• Ogłoszenie:

Komputer nieformatowany od lat wolno chodzi.

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Komputer nieformatowany od lat wolno chodzi.

Postprzez adamII 03 Gru 2018, 18:19

reklama
Witam, prosze o sprawdzenie zalaczonych logow, komputerraz sie uruchamia normalnie innym razem kilka minut, to samo jest ze stronami internetowymi.
gmer:
Kod: Zaznacz wszystko
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-12-03 17:07:20
Windows 6.1.7600  x64
Running: q39gcxvt.exe


---- Registry - GMER 2.2 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_15318085384722342@SetupOperations  ????????@usb.inf,%generichub.mfg%;(Generic USB Hub)?????battery.inf_amd64_neutral_cb8fa151a7b7cb80????`??f?j?j?k?n?n?o?n?n?o?o?s?o?o?s?o?p?s?s?s?????{??disk.inf?u??????#???? ?????????????????????0?????????????????????????????k???h??? ?????????????????????0?????????????????????????????????h??{CD1EE532-32D5-41f3-9D8E-844FA6BB27C5}???????????&??????????? ???????m???????? ????.??"?????x???n???????????????????????????????????????????????????????????? ?????????????????????0????????????????????}???? ???????j?????????????.??????????[????????S?s??? ?????????????????????0????????????????????usbstor.inf?????? ?????????????????????0?????????????????????r????????????????????????F?????????????????input.inf???? ?????????????????????0????????????????????????????????????????????in??????? ?????????????????????,???????????????????????p?p??? ?????????????????????.?????????????????f??? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&???????????????????????????????? ?????????????????????0???????
Reg  HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_15356352399732349@SetupOperations  ???|????? ?????????????????????0????????????&????????????????????E??? ???????????????????n?0????????6?????????????6???????????????|?????????????????? ???????a???????????j?,??????(??????????????{??? ?????????????????????0????????????????????????????????????????????????r??????????????????????????????????????????{?{?{?{??????????;????%???????????0??????<????w???????????0??????#????F???????k??????????????? ???v??????????????StillImage?Roo??? ??????????????????6.1.7600.16385??????????????????????????usb\composite?????,?????????????USB\VID_04E8&PID_6860&REV_0400?USB\VID_04E8&PID_6860????USB\DevClass_00&SubClass_00&Prot_00?USB\DevClass_00&SubClass_00?USB\DevClass_00?USB\COMPOSITE???????{f51379c7-82b6-51e3-ac60-992f6e6e8641}??????? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&???????????????????????????????????????????????????????? ???????p?????j?????f?9??????$??????????A??@disk.inf,%genmanufacturer%;(Standardowe stacje dysk?w)??F???????????1???????????????????f??st??? ?????????
Reg  HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_15356353074112349@SetupOperations  ????????????????????? l??????K?????e?????????????\??mp??? ???????B??????????????????????N?94????????????????????USB\VID_1949&PID_0004&REV_0100?USB\VID_1949&PID_0004?????????????????????????????????????????y?????????????????????????????t????? ?????????????s???????0??L????????? ????????????????????t???t??? ???????????????????????????? ?6?????????(????????????????s??????????????N??????T?????e0?????N????????????D??8???$????????????n????????????????????? ?????????????????????0??????????????????(??? ??????????????????????/???  ??????F????????????R??????*??sT????*????????????????n??(?? ???????l?????cce???????????????{?{?{?{?{?{?{?{?{?{?{?{??????????(?? :?????????????????? "??????????????????????????????????t(????????????????t????????el???s???????????????t???????z????????????(??g?g?????????????g??.NT????????????????????s????????????????????????????????????HIDClass????? 2?????????????????????@input.inf,%stdmfg%;(Standardowe urz?dzenia systemowe)????????&?????????????????generic_hid_device??????????????????????????? ?
Reg  HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_15402075820332354@SetupOperations  ????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|?????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|?????f?h?i?k?y?yr???v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|?????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|???v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol
Reg  HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_15426656392432356@SetupOperations  ???y?j???????????????|??????????????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|??????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|?????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|????????????????????Microsoft???Extended Base???????????????t???????????????????????????wpdfs.inf????????z???????????????????????z?????????????t?????????y???<???????n???????z???????????????????z??????????????P???? ???????3?????91}???????z???;?????????<?;???????z???<?????????P?<???????z???<??????????????????????????t?????8???????????h???????????????j????????????e????????PlugPlay????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%
Reg  HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_15318085384722342@SetupOperations      ??????????????????0??????t???????????????????h???????s??? ???????j???????k????X???????????(??????r??????????????????????????????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|?????e??????????????????@volume.inf,%storage\volume.devicedesc%;Wolumin uniwersalny?5K?? Bus?????????????&???????????????j??????????@machine.inf,%volmgr.devicedesc%;Mened?er wolumin?w??5??USB\VID_232B&PID_7E20&REV_0100?USB\VID_232B&PID_7E20??????????P??????????s?????t0?(??????????T??????????????????????:\??Microsoft?????????????????????????????N??????d?????D-0??{00000000-0000-0000-ffff-ffffffffffff}???????????y??@volume.inf,%storage\volume.devicedesc%;Wolumin uniwersalny??? ? Bus?????z???k????????0??????????????????T???s??? ?????????????????????0????????????????????? ???????????????????i?0?????????????????????????????s??????????????? ?????
Reg  HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_15356352399732349@SetupOperations      ????il??? ?????????????????????,??????????2f'????????????????????}??{4d36e97d-e325-11ce-bfc1-08002be10318}\0042???P??T?T?T?5?5?g?j?i?j?k?k?p?p???/?/?/???k???????V(???????????????s??????????????????????????f??????????????????????? ???????n?????????????4??????????j??????????????????s?????ssb??????nf8???0??????????y???????s????????*??????t?????????n?u???????????4(??j?j?j?j?t?p?j???d???????????????????????3??2A???????????t??da??????????????????????? 0??Z?e?g?t?z?f?f???d??????sti.dll???P??????3???@????????(??????k???y???????y??????????????? ???o??????????t????????????f???????a??????????HID_Mouse_Inst??????? ?????????????????????0?????????????????????????????????????????}???????????????j?????s??????????????????0?D?(??????????T??????????????????? ???????????????????l?0????????????????????????????usbstor.inf??yP??f?p?p?p?p?p?????p(???????????????s??????????????????????1???????????t???????z??????l?(???N?????????????????????????????????? ???????j?????j?j???????j??@machine.inf,%*pnp0a06.devicedesc%;Rozszerzona magistra
Reg  HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_15356353074112349@SetupOperations      ????ds??? ???????????????????e?0????????.?????????x?@nettun.inf,%msft%;Microsoft??8??T???U?T?`?d?d?d?e?T?U?e?e??? ?????????????????????0????????????????????? ???????????????????f?0????????????????????? ???????n?????????????,????????<???????????int?????????????????????????? ??????????????????????????????????????????????????? ??????????????????????????????????????????????????????? ?????????????????????,?????? ???????????????????P??[?Z?Z?Z?[?Z?Z?[?[?\?u?|?[?`?|???V??????????????????????????????????????????????????????????????????? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&????????????????????r??Urz?dzenie pami?ci masowej USB??????@volume.inf,%storage\volume.devicedesc%;Wolumin uniwersalny?00??@usbstor.inf,%generic.mfg%;Zgodne urz?dzenie magazynuj?ce USB???Urz?dzenie pami?ci masowej USB???????????????e???????g??WINUSB.INF???h??? ?????????????????????0?????????? ?????????? ???????????????????t?0?????????????????????????????k???k???????????m???n??WINUSB.INF???n??? ???????k?
Reg  HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_15402075820332354@SetupOperations      ?????????????????\??M4????L??????r??Av(??????????T??????0????????????s????y??d????>????????g?8?????????????????D0???Sterownik woluminu systemu plik?w WPD????????????????????????????????????????????????????????????????????w???????? ??????A???????????????????u???????????????????c??????????? ???????t??????????Basic_Install???WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#???\\?\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.00#20021111153705700&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?Sof??6.1.7600.16385?Fil??????????????????$???4????? ??????? ??????????????? ??????????? ????????????????????????????????????????? ???????????????????$???4????? ??????? ??????????????? ??????????? ????????????????????????????????????????? ???????????????????? ???????_??????s????????k??????????????o???SAM07E80_2F_07DA_3F??f???????????i????????????Itwa???????????????????????????$???????t?????????????????
Reg  HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_15426656392432356@SetupOperations      ??????????N??????c??????????????????????????????? ???????/?????/?/??USBSTOR??t???????j??????????????????????? ???????_??????s???Microsoft???sRGB Color Space Profile.icm?????????????????????y??????????Provides Identity Protection Against Cyber Crime.???\??\C:\Program Files\AVAST Software\Avast????/?f?d?f?f?f?d?f?????f???f?g02???f?i?k?y?|?|?????j?j?k?k?l?l?g?l?l??????hdaudbus.inf_amd64_neutral_c8d90bd70af55772?????{4d36e972-e325-11ce-bfc1-08002be10318}\0009??????????????t?????s??????*??????????h??Microsoft????j?j?l?l?l?l?l?l?l??????????????????????@usbport.inf,%generic.mfg%;(Standardowy kontroler hosta USB)?????????????????e???????????i??????????????????????????????? ???????/???????/???????k???s???e????N????????????D????????????disk.inf?&??Microsoft???? ???????n???????????????&??@%SystemRoot%\system32\drivers\fvevol.sys,-100??????????????????????????????????H???????????????????????????????????ll??????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?????????????????????s????USB\UNKNOWN???????????N????????

---- EOF - GMER 2.2 ----


FRST

Kod: Zaznacz wszystko
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 01.12.2018 01
Uruchomiony przez Asia (administrator)  KOMPUTER (03-12-2018 17:10:50)
Uruchomiony z C:\Users\Asia\Desktop
Załadowane profile: Asia (Dostępne profile: Asia)
Platform: Windows 7 Ultimate (X64) Język: Polski (Polska)
Internet Explorer Wersja 8 (Domyślna przeglądarka: Opera)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Zhuhai Pantum Electronics Co.,Ltd.) C:\Program Files\Pantum\ptm6500\PushScan\ptm6500PushMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Asia\Desktop\q39gcxvt.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe
(Opera Software) C:\Program Files\Opera\56.0.3051.116\opera.exe

==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-19] (AVAST Software)
HKLM\...\Run: [PTM6500Monitor] => C:\Program Files\Pantum\ptm6500\PushScan\ptm6500PushMonitor.exe [263680 2015-12-23] (Zhuhai Pantum Electronics Co.,Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-194541073-2574816472-3888968128-1000\...\Run: [Chromium] => c:\users\asia\appdata\local\chromium\application\chrome.exe [829440 2017-02-15] (The Chromium Authors)
HKU\S-1-5-21-194541073-2574816472-3888968128-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{2354E574-9EE0-479D-A5C0-7F94837F2AF5}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{ED145B42-4FB7-4DDB-A6D3-F5529F03CE99}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA
HKU\S-1-5-21-194541073-2574816472-3888968128-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: kwqd09qj.default
FF ProfilePath: C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\kwqd09qj.default [2018-12-03]
FF user.js: detected! => C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\kwqd09qj.default\user.js [2018-01-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://www.wp.pl/","hxxps://www.facebook.com/"

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-19] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-19] (AVAST Software)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Dfsdks.exe [544768 2009-08-24] (mst software GmbH, Germany) [Brak podpisu cyfrowego]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-19] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-19] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-19] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-19] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-19] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-19] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-19] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-19] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-19] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-19] (AVAST Software)
S3 mvusbews; C:\Windows\System32\Drivers\ptusbews.sys [56864 2015-12-23] (Zhuhai Pantum Electronics Co.,Ltd.)
S3 qcusbnet; C:\Windows\System32\DRIVERS\qcusbnet.sys [428600 2017-03-15] (QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [393880 2018-12-03] (Duplex Secure Ltd.)
U3 pgddqpoc; \??\C:\Users\Asia\AppData\Local\Temp\pgddqpoc.sys [X] <==== UWAGA

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2018-12-03 17:10 - 2018-12-03 17:11 - 000009510 _____ C:\Users\Asia\Desktop\FRST.txt
2018-12-03 17:09 - 2018-12-03 17:10 - 000000000 ____D C:\FRST
2018-12-03 17:09 - 2018-12-03 17:09 - 002417152 _____ (Farbar) C:\Users\Asia\Desktop\FRST64.exe
2018-12-03 17:07 - 2018-12-03 17:07 - 000011484 _____ C:\Users\Asia\Desktop\gmer.txt
2018-12-03 16:52 - 2018-12-03 16:52 - 000380928 _____ C:\Users\Asia\Desktop\q39gcxvt.exe
2018-12-03 16:47 - 2018-12-03 16:47 - 000393880 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2018-12-03 16:46 - 2018-12-03 16:46 - 000597632 _____ (Duplex Secure Ltd) C:\Users\Asia\Desktop\SPTDinst-v190-x64.exe
2018-12-01 18:22 - 2018-12-01 18:22 - 000050624 _____ C:\Users\Asia\Desktop\Potwierdzenie wykonania operacji_20181201_182257.pdf
2018-11-22 17:22 - 2018-11-22 17:35 - 000000000 ____D C:\Users\Asia\AppData\Roaming\WhatsApp
2018-11-22 17:22 - 2018-11-22 17:22 - 000002183 _____ C:\Users\Asia\Desktop\WhatsApp.lnk
2018-11-22 17:22 - 2018-11-22 17:22 - 000000000 ____D C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-11-22 17:21 - 2018-11-22 17:22 - 000000000 ____D C:\Users\Asia\AppData\Local\WhatsApp
2018-11-22 17:21 - 2018-11-22 17:22 - 000000000 ____D C:\Users\Asia\AppData\Local\SquirrelTemp
2018-11-22 17:09 - 2018-11-22 17:09 - 146730936 _____ (WhatsApp) C:\Users\Asia\Downloads\WhatsAppSetup.exe
2018-11-22 17:04 - 2018-11-22 17:04 - 002527304 _____ (Kobakugefo ) C:\Users\Asia\Desktop\WhatsApp-73044-AsystentPobierania_0576454300.exe
2018-11-21 22:17 - 2018-11-21 22:17 - 001551123 _____ C:\Users\Asia\Desktop\wakacje.pdf
2018-11-21 04:50 - 2018-11-21 04:50 - 314462441 _____ C:\Windows\MEMORY.DMP
2018-11-21 04:50 - 2018-11-21 04:50 - 000266288 _____ C:\Windows\Minidump\112118-28329-01.dmp
2018-11-19 23:15 - 2018-11-19 23:15 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-11-19 12:57 - 2018-11-19 12:57 - 000071030 _____ C:\Users\Asia\Desktop\d7be84bc-5408-42d2-8d0d-acf3ea02feba (1).pdf
2018-11-11 13:03 - 2018-11-30 08:37 - 001175040 _____ C:\Users\Asia\Desktop\Grafik elektrycy GRUDZIEŃ 2018.xls
2018-11-11 09:49 - 2018-11-12 16:44 - 000000000 ____D C:\Users\Asia\Desktop\OpenOffice.org 2.4 (pl) Installation Files
2018-11-03 11:47 - 2018-11-03 11:47 - 001175040 _____ C:\Users\Asia\Desktop\Grafik elektrycy LISTOPAD 2018 z 12 wolnym.xls

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2018-12-03 16:57 - 2009-07-14 05:45 - 000010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-03 16:57 - 2009-07-14 05:45 - 000010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-03 16:54 - 2009-07-14 18:55 - 000740446 _____ C:\Windows\system32\perfh015.dat
2018-12-03 16:54 - 2009-07-14 18:55 - 000155988 _____ C:\Windows\system32\perfc015.dat
2018-12-03 16:54 - 2009-07-14 06:13 - 001669606 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-03 16:54 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-12-03 16:49 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-03 12:19 - 2016-06-10 11:18 - 000000000 ____D C:\Program Files\CCleaner
2018-12-02 21:58 - 2017-08-09 18:56 - 000000000 ____D C:\Users\Asia\Desktop\Grafiki
2018-12-02 11:42 - 2017-03-23 20:43 - 000000000 ____D C:\Program Files\Opera
2018-11-28 10:13 - 2017-03-23 20:45 - 000003876 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1490298332
2018-11-26 15:53 - 2017-12-29 11:34 - 000239840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-11-25 20:01 - 2018-03-28 17:20 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-11-25 20:01 - 2018-03-21 06:58 - 000004560 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-25 20:01 - 2017-05-13 12:21 - 000003960 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1494674458
2018-11-25 20:01 - 2017-05-13 12:15 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-11-25 20:01 - 2017-03-23 20:50 - 000004572 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-11-25 20:01 - 2016-06-10 11:18 - 000002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-11-25 20:01 - 2016-04-20 14:31 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-25 20:01 - 2016-04-20 14:29 - 000004412 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-22 19:17 - 2017-05-13 12:15 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-11-22 17:21 - 2016-07-26 16:28 - 001641484 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-11-21 04:50 - 2017-04-11 15:39 - 000000000 ____D C:\Windows\Minidump
2018-11-20 21:57 - 2016-04-20 14:29 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-20 21:57 - 2016-04-20 14:29 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-20 21:57 - 2016-04-20 14:29 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-20 21:57 - 2016-04-20 14:29 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-19 23:15 - 2017-11-18 07:27 - 000201240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-11-19 23:15 - 2017-05-13 12:15 - 000469272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-11-19 23:15 - 2017-05-13 12:15 - 000380464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-11-19 23:15 - 2017-05-13 12:15 - 000208472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-11-19 23:15 - 2017-05-13 12:15 - 000163208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-11-19 23:15 - 2017-05-13 12:15 - 000111800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-11-19 23:15 - 2017-05-13 12:15 - 000087432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-11-19 23:15 - 2017-05-13 12:15 - 000046384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-11-19 23:14 - 2018-10-22 12:27 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-11-19 23:14 - 2017-05-13 12:15 - 001028680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-11-19 23:14 - 2017-05-13 12:15 - 000346592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-11-19 23:14 - 2017-05-13 12:15 - 000230344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-11-19 23:14 - 2017-05-13 12:15 - 000201768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-11-19 23:14 - 2017-05-13 12:15 - 000059496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-11-16 17:22 - 2016-11-29 18:40 - 000000000 ____D C:\Users\Asia\Desktop\OpenOfficePortable
2018-11-12 16:49 - 2017-05-13 12:15 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-11-12 16:45 - 2016-04-20 12:26 - 000000000 ____D C:\Users\Asia
2018-11-12 16:44 - 2016-04-20 16:02 - 000000000 ____D C:\Program Files\IDT
2018-11-12 16:44 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2018-11-12 16:44 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\AppCompat
2018-11-05 11:37 - 2018-08-31 19:32 - 001175040 _____ C:\Users\Asia\Desktop\Grafik elektrycy PAŻDZIERNIK 2018.xls
2018-11-05 10:03 - 2017-05-14 13:40 - 000000000 ____D C:\Users\Asia\AppData\Local\ElevatedDiagnostics
2018-11-03 11:41 - 2018-10-10 13:13 - 001175040 _____ C:\Users\Asia\Desktop\Grafik elektrycy LISTOPAD 2018.xls

==================== Pliki w katalogu głównym wybranych folderów =======

2017-10-03 19:49 - 2017-11-07 14:41 - 000007599 _____ () C:\Users\Asia\AppData\Local\Resmon.ResmonCfg
2016-04-20 16:08 - 2016-04-20 16:09 - 000002198 _____ () C:\Users\Asia\AppData\Local\WiDiSetupLog.20160420.170815.txt

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2018-11-24 10:35

==================== Koniec  FRST.txt ============================



Kod: Zaznacz wszystko
Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 01.12.2018 01
Uruchomiony przez Asia (03-12-2018 17:11:31)
Uruchomiony z C:\Users\Asia\Desktop
Windows 7 Ultimate (X64) (2016-04-20 11:26:50)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-194541073-2574816472-3888968128-500 - Administrator - Disabled)
Asia (S-1-5-21-194541073-2574816472-3888968128-1000 - Administrator - Enabled) => C:\Users\Asia
Gość (S-1-5-21-194541073-2574816472-3888968128-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-194541073-2574816472-3888968128-1002 - Limited - Enabled)

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{70F55D70-7E5F-6291-4924-2F7640F19BFE}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
AOMEI Partition Assistant Standard Edition 7.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Ashampoo WinOptimizer FREE (HKLM-x32\...\{4209F371-8668-980C-19C9-F8698AB75135}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Facebook (HKLM-x32\...\{6DB19A18-004E-437F-B6C0-D4D70ED56161}_is1) (Version: 2.0.701 - Facebook, Inc.)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{B65BC649-C9D2-45F6-9DD6-D189BD91F02E}) (Version: 12.9.18.3 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
K-Lite Codec Pack 12.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.1.0 - KLCP)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
OpenOffice.org 2.4 (HKLM-x32\...\{E33DB440-A008-4928-8A4E-5FC5ADDED608}) (Version: 2.4.9364 - OpenOffice.org)
Opera Stable 50.0.2762.67 (HKLM-x32\...\Opera 50.0.2762.67) (Version: 50.0.2762.67 - Opera Software)
Opera Stable 56.0.3051.116 (HKLM-x32\...\Opera 56.0.3051.116) (Version: 56.0.3051.116 - Opera Software)
Opera Stable 56.0.3051.52 (HKLM-x32\...\Opera 56.0.3051.52) (Version: 56.0.3051.52 - Opera Software)
Pantum M6500W Series (HKLM\...\Pantum M6500W Series) (Version: 5.1.1.23 - Zhuhai Pantum Electronics Co.,Ltd.)
PX Profile Update (HKLM-x32\...\{422CB2BA-2A49-B156-D96C-5B1971DBFF2C}) (Version: 1.00.1. - AMD) Hidden
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
Skype (wersja 8.33) (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
WhatsApp (HKU\S-1-5-21-194541073-2574816472-3888968128-1000\...\WhatsApp) (Version: 0.3.1475 - WhatsApp)
WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-08-17] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-09] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {0C8691F4-D588-45FD-B79C-7D0D1A85B753} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_pepper.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {0D082162-8FD9-4777-9CD3-16F6C81D9CB5} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-19] (AVAST Software)
Task: {0ED73F0F-B2DC-4AEC-BE8E-7EAE53D8AF3D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {14105697-489B-4A91-A153-1A9818F9FAE0} - System32\Tasks\Opera scheduled Autoupdate 1490298332 => c:\program files\opera\launcher.exe [2018-11-26] (Opera Software)
Task: {19B3E63C-F9FD-45A3-98B5-703465BA72FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {1A4A1AF6-68B8-4113-8929-D8B0F2400372} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {57D96589-A6B8-46CA-880C-F8C05424BDF2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {64FD3826-087A-4FCA-8E55-E4CD94774CCB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-27] (AVAST Software)
Task: {833F4CF1-51BA-4115-9EFD-B655248EF221} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {8864502F-D815-4609-A293-A2A482057D2A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {919BB59D-69D2-44E5-80DC-D754656233BD} - System32\Tasks\SafeZone scheduled Autoupdate 1494674458 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {934371B6-A3A0-42FA-BF31-1083B3169E54} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {CDD350F8-30BF-4F12-9011-7F556C7457F6} - \Chromium denof -> Brak pliku <==== UWAGA
Task: {D1A0647C-1527-4529-B278-B8B1E9D77791} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)


==================== Skróty & WMI ========================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)


==================== Załadowane moduły (filtrowane) ==============

2016-06-01 19:16 - 2018-09-10 20:32 - 000091520 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll
2018-11-19 23:14 - 2018-11-19 23:14 - 000728792 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-11-28 10:13 - 2018-11-28 10:13 - 104197208 _____ () C:\Program Files\Opera\56.0.3051.116\opera_browser.dll
2018-11-28 10:13 - 2018-11-28 10:12 - 005082200 _____ () C:\Program Files\Opera\56.0.3051.116\libglesv2.dll
2018-11-28 10:13 - 2018-11-28 10:12 - 000116824 _____ () C:\Program Files\Opera\56.0.3051.116\libegl.dll
2018-12-03 16:52 - 2018-12-03 16:52 - 000380928 _____ () C:\Users\Asia\Desktop\q39gcxvt.exe
2018-11-19 23:14 - 2018-11-19 23:14 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-11-19 23:14 - 2018-11-19 23:14 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-12-03 15:02 - 2018-12-03 15:02 - 005801104 _____ () C:\Program Files\AVAST Software\Avast\defs\18120306\algo.dll
2018-11-19 23:14 - 2018-11-19 23:14 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-11-19 23:14 - 2018-11-19 23:14 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-11-19 23:14 - 2018-11-19 23:14 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-03-21 06:54 - 2018-03-21 06:54 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-04-20 16:04 - 2016-04-20 16:04 - 000172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9e07ecd66b80e726e4d6e7dbb9e4ade0\IsdiInterop.ni.dll
2016-04-20 16:04 - 2011-04-29 23:28 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)


==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)


==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 03:34 - 2018-11-15 19:27 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-194541073-2574816472-3888968128-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

Załączenie wejścia w fixlist spowoduje jego usunięcie.

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CnxtCoInstallerDefer => C:\Program Files\CONEXANT\PREINSTALL\SETUP57179B0A1\KESLYN.EXE  -REBOOTED_FROM_NO_ENUM_INSTALL_METHOD=1 -S
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SBrowserCheck => "%ALLUSERSPROFILE%\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe" /s /run_source=av_update /runonce /cgid 101
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{ED415ACD-FA06-4086-90D4-3A2B1D784584}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{D0879CF9-365C-4D1F-9F43-91654CC42B68}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{98C67F20-6F44-4E7D-B99E-DAEEB951F2E6}] => (Allow) c:\program files\opera\50.0.2762.58\opera.exe
FirewallRules: [{86332B5B-A7F3-470A-9302-1C1F42588840}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{82807A70-7ED4-4DFB-884A-9FD7A610FCD3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D3407DE6-FA6A-438A-8EA5-98B1AC6958DD}] => (Allow) c:\program files\opera\56.0.3051.43\opera.exe
FirewallRules: [{49C16F1F-915B-439F-B976-6E2CEBDF0D32}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{CA9C8935-0DDE-41B7-B810-EFEF27E7062E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{6665606D-A999-4539-AE01-743079B76515}] => (Allow) c:\program files\opera\56.0.3051.104\opera.exe
FirewallRules: [{5B458CE0-3410-4CC4-881A-A62E313AD7C8}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{4D70F6BA-4D0E-42F2-B98E-6EA04262C2C8}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{BA50E6CF-6921-479E-BAE8-0ED74F0322F9}] => (Allow) c:\program files\opera\56.0.3051.116\opera.exe

==================== Punkty Przywracania systemu =========================

03-12-2018 16:47:29 SPTD setup V1.90

==================== Wadliwe urządzenia w Menedżerze urządzeń =============


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (12/03/2018 04:49:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Users\Asia\AppData\Local\chromium\Application\chrome.exe".
Nie można odnaleźć zestawu zależnego 58.0.3014.0,language="&#x2a;",type="win32",version="58.0.3014.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (12/03/2018 04:47:28 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu.
.
To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym.


Operacja:
   Zbieranie danych modułu zapisującego

Kontekst:
   Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220}
   Nazwa modułu zapisującego: System Writer
   Identyfikator wystąpienia modułu zapisującego: {c13893db-e331-4b57-9c3d-65eea9addb42}

Error: (12/03/2018 04:28:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Users\Asia\AppData\Local\chromium\Application\chrome.exe".
Nie można odnaleźć zestawu zależnego 58.0.3014.0,language="&#x2a;",type="win32",version="58.0.3014.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (12/03/2018 03:02:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Users\Asia\AppData\Local\chromium\Application\chrome.exe".
Nie można odnaleźć zestawu zależnego 58.0.3014.0,language="&#x2a;",type="win32",version="58.0.3014.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (12/03/2018 01:12:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Users\Asia\AppData\Local\chromium\Application\chrome.exe".
Nie można odnaleźć zestawu zależnego 58.0.3014.0,language="&#x2a;",type="win32",version="58.0.3014.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (12/03/2018 12:16:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Users\Asia\AppData\Local\chromium\Application\chrome.exe".
Nie można odnaleźć zestawu zależnego 58.0.3014.0,language="&#x2a;",type="win32",version="58.0.3014.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (12/03/2018 09:21:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Users\Asia\AppData\Local\chromium\Application\chrome.exe".
Nie można odnaleźć zestawu zależnego 58.0.3014.0,language="&#x2a;",type="win32",version="58.0.3014.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (12/03/2018 05:49:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Users\Asia\AppData\Local\chromium\Application\chrome.exe".
Nie można odnaleźć zestawu zależnego 58.0.3014.0,language="&#x2a;",type="win32",version="58.0.3014.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.


Dziennik System:
=============
Error: (11/28/2018 10:08:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 10:07:53 na ‎2018-‎11-‎28 było nieoczekiwane.

Error: (11/21/2018 04:50:29 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Nastąpił ponowny rozruch komputera po operacji wykrywania błędów. Wyniki tej operacji były następujące: 0x00000050 (0xfffffa810903d7c0, 0x0000000000000000, 0xfffff880065cf037, 0x0000000000000005). Zrzut zapisano w: C:\Windows\MEMORY.DMP. Identyfikator raportu: 112118-28329-01.

Error: (11/14/2018 06:30:19 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Nie można poprawnie uruchomić usługi „WMPNetworkSvc”, ponieważ funkcja CoCreateInstance(CLSID_UPnPDeviceFinder) napotkała błąd „0x80004005”. Sprawdź, czy usługa UPnPHost jest uruchomiona i czy składnik UPnPHost systemu Windows jest zainstalowany właściwie.

Error: (11/11/2018 08:33:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (11/11/2018 08:33:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla niej błąd %%-1073473535.

Error: (11/06/2018 07:02:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi fdPHost.

Error: (11/05/2018 03:06:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Serwer {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} nie zarejestrował się w modelu DCOM w wymaganym czasie.

Error: (10/16/2018 09:37:11 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{2354E574-9EE0-479D-A5C0-7F94837F2AF5}.
Przeglądarka zapasowa jest zatrzymywana.


CodeIntegrity:
===================================

Date: 2018-09-21 16:39:34.312
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbnet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-09-21 16:39:34.281
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbnet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-09-21 16:39:34.203
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-09-21 16:39:34.203
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-09-21 16:39:34.187
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-09-21 16:39:34.171
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-09-21 13:08:11.821
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbnet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-09-21 13:08:11.801
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbnet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Statystyki pamięci ===========================

Procesor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Procent pamięci w użyciu: 60%
Całkowita pamięć fizyczna: 4043.86 MB
Dostępna pamięć fizyczna: 1600.66 MB
Całkowita pamięć wirtualna: 8085.87 MB
Dostępna pamięć wirtualna: 5604.57 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:64.74 GB) (Free:35.08 GB) NTFS
Drive d: () (Fixed) (Total:380.86 GB) (Free:328.12 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:16.1 GB) (Free:1.77 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)]
Drive f: (Mój dysk) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS

\\?\Volume{17b8f9f9-06e9-11e6-acec-806e6f6e6963}\ (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D4B3B3A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=64.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=380.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16.1 GB) - (Type=07 NTFS)

==================== Koniec  Addition.txt ============================


Kod: Zaznacz wszystko
Rezultat skanowania skrótów użytkowników (x64) Wersja: 01.12.2018 01
Uruchomiony przez Asia (03-12-2018 17:13:17)
Uruchomiony z C:\Users\Asia\Desktop
Tryb startu: Normal

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIT Format 2016\Deinstalacja programu PIT Format 2016.lnk -> C:\PIT Format 2016\unins000.exe (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIT Format 2016\PIT Format 2016.lnk -> C:\PIT Format 2016\PIT_Format_2016.exe (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pantum\Pantum M6500W Series\Help File.lnk -> C:\Windows\System32\spool\drivers\x64\3\ptm6500enus.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pantum\Pantum M6500W Series\Pantum Push Scan Manager.lnk -> C:\Program Files\Pantum\ptm6500\PushScan\ptm6500pushscan.exe (pantum)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pantum\Pantum M6500W Series\Uninstall.lnk -> C:\Windows\System32\Pantum\ptm6500\UnSetupData\ptm6500uis.exe (Pantum Electronics Co.,Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Base.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\sbase.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Calc.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\scalc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Draw.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\sdraw.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Impress.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\simpress.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Math.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\smath.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Writer.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\swriter.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt\Informacje o zmianach.lnk -> C:\Program Files (x86)\NapiProjekt\changelog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt\NapiProjekt.lnk -> C:\Program Files (x86)\NapiProjekt\napisy.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt\Strona domowa NapiProjekt.lnk -> C:\Program Files (x86)\NapiProjekt\www.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext (x64).lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo WinOptimizer FREE\Ashampoo WinOptimizer FREE  .lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WOFree.exe (Ashampoo GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo WinOptimizer FREE\Pomoc.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Translation\9.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 7.0\AOMEI Partition Assistant Standard Edition 7.0.lnk -> C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 7.0\PartAssist.exe (AOMEI Technology Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 7.0\Uninstall AOMEI Partition Assistant.lnk -> C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 7.0\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\Links\Desktop.lnk -> C:\Users\Asia\Desktop ()
Shortcut: C:\Users\Asia\Links\Downloads.lnk -> C:\Users\Asia\Downloads ()
Shortcut: C:\Users\Asia\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Asia\Desktop\Dokumenty ważne.lnk -> D:\Dokumenty ważne ()
Shortcut: C:\Users\Asia\Desktop\Moje obrazy — skrót.lnk -> D:\Pictures ()
Shortcut: C:\Users\Asia\Desktop\Patent.lnk -> D:\ ()
Shortcut: C:\Users\Asia\Desktop\PITY.lnk -> C:\ ()
Shortcut: C:\Users\Asia\Desktop\Tel. Asia.lnk -> D:\Tel. Asia ()
Shortcut: C:\Users\Asia\Desktop\tel.plotrek.lnk -> D:\ ()
Shortcut: C:\Users\Asia\Desktop\WhatsApp.lnk -> C:\Users\Asia\AppData\Local\WhatsApp\WhatsApp.exe (WhatsApp)
Shortcut: C:\Users\Asia\Desktop\pulpit - to co bylo na pulpicie przed formatowaniem\Zdjęcia.lnk -> C:\Pictures (Brak pliku)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp\WhatsApp.lnk -> C:\Users\Asia\AppData\Local\WhatsApp\WhatsApp.exe (WhatsApp)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence\ByteFence Anti-Malware.lnk -> C:\Program Files\ByteFence\ByteFence.exe (Brak pliku)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Brak pliku)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Przeglądarka Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\Asia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\PIT Format 2016.lnk -> C:\PIT Format 2016\PIT_Format_2016.exe (Brak pliku)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Facebook.lnk -> C:\Program Files (x86)\Facebook\Facebook.exe (Facebook) -> --carrier-info OY2FycmllckFDPTFRMUYxUzFDMVAxRTFDMUYxTjFDMVQxSDJVdEYxRTFJJmNhcnJpZXJQcklEPTFRMUYxUzFDMVAxRTFDMUYxTjFDMVQxSDJVdEYxRTFJJmNhcnJpZXJQclN1Yj10SjFWMEYxVDFSMVAxUzFGMUYxSjFWMFcxUDFTMVQxRTFFJmNhcnJpZXJVSUQ9eUN0RDBEenp0Q3p5dEQwQzBCeUN5RXlEdEEwRDBBeUImaW5
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pantum\Pantum M6500W Series\Pantum Scan Application.lnk -> C:\Program Files\Pantum\ptm6500\PushScan\ptm6500app.exe (Zhuhai Pantum Electronics Co.,Ltd.) -> "Pantum M6500W Series"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pantum\Pantum M6500W Series\Wireless Network Configuration Tool.lnk -> C:\Program Files\Pantum\ptm6500\WifiTools\x64\WifiConfig.exe (Zhuhai Pantum Electronics Co.,Ltd.) ->  "Pantum M6200-M6500-M6550-M6600-MS6000 Series"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt\Napisy oczekujące na pobranie.lnk -> C:\Program Files (x86)\NapiProjekt\napisy.exe () -> -kolejka
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub64\vsfilter.dll",DirectVobSub
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madVR.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Filters\madVR\madHcCtrl.exe (madshi.net) -> editLocalSettingsDontWait
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Asia\Desktop\Pantum Scan Application Pantum M6500W Series.lnk -> C:\Program Files\Pantum\ptm6500\PushScan\ptm6500app.exe (Zhuhai Pantum Electronics Co.,Ltd.) -> "Pantum M6500W Series"
ShortcutWithArgument: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Asia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Online Codec Help.url -> URL: hxxp://www.codecguide.com/help.htm
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity\fillUp online - przyjazne formularze, umowy, druki.url -> URL: hxxp://fillup.pl/online
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity\Przejdź na stronę WWW o e-pity.url -> URL: hxxp://e-pity.pl
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 7.0\Visit our website.url -> URL: hxxp://www.disk-partition.com
InternetURL: C:\Users\Asia\Favorites\Windows Live\Galeria gadżetów Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkID=70742
InternetURL: C:\Users\Asia\Favorites\Windows Live\Poczta usługi Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Asia\Favorites\Windows Live\Programy usługi Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\Asia\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\Asia\Favorites\MSN — witryny sieci Web\MSN Gospodarka.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Asia\Favorites\MSN — witryny sieci Web\MSN Rozrywka.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Asia\Favorites\MSN — witryny sieci Web\MSN Sport.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Asia\Favorites\MSN — witryny sieci Web\MSN Technologie.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Asia\Favorites\MSN — witryny sieci Web\MSN Wideo.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Asia\Favorites\MSN — witryny sieci Web\Portal MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\Centrum bezpieczeństwa Microsoft.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkID=72887
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\Dodatki programu Internet Explorer.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\Microsoft Office Online.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72885
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\Microsoft Technet.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72886
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\Microsoft w Polsce.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\Oryginalne oprogramowanie firmy Microsoft.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72900
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\Strona główna programu Internet Explorer.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\Strona główna systemu Windows.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\Technologia RSS.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72889
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\W domu.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\Asia\Favorites\Microsoft — witryny sieci Web\W pracy.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72407
InternetURL: C:\Users\Asia\Favorites\Links for Polska\Bezpieczeństwo w trybie online.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=142211
InternetURL: C:\Users\Asia\Favorites\Links for Polska\Bezpieczny Internet.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129626
InternetURL: C:\Users\Asia\Favorites\Links for Polska\Kultura.pl.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129625
InternetURL: C:\Users\Asia\Favorites\Links for Polska\Pogodynka.pl — oficjalny serwis pogodowy IMGW.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129624
InternetURL: C:\Users\Asia\Favorites\Links for Polska\Polska.pl.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129622
InternetURL: C:\Users\Asia\Favorites\Links\Facebook.url -> URL: hxxps://www.facebook.com/campaign/landing.php?campaign_id=572665646222743&placement=Model 1-20&keyword=Wi9IZxl2aGIefxwZbXAYbxwCbW0JNUguEnQcaxd2GGsYdxloG3QUaBt2CjVJIEkoEgBNOUokQzVEGXs%2FTSdcKgklXjkcdBFiFnQZbh90H2j%2BUAAAAC9GLFo%3D&extra_2=PL&creative=bookmark
InternetURL: C:\Users\Asia\Favorites\Links\Galeria obiektów Web Slice.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Asia\Favorites\Links\Sugerowane witryny.url -> URL: hxxps://ieonline.microsoft.com/#ieslice

==================== Koniec  Shortcut.txt =============================
adamII
~user
 
Posty: 16
Dołączenie: 24 Lip 2010, 14:08



Komputer nieformatowany od lat wolno chodzi.

Postprzez ordynat 03 Gru 2018, 21:50

Nic tu nie wskazuje na istnienie jakiejkolwiek infekcji.

Tylko kosmetyka:
Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego:
C:\Windows\Minidump\*.dmp
FF user.js: detected! => C:\Users\Asia\AppData\Roaming\Mozilla\Firefox\Profiles\kwqd09qj.default\user.js [2018-01-15]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
Task: {CDD350F8-30BF-4F12-9011-7F556C7457F6} - \Chromium denof -> Brak pliku <==== UWAGA
C:\Users\Public\Desktop\PIT Format 2016.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIT Format 2016\Deinstalacja programu PIT Format 2016.lnk
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).
.
ordynat
~user
 
Posty: 4765
Dołączenie: 02 Kwi 2010, 11:18
Pochwały: 866



Komputer nieformatowany od lat wolno chodzi.

Postprzez adamII 03 Gru 2018, 22:57

dzieki, czyli poprostu lata zrobily swoje
adamII
~user
 
Posty: 16
Dołączenie: 24 Lip 2010, 14:08




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 18 gości