FrogsterPL utworzono 22 listopada 2016 utworzono 22 listopada 2016 (edytowane) Czołem. Jako że laptop taty podejrzanie wolno działa i ma non-stop uruchomione chłodzenie, sprawdziłem co powoduje problem - jest to svchost.exe (netsvcs). Poczytałem trochę i niektórzy sugerują, że może być to wywołane jakimiś szkodliwymi programikami. Czy ktoś mógłby sprawdzić logi z FRST? Spoiler Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20-11-2016 01 Uruchomiony przez Szary (administrator) ARKADIA (22-11-2016 09:50:12) Uruchomiony z C:\Users\Szary\Desktop Załadowane profile: Szary (Dostępne profile: Szary) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Microsoft Corporation) C:\Windows\System32\perfmon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9768352 2012-09-11] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5940128 2012-09-11] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-09-11] (Lenovo) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro) HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. ) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-25] (RealNetworks, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [916072 2016-11-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-08] (Nero AG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-24] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2251363600-2688971520-4293008055-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-10-25] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-2251363600-2688971520-4293008055-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_Plugin.exe [1224896 2016-09-25] (Adobe Systems Incorporated) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-10-25] (Garmin Ltd. or its subsidiaries) Lsa: [Notification Packages] scecli EgisPLPwdFilter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-08-04] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.92 192.168.1.1 Tcpip\..\Interfaces\{721F008C-B6F9-4191-AEF8-1028EC0DCA8B}: [DhcpNameServer] 192.168.1.92 192.168.1.1 Tcpip\..\Interfaces\{9454377B-C7CC-4134-BF25-387E7408DEC2}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2251363600-2688971520-4293008055-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://onet.pl/ HKU\S-1-5-21-2251363600-2688971520-4293008055-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2251363600-2688971520-4293008055-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN SearchScopes: HKU\S-1-5-21-2251363600-2688971520-4293008055-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation) Toolbar: HKU\S-1-5-21-2251363600-2688971520-4293008055-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab FireFox: ======== FF DefaultProfile: 8uiyryo6.default-1406629743645 FF ProfilePath: C:\Users\Szary\AppData\Roaming\Mozilla\Firefox\Profiles\8uiyryo6.default-1406629743645 [2016-11-22] FF Homepage: Mozilla\Firefox\Profiles\8uiyryo6.default-1406629743645 -> hxxp://www.onet.pl/ FF Extension: (Firefox Hotfix) - C:\Users\Szary\AppData\Roaming\Mozilla\Firefox\Profiles\8uiyryo6.default-1406629743645\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-22] FF Extension: (Adblock Plus) - C:\Users\Szary\AppData\Roaming\Mozilla\Firefox\Profiles\8uiyryo6.default-1406629743645\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-22] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-25] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-25] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-25] () FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-09-25] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-09-25] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-12] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-27] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://onet.pl/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\gcswf32.dll => Brak pliku CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Brak pliku CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => Brak pliku CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => Brak pliku CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll => Brak pliku CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Szary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll => Brak pliku CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Brak pliku CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => Brak pliku CHR Profile: C:\Users\Szary\AppData\Local\Google\Chrome\User Data\Default [2016-04-28] CHR Extension: (RealDownloader) - C:\Users\Szary\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-06] CHR Extension: (Skype) - C:\Users\Szary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-27] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Szary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089088 2016-11-21] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [475232 2016-11-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [475232 2016-11-21] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [346928 2016-08-24] (Avira Operations GmbH & Co. KG) R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. ) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [985616 2016-10-25] (Garmin Ltd. or its subsidiaries) R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG) R2 PLFlash DeviceIoControl Service; C:\windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Brak podpisu cyfrowego] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [177432 2016-11-21] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [145536 2016-11-21] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-08] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [79696 2016-06-08] (Avira Operations GmbH & Co. KG) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2015-03-05] (Malwarebytes Corporation) R3 vm331avs; C:\windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation) R3 vmuvcflt; C:\windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation) U3 BcmSqlStartupSvc; Brak ImagePath U2 CLKMSVC10_3A60B698; Brak ImagePath U2 CLKMSVC10_C3B3B687; Brak ImagePath U2 DriverService; Brak ImagePath U2 IAStorDataMgrSvc; Brak ImagePath U2 iATAgentService; Brak ImagePath U2 idealife Update Service; Brak ImagePath U3 IGRS; Brak ImagePath U2 IviRegMgr; Brak ImagePath U2 nvUpdatusService; Brak ImagePath U2 Oasis2Service; Brak ImagePath U2 PCCarerService; Brak ImagePath U2 ReadyComm.DirectRouter; Brak ImagePath U2 RichVideo; Brak ImagePath U2 RtLedService; Brak ImagePath U2 SeaPort; Brak ImagePath U2 SoftwareService; Brak ImagePath U3 SQLWriter; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-11-22 09:50 - 2016-11-22 09:50 - 00019850 _____ C:\Users\Szary\Desktop\FRST.txt 2016-11-22 09:49 - 2016-11-22 09:50 - 00000000 ____D C:\FRST 2016-11-22 09:49 - 2016-11-22 09:49 - 02412544 _____ (Farbar) C:\Users\Szary\Desktop\FRST64.exe 2016-11-22 09:35 - 2016-11-22 09:35 - 00002587 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk 2016-11-22 09:33 - 2016-11-22 09:33 - 00000000 ____D C:\Program Files (x86)\MSECache 2016-11-22 09:32 - 2016-11-22 09:32 - 63360496 _____ (Microsoft Corporation) C:\Users\Szary\Desktop\PowerPointViewer.exe 2016-11-22 09:23 - 2016-11-22 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-11-22 09:22 - 2016-11-22 09:22 - 00411648 _____ C:\Users\Szary\Desktop\Schemat fakturowania kontraktu z AMEC FOSTER.ppt 2016-11-22 09:12 - 2016-11-22 09:12 - 00000000 ____D C:\Users\Szary\AppData\Local\{9F859FFC-A759-4295-8317-8CE5B3AC6964} 2016-11-21 20:42 - 2016-11-21 20:42 - 00001134 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-11-21 20:26 - 2016-11-21 20:24 - 00031720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avusbflt.sys ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-11-22 09:46 - 2016-06-11 19:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-11-22 09:46 - 2009-07-14 05:45 - 00028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-22 09:46 - 2009-07-14 05:45 - 00028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-22 09:45 - 2013-08-04 18:13 - 00080472 _____ C:\Users\Szary\AppData\Local\GDIPFONTCACHEV1.DAT 2016-11-22 09:31 - 2012-09-11 00:04 - 00001048 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-22 09:30 - 2012-09-11 00:04 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-22 09:26 - 2014-08-13 17:13 - 00000000 ____D C:\ProgramData\Package Cache 2016-11-22 09:24 - 2016-04-06 21:12 - 00000000 ____D C:\Program Files (x86)\Garmin 2016-11-22 09:23 - 2016-04-06 21:12 - 00003554 _____ C:\windows\System32\Tasks\GarminUpdaterTask 2016-11-22 09:16 - 2012-09-10 15:05 - 00741028 _____ C:\windows\system32\perfh015.dat 2016-11-22 09:16 - 2012-09-10 15:05 - 00156312 _____ C:\windows\system32\perfc015.dat 2016-11-22 09:16 - 2009-07-14 06:13 - 01671746 _____ C:\windows\system32\PerfStringBackup.INI 2016-11-22 09:16 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf 2016-11-22 09:10 - 2013-09-24 11:05 - 00000930 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2016-11-22 09:08 - 2012-09-11 00:08 - 00800554 _____ C:\windows\system32\fastboot.set 2016-11-22 09:08 - 2012-09-11 00:04 - 00001044 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-22 09:07 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-11-21 20:42 - 2016-08-12 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-11-21 20:36 - 2015-11-14 13:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-11-21 20:30 - 2015-05-13 15:25 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task 2016-11-21 20:24 - 2013-09-28 19:07 - 00177432 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2016-11-21 20:24 - 2013-09-28 19:07 - 00145536 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2016-11-21 20:16 - 2015-01-10 10:25 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-11-21 20:13 - 2009-07-14 05:45 - 00324688 _____ C:\windows\system32\FNTCACHE.DAT 2016-11-21 20:11 - 2015-01-10 10:17 - 00000000 ____D C:\windows\system32\appraiser 2016-11-21 20:11 - 2011-09-29 04:37 - 00000000 ____D C:\Program Files\Windows Journal ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-05-24 15:23 - 2016-05-24 15:23 - 6748160 _____ () C:\Program Files (x86)\GUT6410.tmp 2013-08-05 07:55 - 2016-08-16 18:54 - 0001040 _____ () C:\Users\Szary\AppData\Roaming\wklnhst.dat 2014-08-29 17:22 - 2016-06-12 19:28 - 0005120 _____ () C:\Users\Szary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Niektóre pliki w TEMP: ==================== C:\Users\Szary\AppData\Local\Temp\avgnt.exe C:\Users\Szary\AppData\Local\Temp\lowproc.exe C:\Users\Szary\AppData\Local\Temp\rnsetup0.exe C:\Users\Szary\AppData\Local\Temp\stubhelper.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\windows\system32\wininit.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\windows\explorer.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\windows\system32\svchost.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\windows\system32\services.exe => Plik podpisany cyfrowo C:\windows\system32\User32.dll => Plik podpisany cyfrowo C:\windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\windows\system32\userinit.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-06-12 07:13 ==================== Koniec FRST.txt ============================ Spoiler Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 20-11-2016 01 Uruchomiony przez Szary (22-11-2016 09:51:17) Uruchomiony z C:\Users\Szary\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-08-04 17:12:25) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2251363600-2688971520-4293008055-500 - Administrator - Disabled) Gość (S-1-5-21-2251363600-2688971520-4293008055-501 - Limited - Disabled) Szary (S-1-5-21-2251363600-2688971520-4293008055-1000 - Administrator - Enabled) => C:\Users\Szary ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{af1966e2-5e60-4d93-8a48-c21462a87e3c}) (Version: 1.2.71.9779 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.2.71.9779 - Avira Operations GmbH & Co. KG) Hidden Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - ) CWK (Czasowy Wyłącznik Komputera) (HKLM-x32\...\CWK) (Version: 2.52.3.43 - Damian Pasternak) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Elevated Installer (x32 Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Hidden Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.8 - Lenovo) Energy Management (x32 Version: 6.0.2.8 - Lenovo) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Garmin Express (HKLM-x32\...\{d74c733b-9216-49f5-ae3a-14bf3a3d66f5}) (Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro) Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.2.3 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3212 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.0.3212 - CyberLink Corp.) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3521.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.3521.52 - CyberLink Corp.) Hidden Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden Malwarebytes Anti-Malware wersja 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Polski (HKLM-x32\...\{90140011-0066-0415-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0415-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Word 2002 (HKLM-x32\...\{911B0415-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}) (Version: 9.7.0621 - Microsoft Corporation) Moduł Szybka instalacja pakietu Microsoft Office 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Moduł Szybka instalacja pakietu Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Mozilla Firefox 47.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 pl)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 8 Essentials (HKLM-x32\...\{436BD6D1-707C-43D3-BF99-24ED23291045}) (Version: 8.3.546 - Nero AG) Obsługa programów Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Pakiet sterowników systemu Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (08/04/2011 6.1.0.1) (HKLM\...\03A1C6133CBCFD1D944CAC45762E2EC5CD524136) (Version: 08/04/2011 6.1.0.1 - Lenovo) Pakiet sterowników systemu Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Pakiet zgodności dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podręcznik użytkownika (x32 Version: 2.0.0.2 - Lenovo) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.) Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 2.0.0.2 - Lenovo) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {3968D71F-7FBE-4237-B8A6-1C6A50E4A633} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink) Task: {5E5D34BA-15D7-4C10-9A6C-E6E9E9FF98C7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-25] (Adobe Systems Incorporated) Task: {7BACD299-EBBA-422C-ACD0-06890DA99916} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-10-25] () Task: {7E2D5A1C-BD49-4D90-94F3-C81800E4B12D} - System32\Tasks\RealCreateProcessScheduledTask9667241S-1-5-21-2251363600-2688971520-4293008055-1000 => c:\program files (x86)\real\realplayer\realplay.exe [2013-09-25] (RealNetworks, Inc.) Task: {85316AFD-3DB7-4110-8D3D-196B07E654D7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2251363600-2688971520-4293008055-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {9A266661-ABDA-40AB-A31C-C14EB59C78CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {B99688EA-FD3C-481E-B85F-95AE9C5B3770} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {E22076AB-C81E-49BC-8602-21030059A260} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {EEDD2475-4982-4223-B149-E13144D178ED} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2251363600-2688971520-4293008055-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2010-10-22 15:38 - 2010-10-22 15:38 - 01407344 _____ () C:\Program Files (x86)\EgisTec Port Locker\x64\LIBEAY32.dll 2011-04-15 06:28 - 2011-03-25 10:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2008-12-20 04:20 - 2012-09-11 00:06 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2008-12-20 04:20 - 2012-09-11 00:06 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2016-06-30 12:55 - 2016-10-27 12:35 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll 2016-10-25 11:36 - 2016-10-25 11:36 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2251363600-2688971520-4293008055-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Szary\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.92 - 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{EF4A8500-B1E2-4F1B-87E6-4C4E0A6DC3C2}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{6713C38F-F587-4CC5-9793-7C79EBCD6965}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE FirewallRules: [{150ACFAA-BCC4-4DA5-9663-181AE82D3ACE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{BA6FF704-4078-4FFE-8420-7C6A94503E39}] => (Allow) LPort=2869 FirewallRules: [{983FD993-CF2D-4B9C-BB98-E49C80AEACEF}] => (Allow) LPort=1900 FirewallRules: [{1A9474C3-FC2B-4725-9536-DFF7B2B034DA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{7E5639C1-75B4-4459-85E2-AB1E19F5C2A0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{939B4003-8E55-4E57-8A4E-C46C8A1B61EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5A0105B5-C6FF-4766-A126-897320941AD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{44172099-1B3F-4945-B810-1BC2328B60CD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{F8D0EB58-F3D6-4332-9873-781E32558252}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{2D429F8B-C657-487E-84BA-E312EE8D269B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{8EE766BB-4A20-4CB0-B614-DF25D6BE82EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EA504007-F938-4089-8C4B-EC0C15AD0268}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{61E82FEB-A3E2-4E2A-AE8B-E44B690740B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 12-08-2016 18:20:09 Garmin Express 25-09-2016 07:53:33 Garmin Express 09-10-2016 16:24:35 Windows Update 22-11-2016 09:21:39 Garmin Express 22-11-2016 09:34:21 Zainstalowano: Microsoft PowerPoint Viewer ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (11/22/2016 09:09:10 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/21/2016 08:14:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/09/2016 12:57:24 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd DeviceIoControl(\\?\Volume{4984d847-fb94-11e1-877e-806e6f6e6963} - 0000000000000128,0x0053c008,00000000000F9C30,0,00000000000F8C20,4096,[0]). hr = 0x80070079, Przekroczono limit czasu semafora. . Operacja: Przetwarzanie metody EndPrepareSnapshots Kontekst: Kontekst wykonywania: System Provider Error: (10/09/2016 10:09:14 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/25/2016 07:41:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/05/2016 05:47:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/21/2016 01:19:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/20/2016 06:15:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/19/2016 07:48:22 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Tylko informacje. Error: Failed to make the SOAP Call HResult: 0x800c0005. Exception caught while trying to report the Update Event Error: (08/19/2016 07:48:09 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Tylko informacje. (Patch task for {90140011-0066-0415-0000-0000000FF1CE}): DownloadLatest Failed: Nie można określić nazwy serwera lub adresu. Dziennik System: ============= Error: (11/22/2016 09:08:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Garmin Device Interaction Service z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (11/22/2016 09:08:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Garmin Device Interaction Service. Error: (11/21/2016 11:03:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi Wlansvc. Error: (11/21/2016 10:00:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi AntiVirSchedulerService. Error: (11/21/2016 08:14:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Garmin Device Interaction Service z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (11/21/2016 08:14:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Garmin Device Interaction Service. Error: (10/09/2016 12:57:19 PM) (Source: volsnap) (EventID: 67) (User: ) Description: Nie można zainstalować tworzonej kopii w tle woluminu C:. Error: (10/09/2016 10:08:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Garmin Device Interaction Service z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (10/09/2016 10:08:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Garmin Device Interaction Service. Error: (09/25/2016 09:37:21 AM) (Source: iaStor) (EventID: 9) (User: ) Description: Urządzenie \Device\Ide\iaStor0 nie odpowiedziało w ramach ustalonego limitu czasu. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz Procent pamięci w użyciu: 49% Całkowita pamięć fizyczna: 4010.14 MB Dostępna pamięć fizyczna: 2034.76 MB Całkowita pamięć wirtualna: 8018.46 MB Dostępna pamięć wirtualna: 5393.09 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:254.14 GB) (Free:155.37 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:23.21 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 43D94C98) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12) ==================== Koniec Addition.txt ============================
Twój_Anioł_Stróż komentarz 22 listopada 2016 komentarz 22 listopada 2016 W logach nic nie wskazuje na istnienie jakiejkolwiek infekcji. Tylko kosmetyka: Otwórz Notatnik i wklej w nim: U3 BcmSqlStartupSvc; Brak ImagePath U2 CLKMSVC10_3A60B698; Brak ImagePath U2 CLKMSVC10_C3B3B687; Brak ImagePath U2 DriverService; Brak ImagePath U2 IAStorDataMgrSvc; Brak ImagePath U2 iATAgentService; Brak ImagePath U2 idealife Update Service; Brak ImagePath U3 IGRS; Brak ImagePath U2 IviRegMgr; Brak ImagePath U2 nvUpdatusService; Brak ImagePath U2 Oasis2Service; Brak ImagePath U2 PCCarerService; Brak ImagePath U2 ReadyComm.DirectRouter; Brak ImagePath U2 RichVideo; Brak ImagePath U2 RtLedService; Brak ImagePath U2 SeaPort; Brak ImagePath U2 SoftwareService; Brak ImagePath U3 SQLWriter; Brak ImagePath CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\gcswf32.dll => Brak pliku CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Brak pliku CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => Brak pliku CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => Brak pliku CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll => Brak pliku CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Szary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll => Brak pliku CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Brak pliku CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => Brak pliku EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe Uruchom FRST i kliknij przycisk Fix (NAPRAW). .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.