\Luku\Desktop\2befast2\rener\x-pads Załadowane profile: Luku (Dostępne profile: Luku) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (UASSOFT.COM) C:\Program Files\Mouse Driver\KMWDSrv.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (UASSOFT.COM) C:\Program Files\Mouse Driver\StartAutorun.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (UASSOFT.COM) C:\Program Files\Mouse Driver\KMCONFIG.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (UASSOFT.COM) C:\Program Files\Mouse Driver\KMProcess.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files\NapiProjekt\napisy.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe () C:\ProgramData\Avg_Update_0117avz\AVG-Secure-Search-Update_0117avz.exe () C:\ProgramData\Avg_Update_0117avz\AVG-Secure-Search-Update_0117avz.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10959464 2012-01-16] (Realtek Semiconductor) HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [KMCONFIG] => C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2312824 2015-08-26] (Logitech, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2015-07-02] (Logitech, Inc.) HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\Run: [Komunikator] => C:\Program Files\Tlen.pl\tlen.exe [5853672 2009-01-17] (o2.pl Sp. z o.o.) HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\Run: [Facebook Update] => C:\Users\Luku\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-17] (Facebook Inc.) HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation) HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\Run: [ChomikBox] => C:\Program Files\ChomikBox\chomikbox.exe [6033408 2014-03-11] ( ) HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1223728 2017-02-06] (CyberGhost S.R.L.) HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\MountPoints2: {890f1baf-d3e5-11e5-910c-000e2e5ae9ff} - F:\Setup.exe HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\MountPoints2: {b111e6db-1fee-11e6-b6e2-000e2e5ae9ff} - G:\SETUP.EXE HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\MountPoints2: {b111e6e4-1fee-11e6-b6e2-000e2e5ae9ff} - H:\SETUP.EXE HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\MountPoints2: {cb7e4df6-2487-11e3-bd8a-000e2e5ae9ff} - G:\AutoRun.exe HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\MountPoints2: {cb7e4e04-2487-11e3-bd8a-000e2e5ae9ff} - G:\AutoRun.exe HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\MountPoints2: {cb7e50ad-2487-11e3-bd8a-000e2e5ae9ff} - G:\AutoRun.exe HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\MountPoints2: {f2738989-0bba-11e2-9d09-000e2e5ae9ff} - F:\LANLauncher.exe HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\...\MountPoints2: {f749fd84-5ecd-11e5-83b4-000e2e5ae9ff} - F:\Setup.exe HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-10-29] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{33C672E7-D5EC-4BFF-81DA-C2B4A29C6A2D}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7F2DA0ED-0292-42DD-9024-340395BFA5FE}: [NameServer] 89.108.195.20 89.108.202.20 Tcpip\..\Interfaces\{9F67D6B1-E473-46E0-B22F-0A52939C9D6D}: [NameServer] 89.108.202.21 89.108.195.21 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150323 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1406573753&from=cor&uid=ST3500418AS_9VMQH62TXXXX9VMQH62T&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1406573753&from=cor&uid=ST3500418AS_9VMQH62TXXXX9VMQH62T HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1406573753&from=cor&uid=ST3500418AS_9VMQH62TXXXX9VMQH62T&q={searchTerms} HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={F4D673F7-54C2-40D2-BED1-9D8FEE65D7BB}&mid=ba1b79a73dec47d0beb3d14768be000c-9a9126da7f85435b25a6680f2d809158c47a30c4&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-18 19:30:52&v=18.7.0.147&pid=safeguard&sg=&sap=hp HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1406573753&from=cor&uid=ST3500418AS_9VMQH62TXXXX9VMQH62T SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> {018A5742-0453-4ace-B4C0-9251E0F8FC29} URL = ${SEARCH_URL}{searchTerms} SearchScopes: HKU\S-1-5-21-1013546268-4047502859-3621741523-1000 -> {018A5742-0453-4ace-B4C0-9251E0F8FC29} URL = hxxp://startsear.ch/?src=sp&aff=67&cf=0f4f9c73-761a-11e2-ab29-000e2e5ae9ff&q={searchTerms} SearchScopes: HKU\S-1-5-21-1013546268-4047502859-3621741523-1000 -> {0A5BB363-3969-47d9-BCF0-B65BAE7F87BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH SearchScopes: HKU\S-1-5-21-1013546268-4047502859-3621741523-1000 -> {669D4278-8A5F-42b4-8DD0-EF154CAE5843} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV SearchScopes: HKU\S-1-5-21-1013546268-4047502859-3621741523-1000 -> {7E3BC58D-5CDB-43FC-B161-070F50728D77} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} SearchScopes: HKU\S-1-5-21-1013546268-4047502859-3621741523-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F4D673F7-54C2-40D2-BED1-9D8FEE65D7BB}&mid=ba1b79a73dec47d0beb3d14768be000c-9a9126da7f85435b25a6680f2d809158c47a30c4&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2014-04-18 19:30:52&v=18.7.0.147&pid=safeguard&sg=&sap=dsp&q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-05] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-05] (Oracle Corporation) BHO: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.) Toolbar: HKU\S-1-5-21-1013546268-4047502859-3621741523-1000 -> Brak nazwy - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Brak pliku FireFox: ======== FF DefaultProfile: p8yv4rhh.default FF ProfilePath: C:\Users\Luku\AppData\Roaming\Mozilla\Firefox\Profiles\p8yv4rhh.default [2017-02-19] FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Luku\AppData\Roaming\Mozilla\Firefox\Profiles\p8yv4rhh.default\features\{34547358-40bd-4ee5-b01a-c3647f371803}\disableSHA1rollout@mozilla.org.xpi [2017-02-19] FF HKLM\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}] - C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} => nie znaleziono FF HKLM\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}] - C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} => nie znaleziono FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-11-03] [Brak podpisu cyfrowego] FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.) FF Plugin: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Brak pliku] FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files\Ganymede\Plugins\npganymedenet.dll [2012-07-25] ( ) FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation) FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-05] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1013546268-4047502859-3621741523-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Luku\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Luku\AppData\Local\Google\Chrome\User Data\Default [2017-02-19] CHR Extension: (Adblock Plus) - C:\Users\Luku\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30] CHR Extension: (AVG SafePrice) - C:\Users\Luku\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2016-12-18] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Luku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Chrome Media Router) - C:\Users\Luku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] CHR HKU\S-1-5-21-1013546268-4047502859-3621741523-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4154016 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [603288 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76848 2017-02-06] (CyberGhost S.R.L) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [274200 2012-01-12] (Intel Corporation) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Brak podpisu cyfrowego] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Brak podpisu cyfrowego] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [423136 2011-12-08] (Intel(R) Corporation) R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 KMWDSERVICE; C:\Program Files\Mouse Driver\KMWDSrv.exe [208896 2008-06-23] (UASSOFT.COM) [Brak podpisu cyfrowego] S3 npggsvc; C:\Windows\system32\GameMon.des [3643520 2016-01-07] (INCA Internet Co., Ltd.) S3 Origin Client Service; D:\Origin\OriginClientService.exe [2120712 2016-04-29] (Electronic Arts) S2 PLAY ONLINE. RunOuc; C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [246112 2013-09-23] () R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-12-16] () S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] () R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [259328 2016-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.) R0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-09-20] (Disc Soft Ltd) S3 gdrv; C:\Windows\gdrv.sys [17488 2013-09-29] (Windows (R) 2000 DDK provider) S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2013-09-29] () S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2013-09-23] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2013-09-23] (Huawei Technologies Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [190976 2013-09-23] (Huawei Technologies Co., Ltd.) R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation) R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation) R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation) S3 KMWDFilter; C:\Windows\System32\Drivers\KMWDFilter.SYS [17024 2008-03-22] (Windows (R) Codename Longhorn DDK provider) [Brak podpisu cyfrowego] R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [52368 2015-06-18] (Logitech, Inc.) R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [20240 2015-06-18] (Logitech, Inc.) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation) R3 msloop; C:\Windows\System32\DRIVERS\loop.sys [5632 2009-07-14] (Microsoft Corporation) R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project) R1 wafd_1_10_0_19; C:\Windows\System32\drivers\wafd_1_10_0_19.sys [56448 2015-06-15] (WA) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-19 21:35 - 2017-02-19 21:36 - 00042207 _____ C:\Users\Luku\Downloads\Addition.txt 2017-02-19 21:34 - 2017-02-19 21:58 - 00000000 ____D C:\FRST 2017-02-19 21:34 - 2017-02-19 21:36 - 00032227 _____ C:\Users\Luku\Downloads\FRST.txt 2017-02-19 21:32 - 2017-02-19 21:32 - 02422784 _____ (Farbar) C:\Users\Luku\Downloads\FRST64.exe 2017-02-19 12:11 - 2017-02-19 12:11 - 00000000 _____ C:\Users\Luku\Desktop\Nowy dokument tekstowy.txt 2017-02-02 20:19 - 2017-02-02 20:19 - 00002838 _____ C:\Users\Luku\AppData\Local\recently-used.xbel 2017-01-31 19:55 - 2017-01-31 19:55 - 00000000 ____D C:\Users\Luku\AppData\Local\webkit 2017-01-31 19:52 - 2017-01-31 19:53 - 14947469 _____ C:\Users\Luku\Downloads\Fwd-_Re-_Crash_pady.zip 2017-01-29 18:35 - 2017-01-29 18:35 - 00000000 ____D C:\Users\Luku\Desktop\womet-tech 2017-01-29 13:13 - 2017-01-31 19:53 - 00000000 ____D C:\Users\Luku\Desktop\womet tech 2017-01-24 18:56 - 2017-01-24 18:56 - 00000432 _____ C:\Windows\Tasks\AVG-SSU_0117avz_DELETE.job 2017-01-24 18:56 - 2017-01-24 18:56 - 00000348 _____ C:\Windows\Tasks\AVG-SSU_0117avz.job 2017-01-24 18:56 - 2017-01-24 18:56 - 00000000 ____D C:\ProgramData\Avg_Update_0117avz 2017-01-23 15:13 - 2017-01-23 15:13 - 00000000 ____D C:\Users\Luku\Desktop\owiewki włókno szklane 2017-01-23 14:41 - 2017-01-23 14:41 - 00002130 _____ C:\Users\Luku\Desktop\a78f3d0442e49cf16aef70b6a0cd 2017-01-23 12:53 - 2017-01-23 12:53 - 00000000 ____D C:\Users\Luku\Desktop\Redomoto 2017-01-21 22:23 - 2017-01-21 22:23 - 00000000 ____D C:\Users\Luku\AppData\Local\CyberGhost 2017-01-21 22:22 - 2017-01-21 22:23 - 00000000 ____D C:\Program Files\TAP-Windows 2017-01-21 22:21 - 2017-01-26 15:48 - 00000000 ____D C:\Program Files\CyberGhost 6 2017-01-21 22:21 - 2017-01-21 22:21 - 16088672 _____ (CyberGhost S.R.L. ) C:\Users\Luku\Downloads\CyberGhost_6.0.4.2205 (1).exe 2017-01-21 22:21 - 2017-01-21 22:21 - 00001885 _____ C:\Users\Luku\Desktop\CyberGhost 6.lnk 2017-01-21 22:21 - 2017-01-21 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6 2017-01-21 22:19 - 2017-01-21 22:19 - 16088672 _____ (CyberGhost S.R.L. ) C:\Users\Luku\Downloads\CyberGhost_6.0.4.2205.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-19 21:46 - 2012-10-01 15:36 - 00000000 ____D C:\ProgramData\MFAData 2017-02-19 21:31 - 2017-01-09 20:48 - 00000000 ____D C:\Users\Luku\AppData\LocalLow\Mozilla 2017-02-19 21:22 - 2014-03-17 18:56 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1013546268-4047502859-3621741523-1000UA.job 2017-02-19 21:20 - 2014-03-17 18:56 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1013546268-4047502859-3621741523-1000Core.job 2017-02-13 14:03 - 2012-10-02 19:01 - 00000000 ____D C:\Users\Luku\AppData\Roaming\uTorrent 2017-02-08 21:17 - 2014-07-28 19:59 - 00000000 ____D C:\Program Files\Opera 2017-02-06 22:40 - 2012-10-01 03:27 - 00002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-03 23:03 - 2015-05-09 17:41 - 00000000 ____D C:\Users\Luku\.gimp-2.8 2017-02-03 08:40 - 2017-01-09 20:47 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-01-29 19:33 - 2015-05-09 17:45 - 00000000 ____D C:\Users\Luku\AppData\Local\gtk-2.0 2017-01-29 13:14 - 2015-09-01 19:30 - 00000000 ____D C:\Users\Luku\Desktop\2befast2 2017-01-23 12:34 - 2011-04-12 06:08 - 00739694 _____ C:\Windows\system32\perfh015.dat 2017-01-23 12:34 - 2011-04-12 06:08 - 00155268 _____ C:\Windows\system32\perfc015.dat 2017-01-23 12:34 - 2010-11-20 22:01 - 01668226 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-23 12:34 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-11-08 15:12 - 2014-11-08 15:19 - 6000640 _____ () C:\Program Files\GUTCABB.tmp 2013-04-10 16:09 - 2013-04-16 21:32 - 0000096 _____ () C:\Users\Luku\AppData\Roaming\mFaktura 6, Mag 2015-12-16 01:00 - 2015-12-16 01:01 - 0138904 _____ () C:\Users\Luku\AppData\Roaming\PnkBstrK.sys 2015-06-21 15:37 - 2016-03-02 19:04 - 0000600 _____ () C:\Users\Luku\AppData\Roaming\winscp.rnd 2017-02-02 20:19 - 2017-02-02 20:19 - 0002838 _____ () C:\Users\Luku\AppData\Local\recently-used.xbel Niektóre pliki w TEMP: ==================== 2016-01-15 19:00 - 2015-12-08 07:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Luku\AppData\Local\Temp\avguirn_08115881941.exe 2016-08-22 21:20 - 2016-07-20 13:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Luku\AppData\Local\Temp\avguirn_081419101883.exe 2016-06-23 16:11 - 2016-05-18 12:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Luku\AppData\Local\Temp\avguirn_08151481953.exe 2016-04-08 11:10 - 2016-02-18 12:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Luku\AppData\Local\Temp\avguirn_081619434637.exe 2016-01-05 16:01 - 2015-11-12 16:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Luku\AppData\Local\Temp\avguirn_081850593638.exe 2016-02-23 13:03 - 2016-01-12 16:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Luku\AppData\Local\Temp\avguirn_08242176430.exe 2016-07-27 13:57 - 2016-06-21 17:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Luku\AppData\Local\Temp\avguirn_08246031780.exe 2016-06-01 15:35 - 2016-04-22 09:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Luku\AppData\Local\Temp\avguirn_08421104723.exe 2015-09-20 10:13 - 2015-09-20 10:13 - 19062208 _____ (Disc Soft Ltd) C:\Users\Luku\AppData\Local\Temp\DTLite1010-0074.exe 2016-07-19 21:47 - 2016-07-19 21:47 - 0741440 _____ (Oracle Corporation) C:\Users\Luku\AppData\Local\Temp\jre-8u101-windows-au.exe 2016-10-19 06:58 - 2016-10-19 06:58 - 0737856 _____ (Oracle Corporation) C:\Users\Luku\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-01-17 22:47 - 2017-01-17 22:47 - 0739904 _____ (Oracle Corporation) C:\Users\Luku\AppData\Local\Temp\jre-8u121-windows-au.exe 2015-11-19 07:12 - 2015-11-19 07:12 - 0585824 _____ (Oracle Corporation) C:\Users\Luku\AppData\Local\Temp\jre-8u66-windows-au.exe 2016-03-23 22:47 - 2016-03-23 22:47 - 0736320 _____ (Oracle Corporation) C:\Users\Luku\AppData\Local\Temp\jre-8u77-windows-au.exe 2016-04-20 11:47 - 2016-04-20 11:47 - 0739904 _____ (Oracle Corporation) C:\Users\Luku\AppData\Local\Temp\jre-8u91-windows-au.exe 2015-07-02 15:49 - 2015-07-02 15:49 - 0841232 _____ (Application Web ) C:\Users\Luku\AppData\Local\Temp\JSE_install_app-1435848577303.exe 2011-11-03 15:13 - 2011-11-03 15:13 - 1786688 _____ () C:\Users\Luku\AppData\Local\Temp\sonarinst.exe 2015-12-11 23:58 - 2016-10-16 20:24 - 0102057 _____ () C:\Users\Luku\AppData\Local\Temp\t.dll 2015-07-31 17:53 - 2015-07-16 20:13 - 2076048 _____ (AVG Technologies) C:\Users\Luku\AppData\Local\Temp\UNINSTALL.EXE ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-02-15 00:00 ==================== Koniec FRST.txt ============================