Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 06-10-2017 Uruchomiony przez marek (administrator) A (08-10-2017 17:30:14) Uruchomiony z C:\Users\marek\Downloads Załadowane profile: marek (Dostępne profile: marek) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe () C:\ProgramData\DataCardService\HWDeviceService.exe (O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () HKLM\...\Run: [NDSTray.exe] => NDSTray.exe HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-2462989680-654496683-3945165627-1000\...\MountPoints2: {4a6f93fd-ce60-11e2-a0a1-c177475dca96} - G:\AutoRun.exe HKU\S-1-5-21-2462989680-654496683-3945165627-1000\...\MountPoints2: {6e77b49a-c3bc-11de-add8-001e683e8a52} - G:\AutoRun.exe HKU\S-1-5-21-2462989680-654496683-3945165627-1000\...\MountPoints2: {73a37b7d-e555-11de-b55d-df0d44c52dae} - G:\AutoRun.exe HKU\S-1-5-21-2462989680-654496683-3945165627-1000\...\MountPoints2: {747dd73b-0589-11de-be3f-001e683e8a52} - G:\jxqevly.exe HKU\S-1-5-21-2462989680-654496683-3945165627-1000\...\MountPoints2: {8c2da4c6-c4ba-11de-b00e-001e683e8a52} - G:\AutoRun.exe HKU\S-1-5-21-2462989680-654496683-3945165627-1000\...\MountPoints2: {d3b1aa67-b23b-11de-a405-001e683e8a52} - G:\AutoRun.exe HKU\S-1-5-21-2462989680-654496683-3945165627-1000\...\MountPoints2: {f1659fc8-a5c0-11e3-804c-94f1b68920cd} - G:\AutoRun.exe HKU\S-1-5-21-2462989680-654496683-3945165627-1000\...\MountPoints2: {f1659fda-a5c0-11e3-804c-00a0c6000000} - G:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2009-10-25] ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-03-05] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-03-05] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 80.85.224.2 80.85.224.50 Tcpip\..\Interfaces\{1636417C-CF79-4023-8136-E13AB7B99A34}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{297022E4-886B-4A5D-AF3C-7D358567DD39}: [NameServer] 80.85.224.50,80.85.224.2 Tcpip\..\Interfaces\{87C5014C-BAD0-4BD3-A82B-6652863ED135}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{AACE149E-E429-4E54-9F02-A7F574544600}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{B81607B3-9964-4169-B3D8-84CB6744CE00}: [NameServer] 80.85.224.2,80.85.224.50 Tcpip\..\Interfaces\{B81607B3-9964-4169-B3D8-84CB6744CE00}: [DhcpNameServer] 80.85.224.2 80.85.224.50 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2462989680-654496683-3945165627-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope - brak wartości SearchScopes: HKLM -> {F425B2DA-DE88-46C5-9F9D-225DB46EA40D} URL = hxxp://www.google.pl/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) FireFox: ======== FF ProfilePath: [General] AutoLogin=1 Default=Marek [Identities] Marek=C:\Users\marek\AppData\Roaming\Draco Organizer\Profiles\Marek\ [nie znaleziono] <==== UWAGA FF ProfilePath: C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default [2017-10-08] FF user.js: detected! => C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\user.js [2014-12-19] FF Homepage: Mozilla\Firefox\Profiles\0o33pgq9.default -> about:blank FF NetworkProxy: Mozilla\Firefox\Profiles\0o33pgq9.default -> autoconfig_url", "hxxp://proxy.zetosa.pl/proxy.pac" FF NetworkProxy: Mozilla\Firefox\Profiles\0o33pgq9.default -> type", 0 FF Extension: (iReader) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\ireader@samabox.com.xpi [2016-04-28] FF Extension: (Eliminator Slajdów) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\jid0-GaZOxvWNYcafEsmayJDIG3XXVi8@jetpack.xpi [2015-09-18] FF Extension: (Launchy) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\launchy@gemal.dk.xpi [2016-04-28] FF Extension: (Nimbus Screen Capture) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2017-09-08] FF Extension: (Print Edit) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\printedit@DW-dev.xpi [2017-08-19] FF Extension: (S3.Google Translator) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\s3google@translator.xpi [2017-09-05] FF Extension: (Wprowadź swoje hasło) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\stefanvandamme@stefanvd.net.xpi [2017-01-11] FF Extension: (Screengrab (fix version)) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2017-09-17] FF Extension: (FxIF) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2015-07-29] FF Extension: (Image Zoom) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2016-04-28] FF Extension: (Nuke Anything) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2017-10-08] FF Extension: (Flashblock) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-02] FF Extension: (FEBE) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-11-13] FF Extension: (NoScript) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-10-01] FF Extension: (FireFTP) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2017-01-30] FF Extension: (Adblock Plus) - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08] FF SearchPlugin: C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\searchplugins\alltheinternet.xml [2009-07-04] FF SearchPlugin: C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\searchplugins\slownik-kopalinskiego.xml [2009-07-04] FF SearchPlugin: C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\0o33pgq9.default\searchplugins\youtube.xml [2009-07-04] FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-19] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-01] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-19] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2009-07-31] (LizardTech) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default [2017-10-08] CHR Extension: (Dokumenty Google) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Dysk Google) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (Turn Off the Lights) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-09-18] CHR Extension: (YouTube) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Adblock Plus) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27] CHR Extension: (uBlock Origin) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-09-06] CHR Extension: (Google Search) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Search by Image (by Google)) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-21] CHR Extension: (Disable HTML5 Autoplay) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2016-07-27] CHR Extension: (Kalendarz Google) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-07] CHR Extension: (Eliminator Slajdów) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eplekpmdodlgejgogbojajncdlapamff [2017-02-20] CHR Extension: (Full Page Screen Capture) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-09-02] CHR Extension: (Kaspersky Protection) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-05-28] CHR Extension: (Dokumenty Google offline) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Imagus) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2017-09-25] CHR Extension: (Image Properties Context Menu) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon [2014-01-19] CHR Extension: (The Great Suspender) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-06-08] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-11] CHR Extension: (Flashcontrol) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-06-27] CHR Extension: (EXIF Viewer) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbhfeiddhndihdjeganjggkmjapkffm [2016-10-19] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23] CHR Extension: (AutoZoom) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdkpkoaonnchdakgkmmcmnihhhgbjch [2014-01-19] CHR Extension: (Gmail) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR Extension: (iReader) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc [2014-01-19] CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKU\S-1-5-21-2462989680-654496683-3945165627-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-12] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] S2 AVP17.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [Brak podpisu cyfrowego] R2 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego] S3 KSDE1.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes) S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [Brak podpisu cyfrowego] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [124368 2010-08-27] (Toshiba Europe GmbH) R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [Brak podpisu cyfrowego] R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [Brak podpisu cyfrowego] R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) S3 wifimansvc; C:\Program Files\Mobile Partner\eap\wifimansvc.exe [598528 2011-10-24] () [Brak podpisu cyfrowego] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [170840 2016-06-10] (AO Kaspersky Lab) R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.) S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [29912 2013-09-30] (IObit) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [57264 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [71504 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [69000 2016-05-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [155328 2017-07-19] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [129496 2017-07-19] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [807104 2017-07-19] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49744 2017-03-29] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [46000 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41392 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48056 2016-06-07] (The OpenVPN Project) R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [82352 2016-05-17] (AO Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [71088 2016-05-17] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [165336 2017-07-19] (AO Kaspersky Lab) R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2012-05-11] (MBB Incorporated) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221632 2017-10-08] (Malwarebytes) S3 NPF; C:\Windows\System32\drivers\NPF.sys [35088 2011-09-26] (CACE Technologies, Inc.) S3 pmxscan; C:\Windows\System32\DRIVERS\usbscan.sys [35328 2013-07-03] (Microsoft Corporation) R2 ppsio2; C:\Windows\system32\Drivers\ppsio2.sys [22400 1999-04-02] () R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA) S3 SR9USB; C:\Windows\System32\DRIVERS\sr9usb.sys [12672 2009-03-13] (SUPERAL Semiconductor, Inc.) [Brak podpisu cyfrowego] R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [134144 2012-05-11] (ZTE Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249472 2012-04-20] (Huawei Technologies Co., Ltd.) S3 igfx; system32\DRIVERS\igdkmd32.sys [X] S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-10-08 17:30 - 2017-10-08 17:30 - 000073412 _____ C:\Users\marek\Downloads\Shortcut.txt 2017-10-08 17:28 - 2017-10-08 17:30 - 000046795 _____ C:\Users\marek\Downloads\Addition.txt 2017-10-08 17:24 - 2017-10-08 17:31 - 000025718 _____ C:\Users\marek\Downloads\FRST.txt 2017-10-08 17:16 - 2017-10-08 17:30 - 000000000 ____D C:\FRST 2017-10-08 16:49 - 2017-10-08 16:49 - 001796608 _____ (Farbar) C:\Users\marek\Downloads\FRST.exe 2017-10-08 15:52 - 2017-10-08 15:53 - 038186040 _____ (Panda Security ) C:\Users\marek\Downloads\PandaCloudCleaner.exe 2017-10-04 23:15 - 2017-10-04 23:15 - 002574344 _____ C:\Users\marek\Downloads\D20040535Lj (3).pdf 2017-10-03 10:46 - 2017-10-03 10:46 - 000187248 _____ C:\Users\marek\Downloads\FAKTURA 3 09 2017.gofin.pdf 2017-10-03 09:56 - 2017-10-03 09:56 - 000063138 _____ C:\Users\marek\Downloads\a5f320da-dbf0-42de-9e68-7ac66ec986c1.pdf 2017-10-03 09:56 - 2017-10-03 09:56 - 000062847 _____ C:\Users\marek\Downloads\106a09f3-c756-4dd5-be6a-c923ce5bbc3a.pdf 2017-10-03 09:56 - 2017-10-03 09:56 - 000062374 _____ C:\Users\marek\Downloads\d1e073a6-0ca0-4e56-91a6-fbed0227c8bc.pdf 2017-09-26 11:59 - 2017-09-26 11:59 - 000031174 _____ C:\Users\marek\Downloads\faktura_1_9_2017.pdf 2017-09-26 11:54 - 2017-09-26 11:54 - 000030914 _____ C:\Users\marek\Downloads\faktura_1_4_2017.pdf 2017-09-18 22:04 - 2017-10-08 15:25 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-09-18 22:04 - 2017-10-08 15:24 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-09-18 22:04 - 2017-09-18 22:06 - 000065312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-09-18 22:03 - 2017-10-08 16:36 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-18 22:03 - 2017-09-18 22:03 - 000001820 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-18 22:03 - 2017-09-18 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-18 22:02 - 2017-09-18 22:02 - 000000000 ____D C:\ProgramData\MB2Migration 2017-09-18 22:02 - 2017-09-18 22:02 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-18 22:02 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys 2017-09-11 12:37 - 2017-09-11 12:37 - 023070480 _____ C:\Users\marek\Downloads\drive-download-20170911T103632Z-001.zip 2017-09-09 17:00 - 2017-09-09 17:00 - 000000938 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk 2017-09-09 17:00 - 2017-09-09 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker 2017-09-09 17:00 - 2017-09-09 17:00 - 000000000 ____D C:\ProgramData\IObit 2017-09-09 17:00 - 2017-09-09 17:00 - 000000000 ____D C:\Program Files\IObit ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-10-08 17:06 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf 2017-10-08 16:58 - 2010-05-17 21:00 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-10-08 16:33 - 2006-11-02 15:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-08 16:33 - 2006-11-02 14:47 - 000003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2017-10-08 16:33 - 2006-11-02 14:47 - 000003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2017-10-08 16:31 - 2006-11-02 15:01 - 000032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-10-08 16:06 - 2010-10-28 21:42 - 000000769 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-10-08 15:23 - 2016-11-19 13:07 - 000000000 ____D C:\Users\marek\AppData\LocalLow\Mozilla 2017-10-08 14:40 - 2016-12-04 14:18 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2017-10-08 14:40 - 2012-04-26 07:55 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-10-07 19:28 - 2006-12-05 07:22 - 000714932 _____ C:\Windows\system32\perfh015.dat 2017-10-07 19:28 - 2006-12-05 07:22 - 000151772 _____ C:\Windows\system32\perfc015.dat 2017-10-07 19:28 - 2006-11-02 12:33 - 001616158 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-30 14:07 - 2016-11-19 12:08 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-09-21 22:09 - 2009-01-05 23:37 - 000000000 ____D C:\Program Files\CCleaner 2017-09-21 21:06 - 2012-07-14 22:48 - 000000000 ____D C:\Users\marek\AppData\Roaming\vlc 2017-09-18 22:02 - 2014-05-13 16:10 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2017-09-18 22:02 - 2011-10-22 20:16 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-15 19:32 - 2017-03-17 08:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2017-09-15 09:55 - 2016-12-10 10:47 - 000000987 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2017-09-15 09:55 - 2016-12-10 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2017-09-12 20:04 - 2012-03-29 07:20 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-09-12 20:04 - 2011-05-13 23:12 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-09-12 20:04 - 2008-03-05 13:44 - 000000000 ____D C:\Windows\system32\Macromed ==================== Pliki w katalogu głównym wybranych folderów ======= 2008-07-16 14:42 - 2017-07-08 17:22 - 000158208 _____ () C:\Users\marek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-02-04 17:51 - 2017-02-04 17:51 - 000002550 _____ () C:\Users\marek\AppData\Local\recently-used.xbel 2012-12-26 13:22 - 2012-12-26 13:22 - 000017408 _____ () C:\Users\marek\AppData\Local\WebpageIcons.db 2014-01-16 23:08 - 2014-01-16 23:24 - 000000791 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-10-08 17:26 ==================== Koniec FRST.txt ============================