Wirusy obciążające system typu sejheb i hemkajdoa

[Batek]

Niedawno mój komputer został zainfekowany przez wirusy typu hemkajdoa i sejheb potrzebuje pomocy. +Na chromie wyskakują mi (Ads by Albireo).

[ordynat]

1) Odinstaluj ten program:

Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.4.9 - Reimage) <==== UWAGA

[Batek]

Usunięty.

[ordynat]

1) Otwórz Notatnik i wklej w nim:

CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.21.135\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.21.99\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.27.5\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.30.3\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.31.5\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.28.1\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.21.123\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.28.13\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.29.5\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.26.9\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.29.1\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.28.15\psuser.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Majka\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.21.111\psuser.dll => Brak pliku
Task: {33E453EF-F32D-4960-9938-E71471E54C5C} - System32\Tasks\Reimage Reminder => 'C:\Program [Argument = Files\Reimage\Reimage Repair\ReimageReminder.exe'] <==== UWAGA
Task: {4C7C9E22-D7D5-418E-93F1-BA23527D69F2} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-11-06] (Reimage®) <==== UWAGA
Task: {5F335267-FCB4-4DCD-AC38-F3D75A3739B7} - System32\Tasks\bku3495360151637952 => Rundll32.exe C:\Users\Majka\AppData\Local\Temp\tubgQuVaP8_1\gRdncIfzO.dll",#62 5_k1zz1ie <==== UWAGA
Task: C:\Windows\Tasks\bku3495360151637952.job => C:\Users\Majka\AppData\Local\Temp\tubgQuVaP8_1\gRdncIfzO.dll <==== UWAGA
RemoveDirectory: C:\Program Files\Reimage
RemoveDirectory: C:\Users\Majka\AppData\Roaming\Hemkajdoa
RemoveDirectory: C:\Program Files\sbqh
RemoveDirectory: C:\Program Files\DPower
RemoveDirectory: C:\rei
RemoveDirectory: C:\ProgramData\Reimage Protector
RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
RemoveDirectory:
HKLM\...\Run: [app] => C:\Program Files\sbqh\uc.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [MAVO8Y6L4W] => "C:\Program Files\DPower\YLKLRXU3SL.exe" <===== UWAGA
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [svchost0] => C:\Program Files\sbqh\uc.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [MZ9ESW0HXM] => "C:\Program Files\DPower\YQVQG8VG09.exe" <===== UWAGA
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (Brak pliku)
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
Tcpip\..\Interfaces\{682F8928-0235-4CA9-9880-E28A9225D004}: [NameServer] 188.120.239.115,8.8.8.8
Tcpip\..\Interfaces\{7AF6F280-1F91-478F-B69B-E5B0AADB2F86}: [NameServer] 188.120.239.115,8.8.8.8
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku]
CHR Plugin: (Babylon ToolBar) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll => Brak pliku
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll => Brak pliku
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => Brak pliku
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => Brak pliku
CHR Plugin: (Google Update) - C:\Users\Majka\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Brak pliku
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll => Brak pliku
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll => Brak pliku
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6542704 2016-11-06] (Reimage®)
R2 Viokdojvaf; C:\Users\Majka\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe [170496 2016-08-11] () [Brak podpisu cyfrowego]
S2 Citdhwa; "C:\Users\Majka\AppData\Roaming\AzigcWig\Geeswu.exe" -cms [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
C:\Windows\Reimage.ini
2016-09-08 06:53 - 2016-09-09 15:22 - 0011568 _____ () C:\Users\Majka\AppData\Roaming\InstallationConfiguration.xml
2016-09-08 06:53 - 2016-09-09 15:22 - 0138240 _____ () C:\Users\Majka\AppData\Roaming\Installer.dat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2\Pomoc OLYMPUS Master 2.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2\OLYMPUS Master 2.lnk
C:\Users\Majka\Desktop\Bartek\TeamViewer 11.lnk
HOSTS:
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

2) Zrób nowe logi FRST - już bez Shortcut.
.

[Batek]

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 11-01-2017
Uruchomiony przez Majka (administrator) MAJKA-PC (12-01-2017 17:55:20)
Uruchomiony z D:\Rar$EXa0.073
Załadowane profile: Majka (Dostępne profile: Majka)
Platform: Microsoft® Windows Vista™ Home Basic (X86) Język: Polski (Polska)
Internet Explorer Wersja 7 (Domyślna przeglądarka: Opera)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Hi-Rez Studios) D:\HiPatchService.exe
() C:\Windows\System32\rpcnetp.exe
(Razer Inc.) D:\Razer Cortex\RzKLService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
() D:\ScreenShooter5\ScreenShooter5.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Wargaming.net) D:\WoT V\WargamingGameUpdater.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Users\Majka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Majka\AppData\Local\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Users\Majka\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Majka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Majka\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2011-08-22] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKLM\...\Run: [OM2_Monitor] => "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [Google Update] => C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [OM2_Monitor] => "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [ChomikBox] => C:\Program Files\ChomikBox\chomikbox.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [ScreenShooter] => D:\ScreenShooter5\ScreenShooter5.exe [946688 2015-09-18] ()
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [Steam] => D:\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [Bloody2] => "C:\Program Files\Bloody6\Bloody6\Bloody6.exe" Minimum
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6775512 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [World of Tanks] => D:\wot\WargamingGameUpdater.exe [3134728 2016-08-05] (Wargaming.net)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [World of Tanks (1)] => D:\WoT V\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {322fbe92-cd0e-11e0-a87d-002186b495d1} - H:\SETUP.EXE
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {32d3d6ea-120c-11e2-9a85-002186b495d1} - F:\Setup.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {7b7ccc29-f078-11e1-b9ad-002186b495d1} - F:\RunClubSanDisk.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {82538548-575c-11e6-95f1-0022645cb4c8} - F:\autorun.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {82538564-575c-11e6-95f1-0022645cb4c8} - F:\autorun.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {ccc846cf-6466-11e6-9d0f-0022645cb4c8} - F:\Install.exe

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 62.179.1.61 62.179.1.63
Tcpip\..\Interfaces\{682F8928-0235-4CA9-9880-E28A9225D004}: [DhcpNameServer] 62.179.1.61 62.179.1.63

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131044823901040000&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131044823902080000&GUID=00000000-0000-0000-0000-000000000000
URLSearchHook: [S-1-5-21-4287701738-4041416532-456939901-1000] UWAGA => Brak domyślnego URLSearchHook
SearchScopes: HKLM -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll => Brak pliku
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\JAVA\bin\ssv.dll [2016-06-13] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\JAVA\bin\jp2ssv.dll [2016-06-13] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-12] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> D:\JAVA\bin\dtplugin\npDeployJava1.dll [2016-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> D:\JAVA\bin\plugin2\npjp2.dll [2016-06-13] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4287701738-4041416532-456939901-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4287701738-4041416532-456939901-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4287701738-4041416532-456939901-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Majka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-22] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Shockwave Flash) - C:\Users\Majka\AppData\Local\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\Majka\AppData\Local\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Brak pliku
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Majka\AppData\Local\Google\Chrome\Application\49.0.2623.112\pdf.dll => Brak pliku
CHR Plugin: (HP Product Detection Plugin for Mozilla) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npProductDetectPlugin.dll => Brak pliku
CHR Plugin: (HP Active Check Plugin) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npAclmPlugin.dll => Brak pliku
CHR Plugin: (HP Pit Plugin) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npPitPlugin.dll => Brak pliku
CHR Plugin: (Babylon ToolBar) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll => Brak pliku
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll => Brak pliku
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => Brak pliku
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => Brak pliku
CHR Plugin: (Unity Player) - C:\Users\Majka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Majka\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Brak pliku
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll => Brak pliku
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll => Brak pliku
CHR Profile: C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default [2017-01-12]
CHR Extension: (Battlefield Heroes) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2015-06-13]
CHR Extension: (AdBlock) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-29]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
StartMenuInternet: Google Chrome - C:\Users\Majka\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [238376 2015-06-04] (EasyAntiCheat Ltd) [Brak podpisu cyfrowego]
R2 HiPatchService; D:\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [Brak podpisu cyfrowego]
R2 RzKLService; D:\Razer Cortex\RzKLService.exe [129168 2015-06-05] (Razer Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2011-08-22] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-08-22] (DT Soft Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] ()
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [104096 2015-09-08] (BigNox Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [203424 2015-09-08] (BigNox Corporation)

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-12 17:51 - 2017-01-12 17:51 - 00017408 _____ C:\Windows\system32\rpcnetp.dll
2017-01-12 17:50 - 2017-01-12 17:50 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2017-01-12 17:44 - 2017-01-12 17:48 - 00007328 _____ C:\Users\Majka\Desktop\fixlist.txt.txt
2017-01-12 16:43 - 2017-01-12 17:55 - 00000000 ____D C:\FRST
2017-01-03 21:29 - 2017-01-03 21:29 - 00387464 _____ C:\Users\Majka\Desktop\Scan1.pdf
2017-01-03 21:28 - 2017-01-03 21:28 - 00329904 _____ C:\Users\Majka\Desktop\Scan.pdf
2017-01-02 17:48 - 2017-01-02 17:48 - 00001594 _____ C:\Users\Majka\AppData\Local\recently-used.xbel
2016-12-20 22:33 - 2016-12-20 22:33 - 00012090 _____ C:\Users\Majka\Desktop\Emaile.docx

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-12 17:51 - 2016-09-08 13:55 - 00000008 __RSH C:\Users\Majka\ntuser.pol
2017-01-12 17:51 - 2016-09-08 06:48 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-12 17:51 - 2011-08-22 20:38 - 00000000 ____D C:\Users\Majka
2017-01-12 17:50 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-12 17:50 - 2006-11-02 13:45 - 00003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-12 17:50 - 2006-11-02 13:45 - 00003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-12 17:49 - 2015-09-28 17:28 - 00000000 ____D C:\Users\Majka\Desktop\Bartek
2017-01-12 17:49 - 2013-03-04 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2
2017-01-12 17:49 - 2011-08-22 20:33 - 00000012 _____ C:\Windows\bthservsdp.dat
2017-01-12 17:49 - 2006-11-02 13:58 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-12 17:49 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-01-12 17:29 - 2013-02-27 22:07 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-12 14:29 - 2013-02-27 22:07 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-12 14:29 - 2011-08-23 08:21 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-12 14:29 - 2011-08-23 08:20 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-12 14:13 - 2006-12-05 06:19 - 00543576 _____ C:\Windows\system32\perfh015.dat
2017-01-12 14:13 - 2006-12-05 06:19 - 00088738 _____ C:\Windows\system32\perfc015.dat
2017-01-12 14:13 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2017-01-12 14:13 - 2006-11-02 11:33 - 01346548 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-12 14:12 - 2016-01-17 19:07 - 00049536 _____ (Absolute Software Corp.) C:\Windows\system32\agremove.exe
2017-01-08 20:22 - 2016-12-06 21:45 - 00000000 ____D C:\Users\Majka\Desktop\Gotowosci szkolne
2017-01-08 17:41 - 2016-11-16 20:51 - 00000000 ____D C:\Users\Majka\Desktop\MAMA 2
2017-01-07 13:42 - 2016-11-18 20:56 - 00000000 ____D C:\Users\Majka\.gimp-2.8
2016-12-29 21:50 - 2015-11-14 21:58 - 00000000 ____D C:\Users\Majka\AppData\Roaming\TS3Client
2016-12-29 07:56 - 2011-08-22 20:38 - 00000680 _____ C:\Users\Majka\AppData\Local\d3d9caps.dat
2016-12-20 22:16 - 2015-09-28 17:31 - 00000000 ____D C:\Users\Majka\Desktop\Mama
2016-12-17 14:33 - 2011-08-22 20:32 - 00000000 ____D C:\Windows\SoftwareDistribution

==================== Pliki w katalogu głównym wybranych folderów =======

2015-06-13 14:11 - 2015-06-13 14:11 - 0138056 _____ () C:\Users\Majka\AppData\Roaming\PnkBstrK.sys
2011-08-22 23:15 - 2011-08-22 23:15 - 0000000 _____ () C:\Users\Majka\AppData\Local\AtStart.txt
2011-08-22 20:38 - 2016-12-29 07:56 - 0000680 _____ () C:\Users\Majka\AppData\Local\d3d9caps.dat
2011-08-22 20:43 - 2015-10-25 11:51 - 0061440 _____ () C:\Users\Majka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-22 23:15 - 2011-08-22 23:15 - 0000000 _____ () C:\Users\Majka\AppData\Local\DSwitch.txt
2011-08-24 13:00 - 2011-08-24 14:42 - 0000000 _____ () C:\Users\Majka\AppData\Local\FnF4.txt
2011-08-22 23:15 - 2011-08-22 23:15 - 0000000 _____ () C:\Users\Majka\AppData\Local\QSwitch.txt
2017-01-02 17:48 - 2017-01-02 17:48 - 0001594 _____ () C:\Users\Majka\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll
[2011-08-25 12:32] - [2011-08-25 12:32] - 0162816 ____A (Microsoft Corporation) 7BD0B461518940337AC410AA5314F0F2

C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2017-01-12 17:56

==================== Koniec FRST.txt ============================

[ordynat]

Otwórz Notatnik i wklej w nim:

CHR Plugin: (Babylon ToolBar) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll => Brak pliku
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll => Brak pliku
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => Brak pliku
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => Brak pliku
CHR Plugin: (Google Update) - C:\Users\Majka\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Brak pliku
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll => Brak pliku
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll => Brak pliku

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

C:\Windows\system32\dnsapi.dll
[2011-08-25 12:32] - [2011-08-25 12:32] - 0162816 ____A (Microsoft Corporation) 7BD0B461518940337AC410AA5314F0F2

Podejrzana suma kontrolna Md5 tego pliku Systemowego.
Na wszelki wypadek:
Użyj RepairDNS > http://www.fixitpc.pl/topic/8-dezynfekcja-zbi%C3%B3r-narz%C4%99dzi-usuwaj%C4%85cych/#entry172749
Link zapasowy > http://www.mediafire.com/download/yedejtr7p4q36zm/RepairDNS.zip
Daj z tego raport.
.

[Batek]

~ RepairDNS v2016.3.24.1 Nicolas Coolman (2016/03/24)
~ Run by Majka (Administrator) (2017/01/12 18:26:12)
~ Site : http://www.nicolascoolman.fr
~ Windows VISTA,X86 (Build 6000)

=======[ Microsoft Windows Defender Service ]
The service is running

=======[ Search DNS Dynamic Link Library 32/64bits (DLL) ]
FOUND: C:\Windows\System32\dnsapi.dll [162816] =>Not infected

=======[ End Of Treatment ]

2) Mam jeszcze problemy z przeglądarką Zacina sie i Wyskakują reklamy (ads by albireo)..

[ordynat]

Plik nie jest zarażony.

Wyskakują reklamy (ads by albireo)

Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C".
.

[Batek]

# AdwCleaner v6.042 - raport utworzono 12/01/2017 o 18:46:04
# Ostatnia aktualizacja: 06/01/2017 przez Malwarebytes
# Baza danych : 2017-01-11.1 [Z serwera]
# System operacyjny : Windows Vista (TM) Home Basic (X86)
# Nazwa użytkownika : Majka - MAJKA-PC
# Lokalizacja programu : D:\Rar$EXa0.752\AdwCleaner.exe
# Tryb: Czyszczenie
# Wsparcie : https://www.malwarebytes.com/support



***** [ Usługi ] *****



***** [ Foldery ] *****

[-] Usunięto folder: C:\Users\Majka\AppData\LocalLow\COMPANY\PRODUCT
[-] Usunięto folder: C:\Users\Majka\AppData\Roaming\GameLauncher


***** [ Pliki ] *****

[-] Usunięto plik: C:\Windows\system32\kz.exe


***** [ DLL ] *****

[!] Nie zdezynfekowano pliku: C:\Windows\system32\dnsapi.dll


***** [ WMI ] *****



***** [ Skróty ] *****



***** [ Zaplanowane zadania ] *****



***** [ Rejestr ] *****

[-] Usunięto klucz: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Usunięto klucz: HKU\S-1-5-21-4287701738-4041416532-456939901-1000\Software\Reimage
[-] Usunięto klucz: HKU\S-1-5-21-4287701738-4041416532-456939901-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Usunięto klucz: HKU\S-1-5-21-4287701738-4041416532-456939901-1000\Software\MICROSOFT\wewewe
[#] Klucz usunięto podczas ponownego uruchomienia: HKCU\Software\Reimage
[#] Klucz usunięto podczas ponownego uruchomienia: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Klucz usunięto podczas ponownego uruchomienia: HKCU\Software\MICROSOFT\wewewe
[-] Usunięto klucz: HKLM\SOFTWARE\Reimage
[-] Usunięto klucz: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Usunięto klucz: HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\


KuaiZip2ShlExt
[-] Usunięto klucz: HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\


KuaiZip2ShlExt
[-] Usunięto klucz: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\


KuaiZip2ShlExt


***** [ Przeglądarki ] *****



*************************

:: Usunięto klucze "Tracing"
:: Zresetowano ustawienia Winsock

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [32532 bajty] - [09/09/2016 16:04:46]
C:\AdwCleaner\AdwCleaner[C2].txt - [3292 bajty] - [19/09/2016 07:21:25]
C:\AdwCleaner\AdwCleaner[C3].txt - [1605 bajty] - [26/09/2016 17:51:14]
C:\AdwCleaner\AdwCleaner[C4].txt - [2988 bajty] - [12/01/2017 18:46:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [31681 bajty] - [09/09/2016 13:51:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [31312 bajty] - [09/09/2016 14:00:09]
C:\AdwCleaner\AdwCleaner[S2].txt - [30080 bajty] - [09/09/2016 14:49:02]
C:\AdwCleaner\AdwCleaner[S3].txt - [29898 bajty] - [09/09/2016 15:54:01]
C:\AdwCleaner\AdwCleaner[S4].txt - [3362 bajty] - [19/09/2016 07:13:51]
C:\AdwCleaner\AdwCleaner[S5].txt - [1842 bajty] - [26/09/2016 17:49:08]
C:\AdwCleaner\AdwCleaner[S6].txt - [3554 bajty] - [12/01/2017 18:36:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [3576 bajty] ##########

Dodano Dzisiaj, 18:54:
Juz nie ma albireo (chyba) ale dziwnie przeskakuje jakby strona kiedy klikam w cos jakby pojawialo sie coś ale nie działało. Niewiem jak wytłumaczyć..

[ordynat]

Hmm, Adw-Cleaner niczego nie wykrył z "albireo".

Jeśli problem dalej aktualny, to zrób nowe logi FRST.
przed skanem zaznacz: Additional.txt

(zajrzę tu dopiero ok. 20:10)

[Batek]

Juz nie ma albireo (chyba)

Jednak jest adw nie pomógł

[ordynat]

Jeśli problem dalej aktualny, to zrób nowe logi FRST.
przed skanem zaznacz: Additional.txt

[Batek]

Addition

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja: 12-01-2017
Uruchomiony przez Majka (12-01-2017 20:34:13)
Uruchomiony z D:\Rar$EXa0.553
Microsoft® Windows Vista™ Home Basic (X86) (2011-08-22 19:33:48)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-4287701738-4041416532-456939901-500 - Administrator - Disabled)
Gość (S-1-5-21-4287701738-4041416532-456939901-501 - Limited - Disabled)
Majka (S-1-5-21-4287701738-4041416532-456939901-1000 - Administrator - Enabled) => C:\Users\Majka

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)


==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft)
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft)
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft)
AMD Catalyst Install Manager (HKLM\...\{9F368FA7-2B3C-8207-A31F-0BEF463F4B6E}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation)
ccc-core-static (Version: 2008.0508.2151.37248 - Nazwa firmy) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Foxit Reader 5.0 (HKLM\...\Foxit Reader_is1) (Version: 5.0.2.718 - Foxit Corporation)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
GrabIt 1.7.2 Beta 4 (build 997) (HKLM\...\GrabIt_is1) (Version: - Ilan Shemes)
GS Auto Clicker (HKLM\...\GS Auto Clicker_is1) (Version: V3.1.2 - goldensoft.org)
GTA San Andreas (HKLM\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Deskjet Ink Adv 2060 K110 Badanie ulepszeń produktu (HKLM\...\{7C551168-C398-47B6-AD42-93BE2E36DD37}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Podstawowe oprogramowanie urządzenia (HKLM\...\{AA22FE8A-5247-4051-BF25-E86BA687C0D9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Pomoc (HKLM\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Product Detection (HKLM\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
K-Lite Codec Pack 7.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
League of Legends (HKLM\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (Version: 4.1.2 - Riot Games) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
OLYMPUS Master 2 (HKLM\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}) (Version: 7.1.3.100 - Apple Computer, Inc.)
ScreenShooter5 (HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\ScreenShooter5) (Version: 5.0 - )
Skins (Version: 2008.0508.2151.37248 - ATI) Hidden
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.21 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\ChromeHTML: -> C:\Users\Majka\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <==== UWAGA
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Majka\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Majka\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4287701738-4041416532-456939901-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {2EA6F310-7171-443D-8BF2-0C5EFBBB470B} - System32\Tasks\{482BA335-0AFB-4AD1-B9D8-6627DD66C7B0} => Chrome.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/pl/abandoninstall?page=tsProgressBar
Task: {5D8BD0AB-2AA0-49C8-88C7-0C6C69F09910} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287701738-4041416532-456939901-1000UA => C:\Users\Majka\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-03] (Google Inc.)
Task: {69A2918A-D78F-49C7-8115-0044CB6997A7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287701738-4041416532-456939901-1000Core => C:\Users\Majka\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-03] (Google Inc.)
Task: {69EF1C0A-740D-4430-A291-9606B317FA0B} - System32\Tasks\{57BBAFEE-B4CB-42B9-905D-4EC4BE3608A1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102.259/pl/abandoninstall?page=tsProgressBar
Task: {A23869F2-A583-47A8-9DC5-EC19DEE2B44E} - System32\Tasks\Opera scheduled Autoupdate 1473438001 => C:\Program Files\Opera\launcher.exe [2016-08-05] (Opera Software)
Task: {DD4C323A-640C-48D6-AD17-0C4E24D6146C} - System32\Tasks\{12E21E9E-E45A-42F7-A80B-2D397868B9CF} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.113.259/pl/abandoninstall?source=lightinstaller&amp;page=tsChrome&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome&#058;offered-installed;madedefault
Task: {E91B77C4-306F-44B0-99A2-CBF75D49CB06} - System32\Tasks\{B7AD22BF-411D-4329-BD51-6EF844BF0572} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.113.259/pl/abandoninstall?source=lightinstaller&amp;page=tsDownload&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome&#058;notoffered;alreadyoffered
Task: {EDD1854D-1791-4FB3-8B6A-C88B91B58B6A} - System32\Tasks\cenzura! HP Deskjet Ink Adv 2060 K110 => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {F11A6BF3-4590-46DB-A1F8-E7302FEE6CE7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {F78BB66D-FA49-45C4-8ADB-E012C3BA5D8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-12] (Adobe Systems Incorporated)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

==================== Załadowane moduły (filtrowane) ==============

2008-05-08 21:14 - 2008-05-08 21:14 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2017-01-12 17:50 - 2017-01-12 20:29 - 00017408 _____ () C:\Windows\System32\rpcnetp.exe
2017-01-12 17:51 - 2017-01-12 20:30 - 00017408 _____ () C:\Windows\System32\rpcnetp.dll
2016-01-30 20:31 - 2015-09-18 23:27 - 00946688 _____ () D:\ScreenShooter5\ScreenShooter5.exe
2016-01-30 20:31 - 2014-10-23 12:27 - 00119822 _____ () D:\ScreenShooter5\libgcc_s_dw2-1.dll
2016-01-30 20:31 - 2014-10-23 12:27 - 01026574 _____ () D:\ScreenShooter5\libstdc++-6.dll

==================== Alternate Data Streams (filtrowane) =========

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2006-11-02 11:23 - 2017-01-12 20:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-4287701738-4041416532-456939901-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Majka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
DNS Servers: 62.179.1.61 - 62.179.1.63
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==


==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [TCP Query User{2FC4EC33-B6AE-45A0-8C3A-A73CE419BFD5}C:\program files\winamp\winamp.exe] => C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{F706BAD0-13A7-4E33-A7B8-768AB3B793CB}C:\program files\winamp\winamp.exe] => C:\program files\winamp\winamp.exe
FirewallRules: [TCP Query User{6CDB5ADA-23B4-4023-ACAD-952EEA96CC3E}C:\program files\winamp\winamp.exe] => C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{A64725EF-0B87-459C-AC79-54DE38A95DC3}C:\program files\winamp\winamp.exe] => C:\program files\winamp\winamp.exe
FirewallRules: [TCP Query User{C2546906-C46D-425F-94B2-56C1F5CF290B}C:\program files\gadu-gadu 10\gg.exe] => C:\program files\gadu-gadu 10\gg.exe
FirewallRules: [UDP Query User{D9392327-1356-4E15-B2BC-E38134FCB7E5}C:\program files\gadu-gadu 10\gg.exe] => C:\program files\gadu-gadu 10\gg.exe
FirewallRules: [TCP Query User{EEF2C647-182C-4722-9ABC-CBD2534C6A05}C:\program files\gadu-gadu 10\gg.exe] => C:\program files\gadu-gadu 10\gg.exe
FirewallRules: [UDP Query User{DF53BB65-8A60-4AE2-8750-4C70CBD0B667}C:\program files\gadu-gadu 10\gg.exe] => C:\program files\gadu-gadu 10\gg.exe
FirewallRules: [TCP Query User{A69642BD-2E75-4458-B6E7-605B80F57047}C:\windows\system32\javaw.exe] => C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{0AC2FD06-5392-421B-B80B-58C0D0AE093C}C:\windows\system32\javaw.exe] => C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{7F8485B9-6DAC-4CA9-971D-03D6EF8E0A2F}C:\windows\system32\javaw.exe] => C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{A6871569-4046-4718-AC1B-5F8891182E2A}C:\windows\system32\javaw.exe] => C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{0110421E-EB82-4AC7-A155-879FE49E6247}C:\users\majka\appdata\local\google\chrome\application\chrome.exe] => C:\users\majka\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{715D7BA3-014A-4450-8696-8F5029C47E98}C:\users\majka\appdata\local\google\chrome\application\chrome.exe] => C:\users\majka\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{F54AD859-3064-4E03-8FBF-114B71283D8D}] => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{8EAF0696-CB5E-4188-BB99-17B5F6853BC0}] => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{31413725-0CE1-499B-ABA8-F7B7B0D43797}] => C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{D590279A-6F9E-4DBF-A7A7-6A70765B9606}] => C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{E8B52C95-3025-43F5-B5A0-A29938F7E54A}] => C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{65A6BA23-0D31-492A-9C34-0DC761C3FE75}] => C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{8C87DE36-D72A-40AD-A09C-60958E775804}] => C:\Program Files\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\dtUser.exe
FirewallRules: [{C95F1BA7-862C-43C6-BB4A-EE6B91B483F3}] => C:\Program Files\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\dtUser.exe
FirewallRules: [TCP Query User{E6D0EA22-F434-4D82-B157-F7605704C097}C:\program files\bearshare applications\bearshare\bearshare.exe] => C:\program files\bearshare applications\bearshare\bearshare.exe
FirewallRules: [UDP Query User{E42E73A1-79B1-4DDB-8E3C-7F31D84AE591}C:\program files\bearshare applications\bearshare\bearshare.exe] => C:\program files\bearshare applications\bearshare\bearshare.exe
FirewallRules: [{DFE68E50-9867-4EF3-B238-25CD8F4FEECB}] => C:\Windows\System32\msiexec.exe
FirewallRules: [{9CC6BEA4-1EAC-47DC-8BEE-CF89B70BBF28}] => C:\Windows\System32\msiexec.exe
FirewallRules: [{521DF1B6-5772-4B01-BA65-E0491C08FEFB}] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{C77E1495-2B81-4948-9A13-3074763A1DC5}] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{64A8AB87-156C-457F-8AE2-539D2535F1FF}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{89C985C0-89DF-4FD4-912F-71D18EB80863}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{839B2C32-41B4-46F6-B5E0-D58A23158120}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{FD24141A-C812-467A-B89F-543EC53D6504}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{761EAB37-1D06-473C-AD23-426F24F816F8}] => C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6BC3C453-0800-451D-BE89-24328F5AC693}] => C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{249D8E0A-BBFB-4F53-A316-3DEE8723D0EC}] => D:\CONTER STRIKE\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{64FAE72E-1E07-4B6E-ADEC-5AE6863F6C9A}] => D:\CONTER STRIKE\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{FD96D9CB-94E9-44E9-B0D9-2D26F81444C8}C:\users\majka\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => C:\users\majka\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B51F0F88-972D-44C0-909A-404807B29C5E}C:\users\majka\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => C:\users\majka\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [{3703ADBE-990F-4EFD-AE40-FC05435E2A57}] => D:\CONTER STRIKE\steamapps\common\Blockade3d\main.exe
FirewallRules: [{C462359F-7D3C-4C48-9389-592D5518253A}] => D:\CONTER STRIKE\steamapps\common\Blockade3d\main.exe
FirewallRules: [{45B23D3F-0C42-4F40-95BC-6EB4C2165505}] => C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{C451F6D9-B47D-47FE-84FC-3A9B15B7E8DB}] => C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{4107F546-F242-4F98-8C31-DC432036D51C}] => C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{56D4BA6C-A365-4AF2-BA70-001C2FEE418C}] => C:\Windows\System32\PnkBstrB.exe
FirewallRules: [TCP Query User{B2707F4B-8AE8-4DE6-B5D7-192D531E8718}D:\bartk\bfheroes.exe] => D:\bartk\bfheroes.exe
FirewallRules: [UDP Query User{D0313C93-E6B5-4C2B-A821-6E2A50D1C4C7}D:\bartk\bfheroes.exe] => D:\bartk\bfheroes.exe
FirewallRules: [TCP Query User{D9C1C1F7-C978-4837-9E9E-BEB25E0983CA}C:\games\world_of_tanks\wotlauncher.exe] => C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{7032495E-334E-42DB-BA3A-BFC311DE4CF3}C:\games\world_of_tanks\wotlauncher.exe] => C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{3AAE297D-9884-418A-A1ED-CF3B3A768270}D:\world of tanks\wotlauncher.exe] => D:\world of tanks\wotlauncher.exe
FirewallRules: [UDP Query User{5228601D-0969-4B75-9EBA-20FC736AE2E5}D:\world of tanks\wotlauncher.exe] => D:\world of tanks\wotlauncher.exe
FirewallRules: [TCP Query User{5A3609F3-01C2-4E08-A7DF-4B31D856C129}D:\world of tanks\worldoftanks.exe] => D:\world of tanks\worldoftanks.exe
FirewallRules: [UDP Query User{85A1A051-AE58-4471-A363-AA6D5D9FAB37}D:\world of tanks\worldoftanks.exe] => D:\world of tanks\worldoftanks.exe
FirewallRules: [{98C2996C-5758-45BF-9D42-99EA62BBF766}] => D:\war thunder\WarThunder\bpreport.exe
FirewallRules: [{1776846D-653C-4076-A957-A82E35C71D4C}] => D:\war thunder\WarThunder\bpreport.exe
FirewallRules: [TCP Query User{F29037F5-A0A8-40CD-8278-0EFC6276BB7D}C:\users\majka\documents\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => C:\users\majka\documents\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{2A9047A4-14A4-4023-B68A-4DA4A9A15B72}C:\users\majka\documents\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => C:\users\majka\documents\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{63FAC177-D5BC-45EC-BD7D-4AA4A46CDE04}C:\users\majka\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => C:\users\majka\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5949298E-26D0-4808-AD07-266882D1D9D5}C:\users\majka\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => C:\users\majka\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{B76F5E5D-60C0-49AD-8623-3E5ECCCF3A08}C:\program files\java\jre7\bin\javaw.exe] => C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{8D73B50A-1D4C-4E2F-AF85-3B7C940805DC}C:\program files\java\jre7\bin\javaw.exe] => C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{00E212C1-A785-4D45-AC12-1FA1733D561F}C:\program files\java\jre7\bin\java.exe] => C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{68ADBBBE-EEDC-44AB-9677-401482F28A8E}C:\program files\java\jre7\bin\java.exe] => C:\program files\java\jre7\bin\java.exe
FirewallRules: [{345E27B2-D823-42FC-A98B-F2B6619E39D6}] => D:\Steam\Steam.exe
FirewallRules: [{51707421-B4D1-4F5C-8CCA-FC513BBD51CC}] => D:\Steam\Steam.exe
FirewallRules: [TCP Query User{498DCE6F-9C89-439E-A418-67667EBE545C}C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7458DEF5-C100-4C27-A1BB-315CCE4E100F}C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{8D6BE5E0-0297-42FE-8452-83CDDB8F04E7}C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3D4F0FAA-B4FE-40AF-AD82-1650D20724F7}C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [{6414DE96-23A8-4BBF-93F5-430143E8B695}] => D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{D6DD3053-58F7-4D0A-9C97-D239137CB05B}] => D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{168C3451-D7A7-4623-8BEE-0C9AFA890F4C}] => %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{68BC7613-0E25-44F7-A3DA-906A1A8C8572}] => D:\WarThunder\bpreport.exe
FirewallRules: [{6BA1E16B-30B4-4D43-B913-0374DB1977C1}] => D:\WarThunder\bpreport.exe
FirewallRules: [TCP Query User{B3C40F82-71D5-42BF-ABD0-F62478D717C4}D:\warthunder\launcher.exe] => D:\warthunder\launcher.exe
FirewallRules: [UDP Query User{3842AEBC-5ACF-4044-B020-C68EAC01282E}D:\warthunder\launcher.exe] => D:\warthunder\launcher.exe
FirewallRules: [TCP Query User{F6F25004-6C2E-4ADD-8214-0FBED9A3394F}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{815A9777-9886-4B6B-85B5-C8C9EDD33547}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{1E6B9644-DA4C-4151-B9E2-0A7F46147A2B}] => D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{40C0D718-2A56-485E-8E4A-3E4A27D17137}] => D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D2A2F57C-398B-4B50-ABD1-26ECC4026E32}] => C:\Users\Majka\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{2857C9A7-BCA4-45D2-B3A0-F59721BB8052}] => D:\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{AB9EF710-349E-41FC-BF9C-4CCC5C36AA06}] => D:\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{E95FAF42-CB6D-4BE1-8180-58AFF1EED0C3}] => D:\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{9265727B-E5F1-4E4C-9012-8F310BD9F75E}] => D:\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{D5FFE815-9872-4E58-AD8C-04C72E10BD2F}] => C:\Users\Majka\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{220371A2-2F22-49DF-9793-C3211614A206}] => C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [TCP Query User{4E1727AD-694F-4A7B-B8D5-7FB631EAC3E1}D:\java\bin\javaw.exe] => D:\java\bin\javaw.exe
FirewallRules: [UDP Query User{10D284B1-1C97-4B36-9C8E-AD5908758BAE}D:\java\bin\javaw.exe] => D:\java\bin\javaw.exe
FirewallRules: [TCP Query User{FA17CAF6-70C5-4320-9EB9-44E899ED0EBF}C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\java.exe] => C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{A0C1456F-F9C3-4E9A-B008-8CA347E8580A}C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\java.exe] => C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\java.exe
FirewallRules: [TCP Query User{19C28306-DF88-4913-94E5-2CC74764D758}C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\java.exe] => C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{78AA538D-06AC-4129-AFDC-7027F6EF0704}C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\java.exe] => C:\users\majka\desktop\bartek\runtime\jre-x32\1.8.0_25\bin\java.exe
FirewallRules: [TCP Query User{BA0B3720-239E-4E1B-B732-D79CB39660C8}D:\rar$exa0.414\marinermt2.pl-09.04.2016\marinermt2.exe] => D:\rar$exa0.414\marinermt2.pl-09.04.2016\marinermt2.exe
FirewallRules: [UDP Query User{8A7D18B0-13A4-441A-87DB-9F1D670355C0}D:\rar$exa0.414\marinermt2.pl-09.04.2016\marinermt2.exe] => D:\rar$exa0.414\marinermt2.pl-09.04.2016\marinermt2.exe
FirewallRules: [TCP Query User{B4C50B96-B4B8-49F8-96A4-403216B6E229}D:\rar$exa0.846\marinermt2.pl-09.04.2016\marinermt2.exe] => D:\rar$exa0.846\marinermt2.pl-09.04.2016\marinermt2.exe
FirewallRules: [UDP Query User{613E6787-F2E9-4E61-B77E-CE6B7A083DEA}D:\rar$exa0.846\marinermt2.pl-09.04.2016\marinermt2.exe] => D:\rar$exa0.846\marinermt2.pl-09.04.2016\marinermt2.exe
FirewallRules: [TCP Query User{6D5E6704-AA4C-4124-9BBE-75873F1BEEFE}D:\rar$exa0.422\marinermt2.pl-09.04.2016\marinermt2.exe] => D:\rar$exa0.422\marinermt2.pl-09.04.2016\marinermt2.exe
FirewallRules: [UDP Query User{B9633C67-F8AA-45FA-BBB3-AC86681424D8}D:\rar$exa0.422\marinermt2.pl-09.04.2016\marinermt2.exe] => D:\rar$exa0.422\marinermt2.pl-09.04.2016\marinermt2.exe
FirewallRules: [TCP Query User{C8E61570-C91A-47E2-82E5-A7B546D978D5}D:\java\bin\java.exe] => D:\java\bin\java.exe
FirewallRules: [TCP Query User{BAF67974-5B2D-4C33-8556-A62DF299DA88}D:\java\bin\java.exe] => D:\java\bin\java.exe
FirewallRules: [UDP Query User{EDB0560A-6ABC-4969-B32F-C87917269193}D:\java\bin\java.exe] => D:\java\bin\java.exe
FirewallRules: [TCP Query User{CED1A5F5-0C07-45DD-95A7-D2F8E6457999}D:\wot\wotlauncher.exe] => D:\wot\wotlauncher.exe
FirewallRules: [UDP Query User{AAAD1367-3DB8-4542-A6EA-618F30FEFB8F}D:\wot\wotlauncher.exe] => D:\wot\wotlauncher.exe
FirewallRules: [TCP Query User{3CF1D54F-1B5C-445C-9E1C-CF0FE4B3696E}D:\wot v\wotlauncher.exe] => D:\wot v\wotlauncher.exe
FirewallRules: [UDP Query User{EF87CC3A-C26D-43F0-8B23-071365D8CCBC}D:\wot v\wotlauncher.exe] => D:\wot v\wotlauncher.exe
FirewallRules: [TCP Query User{B1D50675-D6A4-4276-9B47-A24BCE965B77}D:\wot v\worldoftanks.exe] => D:\wot v\worldoftanks.exe
FirewallRules: [UDP Query User{6B2C081B-5E2A-4458-9C84-807015092035}D:\wot v\worldoftanks.exe] => D:\wot v\worldoftanks.exe

==================== Punkty Przywracania systemu =========================

04-12-2016 11:02:17 Removed Curse

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name: isatap.home
Description: Karta Microsoft ISATAP
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (01/12/2017 08:33:23 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy.

Error: (01/12/2017 08:31:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST.exe w wersji 12.1.2017.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów.
Identyfikator procesu: f84
Godzina rozpoczęcia: 01d26d0a616ed1b9
Godzina zakończenia: 31

Error: (01/12/2017 08:19:36 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy.

Error: (01/12/2017 06:49:45 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy.

Error: (01/12/2017 05:53:29 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy.

Error: (01/12/2017 02:09:26 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy.

Error: (01/10/2017 05:35:00 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy.

Error: (01/08/2017 03:50:11 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy.

Error: (01/08/2017 12:22:09 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy.

Error: (01/07/2017 01:11:54 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy.


Dziennik System:
=============
Error: (01/12/2017 08:30:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 20:28:57 na 2017-01-12 było nieoczekiwane.

Error: (01/12/2017 08:17:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 19:34:12 na 2017-01-12 było nieoczekiwane.

Error: (01/12/2017 07:31:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 19:29:27 na 2017-01-12 było nieoczekiwane.

Error: (01/12/2017 06:46:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Event-ID 10003

Error: (01/12/2017 06:38:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (01/12/2017 06:38:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa hpqwmiex niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (01/12/2017 06:38:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Usługa wyszukiwania systemu Windows niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (01/12/2017 06:38:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa RzKLService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (01/12/2017 06:38:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa rpcnetp niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (01/12/2017 06:38:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Hi-Rez Studios Authenticate and Update Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.


CodeIntegrity:
===================================
Date: 2016-09-08 18:14:46.628
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 18:14:46.415
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 18:14:21.082
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 18:14:20.852
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 18:12:21.447
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 18:12:21.305
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 18:10:59.965
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 18:10:59.495
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 18:10:01.660
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 18:10:01.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Statystyki pamięci ===========================

Procesor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Procent pamięci w użyciu: 48%
Całkowita pamięć fizyczna: 2042.65 MB
Dostępna pamięć fizyczna: 1054.38 MB
Całkowita pamięć wirtualna: 4301.09 MB
Dostępna pamięć wirtualna: 3200.81 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:37.47 GB) (Free:11.3 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)]
Drive d: () (Fixed) (Total:195.31 GB) (Free:99.92 GB) NTFS
Drive f: (GTA_SAN_ANDREAS) (CDROM) (Total:3.94 GB) (Free:0 GB) CDFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 80D2F3EE)
Partition 1: (Active) - (Size=37.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

==================== Koniec Addition.txt ============================

FRST

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 12-01-2017
Uruchomiony przez Majka (administrator) MAJKA-PC (12-01-2017 20:31:41)
Uruchomiony z D:\Rar$EXa0.553
Załadowane profile: Majka (Dostępne profile: Majka)
Platform: Microsoft® Windows Vista™ Home Basic (X86) Język: Polski (Polska)
Internet Explorer Wersja 7 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Hi-Rez Studios) D:\HiPatchService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
() C:\Windows\System32\rpcnetp.exe
(Razer Inc.) D:\Razer Cortex\RzKLService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
() D:\ScreenShooter5\ScreenShooter5.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Wargaming.net) D:\WoT V\WargamingGameUpdater.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2011-08-22] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKLM\...\Run: [OM2_Monitor] => "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [Google Update] => C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [OM2_Monitor] => "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [ChomikBox] => C:\Program Files\ChomikBox\chomikbox.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [ScreenShooter] => D:\ScreenShooter5\ScreenShooter5.exe [946688 2015-09-18] ()
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [Steam] => D:\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [Bloody2] => "C:\Program Files\Bloody6\Bloody6\Bloody6.exe" Minimum
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6775512 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [World of Tanks] => D:\wot\WargamingGameUpdater.exe [3134728 2016-08-05] (Wargaming.net)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\Run: [World of Tanks (1)] => D:\WoT V\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {322fbe92-cd0e-11e0-a87d-002186b495d1} - H:\SETUP.EXE
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {32d3d6ea-120c-11e2-9a85-002186b495d1} - F:\Setup.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {7b7ccc29-f078-11e1-b9ad-002186b495d1} - F:\RunClubSanDisk.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {82538548-575c-11e6-95f1-0022645cb4c8} - F:\autorun.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {82538564-575c-11e6-95f1-0022645cb4c8} - F:\autorun.exe
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\...\MountPoints2: {ccc846cf-6466-11e6-9d0f-0022645cb4c8} - F:\Install.exe

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 62.179.1.61 62.179.1.63
Tcpip\..\Interfaces\{682F8928-0235-4CA9-9880-E28A9225D004}: [DhcpNameServer] 62.179.1.61 62.179.1.63

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131044823901040000&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-4287701738-4041416532-456939901-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131044823902080000&GUID=00000000-0000-0000-0000-000000000000
URLSearchHook: [S-1-5-21-4287701738-4041416532-456939901-1000] UWAGA => Brak domyślnego URLSearchHook
SearchScopes: HKLM -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll => Brak pliku
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\JAVA\bin\ssv.dll [2016-06-13] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\JAVA\bin\jp2ssv.dll [2016-06-13] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-12] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> D:\JAVA\bin\dtplugin\npDeployJava1.dll [2016-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> D:\JAVA\bin\plugin2\npjp2.dll [2016-06-13] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4287701738-4041416532-456939901-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4287701738-4041416532-456939901-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Majka\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4287701738-4041416532-456939901-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Majka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-22] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Shockwave Flash) - C:\Users\Majka\AppData\Local\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\Majka\AppData\Local\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Brak pliku
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Majka\AppData\Local\Google\Chrome\Application\49.0.2623.112\pdf.dll => Brak pliku
CHR Plugin: (HP Product Detection Plugin for Mozilla) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npProductDetectPlugin.dll => Brak pliku
CHR Plugin: (HP Active Check Plugin) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npAclmPlugin.dll => Brak pliku
CHR Plugin: (HP Pit Plugin) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npPitPlugin.dll => Brak pliku
CHR Plugin: (Babylon ToolBar) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll => Brak pliku
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll => Brak pliku
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => Brak pliku
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => Brak pliku
CHR Plugin: (Unity Player) - C:\Users\Majka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Majka\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Brak pliku
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll => Brak pliku
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll => Brak pliku
CHR Profile: C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default [2017-01-12]
CHR Extension: (Battlefield Heroes) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2015-06-13]
CHR Extension: (AdBlock) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-29]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Majka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
StartMenuInternet: Google Chrome - C:\Users\Majka\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [238376 2015-06-04] (EasyAntiCheat Ltd) [Brak podpisu cyfrowego]
R2 HiPatchService; D:\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [Brak podpisu cyfrowego]
R2 RzKLService; D:\Razer Cortex\RzKLService.exe [129168 2015-06-05] (Razer Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2011-08-22] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-08-22] (DT Soft Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] ()
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [104096 2015-09-08] (BigNox Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [203424 2015-09-08] (BigNox Corporation)

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-12 20:17 - 2017-01-12 20:17 - 00131072 _____ C:\Windows\Minidump\Mini011217-02.dmp
2017-01-12 19:32 - 2017-01-12 19:32 - 00138328 _____ C:\Windows\Minidump\Mini011217-01.dmp
2017-01-12 19:31 - 2017-01-12 20:16 - 209639635 _____ C:\Windows\MEMORY.DMP
2017-01-12 18:26 - 2017-01-12 18:26 - 00015084 _____ C:\Users\Majka\Desktop\RepairDNS.txt
2017-01-12 17:58 - 2017-01-12 17:58 - 00042860 _____ C:\Users\Majka\Desktop\Addition.txt
2017-01-12 17:57 - 2017-01-12 17:57 - 00019163 _____ C:\Users\Majka\Desktop\FRST.txt
2017-01-12 17:51 - 2017-01-12 20:30 - 00017408 _____ C:\Windows\system32\rpcnetp.dll
2017-01-12 17:50 - 2017-01-12 20:29 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2017-01-12 17:44 - 2017-01-12 18:20 - 00000876 _____ C:\Users\Majka\Desktop\fixlist.txt.txt
2017-01-12 16:43 - 2017-01-12 20:31 - 00000000 ____D C:\FRST
2017-01-03 21:29 - 2017-01-03 21:29 - 00387464 _____ C:\Users\Majka\Desktop\Scan1.pdf
2017-01-03 21:28 - 2017-01-03 21:28 - 00329904 _____ C:\Users\Majka\Desktop\Scan.pdf
2017-01-02 17:48 - 2017-01-02 17:48 - 00001594 _____ C:\Users\Majka\AppData\Local\recently-used.xbel
2016-12-20 22:33 - 2016-12-20 22:33 - 00012090 _____ C:\Users\Majka\Desktop\Emaile.docx

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-12 20:30 - 2013-02-27 22:07 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-12 20:30 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-12 20:30 - 2006-11-02 13:45 - 00003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-12 20:30 - 2006-11-02 13:45 - 00003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-12 20:22 - 2015-08-05 13:10 - 00000000 ____D C:\Users\Majka\AppData\Roaming\.minecraft
2017-01-12 20:22 - 2006-12-05 06:19 - 00543576 _____ C:\Windows\system32\perfh015.dat
2017-01-12 20:22 - 2006-12-05 06:19 - 00088738 _____ C:\Windows\system32\perfc015.dat
2017-01-12 20:22 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2017-01-12 20:22 - 2006-11-02 11:33 - 01346548 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-12 20:17 - 2016-07-13 14:54 - 00000000 ____D C:\Windows\Minidump
2017-01-12 18:46 - 2016-09-09 13:49 - 00000000 ____D C:\AdwCleaner
2017-01-12 18:46 - 2011-08-22 20:33 - 00000012 _____ C:\Windows\bthservsdp.dat
2017-01-12 18:46 - 2006-11-02 13:58 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-12 18:42 - 2016-09-08 13:58 - 00000000 ____D C:\Users\Majka\AppData\LocalLow\Company
2017-01-12 17:51 - 2016-09-08 13:55 - 00000008 __RSH C:\Users\Majka\ntuser.pol
2017-01-12 17:51 - 2016-09-08 06:48 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-12 17:51 - 2011-08-22 20:38 - 00000000 ____D C:\Users\Majka
2017-01-12 17:49 - 2015-09-28 17:28 - 00000000 ____D C:\Users\Majka\Desktop\Bartek
2017-01-12 17:49 - 2013-03-04 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2
2017-01-12 17:49 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-01-12 14:29 - 2013-02-27 22:07 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-12 14:29 - 2011-08-23 08:21 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-12 14:29 - 2011-08-23 08:20 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-12 14:12 - 2016-01-17 19:07 - 00049536 _____ (Absolute Software Corp.) C:\Windows\system32\agremove.exe
2017-01-08 20:22 - 2016-12-06 21:45 - 00000000 ____D C:\Users\Majka\Desktop\Gotowosci szkolne
2017-01-08 17:41 - 2016-11-16 20:51 - 00000000 ____D C:\Users\Majka\Desktop\MAMA 2
2017-01-07 13:42 - 2016-11-18 20:56 - 00000000 ____D C:\Users\Majka\.gimp-2.8
2016-12-29 21:50 - 2015-11-14 21:58 - 00000000 ____D C:\Users\Majka\AppData\Roaming\TS3Client
2016-12-29 07:56 - 2011-08-22 20:38 - 00000680 _____ C:\Users\Majka\AppData\Local\d3d9caps.dat
2016-12-20 22:16 - 2015-09-28 17:31 - 00000000 ____D C:\Users\Majka\Desktop\Mama
2016-12-17 14:33 - 2011-08-22 20:32 - 00000000 ____D C:\Windows\SoftwareDistribution

==================== Pliki w katalogu głównym wybranych folderów =======

2015-06-13 14:11 - 2015-06-13 14:11 - 0138056 _____ () C:\Users\Majka\AppData\Roaming\PnkBstrK.sys
2011-08-22 23:15 - 2011-08-22 23:15 - 0000000 _____ () C:\Users\Majka\AppData\Local\AtStart.txt
2011-08-22 20:38 - 2016-12-29 07:56 - 0000680 _____ () C:\Users\Majka\AppData\Local\d3d9caps.dat
2011-08-22 20:43 - 2015-10-25 11:51 - 0061440 _____ () C:\Users\Majka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-22 23:15 - 2011-08-22 23:15 - 0000000 _____ () C:\Users\Majka\AppData\Local\DSwitch.txt
2011-08-24 13:00 - 2011-08-24 14:42 - 0000000 _____ () C:\Users\Majka\AppData\Local\FnF4.txt
2011-08-22 23:15 - 2011-08-22 23:15 - 0000000 _____ () C:\Users\Majka\AppData\Local\QSwitch.txt
2017-01-02 17:48 - 2017-01-02 17:48 - 0001594 _____ () C:\Users\Majka\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll
[2011-08-25 12:32] - [2011-08-25 12:32] - 0162816 ____N (Microsoft Corporation) 7BD0B461518940337AC410AA5314F0F2

C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2017-01-12 20:23

==================== Koniec FRST.txt ============================

[ordynat]

Nie ma niczego podejrzanego.

W tej sytuacji nie jestem w stanie Ci pomóc, bo nie masz żadnego "reklamiarza".
.

Autor postu otrzymał pochwałę

[Batek]

Dziękuje ci za pomoc wielkie propsy