Grzybu77 utworzono 17 stycznia 2017 utworzono 17 stycznia 2017 (edytowane) Tak jak w temacie mam pewien problem z samo otwierającymi się reklamami w Google Chrome do tego w trakcie grania wywala co jakiś czas na puplit. Skanowałem avastem i pandą - nic, skanowałem adwcleaner-nic daje jeszcze logi z Hijackthis : Spoiler ogfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:12:07, on 2017-01-17 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v11.0 (11.00.9600.17840) Boot mode: Normal Running processes: C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe C:\ProgramData\Microsoft\Windows\WER\wermgr.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAConsole.exe D:\Steam\Steam.exe D:\Steam\bin\cef\cef.win7\steamwebhelper.exe D:\Steam\bin\cef\cef.win7\steamwebhelper.exe D:\Steam\bin\cef\cef.win7\steamwebhelper.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAConsole.exe D:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll O2 - BHO: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" (file missing) O3 - Toolbar: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O4 - HKLM\..\Run: [wermgr] C:\ProgramData\Microsoft\Windows\WER\wermgr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\RunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f O4 - HKCU\..\RunOnce: [panda_XP] reg.exe delete "HKCU\Software\panda" /f O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\Program Files (x86)\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: Usługa Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - D:\Origin\OriginClientService.exe O23 - Service: Origin Web Helper Service - Electronic Arts - D:\Origin\OriginWebHelperService.exe O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe O23 - Service: panda_url_filtering Service (panda_url_filtering) - Visicom Media Inc. - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9685 bytes W tym momencie ogólnie staram się usunąć jakieś syfy i inne niepotrzebne rzeczy z komputera A te reklamy to się ich chyba nie da usunąć? Robiłem też restes google chrome i nic to nie dało..
Youki komentarz 17 stycznia 2017 komentarz 17 stycznia 2017 Temat został przeniesiony z Sprzęt komputerowy > Awarie komputerów do Oprogramowanie > Bezpieczeństwo
Grzybu77 komentarz 17 stycznia 2017 Autor komentarz 17 stycznia 2017 Spoiler ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Apple Inc.) D:\iTunes\iTunesHelper.exe () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows\WER\wermgr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAConsole.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe (Valve Corporation) D:\Steam\Steam.exe (Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAConsole.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM-x32\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [114480 2016-10-27] (Panda Security, S.L.) HKU\S-1-5-21-1615531464-899374425-824745708-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd) HKU\S-1-5-21-1615531464-899374425-824745708-1000\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f HKU\S-1-5-21-1615531464-899374425-824745708-1000\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f HKU\S-1-5-21-1615531464-899374425-824745708-1000\...\MountPoints2: {1854c878-910b-11e6-ba1c-902b34869b9a} - G:\MotoCastSetup.exe -a HKU\S-1-5-21-1615531464-899374425-824745708-1000\...\MountPoints2: {1f214c66-ba07-11e6-9ad6-902b34869b9a} - H:\setup.exe HKU\S-1-5-21-1615531464-899374425-824745708-1000\...\MountPoints2: {1f214c77-ba07-11e6-9ad6-902b34869b9a} - H:\setup.exe HKU\S-1-5-21-1615531464-899374425-824745708-1000\...\MountPoints2: {35220c6e-8d2c-11e6-b6c8-902b34869b9a} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-1615531464-899374425-824745708-1000\...\MountPoints2: {80dca148-9f30-11e6-ae84-902b34869b9a} - G:\HiSuiteDownLoader.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-10-07] ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () GroupPolicyScripts: Ograniczenia <======= UWAGA GroupPolicyScripts-x32: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{49D53541-8B67-4B4D-AC61-3953535BF53B}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{65F1ECA1-439B-43B2-9B39-BE066F6FBD43}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-31] (Oracle Corporation) BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2016-09-19] () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-31] (Oracle Corporation) BHO-x32: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2016-09-19] () BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-31] (Oracle Corporation) Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2016-09-19] () Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.) Toolbar: HKLM-x32 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2016-09-19] () FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-31] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-31] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1615531464-899374425-824745708-1000: @my.com/Games -> C:\Users\Home\AppData\Local\MyComGames\NPMyComDetector.dll [2016-12-10] (MY.COM B.V.) Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.pl/" CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2017-01-17] CHR Extension: (Dokumenty Google) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-05] CHR Extension: (Dysk Google) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-05] CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-05] CHR Extension: (Adblock Plus) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Arkusze Google) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-05] CHR Extension: (Dokumenty Google offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-05] CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-28] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-05] CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-05] CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-02] CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-18] () S3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [392480 2016-12-23] (EasyAntiCheat Ltd) U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [Brak podpisu cyfrowego] R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109816 2016-10-24] (Panda Security, S.L.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [7801944 2016-10-20] (INCA Internet Co., Ltd.) S3 Origin Client Service; D:\Origin\OriginClientService.exe [2119688 2016-12-06] (Electronic Arts) S2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [2180624 2016-12-06] (Electronic Arts) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.) R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-11-27] () R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-10-27] (Panda Security, S.L.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-06-10] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-11-06] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-11-06] (Disc Soft Ltd) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [104720 2016-06-29] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [209168 2016-06-29] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [117520 2016-06-29] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [123664 2016-06-29] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [75032 2016-06-30] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [114448 2016-06-29] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [82192 2016-06-29] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [132880 2016-06-29] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [333584 2016-06-29] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [196032 2016-07-01] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [121104 2016-06-29] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [278432 2016-07-01] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123152 2016-06-29] (Panda Security, S.L.) R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [177992 2016-10-23] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [129576 2016-10-23] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [206832 2016-10-23] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [132160 2016-10-23] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [145544 2016-10-23] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [115704 2016-10-23] (Panda Security, S.L.) U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [70360 2016-08-08] (Panda Security, S.L.) U0 aswVmm; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-17 15:37 - 2017-01-17 15:37 - 00000000 ____D C:\FRST 2017-01-17 15:11 - 2017-01-17 15:11 - 00000632 _____ C:\Users\Home\Desktop\HijackThis.lnk 2017-01-17 15:11 - 2017-01-17 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis 2017-01-17 14:55 - 2017-01-17 14:56 - 00000000 ____D C:\ProgramData\panda_url_filtering 2017-01-17 14:55 - 2017-01-17 14:56 - 00000000 ____D C:\Program Files\Panda Security URL Filtering 2017-01-17 14:55 - 2017-01-17 14:56 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb 2017-01-17 14:55 - 2017-01-17 14:55 - 00000000 ____D C:\Users\Home\AppData\Roaming\Panda Security 2017-01-17 14:55 - 2017-01-17 14:55 - 00000000 ____D C:\Users\Home\AppData\LocalLow\pandasecuritytb 2017-01-17 14:55 - 2016-08-08 10:00 - 00070360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2017-01-17 14:54 - 2017-01-17 14:55 - 00002224 _____ C:\Users\Public\Desktop\Panda Protection.lnk 2017-01-17 14:54 - 2017-01-17 14:55 - 00000000 ____D C:\Program Files (x86)\Panda Security 2017-01-17 14:54 - 2017-01-17 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection 2017-01-17 14:47 - 2017-01-17 14:55 - 00000000 ____D C:\ProgramData\Panda Security 2017-01-16 21:33 - 2017-01-16 21:39 - 00000000 ____D C:\Users\Home\AppData\Local\Skyrim 2017-01-16 21:31 - 2017-01-16 21:33 - 00000000 ____D C:\Users\Home\Documents\Nexus Mod Manager 2017-01-16 21:31 - 2017-01-16 21:31 - 00000612 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk 2017-01-16 21:31 - 2017-01-16 21:31 - 00000000 ____D C:\Users\Home\AppData\Local\Black_Tree_Gaming 2017-01-16 21:31 - 2017-01-16 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager 2017-01-04 18:00 - 2017-01-04 18:00 - 00321592 _____ C:\Windows\system32\FNTCACHE.DAT 2017-01-02 07:11 - 2017-01-17 14:55 - 00083376 _____ C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT 2017-01-01 20:56 - 2017-01-01 20:56 - 00000718 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk 2017-01-01 20:56 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2017-01-01 17:17 - 2017-01-01 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic II 2017-01-01 12:25 - 2017-01-01 12:25 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Gothic 2016-12-30 14:40 - 2016-12-30 14:41 - 00000000 ____D C:\Users\Home\AppData\Local\FreeReign 2016-12-30 14:40 - 2016-12-30 14:40 - 00000000 ____D C:\Users\Home\Documents\FreeReign 2016-12-22 15:06 - 2016-12-22 15:06 - 00000000 ____D C:\Users\Home\AppData\Roaming\RotMG.Production 2016-12-21 11:26 - 2016-12-21 11:26 - 00000000 ____D C:\Users\Home\AppData\Roaming\iFunbox_UserCache 2016-12-19 16:34 - 2016-12-19 16:34 - 00001454 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-12-19 16:34 - 2016-12-19 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-12-19 16:34 - 2016-12-19 16:34 - 00000000 ____D C:\Program Files\iPod 2016-12-18 21:01 - 2016-12-23 14:54 - 00000000 ____D C:\Users\Home\AppData\Local\DayZ 2016-12-18 21:01 - 2016-12-19 14:47 - 00000000 ____D C:\Users\Home\Documents\DayZ 2016-12-18 17:48 - 2016-12-18 17:48 - 00000000 ____D C:\Users\Home\AppData\LocalLow\Heroes and Generals 2016-12-18 15:41 - 2016-12-18 15:41 - 00000000 ____D C:\Users\Home\AppData\Roaming\HeroesAndGeneralsDesktop ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-17 15:11 - 2009-07-14 05:45 - 00031696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-17 15:11 - 2009-07-14 05:45 - 00031696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-17 14:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-01-17 14:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2017-01-17 14:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\GroupPolicy 2017-01-17 14:54 - 2011-04-12 14:21 - 00740096 _____ C:\Windows\system32\perfh015.dat 2017-01-17 14:54 - 2011-04-12 14:21 - 00155670 _____ C:\Windows\system32\perfc015.dat 2017-01-17 14:54 - 2009-07-14 06:13 - 01669178 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-17 14:48 - 2016-10-05 13:19 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-17 14:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-17 11:17 - 2016-10-05 13:36 - 00000000 ___RD C:\Users\Home\Desktop\Gry 2017-01-17 11:13 - 2016-11-07 09:18 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-01-16 22:32 - 2016-11-27 13:52 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-16 21:05 - 2015-06-11 16:59 - 00000000 ____D C:\Windows\SysWOW64\directx 2017-01-16 12:02 - 2016-11-06 14:43 - 00000000 ____D C:\Users\Home\AppData\Roaming\DAEMON Tools Lite 2017-01-16 08:39 - 2016-10-07 14:18 - 00000000 ____D C:\Users\Home\AppData\Local\Ubisoft Game Launcher 2017-01-11 20:41 - 2016-10-05 13:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-11 20:40 - 2016-10-05 13:21 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-01-09 15:48 - 2016-10-05 13:32 - 00000000 ____D C:\Users\Home\Documents\Electronic Arts 2017-01-01 20:56 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-01-01 17:18 - 2016-10-05 13:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-12-30 19:24 - 2016-10-05 13:33 - 00000000 ____D C:\Users\Home\Documents\My Games 2016-12-30 07:23 - 2016-12-11 02:07 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com 2016-12-30 07:23 - 2016-12-10 21:48 - 00000000 ____D C:\Users\Home\AppData\Local\MyComGames 2016-12-29 11:44 - 2016-11-01 14:35 - 00000000 ____D C:\AdwCleaner 2016-12-28 10:29 - 2016-10-05 12:18 - 00000000 ___SD C:\Users\Home\AppData\Roaming\Microsoft 2016-12-28 08:25 - 2016-10-05 13:11 - 00262144 ___SH C:\Windows\system32\config\default.LOG2 2016-12-23 12:44 - 2016-12-16 18:40 - 00392480 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2016-12-19 16:34 - 2016-10-29 16:29 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-12-19 09:58 - 2016-11-06 12:53 - 00000000 ____D C:\ProgramData\Origin 2016-12-19 09:57 - 2016-11-06 12:53 - 00000000 ____D C:\Users\Home\AppData\Roaming\Origin 2016-12-18 21:01 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Common Files 2016-12-18 17:46 - 2016-10-05 12:18 - 00000000 ____D C:\Users\Home 2016-12-18 09:32 - 2016-10-05 13:01 - 00000000 ____D C:\AMD ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-10-29 18:27 - 2016-10-29 18:27 - 0000600 _____ () C:\Users\Home\AppData\Roaming\winscp.rnd Niektóre pliki w TEMP: ==================== C:\Users\Home\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\Home\AppData\Local\Temp\{B3056FBB-BF7E-4173-8BB4-62B1D8580E03}.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-01-13 10:28 ==================== Koniec FRST.txt ============================ Logi z FRST
Twój_Anioł_Stróż komentarz 17 stycznia 2017 komentarz 17 stycznia 2017 (edytowane) Brak logu Addition.txt, oraz Shortcut.txt. Uzupełnij to (Przed skanem zaznacz "Addition.txt" oraz "Shortcut.txt" ) W logu FRST.txt nie widzę niczego podejrzanego. Tylko kosmetyka: Otwórz Notatnik i wklej w nim: Cytuj GroupPolicyScripts: Ograniczenia <======= UWAGA GroupPolicyScripts-x32: Ograniczenia <======= UWAGA EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.