Hej, dziękuje za wszystkie odpowiedzi! postępowałem zgodnie z instrukcja Użyłem USBFix, nastepnie AdwCleaner który znalazł aż 76 zagrożeń! Malwarebytes znalazł kolejne 15 zagrożeń które usunąłem, a launch już nic nie znalazł. W załączniku wrzucam logi z FRST. Mam nadzieje że zrobiłem wszystko dobrze.
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 29.12.2018
Uruchomiony przez JA (administrator) JA-KOMPUTER (31-12-2018 16:17:31)
Uruchomiony z D:\Pobieranie\skrit usb
Załadowane profile: JA (Dostępne profile: JA & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate (X86) Język: Polski (Polska)
Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesy (filtrowane) =================
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\ANIWConnService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(Malwarebytes) D:\Pobieranie\skrit usb\adwcleaner_7.2.5.0.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(D-Link Corp.) C:\Program Files\D-Link\DWL-G122_DWA-110\AirGCFG.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
==================== Rejestr (filtrowane) ===========================
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
HKLM\...\Run: [hpqSRMon] = & gt; C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [Monitor] = & gt; C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [HP Software Update] = & gt; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [ANIWZCS2Service] = & gt; C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-08-21] (Wireless Service)
HKLM\...\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] = & gt; C:\Program Files\D-Link\DWL-G122_DWA-110\AirGCFG.exe [1708032 2009-09-18] (D-Link Corp.)
HKLM\...\Run: [] = & gt; [X]
HKLM\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [Windows Mobile Device Center] = & gt; C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [egui] = & gt; " C:\Program Files\ESET\ESET Security\ecmdS.exe " /launch /hide
HKLM\...\Run: [AvastUI.exe] = & gt; C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2008-01-01] (AVAST Software)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE - & gt;
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE - & gt;
HKU\S-1-5-21-120614789-2538769696-247605605-1001\...\Run: [RocketDock] = & gt; C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-120614789-2538769696-247605605-1001\...\Run: [IDMan] = & gt; C:\Program Files\Internet Download Manager\IDMan.exe [4014136 2017-08-06] (Tonec Inc.)
HKU\S-1-5-21-120614789-2538769696-247605605-1001\...\Run: [AvastBrowserAutoLaunch_90C0B5C2EE49B1CF2B6DD0215DA6D7AD] = & gt; C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1819312 2018-11-16] (AVAST Software)
HKU\S-1-5-21-120614789-2538769696-247605605-1001\...\Run: [CCleaner Smart Cleaning] = & gt; C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-15] (Piriform Ltd)
HKU\S-1-5-21-120614789-2538769696-247605605-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\msefjxflh.exe & lt; ==== UWAGA
HKU\S-1-5-21-120614789-2538769696-247605605-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2613248 2009-07-14] (Microsoft Corporation) & lt; ==== UWAGA
HKU\S-1-5-21-120614789-2538769696-247605605-1001\Control Panel\Desktop\\SCRNSAVE.EXE - & gt;
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE - & gt;
HKLM\...\Drivers32: [MSVideo8] = & gt; C:\Windows\system32\VfWWDM32.dll [56832 2009-07-14] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [ & gt; {60B49E34-C7CC-11D0-8953-00A0C90347FF}] - & gt; C:\Windows\System32\iedkcs32.dll [2009-07-14] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] - & gt; C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-14] (Google Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] - & gt; C:\Program Files\AVAST Software\Browser\Application\70.0.917.103\Installer\chrmstp.exe [2018-11-24] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2010-10-01]
ShortcutTarget: Adobe Reader Speed Launch.lnk - & gt; C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk [2010-10-01]
ShortcutTarget: Adobe Reader Synchronizer.lnk - & gt; C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
==================== Internet (filtrowane) ====================
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0359489D-CF72-46C5-B09D-9078940E0459}: [DhcpNameServer] 217.23.12.222 217.23.12.222
Tcpip\..\Interfaces\{A3D3C24C-437A-40DB-A190-CEFB3F6757B6}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fr.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & pver=6 & ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
HKU\S-1-5-21-120614789-2538769696-247605605-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web-pl.com/
HKU\S-1-5-21-120614789-2538769696-247605605-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
URLSearchHook: HKLM - (Brak nazwy) - {d1fce654-5fd1-48ad-b13c-5064736120b7} - Brak pliku
SearchScopes: HKLM - & gt; DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-120614789-2538769696-247605605-1001 - & gt; DefaultScope {B37517F9-FA6D-4D8F-998F-69F015CB3B16} URL = hxxp://www.web-pl.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-120614789-2538769696-247605605-1001 - & gt; {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-120614789-2538769696-247605605-1001 - & gt; {B37517F9-FA6D-4D8F-998F-69F015CB3B16} URL = hxxp://www.web-pl.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-120614789-2538769696-247605605-1001 - & gt; {D8C2EF53-6C67-421B-8279-6277DA6DA7E0} URL =
BHO: IDM integration (IDMIEHlprObj Class) - & gt; {0055C089-8582-441B-A0BF-17B458C2A3A8} - & gt; C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-07-12] (Internet Download Manager, Tonec Inc.)
BHO: HP Print Enhancer - & gt; {0347C33E-8762-4905-BF09-768834316C61} - & gt; C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper - & gt; {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - & gt; C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Skype for Business Browser Helper - & gt; {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - & gt; C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - & gt; {9030D464-4C02-4ABF-8ECC-5164760863C6} - & gt; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - & gt; {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - & gt; C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Brak nazwy - & gt; {d1fce654-5fd1-48ad-b13c-5064736120b7} - & gt; Brak pliku
BHO: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-20] (Oracle Corporation)
BHO: HP Smart BHO Class - & gt; {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - & gt; C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Brak nazwy - {32099AAC-C132-4136-9E9A-4E364A424E17} - Brak pliku
Toolbar: HKLM - Brak nazwy - {d1fce654-5fd1-48ad-b13c-5064736120b7} - Brak pliku
Toolbar: HKU\S-1-5-21-120614789-2538769696-247605605-1001 - & gt; Brak nazwy - {D1FCE654-5FD1-48AD-B13C-5064736120B7} - Brak pliku
DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///D:/,agix%20kur/components/hidinputmonitorx.ocx
DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/JA/Desktop/components/A9.ocx
DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/JA/Desktop/components/wmvhdrating.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Brak pliku
FireFox:
========
FF ProfilePath: C:\Users\JA\AppData\Roaming\TomTom\HOME\Profiles\z6c2qmz1.default [2016-02-06]
FF Extension: (Brak nazwy) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [nie znaleziono]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-09] [Przestarzałe] [Brak podpisu cyfrowego]
FF HKU\S-1-5-21-120614789-2538769696-247605605-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-120614789-2538769696-247605605-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\JA\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\JA\AppData\Roaming\IDM\idmmzcc5 [2017-11-16] [Przestarzałe] [Brak podpisu cyfrowego]
FF HKU\S-1-5-21-120614789-2538769696-247605605-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Przestarzałe]
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-07] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 - & gt; C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 - & gt; C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-20] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 - & gt; C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-13] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - & gt; C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - & gt; C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 - & gt; C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-120614789-2538769696-247605605-1001: @unity3d.com/UnityPlayer,version=1.0 - & gt; C:\Users\JA\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default - & gt; hxxp://www.web-pl.com/
CHR Profile: C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default [2018-12-31]
CHR Extension: (Adblock Plus) - C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-05]
CHR Extension: (Avast SafePrice | Porównania, promocje, kupony) - C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-12-21]
CHR Extension: (Avast Online Security) - C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-30]
CHR Extension: (IDM Integration Module) - C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-12-21]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-16]
CHR Profile: C:\Users\JA\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-05-10]
CHR Profile: C:\Users\JA\AppData\Local\Google\Chrome\User Data\System Profile [2017-05-10]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx & lt; nie znaleziono & gt;
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-08-05]
==================== Usługi (filtrowane) ====================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R2 ANIWConnService; C:\Windows\system32\ANIWConnService.exe [151552 2009-07-07] () [Brak podpisu cyfrowego]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 2008-01-01] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-10] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2008-01-01] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-10] (AVAST Software)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Brak podpisu cyfrowego]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Brak podpisu cyfrowego]
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Brak podpisu cyfrowego]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Brak podpisu cyfrowego]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 NOD32FiXTemDono; C:\Windows\system32\regedt32.exe /s C:\Windows\nod32fixtemdono.reg
===================== Sterowniki (filtrowane) ======================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167480 2008-01-01] (AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188976 2008-01-01] (AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165384 2008-01-01] (AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284256 2008-01-01] (AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57904 2008-01-01] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183176 2018-11-27] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42736 2008-01-01] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2008-01-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135200 2008-01-01] (AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100984 2008-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2008-01-01] (AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784560 2008-01-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [397992 2008-01-01] (AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [156936 2008-01-01] (AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310200 2008-01-01] (AVAST Software)
S3 DxVGrb; C:\Windows\System32\drivers\DxVGrb.sys [179200 2012-06-22] (Dexetek )
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
S3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [750592 2009-08-05] (Ralink Technology Corp.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [Brak podpisu cyfrowego]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-06] ()
U3 ar94m1pi; C:\Windows\system32\Drivers\ar94m1pi.sys [0 ] (Microsoft Corporation) & lt; ==== UWAGA (zerobajtowy plik/folder)
U3 aswbdisk; Brak ImagePath
S3 PAC207; system32\DRIVERS\PFC027.SYS [X]
==================== NetSvcs (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
==================== Jeden miesiąc - utworzone pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2018-12-31 16:17 - 2018-12-31 16:17 - 000000000 ____D C:\FRST
2018-12-31 16:11 - 2018-12-31 16:11 - 000005254 _____ C:\Users\JA\Desktop\UsbFix-Report-05.txt
2018-12-31 16:11 - 2018-12-31 16:11 - 000005251 _____ C:\Users\JA\Desktop\UsbFix_Report.txt
2018-12-31 16:09 - 2018-12-31 16:12 - 000000000 ____D C:\AdwCleaner
2018-12-18 20:49 - 2018-12-31 16:10 - 000001793 _____ C:\Users\JA\Desktop\UsbFix Anti-Malware.lnk
2018-12-17 18:57 - 2018-12-18 20:48 - 000000000 ____D C:\Program Files\UsbFix
2018-12-17 18:52 - 2018-12-27 13:36 - 000000000 ____D C:\Users\JA\AppData\Roaming\Opera Software
2018-12-17 18:52 - 2018-12-27 13:36 - 000000000 ____D C:\Users\JA\AppData\Local\Opera Software
2018-12-17 18:50 - 2018-12-17 18:50 - 004576584 _____ (SOSVirus) C:\Users\JA\Downloads\usbfix.exe
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2018-12-31 16:14 - 2010-10-01 10:52 - 000000000 ____D C:\ProgramData\NVIDIA
2018-12-31 16:14 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-31 16:10 - 2009-07-14 05:34 - 000016944 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-31 16:10 - 2009-07-14 05:34 - 000016944 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-28 16:12 - 2017-11-16 18:24 - 000000000 ____D C:\Users\JA\AppData\Roaming\DMCache
2018-12-28 16:08 - 2011-12-14 18:44 - 000000000 ____D C:\Users\JA\AppData\Local\PokerStars.EU
2018-12-28 15:37 - 2010-10-01 10:27 - 000006340 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-28 15:37 - 2009-07-14 09:07 - 037280726 _____ C:\Windows\system32\perfh015.dat
2018-12-28 15:37 - 2009-07-14 09:07 - 012797878 _____ C:\Windows\system32\perfc015.dat
2018-12-27 13:37 - 2013-08-14 18:09 - 000000000 ____D C:\Program Files\PokerStars.EU
2018-12-25 11:23 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-12-25 11:15 - 2010-10-01 20:28 - 000000000 ____D C:\Users\JA\AppData\Roaming\vlc
2018-12-18 20:55 - 2017-11-16 18:24 - 000000000 ____D C:\Users\JA\AppData\Roaming\IDM
2018-12-14 20:16 - 2017-02-14 17:40 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-12 10:38 - 2013-07-04 21:47 - 000000000 ____D C:\Program Files\CCleaner
2018-12-07 19:01 - 2012-05-20 15:08 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-12-07 19:01 - 2011-06-06 20:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-12-07 19:01 - 2010-10-01 10:41 - 000000000 ____D C:\Windows\system32\Macromed
==================== Pliki w katalogu głównym wybranych folderów =======
2009-07-14 00:31 - 2009-07-14 02:14 - 098562048 ___SH () C:\ProgramData\mscnqtjno.exe
2009-07-14 00:31 - 2009-07-14 02:14 - 080728064 ___SH () C:\ProgramData\msefjxflh.exe
2012-06-09 11:42 - 2013-02-18 20:20 - 000000253 _____ () C:\Users\JA\AppData\Roaming\ANICONFIG_{0359489D-CF72-46C5-B09D-9078940E0459}.ini
2012-06-09 11:48 - 2013-04-05 12:52 - 000003284 _____ () C:\Users\JA\AppData\Roaming\ANIWZCS{0359489D-CF72-46C5-B09D-9078940E0459}
2013-06-16 22:53 - 2013-06-19 15:19 - 000000004 _____ () C:\Users\JA\AppData\Roaming\skype.ini
2010-10-01 10:55 - 2011-12-29 11:59 - 000005632 _____ () C:\Users\JA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-16 17:06 - 2016-01-16 17:06 - 000000017 _____ () C:\Users\JA\AppData\Local\resmon.resmoncfg
2007-12-31 23:01 - 2007-12-31 23:02 - 000000000 _____ () C:\Users\JA\AppData\Local\{C4395F09-900E-4AE4-AB65-4ED64F5994BC}
2014-05-26 20:28 - 2014-05-26 20:28 - 000000000 _____ () C:\Users\JA\AppData\Local\{D24238E7-513C-4120-8001-57FBE2A94D24}
Pliki do przeniesienia lub usunięcia:
====================
C:\Users\JA\AppData\Roaming\skype.ini
Niektóre pliki w TEMP:
====================
2018-12-18 20:49 - 2009-07-14 02:15 - 000805376 _____ (Microsoft Corporation) C:\Users\JA\AppData\Local\Temp\cdo2408262722.dll
==================== Bamital & volsnap ======================
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo
LastRegBack: 2018-12-15 14:54
==================== Koniec FRST.txt ============================