FRST.txt

Wirus zamyka Opere/ Chrome po wejsciu w ustawienia.

jezeli dobrze rozumie to wkleic to do notatnika zapisaj jako fixlist i kliknac napraw w FRST? zrobilem tak i nic sie nie zmienilo :( Tzn wczoraj skasowalem calkowicie opere lacznie z danymi osobistymi wykasowalem wszystkie pliki opery itd i gdy zainstalowalem na nowo Opere problem reklam nie wystepuje ale dalej jak wchodze w ustawienia to mi zawiesza Opere i wychodzi . To samo mam z chrome? jakies sugestie dlaczego tak sie dzieje? i moze banalne ale czy jest opcja odzyskania zakaldek i ustawien jezeli nigdzie tego nie exportowalem/zapisywalem? dziekuje za skrypt aczkolwiek problem dalej wystepuje?


Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:05-03-2016 01
Uruchomiony przez Ginterlen (administrator) DOM (17-03-2016 19:41:37)
Uruchomiony z E:\Users\Ginterlen\Downloads
Załadowane profile: Ginterlen & postgres (Dostępne profile: Ginterlen & postgres)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Opera)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(NVIDIA Corporation) E:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) E:\Windows\System32\nvvsvc.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
() E:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) E:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) E:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(TomTom) E:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Microsoft Corporation) E:\Windows\System32\rundll32.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Opera Software) E:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\36.0.2130.32\opera_crashreporter.exe
(Opera Software) E:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM-x32\...\Run: [AvastUI.exe] = & gt; E:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-05] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] = & gt; E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-976690834-3152803871-2063075832-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-976690834-3152803871-2063075832-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-976690834-3152803871-2063075832-1000\Control Panel\Desktop\\SCRNSAVE.EXE - & gt; E:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; E:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-05] (AVAST Software)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{F07F050C-2380-41C8-9BBC-172312273B04}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006 & q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-976690834-3152803871-2063075832-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006 & q={searchTerms}
HKU\S-1-5-21-976690834-3152803871-2063075832-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - & gt; DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006 & q={searchTerms}
SearchScopes: HKLM-x32 - & gt; {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006 & q={searchTerms}
SearchScopes: HKU\S-1-5-21-976690834-3152803871-2063075832-1000 - & gt; OldSearch URL = hxxps://www.google.com/search?trackid=sp-006 & q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; E:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-03-15] (Oracle Corporation)
BHO: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; E:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-05] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; E:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-03-15] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - & gt; {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - & gt; E:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-05] (AVAST Software)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - & gt; E:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
FF Plugin: @java.com/DTPlugin,version=11.74.2 - & gt; E:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-03-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 - & gt; E:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-03-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - & gt; E:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
FF Plugin-x32: @canon.com/EPPEX - & gt; E:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - & gt; E:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - & gt; E:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; E:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - & gt; E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - & gt; E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - & gt; E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku]
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; E:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; E:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-16] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; E:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-976690834-3152803871-2063075832-1000: @Skype Limited.com/Facebook Video Calling Plugin - & gt; E:\Users\Ginterlen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-976690834-3152803871-2063075832-1000: @unity3d.com/UnityPlayer,version=1.0 - & gt; E:\Users\Ginterlen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-03] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-05]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - E:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - E:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-05]

Chrome:
=======
CHR Profile: E:\Users\Ginterlen\AppData\Local\Google\Chrome\User Data\DEFAULT
CHR Extension: (Avast Online Security) - E:\Users\Ginterlen\AppData\Local\Google\Chrome\User Data\DEFAULT\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-05]

Opera:
=======
StartMenuInternet: (HKLM) Opera - E:\Program Files\Opera x64\Opera.exe

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-05] (AVAST Software)
S4 AVG Anti-Spyware Guard; E:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880 2007-05-30] (GRISOFT s.r.o.)
R2 GfExperienceService; E:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S4 IJPLMSVC; E:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 MBAMService; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; E:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [Brak podpisu cyfrowego]
S3 sppuinotify; E:\Windows\system32\sppuinotify.dll [65536 2014-02-16] (Microsoft Corporation) [Brak podpisu cyfrowego]
R2 WinDefend; E:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
U4 AvastVBoxSvc; " E:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe " [X]

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R0 AsrRamDisk; E:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R2 aswHwid; E:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-05] (AVAST Software)
R2 aswMonFlt; E:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-05] (AVAST Software)
R1 aswRdr; E:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-05] (AVAST Software)
R0 aswRvrt; E:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-05] (AVAST Software)
R1 aswSnx; E:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-03] (AVAST Software)
R1 aswSP; E:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; E:\Windows\system32\drivers\aswStm.sys [155304 2016-01-05] (AVAST Software)
R0 aswVmm; E:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-05] (AVAST Software)
R1 AVG Anti-Spyware Driver; E:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys [12024 2007-05-30] ()
R1 AvgAsC64; E:\Windows\System32\DRIVERS\AvgAsC64.sys [14072 2007-05-30] (GRISOFT, s.r.o.)
S3 BtHidBus; E:\Windows\System32\Drivers\BtHidBus.sys [22568 2014-08-12] (IVT Corporation.)
S3 ebdrv; E:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FNETTBOH_305; E:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-11-12] (FNet Co., Ltd.)
R1 FNETURPX; E:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-11-11] (FNet Co., Ltd.)
S3 IvtAudioBusSrv; E:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; E:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
S3 kinonivd; E:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows (R) Win 7 DDK provider)
S3 KINONI_Wave; E:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; E:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; E:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; E:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
S3 RivaTuner64; E:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2015-04-14] ()
R0 sptd; E:\Windows\System32\Drivers\sptd.sys [834544 2012-11-25] () [Brak podpisu cyfrowego]
U3 anw6s21u; E:\Windows\System32\Drivers\anw6s21u.sys [0 ] (Microsoft Corporation) & lt; ==== UWAGA (zerobajtowy plik/folder)
R3 AxtuDrv; \??\E:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
U4 VBoxAswDrv; \??\E:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-03-17 19:25 - 2016-03-17 19:26 - 00012506 _____ E:\Users\Ginterlen\Downloads\Fixlog.txt
2016-03-17 19:24 - 2016-03-17 19:24 - 00000000 _____ E:\Users\Ginterlen\Desktop\Nowy dokument tekstowy (3).txt
2016-03-16 22:51 - 2016-03-16 23:53 - 00000000 ____D E:\Users\Ginterlen\Downloads\Wirus zamyka Opere_ Chrome po wejsciu w ustawienia. - elektroda.pl_files
2016-03-16 22:51 - 2016-03-16 22:51 - 00040233 _____ E:\Users\Ginterlen\Downloads\Wirus zamyka Opere_ Chrome po wejsciu w ustawienia. - elektroda.pl.html
2016-03-16 22:47 - 2016-03-16 22:47 - 00058867 _____ E:\Users\Ginterlen\Downloads\Addition (1).txt
2016-03-16 22:47 - 2016-03-16 22:47 - 00031055 _____ E:\Users\Ginterlen\Downloads\FRST (1).txt
2016-03-16 22:32 - 2016-03-17 19:41 - 00015430 _____ E:\Users\Ginterlen\Downloads\FRST.txt
2016-03-16 22:32 - 2016-03-17 19:41 - 00000000 ____D E:\FRST
2016-03-16 22:32 - 2016-03-16 22:33 - 00058867 _____ E:\Users\Ginterlen\Downloads\Addition.txt
2016-03-16 22:31 - 2016-03-16 22:31 - 02374144 _____ (Farbar) E:\Users\Ginterlen\Downloads\FRST64.exe
2016-03-16 22:05 - 2016-03-16 23:53 - 00000000 ____D E:\Program Files (x86)\Opera
2016-03-16 22:05 - 2016-03-16 22:05 - 00001139 _____ E:\Users\Public\Desktop\Opera.lnk
2016-03-16 22:05 - 2016-03-16 22:05 - 00001139 _____ E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-03-16 22:05 - 2016-03-16 22:05 - 00000000 ____D E:\Users\Ginterlen\AppData\Roaming\Opera Software
2016-03-16 21:27 - 2016-03-16 21:27 - 00724912 _____ (Opera Software) E:\Users\Ginterlen\Downloads\OperaSetup.exe
2016-03-16 21:24 - 2016-03-17 19:30 - 00001054 _____ E:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-16 21:24 - 2016-03-17 19:28 - 00001050 _____ E:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-16 21:24 - 2016-03-16 21:24 - 00004050 _____ E:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-16 21:24 - 2016-03-16 21:24 - 00003798 _____ E:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-16 21:24 - 2016-03-16 21:24 - 00002277 _____ E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-16 21:24 - 2016-03-16 21:24 - 00002265 _____ E:\Users\Public\Desktop\Google Chrome.lnk
2016-03-16 21:23 - 2016-03-16 21:23 - 00987728 _____ (Google Inc.) E:\Users\Ginterlen\Downloads\ChromeSetup.exe
2016-03-16 21:05 - 2016-03-16 21:05 - 01553643 _____ E:\Users\Ginterlen\Desktop\Clean2PristineBC 21829.pdf
2016-03-16 19:02 - 2016-03-16 19:02 - 15560960 _____ (CURIOLAB S.M.B.A.) E:\Users\Ginterlen\Downloads\ExterminateItSetup.exe
2016-03-16 18:56 - 2016-03-16 18:56 - 136636176 _____ (Microsoft Corporation) E:\Users\Ginterlen\Downloads\msert.exe
2016-03-16 18:31 - 2016-03-16 18:31 - 01142472 _____ (Visicom Media Inc.) E:\Users\Ginterlen\Downloads\toolbarcleaner_setup.exe
2016-03-15 15:33 - 2016-03-15 15:33 - 01527296 _____ E:\Users\Ginterlen\Downloads\adwcleaner_5.102.exe
2016-03-15 14:07 - 2016-03-15 14:07 - 37696232 _____ (Opera Software) E:\Users\Ginterlen\Downloads\Opera_36.0.2130.32_Setup.exe
2016-03-11 00:22 - 2016-03-16 14:31 - 00000000 ____D E:\Users\Ginterlen\AppData\Roaming\FreeHideIP
2016-03-11 00:22 - 2016-03-11 00:22 - 02351221 _____ E:\Users\Ginterlen\Downloads\FreeHideIP-4.1.0.8.Setup.exe
2016-03-11 00:22 - 2016-03-11 00:22 - 00000000 ____D E:\ProgramData\FreeHideIP
2016-03-09 14:31 - 2016-03-09 14:31 - 00000000 ____D E:\Users\Ginterlen\AppData\Local\BlueStacks
2016-03-08 18:46 - 2016-03-16 14:31 - 00000000 ____D E:\Program Files (x86)\NortonInstaller
2016-02-27 21:53 - 2016-02-27 21:53 - 00000000 ____D E:\Users\Ginterlen\Documents\League of Legends
2016-02-25 18:47 - 2016-02-25 18:47 - 00000000 ____D E:\Users\Ginterlen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\partypoker
2016-02-17 16:31 - 2016-02-17 16:44 - 00005504 _____ E:\Users\Ginterlen\raw32.lc
2016-02-17 16:13 - 2016-02-17 16:13 - 00000000 ____D E:\Users\Public\Documents\Polpress
2016-02-17 16:13 - 2016-02-17 16:13 - 00000000 ____D E:\Program Files (x86)\Polpress
2016-02-17 16:13 - 2016-02-17 16:13 - 00000000 ____D E:\Program Files (x86)\Firebird
2016-02-17 16:13 - 2012-02-21 12:45 - 00417792 _____ (FirebirdSQL Project) E:\Windows\SysWOW64\GDS32.DLL
2016-02-17 16:13 - 2003-03-18 20:14 - 00499712 _____ (Microsoft Corporation) E:\Windows\SysWOW64\msvcp71.dll
2016-02-17 16:13 - 2003-02-21 04:42 - 00348160 _____ (Microsoft Corporation) E:\Windows\SysWOW64\msvcr71.dll
2016-02-17 16:12 - 2016-02-17 17:56 - 00000000 ____D E:\Users\Ginterlen\AppData\Roaming\PrimeGaming
2016-02-17 16:12 - 2016-02-17 16:12 - 14007504 _____ (Polpress ) E:\Users\Ginterlen\Downloads\rachunki_setup.exe
2016-02-17 16:12 - 2016-02-17 16:12 - 00000000 ____D E:\Users\Ginterlen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrimeGaming

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-03-17 19:32 - 2015-12-12 11:23 - 00000930 _____ E:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-17 19:31 - 2012-11-25 04:19 - 00000000 ____D E:\Users\Ginterlen\AppData\Local\CrashDumps
2016-03-17 19:29 - 2015-11-25 11:03 - 00002958 _____ E:\Windows\System32\Tasks\AsrXTU
2016-03-17 19:29 - 2013-01-19 20:26 - 36953928 _____ E:\Windows\ntbtlog.txt
2016-03-17 19:28 - 2012-11-11 01:33 - 00000000 ____D E:\ProgramData\NVIDIA
2016-03-17 19:28 - 2009-07-14 05:08 - 00000006 ____H E:\Windows\Tasks\SA.DAT
2016-03-17 19:26 - 2009-07-14 04:45 - 00016640 ____H E:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-17 19:26 - 2009-07-14 04:45 - 00016640 ____H E:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-17 19:20 - 2014-09-09 09:06 - 00000000 ____D E:\Users\Ginterlen\Documents\888poker
2016-03-16 23:53 - 2015-12-03 14:46 - 00000000 ____D E:\Windows\System32\Tasks\AVAST Software
2016-03-16 23:53 - 2015-07-28 15:36 - 00000000 ____D E:\Users\Ginterlen\AppData\Roaming\PacificPoker
2016-03-16 23:53 - 2014-12-28 05:45 - 00000000 ____D E:\Users\postgres.DOM.001
2016-03-16 23:53 - 2014-05-14 00:28 - 00000000 ____D E:\Users\Ginterlen\AppData\Roaming\HoldemManager
2016-03-16 23:53 - 2012-11-11 01:21 - 00000000 ____D E:\Users\Ginterlen
2016-03-16 23:53 - 2009-07-14 03:20 - 00000000 ____D E:\Windows\registration
2016-03-16 23:53 - 2009-07-14 03:20 - 00000000 ____D E:\Windows\inf
2016-03-16 23:14 - 2013-05-06 16:09 - 00000944 _____ E:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-976690834-3152803871-2063075832-1000UA.job
2016-03-16 22:05 - 2014-03-17 21:21 - 00000000 ____D E:\Users\Ginterlen\AppData\Local\Opera Software
2016-03-16 21:54 - 2013-02-15 16:17 - 00004182 _____ E:\Windows\System32\Tasks\avast! Emergency Update
2016-03-16 21:36 - 2012-11-11 01:22 - 00001385 _____ E:\Users\Ginterlen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-16 21:24 - 2014-03-16 15:32 - 00000000 ____D E:\Program Files (x86)\Google
2016-03-16 20:18 - 2015-11-30 22:20 - 00067336 _____ E:\Users\Ginterlen\Documents\Praca.xlsx
2016-03-16 19:17 - 2015-01-17 03:36 - 00192216 _____ (Malwarebytes) E:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-16 17:14 - 2013-05-06 16:09 - 00000922 _____ E:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-976690834-3152803871-2063075832-1000Core.job
2016-03-16 17:12 - 2013-05-29 19:19 - 00000000 ____D E:\Program Files (x86)\Steam
2016-03-16 16:41 - 2015-10-25 14:37 - 00000266 __RSH E:\ProgramData\ntuser.pol
2016-03-16 15:13 - 2014-05-06 01:46 - 00205827 _____ E:\Users\Ginterlen\Documents\poker.xlsx
2016-03-16 14:31 - 2015-08-12 17:24 - 00000000 ____D E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-16 14:31 - 2014-04-29 01:26 - 00000000 ____D E:\Users\Ginterlen\AppData\Local\PokerStars.UK
2016-03-16 14:31 - 2013-04-21 09:45 - 00000000 ____D E:\Users\Ginterlen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-16 14:31 - 2013-04-21 09:45 - 00000000 ____D E:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-16 14:31 - 2013-04-21 09:45 - 00000000 ____D E:\Program Files\WinRAR
2016-03-16 14:31 - 2012-11-12 05:44 - 00000000 ____D E:\Windows\SysWOW64\Macromed
2016-03-16 14:31 - 2012-11-12 05:44 - 00000000 ____D E:\Windows\system32\Macromed
2016-03-16 14:31 - 2009-07-14 03:20 - 00000000 ____D E:\Windows\system32\NDF
2016-03-16 14:31 - 2009-07-14 03:20 - 00000000 ____D E:\Windows\AppCompat
2016-03-15 17:45 - 2013-01-13 12:08 - 00000000 ____D E:\Users\Ginterlen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
2016-03-15 17:45 - 2012-11-11 01:45 - 00000000 ____D E:\Program Files (x86)\Marvell
2016-03-15 15:36 - 2015-04-09 19:53 - 00000000 ____D E:\Users\Ginterlen\AppData\Local\Steam
2016-03-15 13:41 - 2010-11-21 07:16 - 00000000 ____D E:\Windows\ShellNew
2016-03-15 13:26 - 2015-12-15 07:25 - 00000000 ____D E:\Users\Ginterlen\.oracle_jre_usage
2016-03-15 13:25 - 2015-08-12 17:24 - 00110176 _____ (Oracle Corporation) E:\Windows\system32\WindowsAccessBridge-64.dll
2016-03-15 13:25 - 2013-01-04 07:41 - 00000000 ____D E:\Program Files\Java
2016-03-15 12:29 - 2012-03-30 01:54 - 00000000 ____D E:\Windows\Panther
2016-03-15 12:27 - 2015-01-17 03:36 - 00000000 ____D E:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-14 21:12 - 2012-12-25 10:54 - 00000000 ____D E:\ProgramData\CanonIJPLM
2016-03-14 20:57 - 2013-02-04 13:27 - 00018375 _____ E:\Users\Ginterlen\Documents\Finanse.xlsx
2016-03-14 19:16 - 2013-01-06 07:04 - 00000000 ____D E:\Users\Ginterlen\AppData\Local\ElevatedDiagnostics
2016-03-12 22:39 - 2015-12-10 20:49 - 00000992 _____ E:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-10 20:32 - 2015-12-12 11:23 - 00003868 _____ E:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-10 20:32 - 2015-12-10 20:49 - 00003984 _____ E:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-03-10 20:32 - 2012-11-12 05:44 - 00797376 _____ (Adobe Systems Incorporated) E:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-10 20:32 - 2012-11-12 05:44 - 00142528 _____ (Adobe Systems Incorporated) E:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 18:41 - 2015-11-01 10:45 - 00002441 _____ E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 14:31 - 2009-07-14 03:20 - 00000000 __RHD E:\Users\Public\Libraries
2016-03-09 10:48 - 2014-01-20 15:02 - 00000000 ____D E:\ProgramData\BlueStacksSetup
2016-03-03 00:53 - 2013-02-15 16:17 - 01065720 _____ (AVAST Software) E:\Windows\system32\Drivers\aswsnx.sys
2016-02-25 18:47 - 2015-11-15 16:51 - 00000651 _____ E:\Users\Ginterlen\AppData\Roaming\Microsoft\Windows\Start Menu\partypoker.lnk
2016-02-25 18:47 - 2015-11-08 20:23 - 00000651 _____ E:\Users\Ginterlen\Desktop\partypoker.lnk
2016-02-25 18:47 - 2012-11-12 17:46 - 00000000 ____D E:\Users\Ginterlen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-24 22:21 - 2013-05-06 17:17 - 00000000 ____D E:\Users\Ginterlen\AppData\Roaming\Skype
2016-02-21 16:47 - 2009-07-14 05:08 - 00032604 _____ E:\Windows\Tasks\SCHEDLGU.TXT

==================== Pliki w katalogu głównym wybranych folderów =======

2015-08-05 11:22 - 2015-08-05 11:23 - 0044711 _____ () E:\Program Files (x86)\CMS Setup Log.txt
2015-08-05 11:30 - 2015-08-05 11:30 - 0008000 _____ () E:\Program Files (x86)\Device Manager Setup Log.txt
2015-12-08 11:12 - 2014-09-03 16:29 - 0018894 _____ () E:\Program Files (x86)\EULA.eng
2014-12-24 20:03 - 2014-11-30 19:11 - 0108544 ____R () E:\Program Files (x86)\Holdem Manager 2HoldemManager.Licensing.dll
2015-08-05 14:35 - 2015-08-05 14:35 - 0010913 _____ () E:\Program Files (x86)\Player Setup Log.txt
2015-01-14 05:43 - 2015-09-02 00:23 - 0000058 _____ () E:\Users\Ginterlen\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-05-15 08:29 - 2014-05-15 08:29 - 0000754 _____ () E:\Users\Ginterlen\AppData\Local\recently-used.xbel
2013-03-09 10:21 - 2015-02-24 18:26 - 0007618 _____ () E:\Users\Ginterlen\AppData\Local\Resmon.ResmonCfg
2014-05-14 00:23 - 2014-05-14 00:23 - 0005037 _____ () E:\ProgramData\flwjycbm.bab
2014-05-22 10:33 - 2014-05-22 10:33 - 0000182 _____ () E:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

E:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
E:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
E:\Windows\SysWOW64\wininit.exe = & gt; Plik podpisany cyfrowo
E:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
E:\Windows\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
E:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
E:\Windows\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
E:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
E:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
E:\Windows\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
E:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
E:\Windows\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
E:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
E:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
E:\Windows\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
E:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo


LastRegBack: 2016-03-09 16:10

==================== Koniec FRST.txt ============================


Pobierz plik - link do postu