Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying ads in Firefox and terrible overall performance


  • This topic is locked This topic is locked
13 replies to this topic

#1 booa

booa

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 02 October 2015 - 05:51 AM

Hello.

 

My brother asked me to deal with his old computer but after checking it cursorily I decided to ask here for help. Problem is basically described in the topic - Firefox attacks with tons of pop-up ads and redirect
to some kind of advertising sites when I try to open any website. The second thing is the overall performance. This setup is more an old piece of garbage than a real computer, I'm aware of that, but it was enough to surf the net. Lately it can't even handle simultaneously opend Spotify and a web browser - maybe there is a way to deal with it on the "software level"?

 

I did some logs to look through - OTL, FRST, GMER, AdwCleaner and Malwarebytes Anti Malware. The last one detected some malware so I deleted it all with this program itself.  Some phrases in the logs are in polish - I hope it's not a tremendous issue. Just say if you need anything from me.

 

I'll be happy to receive any help, thanks in advance.

Attached Files


Edited by booa, 02 October 2015 - 05:52 AM.


BC AdBot (Login to Remove)

 


#2 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:41 AM

Posted 03 October 2015 - 07:53 PM

Hi,

Welcome to BleepingComputer.com. I am Black_Bird and I'll be helping you during the malware removal process.

An important WARNING to all individuals reading this topic:
All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!
Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.


General rules:
  • From now on, don't use this computer anymore to access your bank account or any other serious business where you have to login for, untill I've told you your computer is clean from malware.
  • Be patient waiting for my answer. I'm doing the best I can to answer to logs as soon as possible, but I'm handling multiple topics at the same time. Please feel free to remind me of your topic by sending a link to it by private message, when I didn't get back to you after 24 hours.
  • Don't change anything on your computer in the period I'm helping you, except when I tell you to do so. So don't add/remove any software (programs, drivers, etc.) and don't change any hardware. If you really need to change something that can't wait, please inform me directly, by posting it in this topic or - if private - send me a private message containing an explanation of the changes made by you. This gives me the possibility to give you good advice.
Rules about advices from me:
  • The Helpers active on this board first got a full training in removing malware and providing support to people who got infected. Also they were trained to resolve any problems caused by malware infections. Please use the programs I provide to you only when under supervision of a trained Helper. This, because using these programs without supervision can cause damage to your computer.
  • It's possible that your virus scanner, anti-spyware program or any other malware protection program or policy tries to block one or more of the programs provided by us. If that is the case, please always allow those programs to run and/or allow the provided changes to be made. If needed to run our tools properly, temporarily disable your anti-malware programs.
  • Always Save tools provided by me to your Desktop, unless I give you other instructions. Don't ever run tools directly from the internet, because this can stop them from working properly. Also never save tools to any other locations than your Desktop.
  • If you have any problems while following my instructions, stop there and tell me the exact nature of the issue.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit.
Rules about posting results:
  • Always copy/paste the logfiles in your replies completely. If a logfile doesn't fit into one post, please add the logfile as an attachment instead. If this still won't work, please inform me.
  • Never change something in the logfiles!! Include them in your posts as they were provided by the tools. This way I'll get a clear view on your system's situation. If you change the logfiles, it will take more time to clean up your computer.
  • Don't post logs using CODE, QUOTE or FONT tags. Just post them as direct text.
==================================================================================================
Now, let's clean up!
==================================================================================================


WARNING: P2P Programs

Going over your logs I noticed that you have BitTorrent and PopcornTime installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent and PopcornTime, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


WARNING: Keylogger activity!!
Going over your logs I noticed some entries that showed an active keylogger. We will delete this during the malware removal process, but I advise you to directly change ALL of your passwords, including bank accounts etc. that you have used on this PC. Please change them by using a different PC, else the keylogger software might steal information again.



1. Please open My Computer (you can find this in the Start Menu or on your Desktop for example)
  • Please copy/paste this into the address bar (as you can't find it yourself (it's hidden)): C:\ProgramData\rvlkl and press ENTER.
  • Please look if there's an uninstaller, mostly called something like "uninst000.exe". If so, run it. If not, please tell me and continue.
  • Now, please navigate to this folder: C:\Windows\AutoRearm.
  • Again, look if there's an uninstaller in there. If so, please run it. If not, tell me and continue.
2. Press Windows Key + R.
  • A command dialog will open. Please type msconfig and press ENTER.
  • Now look if there's an entry called GoogleChromeAutoLaunch_707AB4DC4851505403C8FD2DF14CF292 or something with MyBrowser in it's name. If so, please disable the item by removing the checkmark in front of it, click the Apply button and then the OK button.
  • If asked to reboot the system, please allow Windows to do so.
  • Report back to me (in your next reply) which entries you have found.
3. Please download to your Desktop.
  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!
4. Download RKill and save it to your Desktop.
  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.
5. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.
6. Please remove fixlist.txt from your PC.

7. Please reboot your PC.

8. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
9. Please give me an update on your PC problems. Also please include the results from the following tools and answers to my questions in your next reply:
  • Did you find and run the uninstall executables, mentioned in step 1?
  • Which items did you find and disable through MsConfig, mentioned in step 2?
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Farbar Recovery Scan Tool - regular scan

Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#3 booa

booa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 04 October 2015 - 05:33 AM

I uninstalled BitTorrent but there is no such a thing as PopcornTime in Control Panel.
 
1. Uninstall executables from step 1.
  • When I try to enter C:\ProgramData\rvlkl I receive a message that Windows could't find it.
  • There is no uninstaller in C:\Windows\AutoRearm.
2. MsConfig.
  • I found two similar entries
    QMYHHJR.png
    Both were already disabled.
3. RKill log.

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/04/2015 11:58:42 AM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 
4. FRST - fixlog.

Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja:30-10-2015
Uruchomiony przez Admin (2015-10-04 11:59:37) Run:1
Uruchomiony z C:\Users\Admin\Desktop
Załadowane profile: Admin (Dostępne profile: Admin)
Tryb startu: Normal

==============================================

fixlist - zawartość:
*****************
Task: {840995E3-16A2-45BF-A580-0979FEFEB6AB} - System32\Tasks\Microsoft\Windows\RVLKL\RVLKL => C:\ProgramData\rvlkl\rvlkl.exe <==== UWAGA
Task: {F77D3B12-3093-45B4-B291-1EC45692636E} - System32\Tasks\AutoRearm => C:\Windows\AutoRearm\AutoRearm.exe [2014-09-20] ()
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  Brak pliku
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  Brak pliku
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  Brak pliku
SearchScopes: HKLM -> DefaultScope - brak wartosci
BHO: Brak nazwy -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  Brak pliku
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -  Brak pliku
C:\ProgramData\rvlkl
C:\Windows\AutoRearm
C:\Users\Gosc\AppData\Local\MyBrowser
C:\Users\Administrator\AppData\Local\MyBrowser
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{840995E3-16A2-45BF-A580-0979FEFEB6AB}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{840995E3-16A2-45BF-A580-0979FEFEB6AB}" => klucz pomyślnie usunięto
C:\Windows\System32\Tasks\Microsoft\Windows\RVLKL\RVLKL => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RVLKL\RVLKL" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F77D3B12-3093-45B4-B291-1EC45692636E}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F77D3B12-3093-45B4-B291-1EC45692636E}" => klucz pomyślnie usunięto
C:\Windows\System32\Tasks\AutoRearm => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoRearm" => klucz pomyślnie usunięto
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS pomyślnie usunięto.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => klucz pomyślnie usunięto
HKCR\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7} => klucz nie znaleziono.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => klucz pomyślnie usunięto
HKCR\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE} => klucz nie znaleziono.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => klucz pomyślnie usunięto
HKCR\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => klucz nie znaleziono.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => klucz pomyślnie usunięto
HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => klucz nie znaleziono.
"HKCR\PROTOCOLS\Handler\osf" => klucz pomyślnie usunięto
HKCR\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1} => klucz nie znaleziono.
"C:\ProgramData\rvlkl" => plik/folder nie znaleziono.
C:\Windows\AutoRearm => pomyślnie przeniesiono
"C:\Users\Gosc\AppData\Local\MyBrowser" => plik/folder nie znaleziono.
"C:\Users\Administrator\AppData\Local\MyBrowser" => plik/folder nie znaleziono.

==== Koniec  Fixlog 11:59:38 ====

 
5. FRST regular scan.
  • FRST.txt

    Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:30-10-2015
    Uruchomiony przez Admin (administrator)  KOMPUTER (04-10-2015 12:03:53)
    Uruchomiony z C:\Users\Admin\Desktop
    Załadowane profile: Admin (Dostępne profile: Admin)
    Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Język: Polski (Polska)
    Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
    Tryb startu: Normal
    Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Procesy (filtrowane) =================

    (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) E:\#0 Instalacja\#1 Programy\Avast\AvastSvc.exe
    (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
    (Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
    (AVAST Software) E:\#0 Instalacja\#1 Programy\Avast\AvastUI.exe
    (Flux Software LLC) C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe
    (Piriform Ltd) E:\#0 Instalacja\CCleaner\CCleaner.exe
    () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Rejestr (filtrowane) ===========================

    (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2014-05-13] (Realtek Semiconductor)
    HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5841768 2015-09-02] (Box, Inc.)
    HKLM\...\Run: [AvastUI.exe] => E:\#0 Instalacja\#1 Programy\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
    HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Run: [f.lux] => C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
    HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Run: [CCleaner Monitoring] => E:\#0 Instalacja\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
    ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2014-12-19] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2014-12-19] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2014-12-19] ()
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\#0 Instalacja\#1 Programy\Avast\ashShell.dll [2015-07-20] (AVAST Software)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA

    ==================== Internet (filtrowane) ====================

    (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{20D65FF0-B252-46DF-9490-4339BA52BD41}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{7D3EEA3A-F381-47FC-BB44-E9C626EC07C1}: [DhcpNameServer] 194.204.152.34 194.204.159.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://pl.msn.com/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3076qoj6.default
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-30] ()
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
    FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\#0INST~1\#1PROG~1\MS2013~1\Office15\NPSPWRAP.DLL [Brak pliku]
    FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
    FF Extension: Simple White - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3076qoj6.default\Extensions\Simple@White.Theme.xpi [2015-07-21]
    FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3076qoj6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-17]

    Chrome:
    =======
    CHR dev: Chrome dev build wykryto! <======= UWAGA

    ==================== Usługi (filtrowane) ========================

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

    R2 AdobeUpdateService; C:\Program Files\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
    R2 avast! Antivirus; E:\#0 Instalacja\#1 Programy\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
    S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28184 2014-09-24] (Box, Inc.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego]
    S2 MBAMService; E:\#0 Instalacja\#1 Programy\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    S3 Origin Client Service; E:\#0 Instalacja\#1 Programy\Origin\OriginClientService.exe [2004488 2015-07-08] (Electronic Arts)
    S3 VsEtwService120; E:\#0 Instalacja\#1 Programy\Visual Studio\Common7\Packages\Debugger\Services\VsEtwService.exe [71344 2013-10-05] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-04-11] (Microsoft Corporation)

    ===================== Sterowniki (filtrowane) ==========================

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-20] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-20] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-20] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-20] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-20] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-20] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-07-20] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-20] (AVAST Software)
    S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2015-04-02] ()
    R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-29] (AVG Technologies)
    R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2014-05-13] (Atheros Communications, Inc.)
    R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2014-06-30] () [Brak podpisu cyfrowego]
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2014-05-13] ()
    S3 rt61x86; C:\Windows\System32\DRIVERS\WMP54Gv41x86.sys [286208 2014-05-13] (Ralink Technology Inc.)
    S3 Scarlett_UAC2Audio; C:\Windows\System32\DRIVERS\Scarlett_UAC2Audio.sys [74480 2014-10-02] (Focusrite Audio Engineering Limited.)
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (filtrowane) ===================

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


    ==================== Jeden miesiąc - utworzone pliki i foldery ========

    (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

    2015-10-04 12:03 - 2015-10-04 12:06 - 00012806 _____ C:\Users\Admin\Desktop\FRST.txt
    2015-10-04 11:58 - 2015-10-04 11:59 - 00001412 _____ C:\Users\Admin\Desktop\Rkill.txt
    2015-10-04 11:41 - 2015-10-04 11:29 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
    2015-10-03 11:01 - 2015-09-26 18:37 - 00001477 _____ C:\Users\Admin\Desktop\Internet Explorer (No Add-ons).lnk
    2015-10-02 22:17 - 2015-10-02 22:30 - 00018253 _____ C:\Users\Admin\Desktop\MATURA_ANG.odt
    2015-10-02 10:45 - 2015-10-02 10:45 - 00380416 _____ C:\Users\Admin\Desktop\ptj96i93.exe
    2015-10-02 10:39 - 2015-10-04 12:03 - 00000000 ____D C:\FRST
    2015-10-02 10:39 - 2015-10-04 11:59 - 01697280 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
    2015-10-02 10:10 - 2015-10-02 10:10 - 01670656 _____ C:\Users\Admin\Desktop\adwcleaner_5.009.exe
    2015-10-01 20:33 - 2015-10-02 10:43 - 00000000 ____D C:\AdwCleaner
    2015-09-30 15:23 - 2015-10-04 12:01 - 00000728 _____ C:\Windows\setupact.log
    2015-09-30 15:23 - 2015-10-02 21:14 - 00004258 _____ C:\Windows\PFRO.log
    2015-09-30 15:23 - 2015-09-30 15:23 - 00000000 _____ C:\Windows\setuperr.log
    2015-09-30 15:21 - 2015-09-30 15:21 - 00000000 ____D C:\_OTL
    2015-09-30 13:56 - 2015-09-30 13:56 - 00000682 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2015-09-30 13:56 - 2015-09-30 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-09-30 13:50 - 2015-09-30 13:50 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
    2015-09-27 14:28 - 2015-09-27 14:28 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
    2015-09-26 21:24 - 2015-09-26 21:24 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-09-26 15:31 - 2015-09-26 15:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
    2015-09-26 15:31 - 2015-09-26 15:31 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
    2015-09-26 15:30 - 2015-09-26 18:38 - 00000000 ____D C:\Program Files\Opera
    2015-09-26 15:30 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2015-09-26 15:22 - 2015-09-26 15:22 - 00000000 ____D C:\ProgramData\LightScribe
    2015-09-26 15:17 - 2015-09-26 18:40 - 00000000 ____D C:\ProgramData\Nero
    2015-09-26 15:16 - 2015-09-26 18:41 - 00000000 ____D C:\Program Files\Common Files\LightScribe
    2015-09-26 15:15 - 2015-09-26 15:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Nero
    2015-09-13 19:25 - 2015-09-13 19:25 - 00001890 _____ C:\Users\Public\Desktop\Defraggler.lnk
    2015-09-13 19:25 - 2015-09-13 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
    2015-09-13 19:25 - 2015-09-13 19:25 - 00000000 ____D C:\Program Files\Defraggler
    2015-09-06 19:19 - 2015-09-06 19:19 - 00000708 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
    2015-09-06 19:19 - 2015-09-06 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
    2015-09-06 19:18 - 2015-09-06 19:19 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Guild Wars 2
    2015-09-06 15:23 - 2015-09-06 15:23 - 00000363 _____ C:\Users\Admin\Desktop\Komputer.lnk
    2015-09-06 15:21 - 2015-09-27 14:50 - 00000798 _____ C:\Users\Admin\Desktop\Mozilla Firefox.lnk
    2015-09-05 11:10 - 2015-09-05 11:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WinISO Computing
    2015-09-05 11:10 - 2015-09-05 11:10 - 00000000 ____D C:\Users\Admin\AppData\Local\WinISO Computing

    ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

    (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

    2015-10-04 12:03 - 2014-05-13 23:05 - 00000000 ____D C:\Users\Admin\AppData\Local\Box Sync
    2015-10-04 12:02 - 2014-06-13 23:16 - 00000370 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
    2015-10-04 12:02 - 2014-05-13 22:01 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-10-04 12:01 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-10-04 12:00 - 2014-05-13 21:21 - 01723981 _____ C:\Windows\WindowsUpdate.log
    2015-10-04 11:44 - 2011-04-12 07:08 - 00743382 _____ C:\Windows\system32\perfh015.dat
    2015-10-04 11:44 - 2011-04-12 07:08 - 00156982 _____ C:\Windows\system32\perfc015.dat
    2015-10-04 11:44 - 2010-11-20 23:01 - 01677864 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-10-04 11:39 - 2009-07-14 06:34 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-04 11:39 - 2009-07-14 06:34 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-03 11:12 - 2014-05-13 22:01 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-03 11:01 - 2014-05-24 17:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
    2015-10-02 12:26 - 2014-05-13 23:07 - 00000000 ___RD C:\Users\Admin\Box Sync
    2015-10-02 12:25 - 2014-05-14 11:05 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-10-02 12:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\SchCache
    2015-09-30 22:19 - 2015-07-04 21:44 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
    2015-09-30 15:24 - 2014-05-13 21:54 - 00170320 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-09-30 15:23 - 2014-12-03 21:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Unity
    2015-09-30 15:23 - 2009-07-14 06:33 - 00590984 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-09-30 14:06 - 2014-05-13 21:55 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
    2015-09-30 13:58 - 2014-05-13 22:17 - 00000000 ____D C:\Windows\Panther
    2015-09-30 13:49 - 2014-08-29 20:32 - 00000000 ____D C:\Windows\pss
    2015-09-30 13:42 - 2014-12-03 21:00 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Unity
    2015-09-30 13:37 - 2014-07-09 11:28 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-09-30 13:37 - 2014-07-09 11:28 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-09-27 14:50 - 2015-05-17 13:12 - 00000798 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-09-26 20:50 - 2009-07-14 06:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-09-26 18:37 - 2014-05-13 21:52 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieUserList
    2015-09-26 18:37 - 2014-05-13 21:52 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieSiteList
    2015-09-26 18:37 - 2014-05-13 21:28 - 00001425 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-09-23 14:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
    2015-09-22 20:42 - 2014-05-13 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
    2015-09-18 21:55 - 2014-10-22 21:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-09-18 20:23 - 2014-10-22 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-09-13 17:46 - 2014-09-17 19:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-09-09 17:05 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
    2015-09-08 20:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
    2015-09-06 16:08 - 2014-05-13 22:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Spotify
    2015-09-06 16:07 - 2014-05-13 22:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Spotify
    2015-09-06 15:46 - 2015-08-01 23:42 - 00000000 ____D C:\Users\Admin\.mediathek3
    2015-09-06 14:49 - 2014-06-30 09:43 - 00000000 ____D C:\Program Files\Common Files\InstallShield
    2015-09-06 14:49 - 2014-06-20 19:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2015-09-05 09:53 - 2014-06-14 20:55 - 00000000 ____D C:\Users\Admin\Documents\Visual Studio 2013

    ==================== Pliki w katalogu głównym wybranych folderów =======

    2015-05-05 17:28 - 2015-05-05 17:47 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-06-28 15:56 - 2015-06-28 15:56 - 0004080 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
    2015-09-26 21:24 - 2015-09-26 21:24 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

    ==================== Bamital & volsnap =================

    (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

    C:\Windows\explorer.exe => Plik podpisany cyfrowo
    C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
    C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
    C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
    C:\Windows\system32\services.exe => Plik podpisany cyfrowo
    C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
    C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
    C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
    C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
    C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


    LastRegBack: 2015-10-01 21:45

    ==================== Koniec  FRST.txt ============================

  • Addition.txt

    Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja:30-10-2015
    Uruchomiony przez Admin (2015-10-04 12:06:59)
    Uruchomiony z C:\Users\Admin\Desktop
    Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-05-13 19:28:45)
    Tryb startu: Normal
    ==========================================================


    ==================== Konta użytkowników: =============================

    Admin (S-1-5-21-3142999315-1421101962-1785333390-1000 - Administrator - Enabled) => C:\Users\Admin
    Administrator (S-1-5-21-3142999315-1421101962-1785333390-500 - Administrator - Disabled)
    Gość (S-1-5-21-3142999315-1421101962-1785333390-501 - Limited - Disabled)

    ==================== Centrum zabezpieczeń ========================

    (Załączenie wejścia w fixlist spowoduje jego usunięcie.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Zainstalowane programy ======================

    (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

    Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.12) - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2223 - AVAST Software)
    AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
    AzureTools.Notifications.VwdExpress (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
    Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
    Box Sync (HKLM\...\{AF492AE0-06A1-409B-BBED-9EE9C5961D03}) (Version: 4.0.6634.0 - Box, Inc.)
    Box Sync (Version: 4.0.4884.0 - Box Inc.) Hidden
    Build Tools - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
    Build Tools Language Resources - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
    Dropbox (HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
    f.lux (HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Flux) (Version:  - )
    foobar2000 v1.3.8 (HKLM\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
    Galeria fotografii (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
    Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
    Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
    IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (Version: 3.0.1 - Riot Games) Hidden
    LibreOffice 4.4.4.3 (HKLM\...\{5B6D82BB-CC1A-431E-8991-3E57855F99C5}) (Version: 4.4.4.3 - The Document Foundation)
    Malwarebytes Anti-Malware wersja 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 SDK - PLK Lang Pack (HKLM\...\{DCBF58FD-AFD7-4F67-91EA-909B613EFB6A}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 SDK (HKLM\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{9B1121CA-2BF6-3CD9-A047-AF9F803AFE93}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (ENU) (HKLM\...\{AD82FCEF-6FDD-4C9B-8844-8BCBDC1091A0}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Help Viewer 2.1 (HKLM\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
    Microsoft Help Viewer 2.1 Language Pack - PLK (HKLM\...\Microsoft Help Viewer 2.1 Language Pack - PLK) (Version: 2.1.21005 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{5EF1EBC5-4A40-4D1C-B02E-0C54BC93FD06}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{FE939060-416C-4ECD-890E-13776E2707C4}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects  (HKLM\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client  (HKLM\...\{544ACD54-9FAA-4A60-A1E7-B2EC3AA75D24}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E7654811-38F9-4225-9688-827FDA716582}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio Express 2013 for Web - ENU (HKLM\...\{3e544097-53d1-4252-98a6-93cc12a6d487}) (Version: 12.0.21005.13 - Microsoft Corporation)
    Microsoft Visual Studio Express 2013 for Web Language Pack PLK (HKLM\...\{7cb70a9f-7c00-4ba0-8e73-f9ffbac8925c}) (Version: 12.0.21005.13 - Microsoft Corporation)
    Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)
    Microsoft Web Deploy 3.5 (HKLM\...\{5CD1B40A-969C-4D7A-B5C2-DAFCB82C53CD}) (Version: 3.1237.1762 - Microsoft Corporation)
    Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 38.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 38.0.1 (x86 pl)) (Version: 38.0.1 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    NapiProjekt (2.2.0.2399) (HKLM\...\NapiProjekt_is1) (Version:  - )
    Origin (HKLM\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
    Pakiet językowy programu Microsoft Visual Studio Express 2013 for Windows Desktop PLK (HKLM\...\{1d428f6d-1e87-4e37-aa6c-1f8e6a8d6e7b}) (Version: 12.0.21005.13 - Microsoft Corporation)
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
    Podstawowe programy Windows Live (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Prerequisites for SSDT  (HKLM\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Przygotowywanie programu Microsoft Visual Studio 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
    screenSHU - the fastest screen capture ever. (HKLM\...\screenSHU) (Version:  - )
    Skype 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Spotify (HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB)
    Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
    Team Explorer for Microsoft Visual Studio 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
    Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
    THE SETTLERS Narodziny Imperium (Wszystkie produkty) (HKLM\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
    The Sims 2: Ultimate Collection (HKLM\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
    Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

    ==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

    CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

    ==================== Punkty Przywracania systemu =========================

    30-09-2015 16:46:01 Zaplanowany punkt kontrolny

    ==================== Hosts - zawartość: ==========================

    (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

    2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Zaplanowane zadania (filtrowane) =============

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

    Task: {467A1590-11A6-48A2-AEC0-6BA0100C7442} - System32\Tasks\avast! Emergency Update => E:\#0 Instalacja\#1 Programy\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
    Task: {517612C9-0FDC-4928-8AFE-3D5B02EEAACA} - System32\Tasks\{348B6D42-E17A-41C6-A4FC-BA2C7CCFA782} => Firefox.exe http://ui.skype.com/ui/0/7.1.0.105/pl/abandoninstall?page=tsProgressBar
    Task: {5B36EEEA-8D5F-49F0-A23A-9BA59B76029A} - System32\Tasks\{C27FB5F9-423B-423B-8BE2-C7E971833157} => Firefox.exe http://ui.skype.com/ui/0/7.1.0.105/pl/abandoninstall?page=tsProgressBar
    Task: {73E3C9B2-E3EC-42E3-94CB-74254C4FAD2E} - System32\Tasks\{778F51F4-EC9D-4D72-9B4A-F75F7E6F9E3E} => Firefox.exe http://ui.skype.com/ui/0/7.0.80.102/pl/abandoninstall?page=tsProgressBar
    Task: {A323B5AA-1B02-4C1C-BFCF-46CC318915A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: {B3F535A1-950B-44CA-A8A1-98CC34AFBEC4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
    Task: {D3FE13C8-780A-45A3-AEF1-BF3BB93FEFB5} - System32\Tasks\DriverToolkit Autorun => E:\#0 Instalacja\#1 Programy\DriverToolkit\DriverToolkit.exe
    Task: {F0A0E797-AF10-4891-A46A-EED60916C85A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: {F219CC59-F539-497A-B827-3BDC801E1807} - System32\Tasks\CCleanerSkipUAC => E:\#0 Instalacja\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)

    (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

    Task: C:\Windows\Tasks\DriverToolkit Autorun.job => E:\#0 Instalacja\#1 Programy\DriverToolkit\DriverToolkit.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Załadowane moduły (filtrowane) ==============

    2015-07-20 15:41 - 2015-07-20 15:41 - 00102864 _____ () E:\#0 Instalacja\#1 Programy\Avast\log.dll
    2015-07-20 15:41 - 2015-07-20 15:41 - 00123976 _____ () E:\#0 Instalacja\#1 Programy\Avast\JsonRpcServer.dll
    2015-10-04 11:32 - 2015-10-04 11:32 - 02966528 _____ () E:\#0 Instalacja\#1 Programy\Avast\defs\15100400\algo.dll
    2014-12-19 16:57 - 2014-12-19 16:57 - 01059488 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
    2014-12-10 12:25 - 2014-12-10 12:25 - 00774656 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
    2012-10-27 07:21 - 2012-10-27 07:21 - 00098816 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
    2012-10-27 07:20 - 2012-10-27 07:20 - 00110080 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
    2012-10-27 07:22 - 2012-10-27 07:22 - 00364544 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
    2014-12-10 12:25 - 2014-12-10 12:25 - 00087552 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
    2013-10-07 15:06 - 2013-10-07 15:06 - 00003584 _____ () C:\Program Files\Box\Box Sync\clr.pyd
    2014-12-10 12:25 - 2014-12-10 12:25 - 00046080 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
    2014-12-10 12:25 - 2014-12-10 12:25 - 01201152 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
    2015-05-28 16:41 - 2015-05-28 16:41 - 00024576 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
    2015-05-28 16:41 - 2015-05-28 16:41 - 00036352 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
    2014-12-10 12:25 - 2014-12-10 12:25 - 00010240 _____ () C:\Program Files\Box\Box Sync\select.pyd
    2014-12-10 12:25 - 2014-12-10 12:25 - 00128512 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
    2014-12-10 12:25 - 2014-12-10 12:25 - 00127488 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
    2014-12-10 12:25 - 2014-12-10 12:25 - 00686080 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
    2012-10-27 07:23 - 2012-10-27 07:23 - 00320512 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
    2012-10-27 07:20 - 2012-10-27 07:20 - 00018432 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
    2015-06-11 14:48 - 2015-06-11 14:48 - 00048128 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
    2012-10-27 07:20 - 2012-10-27 07:20 - 00119808 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
    2012-10-27 07:20 - 2012-10-27 07:20 - 00108544 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
    2012-10-27 07:20 - 2012-10-27 07:20 - 00035840 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
    2012-10-27 07:20 - 2012-10-27 07:20 - 00025600 _____ () C:\Program Files\Box\Box Sync\win32cred.pyd
    2015-05-28 16:42 - 2015-05-28 16:42 - 00029184 _____ () C:\Program Files\Box\Box Sync\Crypto.Cipher._AES.pyd
    2015-05-28 16:42 - 2015-05-28 16:42 - 00007168 _____ () C:\Program Files\Box\Box Sync\Crypto.Util.strxor.pyd
    2015-05-28 16:42 - 2015-05-28 16:42 - 00009728 _____ () C:\Program Files\Box\Box Sync\Crypto.Random.OSRNG.winrandom.pyd
    2015-05-28 16:42 - 2015-05-28 16:42 - 00010240 _____ () C:\Program Files\Box\Box Sync\Crypto.Util._counter.pyd
    2012-10-27 07:20 - 2012-10-27 07:20 - 00042496 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
    2015-05-28 16:41 - 2015-05-28 16:41 - 00020480 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
    2014-12-10 12:25 - 2014-12-10 12:25 - 00027136 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
    2012-10-27 07:20 - 2012-10-27 07:20 - 00017920 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
    2012-10-27 07:21 - 2012-10-27 07:21 - 00167936 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
    2015-07-20 15:41 - 2015-07-20 15:41 - 40540672 _____ () E:\#0 Instalacja\#1 Programy\Avast\libcef.dll
    2015-09-16 21:34 - 2015-09-16 21:34 - 00061440 _____ () E:\#0 Instalacja\CCleaner\lang\lang-1045.dll
    2015-09-02 16:30 - 2015-09-02 16:30 - 00022528 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe

    ==================== Alternate Data Streams (filtrowane) =========

    (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)


    ==================== Tryb awaryjny (filtrowane) ===================

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)


    ==================== EXE - Powiązania (filtrowane) ===============

    (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


    ==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


    ==================== Inne obszary ============================

    (Obecnie brak automatycznej naprawy dla tej sekcji.)

    HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Zapora systemu Windows - funkcja włączona.

    ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

    (Obecnie brak automatycznej naprawy dla tej sekcji.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^rvlkl.lnk => C:\Windows\pss\rvlkl.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wysyłanie do programu OneNote.lnk => C:\Windows\pss\Wysyłanie do programu OneNote.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: BoxSync => "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
    MSCONFIG\startupreg: CCleaner Monitoring => "E:\#0 Instalacja\CCleaner\CCleaner.exe" /MONITOR
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_707AB4DC4851505403C8FD2DF14CF292 => "C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe" --no-startup-window
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
    MSCONFIG\startupreg: iTunesHelper => "E:\#0 Instalacja\#1 Programy\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Lync => "E:\#0 Instalacja\#1 Programy\MS 2013\Office15\lync.exe" /fromrunkey
    MSCONFIG\startupreg: screenSHU => "E:\#0 Instalacja\#1 Programy\screenSHU\screenSHU.exe" --hidden
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Spotify => "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: Voobly => "E:\#0 Instalacja\#1 Programy\Voobly\voobly.exe" --startup
    MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Web TuneUp\vprot.exe"

    ==================== Reguły Zapory systemu Windows (filtrowane) ===============

    (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

    FirewallRules: [TCP Query User{C41D483F-C9C9-4191-AB57-A730FA674B94}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{B9519F25-7DB7-4279-BF60-0E019F0C48F7}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{ADAF4439-EC65-48DE-8729-320D5F96E70B}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{C1DD0A13-1F1A-4BFD-9CE1-3C03743BE98E}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{4EDF6855-C5FC-474A-9F1B-7B0A0D6BB981}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\Steam.exe
    FirewallRules: [{D616D0C8-88A3-412B-89B0-CB718D0BD5CF}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\Steam.exe
    FirewallRules: [{1CD939FB-2701-4ACD-9331-E934E084BDBD}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{43E99163-91A2-4F49-A18E-DF6411705EDD}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{8305F6E1-B972-46BB-AE23-056FA3874F84}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{4BB435CA-B20D-4316-B8C3-BF0B5592CE0A}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
    FirewallRules: [{EAFF90A7-362F-47FD-8D82-02CD572FEFA8}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
    FirewallRules: [{A5120C8F-A418-4AE0-B918-7A8D636391AC}] => (Allow) E:\#0 Instalacja\#2 Gry\Hearthstone\Hearthstone\Hearthstone.exe
    FirewallRules: [{DDFA207D-7910-40B8-A05A-58185782A215}] => (Allow) E:\#0 Instalacja\#2 Gry\Hearthstone\Hearthstone\Hearthstone.exe
    FirewallRules: [{23809D80-AB28-4B56-B3DE-CA78E9701693}] => (Allow) E:\#0 Instalacja\#1 Programy\NapiProjekt\napisy.exe
    FirewallRules: [{F2DE4786-A778-4387-BA31-8AEA12760FCB}] => (Allow) E:\#0 Instalacja\#1 Programy\NapiProjekt\napisy.exe
    FirewallRules: [{407AA746-BAD7-4F50-977D-A4549CD233EB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{C56DD7DC-C5FC-47FC-A490-03144F501C55}] => (Allow) E:\#0 Instalacja\#1 Programy\Visual Studio\Common7\IDE\WDExpress.exe
    FirewallRules: [{3321D4BD-F104-4483-A31C-CFB8D025ED05}] => (Allow) E:\#0 Instalacja\#1 Programy\Visual Studio\Common7\IDE\WDExpress.exe
    FirewallRules: [{2FDC0149-C01B-44CF-BEE5-3E263D3B8CB6}] => (Allow) E:\Program Files\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
    FirewallRules: [{0A3CC8DB-744D-4D95-8894-9175A23F7623}] => (Allow) E:\Program Files\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
    FirewallRules: [TCP Query User{B7B55C73-8479-4A59-A15F-A3FEA6E4979A}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{853BF95F-75D7-428B-9CEC-1177F4796878}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{1BA998C0-4252-4CDC-A46F-AC8990E469B1}E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{2C1FCD74-FC0E-49BE-ABFC-35840B6BD46E}E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe
    FirewallRules: [{906933DA-E34D-475A-B867-60DB5BB2CCDD}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\bin\steamwebhelper.exe
    FirewallRules: [{987FADD3-A343-49E5-B5A8-6ADA3FB45380}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\bin\steamwebhelper.exe
    FirewallRules: [{72C8DBA7-0F5D-4EE6-94DD-6FE1E745D37C}] => (Allow) E:\#0 Instalacja\#2 Gry\League of Legends\lol.launcher.exe
    FirewallRules: [TCP Query User{A4912A3E-79CE-4F85-9DE9-23E7E3EDCA77}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{1810BCEE-D811-49FB-AB81-E6735A07D0FC}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{B0184F65-DB5F-4528-ACE0-4943EABBB444}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{BCDDC1AF-3FA1-494E-8F9A-7C557A3E39F4}] => (Allow) LPort=2869
    FirewallRules: [{D4478886-B5E8-4134-ACFD-788F5266C65D}] => (Allow) LPort=1900
    FirewallRules: [{3B7361B3-A087-421F-AC5E-8C86E77ACC8E}] => (Allow) E:\#0 Instalacja\#1 Programy\Firefox\firefox.exe
    FirewallRules: [{447B13AF-47F3-4B05-9F26-3B1DF0BD340E}] => (Allow) E:\#0 Instalacja\#1 Programy\Firefox\firefox.exe

    ==================== Wadliwe urządzenia w Menedżerze urządzeń =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Karta tunelowania Teredo firmy Microsoft
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Błędy w Dzienniku zdarzeń: =========================

    Dziennik Aplikacja:
    ==================
    Error: (10/04/2015 12:02:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/04/2015 11:33:04 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nazwa aplikacji powodującej błąd: AutoRearm.exe, wersja: 2.5.2.0, sygnatura czasowa: 0x53c9a9a0
    Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18847, sygnatura czasowa: 0x554d7b00
    Kod wyjątku: 0xe0434352
    Przesunięcie błędu: 0x0000812f
    Identyfikator procesu powodującego błąd: 0x14c
    Godzina uruchomienia aplikacji powodującej błąd: 0xAutoRearm.exe0
    Ścieżka aplikacji powodującej błąd: AutoRearm.exe1
    Ścieżka modułu powodującego błąd: AutoRearm.exe2
    Identyfikator raportu: AutoRearm.exe3

    Error: (10/04/2015 11:32:22 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Aplikacja: AutoRearm.exe
    Wersja architektury: v4.0.30319
    Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
    Informacje o wyjątku: System.Runtime.InteropServices.COMException
    Stos:
       w ..(System.String, System.String, ., System.String)
       w ...ctor()
       w ..(.)
       w ..()

    Error: (10/04/2015 11:31:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/03/2015 10:02:40 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nazwa aplikacji powodującej błąd: AutoRearm.exe, wersja: 2.5.2.0, sygnatura czasowa: 0x53c9a9a0
    Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18847, sygnatura czasowa: 0x554d7b00
    Kod wyjątku: 0xe0434352
    Przesunięcie błędu: 0x0000812f
    Identyfikator procesu powodującego błąd: 0x7cc
    Godzina uruchomienia aplikacji powodującej błąd: 0xAutoRearm.exe0
    Ścieżka aplikacji powodującej błąd: AutoRearm.exe1
    Ścieżka modułu powodującego błąd: AutoRearm.exe2
    Identyfikator raportu: AutoRearm.exe3

    Error: (10/03/2015 10:02:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Aplikacja: AutoRearm.exe
    Wersja architektury: v4.0.30319
    Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
    Informacje o wyjątku: System.Runtime.InteropServices.COMException
    Stos:
       w ..(System.String, System.String, ., System.String)
       w ...ctor()
       w ..(.)
       w ..()

    Error: (10/03/2015 10:02:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/02/2015 09:35:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nazwa aplikacji powodującej błąd: AutoRearm.exe, wersja: 2.5.2.0, sygnatura czasowa: 0x53c9a9a0
    Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18847, sygnatura czasowa: 0x554d7b00
    Kod wyjątku: 0xe0434352
    Przesunięcie błędu: 0x0000812f
    Identyfikator procesu powodującego błąd: 0x1090
    Godzina uruchomienia aplikacji powodującej błąd: 0xAutoRearm.exe0
    Ścieżka aplikacji powodującej błąd: AutoRearm.exe1
    Ścieżka modułu powodującego błąd: AutoRearm.exe2
    Identyfikator raportu: AutoRearm.exe3

    Error: (10/02/2015 09:35:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Aplikacja: AutoRearm.exe
    Wersja architektury: v4.0.30319
    Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
    Informacje o wyjątku: System.Runtime.InteropServices.COMException
    Stos:
       w ..(System.String, System.String, ., System.String)
       w ...ctor()
       w ..(.)
       w ..()

    Error: (10/02/2015 09:16:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nazwa aplikacji powodującej błąd: AutoRearm.exe, wersja: 2.5.2.0, sygnatura czasowa: 0x53c9a9a0
    Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18847, sygnatura czasowa: 0x554d7b00
    Kod wyjątku: 0xe0434352
    Przesunięcie błędu: 0x0000812f
    Identyfikator procesu powodującego błąd: 0x5c0
    Godzina uruchomienia aplikacji powodującej błąd: 0xAutoRearm.exe0
    Ścieżka aplikacji powodującej błąd: AutoRearm.exe1
    Ścieżka modułu powodującego błąd: AutoRearm.exe2
    Identyfikator raportu: AutoRearm.exe3


    Dziennik System:
    =============
    Error: (10/04/2015 12:07:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: Usługa Windows Update zawiesiła się podczas uruchamiania.

    Error: (10/04/2015 12:01:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Usługa Protokół rozpoznawania nazw równorzędnych zależy od usługi Menedżer tożsamości sieci równorzędnej, której nie można uruchomić z powodu następującego błędu:
    %%1058

    Error: (10/04/2015 12:01:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Menedżer tożsamości sieci równorzędnej, której nie można uruchomić z powodu następującego błędu:
    %%1058

    Error: (10/04/2015 12:01:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Usługa Usługa Media Center Extender zależy od usługi Moduł wyliczający magistrali PnP-X IP, której nie można uruchomić z powodu następującego błędu:
    %%1058

    Error: (10/04/2015 12:01:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Nie można uruchomić usługi atksgt z powodu następującego błędu:
    %%1275

    Error: (10/04/2015 12:01:55 PM) (Source: Application Popup) (EventID: 875) (User: )
    Description: Sterownik atksgt.sys został zablokowany dla ładowania.

    Error: (10/04/2015 12:01:42 PM) (Source: atikmdag) (EventID: 10261) (User: )
    Description: Display is not active

    Error: (10/04/2015 12:01:42 PM) (Source: atikmdag) (EventID: 19468) (User: )
    Description: CPLIB :: General - Invalid Parameter

    Error: (10/04/2015 11:31:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Usługa Protokół rozpoznawania nazw równorzędnych zależy od usługi Menedżer tożsamości sieci równorzędnej, której nie można uruchomić z powodu następującego błędu:
    %%1058

    Error: (10/04/2015 11:31:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Menedżer tożsamości sieci równorzędnej, której nie można uruchomić z powodu następującego błędu:
    %%1058


    ==================== Statystyki pamięci ===========================

    Procesor: Pentium® Dual-Core CPU E6300 @ 2.80GHz
    Procent pamięci w użyciu: 46%
    Całkowita pamięć fizyczna: 2047.12 MB
    Dostępna pamięć fizyczna: 1085.04 MB
    Całkowita pamięć wirtualna: 7164.23 MB
    Dostępna pamięć wirtualna: 6200.55 MB

    ==================== Dyski ================================

    Drive c: (NICZEGO TU NIE INSTALUJ) (Fixed) (Total:48.73 GB) (Free:11.62 GB) NTFS
    Drive d: (Nowy) (Fixed) (Total:74.53 GB) (Free:64.95 GB) NTFS
    Drive e: () (Fixed) (Total:416.93 GB) (Free:289.18 GB) NTFS

    ==================== MBR & Tablica partycji ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 422EFA4F)
    Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 36C291E5)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=416.9 GB) - (Type=07 NTFS)

    ==================== Koniec  Addition.txt ============================

Firefox still shows me random advertisements.

#4 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:41 AM

Posted 04 October 2015 - 12:51 PM

Hi,

 

Let's continue.

 

1. Please press Windows Key + R.

In the run dialog box, copy/paste: C:\Program Files\AVG Web TuneUp\UNINSTALL.exe /PROMPT /UNINSTALL and press ENTER

* Please make sure the 'spaces' are included as well

* This will uninstall AVG Web TuneUp, which might cause some of the adverts you see.

 

2. I see you're using a very outdated version of Java Runtime Environment.

* Please go to Start Menu > Control Panel. Here, click Uninstall a program and remove Java 8 Update 31

* Now go to the Java.com website and download the latest version of Java (Java 8 update 60).

 

3. Please download to your Desktop.

  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!


4. Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.


5. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.


6. Please remove fixlist.txt from your PC.

 

7. Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).


8. Please reboot your PC.

9. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.


10. Please give me an update on your PC problems. Also please include the results from the following tools and answers to my following questions in your next reply:
  • Did you succesfully remove "AVG Web TuneUp" from your PC?

  • Did you succesfully remove the old Java version and install the new one?

  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt

  • Malwarebytes' Anti-Malware - custom scan
  • Farbar Recovery Scan Tool - regular scan


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#5 booa

booa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 05 October 2015 - 12:18 PM

Here we go.

 

1. AVG Web TuneUp.

I did as you asked me to but nothing happend. I mean, there was no reaction at all, like I didn't do anything. I tried to uninstall it using Control Panel - same story.

 

2. Java update.

Successfully done.

 

3. RKill.

The log was done after Malwarebytes scan - brother's mistake, I hope not so big.

 

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/05/2015 06:18:54 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 10/05/2015 06:22:54 PM
Execution time: 0 hours(s), 4 minute(s), and 0 seconds(s)

 

4. Farbar Recovery Scan Tool - using fixlist.txt

 

 

Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja:04-10-2015
Uruchomiony przez Admin (2015-10-04 21:46:51) Run:2
Uruchomiony z C:\Users\Admin\Desktop
Załadowane profile: Admin (Dostępne profile: Admin)
Tryb startu: Normal

==============================================

fixlist - zawartość:
*****************
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-10-02 10:45 - 2015-10-02 10:45 - 00380416 _____ C:\Users\Admin\Desktop\ptj96i93.exe
Task: {517612C9-0FDC-4928-8AFE-3D5B02EEAACA} - System32\Tasks\{348B6D42-E17A-41C6-A4FC-BA2C7CCFA782} => Firefox.exe http://ui.skype.com/ui/0/7.1.0.105/pl/abandoninstall?page=tsProgressBar
Task: {5B36EEEA-8D5F-49F0-A23A-9BA59B76029A} - System32\Tasks\{C27FB5F9-423B-423B-8BE2-C7E971833157} => Firefox.exe http://ui.skype.com/ui/0/7.1.0.105/pl/abandoninstall?page=tsProgressBar
Task: {73E3C9B2-E3EC-42E3-94CB-74254C4FAD2E} - System32\Tasks\{778F51F4-EC9D-4D72-9B4A-F75F7E6F9E3E} => Firefox.exe http://ui.skype.com/ui/0/7.0.80.102/pl/abandoninstall?page=tsProgressBar
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
C:\Users\Admin\Desktop\ptj96i93.exe => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{517612C9-0FDC-4928-8AFE-3D5B02EEAACA}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{517612C9-0FDC-4928-8AFE-3D5B02EEAACA}" => klucz pomyślnie usunięto
C:\Windows\System32\Tasks\{348B6D42-E17A-41C6-A4FC-BA2C7CCFA782} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{348B6D42-E17A-41C6-A4FC-BA2C7CCFA782}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B36EEEA-8D5F-49F0-A23A-9BA59B76029A}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B36EEEA-8D5F-49F0-A23A-9BA59B76029A}" => klucz pomyślnie usunięto
C:\Windows\System32\Tasks\{C27FB5F9-423B-423B-8BE2-C7E971833157} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C27FB5F9-423B-423B-8BE2-C7E971833157}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73E3C9B2-E3EC-42E3-94CB-74254C4FAD2E}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73E3C9B2-E3EC-42E3-94CB-74254C4FAD2E}" => klucz pomyślnie usunięto
C:\Windows\System32\Tasks\{778F51F4-EC9D-4D72-9B4A-F75F7E6F9E3E} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{778F51F4-EC9D-4D72-9B4A-F75F7E6F9E3E}" => klucz pomyślnie usunięto

==== Koniec  Fixlog 21:46:51 ====

 

 

5.Malwarebytes' Anti-Malware - custom scan.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data skanowania: 2015-10-04
Czas skanowania: 21:49
Raport: MBAM.txt
Administrator: Tak

Wersja: 2.1.8.1057
Baza szkodliwego oprogramowania: v2015.10.04.04
Baza danych rootkitów: v2015.10.02.01
Licencja: Darmowa
Ochrona przed złośliwym oprogramowaniem: Wyłączony
Ochrona przed szkodliwymi stronami: Wyłączony
Samoobrona: Wyłączony

System operacyjny: Windows 7 Service Pack 1
Procesor: x86
System plików: NTFS
Użytkownik: Admin

Typ skanowania: Niestandardowe skanowanie
Wynik: Zakończono
Obiekty przeskanowane: 574424
Czas, który upłynął: 1 h, 43 min, 35 s

Pamięć: Włączony
Autostart: Włączony
System plików: Włączony
Archiwa: Włączony
Rootkity: Włączony
Heurystyka: Włączony
PUP: Włączony
PUM: Włączony

Procesy: 0
(Nie wykryto zagrożeń)

Moduły: 0
(Nie wykryto zagrożeń)

Klucze rejestru: 8
PUP.Optional.WinManger, HKLM\SOFTWARE\CLASSES\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}, Przeniesiono do kwarantanny, [e311a7ab6d1e79bd0fc92fcb58aaea16],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Przeniesiono do kwarantanny, [7c78cb874942af879dcd664fa45e728e],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Przeniesiono do kwarantanny, [7c78cb874942af879dcd664fa45e728e],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Przeniesiono do kwarantanny, [7c78cb874942af879dcd664fa45e728e],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Przeniesiono do kwarantanny, [7c78cb874942af879dcd664fa45e728e],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Przeniesiono do kwarantanny, [7c78cb874942af879dcd664fa45e728e],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Przeniesiono do kwarantanny, [7c78cb874942af879dcd664fa45e728e],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Przeniesiono do kwarantanny, [7c78cb874942af879dcd664fa45e728e],

Wartości rejestru: 0
(Nie wykryto zagrożeń)

Dane rejestru: 0
(Nie wykryto zagrożeń)

Foldery: 0
(Nie wykryto zagrożeń)

Pliki: 6
PUP.Optional.OpenCandy, C:\Users\Admin\AppData\Local\Temp\HYD2FA8.tmp.1443952001\HTA\install.1443952001.zip, Przeniesiono do kwarantanny, [7e763121800b94a2f2787144a85ad22e],
PUP.Optional.OpenCandy, C:\Users\Admin\AppData\Local\Temp\HYD2FA8.tmp.1443952001\HTA\3rdparty\OCComSDK.dll, Przeniesiono do kwarantanny, [c82cd280098257df47239c19738f9769],
PUP.Optional.OpenCandy, C:\Users\Admin\AppData\Local\Temp\HYD2FA8.tmp.1443952001\HTA\3rdparty\OCSetupHlp.dll, Przeniesiono do kwarantanny, [03f110425a315adceb564369b550de22],
PUP.Optional.OpenCandy, C:\Users\Admin\AppData\Local\Temp\HYD84D9.tmp.1443952023\HTA\install.1443952023.zip, Przeniesiono do kwarantanny, [5c98f260afdc65d1c3a7eacb55adf50b],
PUP.Optional.OpenCandy, C:\Users\Admin\AppData\Local\Temp\HYD84D9.tmp.1443952023\HTA\3rdparty\OCComSDK.dll, Przeniesiono do kwarantanny, [7c78cb874942af879dcd664fa45e728e],
PUP.Optional.OpenCandy, C:\Users\Admin\AppData\Local\Temp\HYD84D9.tmp.1443952023\HTA\3rdparty\OCSetupHlp.dll, Przeniesiono do kwarantanny, [975dbc966724fa3c241dc5e7d72e1fe1],

Sektory fizyczne: 0
(Nie wykryto zagrożeń)


(end)

 

 

Then I deleted all the malware using MBAM.

 

6. Farbar Recovery Scan Tool - regular scan

  • FRST.txt

 

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:04-10-2015
Uruchomiony przez Admin (administrator)  KOMPUTER (05-10-2015 18:47:50)
Uruchomiony z C:\Users\Admin\Desktop
Załadowane profile: Admin (Dostępne profile: Admin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) E:\#0 Instalacja\#1 Programy\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(AVAST Software) E:\#0 Instalacja\#1 Programy\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Flux Software LLC) C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) E:\#0 Instalacja\CCleaner\CCleaner.exe
(Spotify Ltd) C:\Users\Admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5841768 2015-09-02] (Box, Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\#0 Instalacja\#1 Programy\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Run: [f.lux] => C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Run: [CCleaner Monitoring] => E:\#0 Instalacja\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-15] (Spotify Ltd)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\#0 Instalacja\#1 Programy\Avast\ashShell.dll [2015-07-20] (AVAST Software)
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{20D65FF0-B252-46DF-9490-4339BA52BD41}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7D3EEA3A-F381-47FC-BB44-E9C626EC07C1}: [DhcpNameServer] 194.204.152.34 194.204.159.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://pl.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-04] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3076qoj6.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-04] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\#0INST~1\#1PROG~1\MS2013~1\Office15\NPSPWRAP.DLL [Brak pliku]
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF Extension: Simple White - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3076qoj6.default\Extensions\Simple@White.Theme.xpi [2015-07-21]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3076qoj6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-17]

Chrome:
=======
CHR dev: Chrome dev build wykryto! <======= UWAGA

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AdobeUpdateService; C:\Program Files\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
R2 avast! Antivirus; E:\#0 Instalacja\#1 Programy\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28184 2014-09-24] (Box, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego]
S2 MBAMService; E:\#0 Instalacja\#1 Programy\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Origin Client Service; E:\#0 Instalacja\#1 Programy\Origin\OriginClientService.exe [2004488 2015-07-08] (Electronic Arts)
S3 VsEtwService120; E:\#0 Instalacja\#1 Programy\Visual Studio\Common7\Packages\Debugger\Services\VsEtwService.exe [71344 2013-10-05] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-04-11] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-20] (AVAST Software)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2015-04-02] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-29] (AVG Technologies)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2014-05-13] (Atheros Communications, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2014-06-30] () [Brak podpisu cyfrowego]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2014-05-13] ()
S3 rt61x86; C:\Windows\System32\DRIVERS\WMP54Gv41x86.sys [286208 2014-05-13] (Ralink Technology Inc.)
S3 Scarlett_UAC2Audio; C:\Windows\System32\DRIVERS\Scarlett_UAC2Audio.sys [74480 2014-10-02] (Focusrite Audio Engineering Limited.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-10-05 18:47 - 2015-10-05 18:48 - 00013216 _____ C:\Users\Admin\Desktop\FRST.txt
2015-10-05 18:18 - 2015-10-05 18:22 - 00002030 _____ C:\Users\Admin\Desktop\Rkill.txt
2015-10-04 23:44 - 2015-10-04 23:44 - 00003364 _____ C:\Users\Admin\Desktop\MBAM.txt
2015-10-04 23:40 - 2015-10-05 18:29 - 00000224 _____ C:\Windows\setupact.log
2015-10-04 23:40 - 2015-10-05 08:18 - 00002286 _____ C:\Windows\PFRO.log
2015-10-04 23:40 - 2015-10-04 23:40 - 00000000 _____ C:\Windows\setuperr.log
2015-10-04 21:44 - 2015-10-04 21:44 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-10-04 21:44 - 2015-10-04 21:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Sun
2015-10-04 21:44 - 2015-10-04 21:44 - 00000000 ____D C:\Users\Admin\.oracle_jre_usage
2015-10-04 21:44 - 2015-10-04 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-04 21:44 - 2015-10-04 21:44 - 00000000 ____D C:\Program Files\Common Files\Java
2015-10-04 21:43 - 2015-10-04 21:43 - 00584288 _____ (Oracle Corporation) C:\Users\Admin\Downloads\JavaSetup8u60.exe
2015-10-04 21:43 - 2015-10-04 21:43 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Oracle
2015-10-04 21:43 - 2015-10-04 21:43 - 00000000 ____D C:\Program Files\Java
2015-10-04 21:36 - 2015-10-04 21:19 - 00003320 _____ C:\Users\Admin\Desktop\DD.txt
2015-10-04 11:41 - 2015-10-04 11:29 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2015-10-03 11:01 - 2015-09-26 18:37 - 00001477 _____ C:\Users\Admin\Desktop\Internet Explorer (No Add-ons).lnk
2015-10-02 10:39 - 2015-10-05 18:47 - 00000000 ____D C:\FRST
2015-10-02 10:39 - 2015-10-04 21:46 - 01697792 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-10-02 10:10 - 2015-10-02 10:10 - 01670656 _____ C:\Users\Admin\Desktop\adwcleaner_5.009.exe
2015-10-01 20:33 - 2015-10-02 10:43 - 00000000 ____D C:\AdwCleaner
2015-09-30 15:21 - 2015-09-30 15:21 - 00000000 ____D C:\_OTL
2015-09-30 13:56 - 2015-09-30 13:56 - 00000682 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-30 13:56 - 2015-09-30 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-30 13:50 - 2015-09-30 13:50 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2015-09-27 14:28 - 2015-09-27 14:28 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-09-26 21:24 - 2015-09-26 21:24 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-26 15:31 - 2015-09-26 15:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2015-09-26 15:31 - 2015-09-26 15:31 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2015-09-26 15:30 - 2015-09-26 18:38 - 00000000 ____D C:\Program Files\Opera
2015-09-26 15:30 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-26 15:22 - 2015-09-26 15:22 - 00000000 ____D C:\ProgramData\LightScribe
2015-09-26 15:17 - 2015-09-26 18:40 - 00000000 ____D C:\ProgramData\Nero
2015-09-26 15:16 - 2015-09-26 18:41 - 00000000 ____D C:\Program Files\Common Files\LightScribe
2015-09-26 15:15 - 2015-09-26 15:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Nero
2015-09-13 19:25 - 2015-09-13 19:25 - 00001890 _____ C:\Users\Public\Desktop\Defraggler.lnk
2015-09-13 19:25 - 2015-09-13 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2015-09-13 19:25 - 2015-09-13 19:25 - 00000000 ____D C:\Program Files\Defraggler
2015-09-06 19:19 - 2015-09-06 19:19 - 00000708 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-09-06 19:19 - 2015-09-06 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-09-06 19:18 - 2015-09-06 19:19 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Guild Wars 2
2015-09-06 15:23 - 2015-09-06 15:23 - 00000363 _____ C:\Users\Admin\Desktop\Komputer.lnk
2015-09-06 15:21 - 2015-09-27 14:50 - 00000798 _____ C:\Users\Admin\Desktop\Mozilla Firefox.lnk
2015-09-05 11:10 - 2015-09-05 11:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WinISO Computing
2015-09-05 11:10 - 2015-09-05 11:10 - 00000000 ____D C:\Users\Admin\AppData\Local\WinISO Computing

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-10-05 18:38 - 2009-07-14 06:34 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-05 18:38 - 2009-07-14 06:34 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-05 18:34 - 2014-05-13 21:21 - 01778504 _____ C:\Windows\WindowsUpdate.log
2015-10-05 18:31 - 2014-05-13 23:05 - 00000000 ____D C:\Users\Admin\AppData\Local\Box Sync
2015-10-05 18:29 - 2014-06-13 23:16 - 00000370 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-10-05 18:29 - 2014-05-13 22:01 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-05 18:29 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-05 18:17 - 2011-04-12 07:08 - 00743382 _____ C:\Windows\system32\perfh015.dat
2015-10-05 18:17 - 2011-04-12 07:08 - 00156982 _____ C:\Windows\system32\perfc015.dat
2015-10-05 18:17 - 2010-11-20 23:01 - 01677864 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-05 18:12 - 2014-05-13 22:01 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-04 23:50 - 2014-05-13 23:07 - 00000000 ___RD C:\Users\Admin\Box Sync
2015-10-04 23:43 - 2014-05-14 11:05 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 21:44 - 2014-06-07 20:05 - 00000000 ____D C:\ProgramData\Oracle
2015-10-04 21:44 - 2014-05-13 21:28 - 00000000 ____D C:\Users\Admin
2015-10-04 18:39 - 2014-05-13 22:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Spotify
2015-10-04 18:39 - 2014-05-13 22:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Spotify
2015-10-03 11:01 - 2014-05-24 17:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2015-10-02 12:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\SchCache
2015-09-30 22:19 - 2015-07-04 21:44 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-09-30 15:24 - 2014-05-13 21:54 - 00170320 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-30 15:23 - 2014-12-03 21:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Unity
2015-09-30 15:23 - 2009-07-14 06:33 - 00590984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-30 14:06 - 2014-05-13 21:55 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2015-09-30 13:58 - 2014-05-13 22:17 - 00000000 ____D C:\Windows\Panther
2015-09-30 13:49 - 2014-08-29 20:32 - 00000000 ____D C:\Windows\pss
2015-09-30 13:42 - 2014-12-03 21:00 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Unity
2015-09-30 13:37 - 2014-07-09 11:28 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-30 13:37 - 2014-07-09 11:28 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-27 14:50 - 2015-05-17 13:12 - 00000798 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-26 20:50 - 2009-07-14 06:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-26 18:37 - 2014-05-13 21:52 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieUserList
2015-09-26 18:37 - 2014-05-13 21:52 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieSiteList
2015-09-26 18:37 - 2014-05-13 21:28 - 00001425 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-23 14:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-22 20:42 - 2014-05-13 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2015-09-18 21:55 - 2014-10-22 21:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-18 20:23 - 2014-10-22 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-13 17:46 - 2014-09-17 19:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-09-09 17:05 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-09-08 20:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-06 15:46 - 2015-08-01 23:42 - 00000000 ____D C:\Users\Admin\.mediathek3
2015-09-06 14:49 - 2014-06-30 09:43 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2015-09-06 14:49 - 2014-06-20 19:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-05 09:53 - 2014-06-14 20:55 - 00000000 ____D C:\Users\Admin\Documents\Visual Studio 2013

==================== Pliki w katalogu głównym wybranych folderów =======

2015-05-05 17:28 - 2015-05-05 17:47 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-28 15:56 - 2015-06-28 15:56 - 0004080 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2015-09-26 21:24 - 2015-09-26 21:24 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2015-10-01 21:45

==================== Koniec  FRST.txt ============================

 

 

  • Addition.txt

 

 

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja:04-10-2015
Uruchomiony przez Admin (2015-10-05 18:48:29)
Uruchomiony z C:\Users\Admin\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-05-13 19:28:45)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Admin (S-1-5-21-3142999315-1421101962-1785333390-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3142999315-1421101962-1785333390-500 - Administrator - Disabled)
Gość (S-1-5-21-3142999315-1421101962-1785333390-501 - Limited - Disabled)

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2223 - AVAST Software)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
AzureTools.Notifications.VwdExpress (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Box Sync (HKLM\...\{AF492AE0-06A1-409B-BBED-9EE9C5961D03}) (Version: 4.0.6634.0 - Box, Inc.)
Box Sync (Version: 4.0.4884.0 - Box Inc.) Hidden
Build Tools - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dropbox (HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Flux) (Version:  - )
foobar2000 v1.3.8 (HKLM\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Galeria fotografii (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
LibreOffice 4.4.4.3 (HKLM\...\{5B6D82BB-CC1A-431E-8991-3E57855F99C5}) (Version: 4.4.4.3 - The Document Foundation)
Malwarebytes Anti-Malware wersja 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - PLK Lang Pack (HKLM\...\{DCBF58FD-AFD7-4F67-91EA-909B613EFB6A}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{9B1121CA-2BF6-3CD9-A047-AF9F803AFE93}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (ENU) (HKLM\...\{AD82FCEF-6FDD-4C9B-8844-8BCBDC1091A0}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Language Pack - PLK (HKLM\...\Microsoft Help Viewer 2.1 Language Pack - PLK) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{5EF1EBC5-4A40-4D1C-B02E-0C54BC93FD06}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{FE939060-416C-4ECD-890E-13776E2707C4}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{544ACD54-9FAA-4A60-A1E7-B2EC3AA75D24}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E7654811-38F9-4225-9688-827FDA716582}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Web - ENU (HKLM\...\{3e544097-53d1-4252-98a6-93cc12a6d487}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Web Language Pack — PLK (HKLM\...\{7cb70a9f-7c00-4ba0-8e73-f9ffbac8925c}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{5CD1B40A-969C-4D7A-B5C2-DAFCB82C53CD}) (Version: 3.1237.1762 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 38.0.1 (x86 pl)) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NapiProjekt (2.2.0.2399) (HKLM\...\NapiProjekt_is1) (Version:  - )
Origin (HKLM\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Pakiet językowy programu Microsoft Visual Studio Express 2013 for Windows Desktop — PLK (HKLM\...\{1d428f6d-1e87-4e37-aa6c-1f8e6a8d6e7b}) (Version: 12.0.21005.13 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Podstawowe programy Windows Live (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Przygotowywanie programu Microsoft Visual Studio 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
screenSHU - the fastest screen capture ever. (HKLM\...\screenSHU) (Version:  - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
THE SETTLERS – Narodziny Imperium (Wszystkie produkty) (HKLM\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
The Sims 2: Ultimate Collection (HKLM\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Punkty Przywracania systemu =========================

30-09-2015 16:46:01 Zaplanowany punkt kontrolny
04-10-2015 19:00:05 Kopia zapasowa systemu Windows
04-10-2015 21:40:01 Removed Java 8 Update 31

==================== Hosts - zawartość: ==========================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {467A1590-11A6-48A2-AEC0-6BA0100C7442} - System32\Tasks\avast! Emergency Update => E:\#0 Instalacja\#1 Programy\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {A323B5AA-1B02-4C1C-BFCF-46CC318915A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {B3F535A1-950B-44CA-A8A1-98CC34AFBEC4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D3FE13C8-780A-45A3-AEF1-BF3BB93FEFB5} - System32\Tasks\DriverToolkit Autorun => E:\#0 Instalacja\#1 Programy\DriverToolkit\DriverToolkit.exe
Task: {F0A0E797-AF10-4891-A46A-EED60916C85A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {F219CC59-F539-497A-B827-3BDC801E1807} - System32\Tasks\CCleanerSkipUAC => E:\#0 Instalacja\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\DriverToolkit Autorun.job => E:\#0 Instalacja\#1 Programy\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Załadowane moduły (filtrowane) ==============

2015-07-20 15:41 - 2015-07-20 15:41 - 00102864 _____ () E:\#0 Instalacja\#1 Programy\Avast\log.dll
2015-07-20 15:41 - 2015-07-20 15:41 - 00123976 _____ () E:\#0 Instalacja\#1 Programy\Avast\JsonRpcServer.dll
2015-10-04 18:33 - 2015-10-04 18:33 - 02966528 _____ () E:\#0 Instalacja\#1 Programy\Avast\defs\15100401\algo.dll
2014-12-19 16:57 - 2014-12-19 16:57 - 01059488 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
2014-12-10 12:25 - 2014-12-10 12:25 - 00774656 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2012-10-27 07:21 - 2012-10-27 07:21 - 00098816 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00110080 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2012-10-27 07:22 - 2012-10-27 07:22 - 00364544 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2014-12-10 12:25 - 2014-12-10 12:25 - 00087552 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2013-10-07 15:06 - 2013-10-07 15:06 - 00003584 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00046080 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 01201152 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2015-05-28 16:41 - 2015-05-28 16:41 - 00024576 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2015-05-28 16:41 - 2015-05-28 16:41 - 00036352 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00010240 _____ () C:\Program Files\Box\Box Sync\select.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00128512 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00127488 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00686080 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2012-10-27 07:23 - 2012-10-27 07:23 - 00320512 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00018432 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2015-06-11 14:48 - 2015-06-11 14:48 - 00048128 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00119808 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00108544 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00035840 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00025600 _____ () C:\Program Files\Box\Box Sync\win32cred.pyd
2015-05-28 16:42 - 2015-05-28 16:42 - 00029184 _____ () C:\Program Files\Box\Box Sync\Crypto.Cipher._AES.pyd
2015-05-28 16:42 - 2015-05-28 16:42 - 00007168 _____ () C:\Program Files\Box\Box Sync\Crypto.Util.strxor.pyd
2015-05-28 16:42 - 2015-05-28 16:42 - 00009728 _____ () C:\Program Files\Box\Box Sync\Crypto.Random.OSRNG.winrandom.pyd
2015-05-28 16:42 - 2015-05-28 16:42 - 00010240 _____ () C:\Program Files\Box\Box Sync\Crypto.Util._counter.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00042496 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2015-05-28 16:41 - 2015-05-28 16:41 - 00020480 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00027136 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00017920 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2012-10-27 07:21 - 2012-10-27 07:21 - 00167936 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2015-07-20 15:41 - 2015-07-20 15:41 - 40540672 _____ () E:\#0 Instalacja\#1 Programy\Avast\libcef.dll
2015-09-16 21:34 - 2015-09-16 21:34 - 00061440 _____ () E:\#0 Instalacja\CCleaner\lang\lang-1045.dll
2015-09-02 16:30 - 2015-09-02 16:30 - 00022528 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)


==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)


==================== EXE - Powiązania (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Zapora systemu Windows - funkcja włączona.

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

(Obecnie brak automatycznej naprawy dla tej sekcji.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^rvlkl.lnk => C:\Windows\pss\rvlkl.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wysyłanie do programu OneNote.lnk => C:\Windows\pss\Wysyłanie do programu OneNote.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BoxSync => "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
MSCONFIG\startupreg: CCleaner Monitoring => "E:\#0 Instalacja\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GoogleChromeAutoLaunch_707AB4DC4851505403C8FD2DF14CF292 => "C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe" --no-startup-window
MSCONFIG\startupreg: GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "E:\#0 Instalacja\#1 Programy\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lync => "E:\#0 Instalacja\#1 Programy\MS 2013\Office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: screenSHU => "E:\#0 Instalacja\#1 Programy\screenSHU\screenSHU.exe" --hidden
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Voobly => "E:\#0 Instalacja\#1 Programy\Voobly\voobly.exe" --startup
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Web TuneUp\vprot.exe"

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [TCP Query User{C41D483F-C9C9-4191-AB57-A730FA674B94}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B9519F25-7DB7-4279-BF60-0E019F0C48F7}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{ADAF4439-EC65-48DE-8729-320D5F96E70B}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C1DD0A13-1F1A-4BFD-9CE1-3C03743BE98E}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4EDF6855-C5FC-474A-9F1B-7B0A0D6BB981}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\Steam.exe
FirewallRules: [{D616D0C8-88A3-412B-89B0-CB718D0BD5CF}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\Steam.exe
FirewallRules: [{1CD939FB-2701-4ACD-9331-E934E084BDBD}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{43E99163-91A2-4F49-A18E-DF6411705EDD}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8305F6E1-B972-46BB-AE23-056FA3874F84}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4BB435CA-B20D-4316-B8C3-BF0B5592CE0A}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{EAFF90A7-362F-47FD-8D82-02CD572FEFA8}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{A5120C8F-A418-4AE0-B918-7A8D636391AC}] => (Allow) E:\#0 Instalacja\#2 Gry\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{DDFA207D-7910-40B8-A05A-58185782A215}] => (Allow) E:\#0 Instalacja\#2 Gry\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{23809D80-AB28-4B56-B3DE-CA78E9701693}] => (Allow) E:\#0 Instalacja\#1 Programy\NapiProjekt\napisy.exe
FirewallRules: [{F2DE4786-A778-4387-BA31-8AEA12760FCB}] => (Allow) E:\#0 Instalacja\#1 Programy\NapiProjekt\napisy.exe
FirewallRules: [{407AA746-BAD7-4F50-977D-A4549CD233EB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C56DD7DC-C5FC-47FC-A490-03144F501C55}] => (Allow) E:\#0 Instalacja\#1 Programy\Visual Studio\Common7\IDE\WDExpress.exe
FirewallRules: [{3321D4BD-F104-4483-A31C-CFB8D025ED05}] => (Allow) E:\#0 Instalacja\#1 Programy\Visual Studio\Common7\IDE\WDExpress.exe
FirewallRules: [{2FDC0149-C01B-44CF-BEE5-3E263D3B8CB6}] => (Allow) E:\Program Files\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{0A3CC8DB-744D-4D95-8894-9175A23F7623}] => (Allow) E:\Program Files\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [TCP Query User{B7B55C73-8479-4A59-A15F-A3FEA6E4979A}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{853BF95F-75D7-428B-9CEC-1177F4796878}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{1BA998C0-4252-4CDC-A46F-AC8990E469B1}E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{2C1FCD74-FC0E-49BE-ABFC-35840B6BD46E}E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [{906933DA-E34D-475A-B867-60DB5BB2CCDD}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\bin\steamwebhelper.exe
FirewallRules: [{987FADD3-A343-49E5-B5A8-6ADA3FB45380}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\bin\steamwebhelper.exe
FirewallRules: [{72C8DBA7-0F5D-4EE6-94DD-6FE1E745D37C}] => (Allow) E:\#0 Instalacja\#2 Gry\League of Legends\lol.launcher.exe
FirewallRules: [TCP Query User{A4912A3E-79CE-4F85-9DE9-23E7E3EDCA77}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1810BCEE-D811-49FB-AB81-E6735A07D0FC}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B0184F65-DB5F-4528-ACE0-4943EABBB444}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BCDDC1AF-3FA1-494E-8F9A-7C557A3E39F4}] => (Allow) LPort=2869
FirewallRules: [{D4478886-B5E8-4134-ACFD-788F5266C65D}] => (Allow) LPort=1900
FirewallRules: [{3B7361B3-A087-421F-AC5E-8C86E77ACC8E}] => (Allow) E:\#0 Instalacja\#1 Programy\Firefox\firefox.exe
FirewallRules: [{447B13AF-47F3-4B05-9F26-3B1DF0BD340E}] => (Allow) E:\#0 Instalacja\#1 Programy\Firefox\firefox.exe

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name: Teredo Tunneling Pseudo-Interface
Description: Karta tunelowania Teredo firmy Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (10/05/2015 06:30:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2015 06:10:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2015 08:18:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2015 11:49:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 38.0.1.5611, sygnatura czasowa: 0x55541a90
Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 38.0.1.5611, sygnatura czasowa: 0x55540a1e
Kod wyjątku: 0x80000003
Przesunięcie błędu: 0x00001aa1
Identyfikator procesu powodującego błąd: 0x100c
Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0
Ścieżka aplikacji powodującej błąd: plugin-container.exe1
Ścieżka modułu powodującego błąd: plugin-container.exe2
Identyfikator raportu: plugin-container.exe3

Error: (10/04/2015 11:49:09 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Nie można załadować programu obsługi protokołu Mapi15. Opis błędu: (HRESULT : 0x80040154).

Error: (10/04/2015 11:41:27 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Nie można zainicjować indeksu.

Szczegóły:
    Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/04/2015 11:41:27 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Nie można zainicjować aplikacji.

Kontekst: aplikacja Windows

Szczegóły:
    Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/04/2015 11:41:27 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Nie można zainicjować obiektu programu zbierającego.

Kontekst: aplikacja Windows, wykaz SystemIndex

Szczegóły:
    Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/04/2015 11:41:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Nie można zainicjować dodatku typu plug-in w <Search.TripoliIndexer>.

Kontekst: aplikacja Windows, wykaz SystemIndex

Szczegóły:
    Nie można odnaleźć elementu.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/04/2015 11:41:26 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Nie można zainicjować dodatku typu plug-in w <Search.JetPropStore>.

Kontekst: aplikacja Windows, wykaz SystemIndex

Szczegóły:
    Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)


Dziennik System:
=============
Error: (10/05/2015 06:29:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Protokół rozpoznawania nazw równorzędnych zależy od usługi Menedżer tożsamości sieci równorzędnej, której nie można uruchomić z powodu następującego błędu:
%%1058

Error: (10/05/2015 06:29:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Menedżer tożsamości sieci równorzędnej, której nie można uruchomić z powodu następującego błędu:
%%1058

Error: (10/05/2015 06:29:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Usługa Media Center Extender zależy od usługi Moduł wyliczający magistrali PnP-X IP, której nie można uruchomić z powodu następującego błędu:
%%1058

Error: (10/05/2015 06:29:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi atksgt z powodu następującego błędu:
%%1275

Error: (10/05/2015 06:29:45 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Sterownik atksgt.sys został zablokowany dla ładowania.

Error: (10/05/2015 06:29:28 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (10/05/2015 06:29:28 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/05/2015 06:10:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Protokół rozpoznawania nazw równorzędnych zależy od usługi Menedżer tożsamości sieci równorzędnej, której nie można uruchomić z powodu następującego błędu:
%%1058

Error: (10/05/2015 06:10:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Menedżer tożsamości sieci równorzędnej, której nie można uruchomić z powodu następującego błędu:
%%1058

Error: (10/05/2015 06:10:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Usługa Media Center Extender zależy od usługi Moduł wyliczający magistrali PnP-X IP, której nie można uruchomić z powodu następującego błędu:
%%1058


==================== Statystyki pamięci ===========================

Procesor: Pentium® Dual-Core CPU E6300 @ 2.80GHz
Procent pamięci w użyciu: 61%
Całkowita pamięć fizyczna: 2047.12 MB
Dostępna pamięć fizyczna: 796.07 MB
Całkowita pamięć wirtualna: 7164.23 MB
Dostępna pamięć wirtualna: 5765.99 MB

==================== Dyski ================================

Drive c: (NICZEGO TU NIE INSTALUJ) (Fixed) (Total:48.73 GB) (Free:12.72 GB) NTFS
Drive d: (Nowy) (Fixed) (Total:74.53 GB) (Free:64.95 GB) NTFS
Drive e: () (Fixed) (Total:416.93 GB) (Free:286.23 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 422EFA4F)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 36C291E5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416.9 GB) - (Type=07 NTFS)

==================== Koniec  Addition.txt ============================

 

 

 

The problem with Firefox persists.



#6 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:41 AM

Posted 05 October 2015 - 01:46 PM

Hi,

Please remove FireFox following these instructions (I included them in Polish for you).

When done, reboot your PC and reinstall FireFox.

Can you tell me if this solved your issues?
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#7 booa

booa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 07 October 2015 - 10:44 AM

​I'll do it as soon as I get access to this computer (no later than tomorrow).



#8 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:41 AM

Posted 07 October 2015 - 08:12 PM

No problem. :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#9 booa

booa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 09 October 2015 - 10:20 AM

It's seems to be ok right now. Is there anything more I should do?



#10 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:41 AM

Posted 10 October 2015 - 03:30 PM

Hi there,

 

Please do a new scan with FRST, just to be sure. Post the results into your next reply.


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#11 booa

booa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 17 October 2015 - 06:49 AM

Hi. I'm sorry, I was away for couple of days. Brother just sent me the files you asked me for.

 

FRST

 

 

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:14-10-2015
Uruchomiony przez Admin (administrator)  KOMPUTER (14-10-2015 21:46:31)
Uruchomiony z C:\Users\Admin\Desktop
Załadowane profile: Admin (Dostępne profile: Admin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) E:\#0 Instalacja\#1 Programy\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(AVAST Software) E:\#0 Instalacja\#1 Programy\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Flux Software LLC) C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) E:\#0 Instalacja\CCleaner\CCleaner.exe
(Spotify Ltd) C:\Users\Admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5909408 2015-10-06] (Box, Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\#0 Instalacja\#1 Programy\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Run: [f.lux] => C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Run: [CCleaner Monitoring] => E:\#0 Instalacja\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-15] (Spotify Ltd)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\#0 Instalacja\#1 Programy\Avast\ashShell.dll [2015-07-20] (AVAST Software)
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{20D65FF0-B252-46DF-9490-4339BA52BD41}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7D3EEA3A-F381-47FC-BB44-E9C626EC07C1}: [DhcpNameServer] 194.204.152.34 194.204.159.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://pl.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-04] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3076qoj6.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-04] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\#0INST~1\#1PROG~1\MS2013~1\Office15\NPSPWRAP.DLL [Brak pliku]
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF Extension: Simple White - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3076qoj6.default\Extensions\Simple@White.Theme.xpi [2015-07-21]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3076qoj6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-17]

Chrome:
=======
CHR dev: Chrome dev build wykryto! <======= UWAGA

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AdobeUpdateService; C:\Program Files\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
R2 avast! Antivirus; E:\#0 Instalacja\#1 Programy\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28184 2014-09-24] (Box, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego]
S2 MBAMService; E:\#0 Instalacja\#1 Programy\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Origin Client Service; E:\#0 Instalacja\#1 Programy\Origin\OriginClientService.exe [2004488 2015-07-08] (Electronic Arts)
S3 VsEtwService120; E:\#0 Instalacja\#1 Programy\Visual Studio\Common7\Packages\Debugger\Services\VsEtwService.exe [71344 2013-10-05] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-04-11] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-20] (AVAST Software)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2015-04-02] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-29] (AVG Technologies)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2014-05-13] (Atheros Communications, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2014-06-30] () [Brak podpisu cyfrowego]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2014-05-13] ()
S3 rt61x86; C:\Windows\System32\DRIVERS\WMP54Gv41x86.sys [286208 2014-05-13] (Ralink Technology Inc.)
S3 Scarlett_UAC2Audio; C:\Windows\System32\DRIVERS\Scarlett_UAC2Audio.sys [74480 2014-10-02] (Focusrite Audio Engineering Limited.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-10-14 21:46 - 2015-10-14 21:46 - 00013300 _____ C:\Users\Admin\Desktop\FRST.txt
2015-10-14 21:44 - 2015-10-14 21:44 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2015-10-14 13:36 - 2015-10-14 13:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\pl.ydp.maturarom.geografia
2015-10-14 13:35 - 2015-10-14 13:35 - 00000999 _____ C:\Users\Public\Desktop\MaturaRom - Geografia.lnk
2015-10-14 13:35 - 2015-10-14 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaturaRom
2015-10-14 13:28 - 2015-10-14 13:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\YDP
2015-10-13 18:37 - 2015-10-13 18:37 - 00005740 _____ C:\Users\Admin\Downloads\Dane_Kreatora_KRB_2015_10_13_18_37.dkr
2015-10-09 17:15 - 2015-10-09 17:15 - 00001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-09 17:15 - 2015-10-09 17:15 - 00001132 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-09 17:15 - 2015-10-09 17:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-09 17:11 - 2015-10-14 21:22 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-09 17:08 - 2015-10-09 17:08 - 00003304 ____N C:\bootsqm.dat
2015-10-08 21:30 - 2015-10-08 21:30 - 00243816 _____ C:\Users\Admin\Downloads\Firefox Setup Stub 41.0.1.exe
2015-10-04 23:40 - 2015-10-14 20:33 - 00000896 _____ C:\Windows\setupact.log
2015-10-04 23:40 - 2015-10-08 20:26 - 00002860 _____ C:\Windows\PFRO.log
2015-10-04 23:40 - 2015-10-04 23:40 - 00000000 _____ C:\Windows\setuperr.log
2015-10-04 21:44 - 2015-10-04 21:44 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-10-04 21:44 - 2015-10-04 21:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Sun
2015-10-04 21:44 - 2015-10-04 21:44 - 00000000 ____D C:\Users\Admin\.oracle_jre_usage
2015-10-04 21:44 - 2015-10-04 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-04 21:44 - 2015-10-04 21:44 - 00000000 ____D C:\Program Files\Common Files\Java
2015-10-04 21:43 - 2015-10-04 21:43 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Oracle
2015-10-04 21:43 - 2015-10-04 21:43 - 00000000 ____D C:\Program Files\Java
2015-10-04 11:41 - 2015-10-04 11:29 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2015-10-03 11:01 - 2015-09-26 18:37 - 00001477 _____ C:\Users\Admin\Desktop\Internet Explorer (No Add-ons).lnk
2015-10-02 10:39 - 2015-10-14 21:46 - 00000000 ____D C:\FRST
2015-10-02 10:39 - 2015-10-14 21:44 - 01700352 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-10-02 10:10 - 2015-10-02 10:10 - 01670656 _____ C:\Users\Admin\Desktop\adwcleaner_5.009.exe
2015-10-01 20:33 - 2015-10-02 10:43 - 00000000 ____D C:\AdwCleaner
2015-09-30 15:21 - 2015-09-30 15:21 - 00000000 ____D C:\_OTL
2015-09-30 13:56 - 2015-09-30 13:56 - 00000682 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-30 13:56 - 2015-09-30 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-30 13:50 - 2015-09-30 13:50 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2015-09-27 14:28 - 2015-09-27 14:28 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-09-26 21:24 - 2015-09-26 21:24 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-26 15:31 - 2015-09-26 15:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2015-09-26 15:31 - 2015-09-26 15:31 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2015-09-26 15:30 - 2015-09-26 18:38 - 00000000 ____D C:\Program Files\Opera
2015-09-26 15:30 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-26 15:22 - 2015-09-26 15:22 - 00000000 ____D C:\ProgramData\LightScribe
2015-09-26 15:17 - 2015-09-26 18:40 - 00000000 ____D C:\ProgramData\Nero
2015-09-26 15:16 - 2015-09-26 18:41 - 00000000 ____D C:\Program Files\Common Files\LightScribe
2015-09-26 15:15 - 2015-09-26 15:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Nero

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-10-14 21:12 - 2014-05-13 22:01 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 20:52 - 2009-07-14 06:34 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-14 20:52 - 2009-07-14 06:34 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-14 20:45 - 2014-05-13 21:21 - 02089333 _____ C:\Windows\WindowsUpdate.log
2015-10-14 20:35 - 2014-05-13 23:05 - 00000000 ____D C:\Users\Admin\AppData\Local\Box Sync
2015-10-14 20:34 - 2014-06-13 23:16 - 00000370 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-10-14 20:34 - 2014-05-13 22:01 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 20:33 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-14 13:35 - 2014-06-20 19:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-10-14 13:26 - 2014-05-13 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2015-10-14 13:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-13 18:30 - 2014-05-13 23:07 - 00000000 ___RD C:\Users\Admin\Box Sync
2015-10-13 14:55 - 2014-05-24 17:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2015-10-13 14:45 - 2015-08-01 23:42 - 00000000 ____D C:\Users\Admin\.mediathek3
2015-10-11 14:13 - 2011-04-12 07:08 - 00743382 _____ C:\Windows\system32\perfh015.dat
2015-10-11 14:13 - 2011-04-12 07:08 - 00156982 _____ C:\Windows\system32\perfc015.dat
2015-10-11 14:13 - 2010-11-20 23:01 - 01677864 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-11 13:17 - 2009-07-14 06:53 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-09 17:15 - 2014-09-20 13:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-09 17:11 - 2014-07-09 11:28 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-09 17:11 - 2014-07-09 11:28 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-04 23:43 - 2014-05-14 11:05 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 21:44 - 2014-06-07 20:05 - 00000000 ____D C:\ProgramData\Oracle
2015-10-04 21:44 - 2014-05-13 21:28 - 00000000 ____D C:\Users\Admin
2015-10-04 18:39 - 2014-05-13 22:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Spotify
2015-10-04 18:39 - 2014-05-13 22:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Spotify
2015-10-02 12:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\SchCache
2015-09-30 22:19 - 2015-07-04 21:44 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-09-30 15:24 - 2014-05-13 21:54 - 00170320 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-30 15:23 - 2014-12-03 21:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Unity
2015-09-30 15:23 - 2009-07-14 06:33 - 00590984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-30 14:06 - 2014-05-13 21:55 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2015-09-30 13:58 - 2014-05-13 22:17 - 00000000 ____D C:\Windows\Panther
2015-09-30 13:49 - 2014-08-29 20:32 - 00000000 ____D C:\Windows\pss
2015-09-30 13:42 - 2014-12-03 21:00 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Unity
2015-09-26 20:50 - 2009-07-14 06:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-26 18:37 - 2014-05-13 21:52 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieUserList
2015-09-26 18:37 - 2014-05-13 21:52 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieSiteList
2015-09-26 18:37 - 2014-05-13 21:28 - 00001425 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-18 21:55 - 2014-10-22 21:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-18 20:23 - 2014-10-22 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Pliki w katalogu głównym wybranych folderów =======

2015-05-05 17:28 - 2015-05-05 17:47 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-28 15:56 - 2015-06-28 15:56 - 0004080 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2015-09-26 21:24 - 2015-09-26 21:24 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Pliki do przeniesienia lub usunięcia:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2015-10-01 21:45

==================== Koniec  FRST.txt ============================

 

 

 

ADDITION

 

 

 

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja:14-10-2015
Uruchomiony przez Admin (2015-10-14 21:47:12)
Uruchomiony z C:\Users\Admin\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-05-13 19:28:45)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Admin (S-1-5-21-3142999315-1421101962-1785333390-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3142999315-1421101962-1785333390-500 - Administrator - Disabled)
Gość (S-1-5-21-3142999315-1421101962-1785333390-501 - Limited - Disabled)

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2223 - AVAST Software)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
AzureTools.Notifications.VwdExpress (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Box Sync (HKLM\...\{6F79953A-4222-4BF7-B010-DDED93095B67}) (Version: 4.0.6746.0 - Box, Inc.)
Box Sync (Version: 4.0.4884.0 - Box Inc.) Hidden
Build Tools - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dropbox (HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Flux) (Version:  - )
foobar2000 v1.3.8 (HKLM\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Galeria fotografii (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
LibreOffice 4.4.4.3 (HKLM\...\{5B6D82BB-CC1A-431E-8991-3E57855F99C5}) (Version: 4.4.4.3 - The Document Foundation)
Malwarebytes Anti-Malware wersja 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MaturaRom - Geografia (HKLM\...\{C2765BE9-1E4F-408E-8065-CC8C9462BE37}) (Version: 1.10.0006 - YDP)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - PLK Lang Pack (HKLM\...\{DCBF58FD-AFD7-4F67-91EA-909B613EFB6A}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{9B1121CA-2BF6-3CD9-A047-AF9F803AFE93}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (ENU) (HKLM\...\{AD82FCEF-6FDD-4C9B-8844-8BCBDC1091A0}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Language Pack - PLK (HKLM\...\Microsoft Help Viewer 2.1 Language Pack - PLK) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{5EF1EBC5-4A40-4D1C-B02E-0C54BC93FD06}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{FE939060-416C-4ECD-890E-13776E2707C4}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{544ACD54-9FAA-4A60-A1E7-B2EC3AA75D24}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E7654811-38F9-4225-9688-827FDA716582}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Web - ENU (HKLM\...\{3e544097-53d1-4252-98a6-93cc12a6d487}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Web Language Pack — PLK (HKLM\...\{7cb70a9f-7c00-4ba0-8e73-f9ffbac8925c}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{5CD1B40A-969C-4D7A-B5C2-DAFCB82C53CD}) (Version: 3.1237.1762 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 41.0.1 (x86 pl)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NapiProjekt (2.2.0.2399) (HKLM\...\NapiProjekt_is1) (Version:  - )
Origin (HKLM\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Pakiet językowy programu Microsoft Visual Studio Express 2013 for Windows Desktop — PLK (HKLM\...\{1d428f6d-1e87-4e37-aa6c-1f8e6a8d6e7b}) (Version: 12.0.21005.13 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Podstawowe programy Windows Live (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Przygotowywanie programu Microsoft Visual Studio 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
screenSHU - the fastest screen capture ever. (HKLM\...\screenSHU) (Version:  - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
THE SETTLERS – Narodziny Imperium (Wszystkie produkty) (HKLM\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
The Sims 2: Ultimate Collection (HKLM\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3142999315-1421101962-1785333390-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Punkty Przywracania systemu =========================

13-10-2015 14:28:14 Kopia zapasowa systemu Windows
14-10-2015 13:30:14 Zainstalowane MaturaRom - Geografia

==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {467A1590-11A6-48A2-AEC0-6BA0100C7442} - System32\Tasks\avast! Emergency Update => E:\#0 Instalacja\#1 Programy\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {A323B5AA-1B02-4C1C-BFCF-46CC318915A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {C2ECA833-7F5A-4AA8-8A7D-F3C0B0C70E09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {D3FE13C8-780A-45A3-AEF1-BF3BB93FEFB5} - System32\Tasks\DriverToolkit Autorun => E:\#0 Instalacja\#1 Programy\DriverToolkit\DriverToolkit.exe
Task: {DDD59D88-9B86-45AD-AC00-48D8E9142E12} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-09] (Adobe Systems Incorporated)
Task: {F0A0E797-AF10-4891-A46A-EED60916C85A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {F219CC59-F539-497A-B827-3BDC801E1807} - System32\Tasks\CCleanerSkipUAC => E:\#0 Instalacja\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => E:\#0 Instalacja\#1 Programy\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Załadowane moduły (filtrowane) ==============

2015-07-20 15:41 - 2015-07-20 15:41 - 00102864 _____ () E:\#0 Instalacja\#1 Programy\Avast\log.dll
2015-07-20 15:41 - 2015-07-20 15:41 - 00123976 _____ () E:\#0 Instalacja\#1 Programy\Avast\JsonRpcServer.dll
2015-10-14 13:24 - 2015-10-14 13:24 - 02994544 _____ () E:\#0 Instalacja\#1 Programy\Avast\defs\15101301\algo.dll
2015-10-14 20:34 - 2015-10-14 20:34 - 02994544 _____ () E:\#0 Instalacja\#1 Programy\Avast\defs\15101400\algo.dll
2014-12-19 16:57 - 2014-12-19 16:57 - 01059488 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
2014-12-10 12:25 - 2014-12-10 12:25 - 00774656 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2012-10-27 07:21 - 2012-10-27 07:21 - 00098816 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00110080 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2012-10-27 07:22 - 2012-10-27 07:22 - 00364544 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2014-12-10 12:25 - 2014-12-10 12:25 - 00087552 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2013-10-07 15:06 - 2013-10-07 15:06 - 00003584 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00046080 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 01201152 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2015-05-28 16:41 - 2015-05-28 16:41 - 00024576 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2015-05-28 16:41 - 2015-05-28 16:41 - 00036352 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00010240 _____ () C:\Program Files\Box\Box Sync\select.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00128512 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00127488 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00686080 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2012-10-27 07:23 - 2012-10-27 07:23 - 00320512 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00018432 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2015-06-11 14:48 - 2015-06-11 14:48 - 00048128 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00119808 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00108544 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00035840 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00025600 _____ () C:\Program Files\Box\Box Sync\win32cred.pyd
2015-05-28 16:42 - 2015-05-28 16:42 - 00029184 _____ () C:\Program Files\Box\Box Sync\Crypto.Cipher._AES.pyd
2015-05-28 16:42 - 2015-05-28 16:42 - 00007168 _____ () C:\Program Files\Box\Box Sync\Crypto.Util.strxor.pyd
2015-05-28 16:42 - 2015-05-28 16:42 - 00009728 _____ () C:\Program Files\Box\Box Sync\Crypto.Random.OSRNG.winrandom.pyd
2015-05-28 16:42 - 2015-05-28 16:42 - 00010240 _____ () C:\Program Files\Box\Box Sync\Crypto.Util._counter.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00042496 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2015-05-28 16:41 - 2015-05-28 16:41 - 00020480 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00027136 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2012-10-27 07:20 - 2012-10-27 07:20 - 00017920 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2012-10-27 07:21 - 2012-10-27 07:21 - 00167936 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2015-07-20 15:41 - 2015-07-20 15:41 - 40540672 _____ () E:\#0 Instalacja\#1 Programy\Avast\libcef.dll
2015-09-16 21:34 - 2015-09-16 21:34 - 00061440 _____ () E:\#0 Instalacja\CCleaner\lang\lang-1045.dll
2015-10-06 22:06 - 2015-10-06 22:06 - 00022528 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)


==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)


==================== EXE - Powiązania (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-3142999315-1421101962-1785333390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Zapora systemu Windows - funkcja włączona.

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

(Obecnie brak automatycznej naprawy dla tej sekcji.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^rvlkl.lnk => C:\Windows\pss\rvlkl.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wysyłanie do programu OneNote.lnk => C:\Windows\pss\Wysyłanie do programu OneNote.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BoxSync => "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
MSCONFIG\startupreg: CCleaner Monitoring => "E:\#0 Instalacja\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GoogleChromeAutoLaunch_707AB4DC4851505403C8FD2DF14CF292 => "C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe" --no-startup-window
MSCONFIG\startupreg: GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "E:\#0 Instalacja\#1 Programy\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lync => "E:\#0 Instalacja\#1 Programy\MS 2013\Office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: screenSHU => "E:\#0 Instalacja\#1 Programy\screenSHU\screenSHU.exe" --hidden
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Voobly => "E:\#0 Instalacja\#1 Programy\Voobly\voobly.exe" --startup
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Web TuneUp\vprot.exe"

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [TCP Query User{C41D483F-C9C9-4191-AB57-A730FA674B94}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B9519F25-7DB7-4279-BF60-0E019F0C48F7}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{ADAF4439-EC65-48DE-8729-320D5F96E70B}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C1DD0A13-1F1A-4BFD-9CE1-3C03743BE98E}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4EDF6855-C5FC-474A-9F1B-7B0A0D6BB981}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\Steam.exe
FirewallRules: [{D616D0C8-88A3-412B-89B0-CB718D0BD5CF}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\Steam.exe
FirewallRules: [{1CD939FB-2701-4ACD-9331-E934E084BDBD}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{43E99163-91A2-4F49-A18E-DF6411705EDD}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8305F6E1-B972-46BB-AE23-056FA3874F84}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4BB435CA-B20D-4316-B8C3-BF0B5592CE0A}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{EAFF90A7-362F-47FD-8D82-02CD572FEFA8}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{A5120C8F-A418-4AE0-B918-7A8D636391AC}] => (Allow) E:\#0 Instalacja\#2 Gry\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{DDFA207D-7910-40B8-A05A-58185782A215}] => (Allow) E:\#0 Instalacja\#2 Gry\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{23809D80-AB28-4B56-B3DE-CA78E9701693}] => (Allow) E:\#0 Instalacja\#1 Programy\NapiProjekt\napisy.exe
FirewallRules: [{F2DE4786-A778-4387-BA31-8AEA12760FCB}] => (Allow) E:\#0 Instalacja\#1 Programy\NapiProjekt\napisy.exe
FirewallRules: [{407AA746-BAD7-4F50-977D-A4549CD233EB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C56DD7DC-C5FC-47FC-A490-03144F501C55}] => (Allow) E:\#0 Instalacja\#1 Programy\Visual Studio\Common7\IDE\WDExpress.exe
FirewallRules: [{3321D4BD-F104-4483-A31C-CFB8D025ED05}] => (Allow) E:\#0 Instalacja\#1 Programy\Visual Studio\Common7\IDE\WDExpress.exe
FirewallRules: [{2FDC0149-C01B-44CF-BEE5-3E263D3B8CB6}] => (Allow) E:\Program Files\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{0A3CC8DB-744D-4D95-8894-9175A23F7623}] => (Allow) E:\Program Files\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [TCP Query User{B7B55C73-8479-4A59-A15F-A3FEA6E4979A}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{853BF95F-75D7-428B-9CEC-1177F4796878}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{1BA998C0-4252-4CDC-A46F-AC8990E469B1}E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{2C1FCD74-FC0E-49BE-ABFC-35840B6BD46E}E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\#0 instalacja\#2 gry\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [{906933DA-E34D-475A-B867-60DB5BB2CCDD}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\bin\steamwebhelper.exe
FirewallRules: [{987FADD3-A343-49E5-B5A8-6ADA3FB45380}] => (Allow) E:\#0 Instalacja\#2 Gry\#0 Steam\bin\steamwebhelper.exe
FirewallRules: [{72C8DBA7-0F5D-4EE6-94DD-6FE1E745D37C}] => (Allow) E:\#0 Instalacja\#2 Gry\League of Legends\lol.launcher.exe
FirewallRules: [TCP Query User{A4912A3E-79CE-4F85-9DE9-23E7E3EDCA77}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1810BCEE-D811-49FB-AB81-E6735A07D0FC}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B0184F65-DB5F-4528-ACE0-4943EABBB444}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BCDDC1AF-3FA1-494E-8F9A-7C557A3E39F4}] => (Allow) LPort=2869
FirewallRules: [{D4478886-B5E8-4134-ACFD-788F5266C65D}] => (Allow) LPort=1900
FirewallRules: [{C5259AD4-7A45-466E-9AD2-D25B1E14C420}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{161E4679-9D7D-4BB3-8F11-A3461ED95927}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name: Teredo Tunneling Pseudo-Interface
Description: Karta tunelowania Teredo firmy Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (10/14/2015 08:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/14/2015 04:30:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/14/2015 01:43:48 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Nie można załadować programu obsługi protokołu Mapi15. Opis błędu: (HRESULT : 0x80040154).

Error: (10/14/2015 01:30:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu.
.
To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym.


Operacja:
   Zbieranie danych modułu zapisującego

Kontekst:
   Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220}
   Nazwa modułu zapisującego: System Writer
   Identyfikator wystąpienia modułu zapisującego: {d6b14cb5-91b2-433b-b15b-a3bc3f3c6e9e}

Error: (10/14/2015 01:24:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2015 05:49:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2015 02:41:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2015 02:32:31 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: SyncedIconOverlay: Cannot create the overlay icon path.

Error: (10/13/2015 02:32:31 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.IO.IOException: Proces nie może uzyskać dostępu do pliku „C:\Users\Admin\AppData\Local\Temp\SyncedIconOverlay.ico”, ponieważ jest on używany przez inny proces.
   w System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   w System.IO.File.InternalDelete(String path, Boolean checkHost)
   w System.IO.File.Delete(String path)
   w SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.CreateTemporaryIconFilePath()
   w SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.GetIconFilePath()

Error: (10/13/2015 02:32:31 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: SyncedIconOverlay: An exception occured when trying to create the overlay icon.


Dziennik System:
=============
Error: (10/14/2015 08:39:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Usługa Windows Update zawiesiła się podczas uruchamiania.

Error: (10/14/2015 08:34:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Protokół rozpoznawania nazw równorzędnych zależy od usługi Menedżer tożsamości sieci równorzędnej, której nie można uruchomić z powodu następującego błędu:
%%1058

Error: (10/14/2015 08:34:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Menedżer tożsamości sieci równorzędnej, której nie można uruchomić z powodu następującego błędu:
%%1058

Error: (10/14/2015 08:34:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Usługa Media Center Extender zależy od usługi Moduł wyliczający magistrali PnP-X IP, której nie można uruchomić z powodu następującego błędu:
%%1058

Error: (10/14/2015 08:34:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi atksgt z powodu następującego błędu:
%%1275

Error: (10/14/2015 08:34:04 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Sterownik atksgt.sys został zablokowany dla ładowania.

Error: (10/14/2015 08:33:47 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (10/14/2015 08:33:47 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/14/2015 04:35:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Usługa Windows Update zawiesiła się podczas uruchamiania.

Error: (10/14/2015 04:30:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Protokół rozpoznawania nazw równorzędnych zależy od usługi Menedżer tożsamości sieci równorzędnej, której nie można uruchomić z powodu następującego błędu:
%%1058


==================== Statystyki pamięci ===========================

Procesor: Pentium® Dual-Core CPU E6300 @ 2.80GHz
Procent pamięci w użyciu: 49%
Całkowita pamięć fizyczna: 2047.12 MB
Dostępna pamięć fizyczna: 1030.43 MB
Całkowita pamięć wirtualna: 7164.23 MB
Dostępna pamięć wirtualna: 6032.38 MB

==================== Dyski ================================

Drive c: (NICZEGO TU NIE INSTALUJ) (Fixed) (Total:48.73 GB) (Free:12.42 GB) NTFS
Drive d: (Nowy) (Fixed) (Total:74.53 GB) (Free:64.95 GB) NTFS
Drive e: () (Fixed) (Total:416.93 GB) (Free:284.78 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 422EFA4F)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 36C291E5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416.9 GB) - (Type=07 NTFS)

==================== Koniec  Addition.txt ============================

 

 



#12 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:41 AM

Posted 17 October 2015 - 07:12 AM

All Clean!
Congratulations, your computer seems to be clean again! I don't see any more signs of malware present on your PC. I feel glad to tell you that we are done here! The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of recourses and tools that you might find useful and included some other advices and information.


=================================== Clean up & Windows Update ===================================


1. Download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + Delete).

2. We need to install any available updates for your Windows operating system so you will be more protected against malware.
  • Go to Start > All Programs > Windows Update.
  • Once Windows Update has opened, click Check for updates in the left menu.
  • When the program has finished it's search for updates, please click on one of the "X important update(s) available" links (where X represents a number).
  • You're able to select which updates you want to install now. Please select ALL updates on both tabs (Required and Optional).
  • Now click the Install (or OK) button and click Install updates.
  • If a reboot is required to install updates, please allow Windows Update to do so.

================================= Reading material & Prevention =================================


I have compiled below a list of articles you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.The following programmes come highly recommended in the security community.
  • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
  • Malwarebytes' Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

====================================== Other notes from me ======================================


I want to thank you for your co-operation and trust during the malware removal process. Beside that I want to give you one last advice: Never use any of the specialized tools used in this topic yourself, without proper supervision by a Malware Removal Team member. These tools/programs were developed to be used under supervision and can cause real damage to your system if not used properly.

My help will always be free! However, if you're happy with the help provided and/or want to buy me a drink, you can consider a donation:
btn_donate_SM.gif


===================================== Confirmation of issues =====================================


Please confirm if you have no outstanding issues, and are happy with the state of your computer. Also please tell me if you got any questions left regarding the removal process we went through and the information I gave you in this post.
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#13 booa

booa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 18 October 2015 - 10:52 AM

I think I don't have any more questions. I'm really thankful for all the help I received from you.



#14 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:41 AM

Posted 18 October 2015 - 11:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users