Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 21.07.2018 Uruchomiony przez DROSAN (administrator) DROSAN1 (25-07-2018 13:30:53) Uruchomiony z C:\Documents and Settings\DROSAN\Pulpit\FRST Załadowane profile: DROSAN (Dostępne profile: DROSAN) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe (AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe (Digital Wave Ltd.) C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe (Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe (Nalpeiron Ltd.) C:\WINDOWS\system32\NLSSRV32.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe () C:\Program Files\Bloody6\Bloody6\Bloody6.exe (TomTom) C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16860672 2007-12-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [243496 2018-02-28] (AVAST Software) HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2015-08-21] (RealNetworks, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM\...\Run: [] => [X] HKLM\...\Run: [Lexmark X74-X75] => "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2593056 2014-07-02] () HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [1046488 2017-02-10] (DivX, LLC) HKU\S-1-5-21-2000478354-1336601894-839522115-1004\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia) HKU\S-1-5-21-2000478354-1336601894-839522115-1004\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [254840 2018-04-24] (TomTom) HKU\S-1-5-21-2000478354-1336601894-839522115-1004\...\Run: [Bloody2] => C:\Program Files\Bloody6\Bloody6\Bloody6.exe [19335680 2016-12-29] () HKU\S-1-5-21-2000478354-1336601894-839522115-1004\...\Run: [DriverToolkit] => "C:\Program Files\DriverToolkit\DriverToolkit.exe" --autorun HKU\S-1-5-21-2000478354-1336601894-839522115-1004\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe [2002664 2018-01-03] (TomTom) HKU\S-1-5-21-2000478354-1336601894-839522115-1004\...\Run: [ByteFence] => C:\Program Files\ByteFence\ByteFence.exe [3711816 2018-05-29] (Byte Technologies LLC) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Speed Launcher.lnk [2018-07-25] ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2016-08-22] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1 Tcpip\..\Interfaces\{05103C25-DEC4-4831-9578-42B7D3504295}: [NameServer] 77.234.40.79 Tcpip\..\Interfaces\{FB2590EE-66D0-4694-9111-9104C4EEE237}: [DhcpNameServer] 194.204.152.34 194.204.159.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2000478354-1336601894-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ HKU\S-1-5-21-2000478354-1336601894-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-08-12] (RealDownloader) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-03] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-28] (AVAST Software) BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-03] (Oracle Corporation) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2000478354-1336601894-839522115-1004 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku Toolbar: HKU\S-1-5-21-2000478354-1336601894-839522115-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: jva1py4q.default FF ProfilePath: C:\Documents and Settings\DROSAN\Dane aplikacji\TomTom\HOME\Profiles\rsf3rgm0.default [2018-06-23] FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2018-06-06] [Przestarzałe] [Brak podpisu cyfrowego] FF ProfilePath: C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default [2018-07-25] FF Homepage: C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default -> hxxps://www.google.pl/ FF NewTab: C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default -> chrome://quick_start/content/index.html FF Extension: (Aktualizacja dodatku Adobe Flash) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\dodatek@flash2.pl.xpi [2016-08-07] FF Extension: (Iplex to ALLPlayer) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\IplextoALL@ALLPlayer.org [2013-02-18] [Przestarzałe] [Brak podpisu cyfrowego] FF Extension: (url2pdf) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\jid1-7PW8PxvGvu9qAw@jetpack.xpi [2016-04-28] [Przestarzałe] FF Extension: (Avast SafePrice) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\sp@avast.com.xpi [2018-07-02] FF Extension: (Avast Online Security) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\wrc@avast.com.xpi [2018-06-01] FF Extension: (New Tab Homepage) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-12-26] [Przestarzałe] FF Extension: (Adblock Plus) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-19] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-27] [Przestarzałe] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-08-21] [Przestarzałe] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-03] () FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2017-02-09] (DivX, LLC) FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-03] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-03] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2014-08-01] (Nitro PDF) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( ) FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2015-08-21] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2015-08-21] (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2014-08-12] (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.pl/?gfe_rd=cr&ei=rYRSWMeNI6Sg8weziqOgBg&gws_rd=ssl CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default [2018-07-25] CHR Extension: (Dokumenty) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15] CHR Extension: (Dysk Google) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (Avast SafePrice) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-20] CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [270936 2017-02-03] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5931184 2018-02-28] (AVAST Software) S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-26] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [300600 2018-02-28] (AVAST Software) S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-26] (AVAST Software) R2 ByteFenceService; c:\program files\bytefence\ByteFenceService.exe [157000 2018-05-29] (Byte Technologies LLC) S4 C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [54784 2013-02-17] (Macrovision) [Brak podpisu cyfrowego] R2 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd.) [Brak podpisu cyfrowego] S4 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1554728 2007-11-26] (Nero AG) R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2002-10-14] (Lexmark International, Inc.) R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-08-01] (Nitro PDF Software) R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [392712 2014-08-01] () R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] () R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7027568 2018-02-08] (Reimage®) R2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2018-06-23] (Byte Technologies LLC.) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software) [Brak podpisu cyfrowego] S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.) S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [164928 2018-02-28] (AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [255584 2018-01-10] (AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157376 2018-01-10] (AVAST Software) R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276696 2018-01-10] (AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50344 2018-01-10] (AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [150808 2018-02-28] (AVAST Software) S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-02-28] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-02-28] (AVAST Software) R1 AswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-02-28] (AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-02-28] (AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783600 2018-04-20] (AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391344 2018-02-28] (AVAST Software) R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205344 2018-02-28] (AVAST Software) S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2014-09-07] (The OpenVPN Project) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-02-28] (AVAST Software) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R2 CdaC15BA; C:\WINDOWS\system32\drivers\CDAC15BA.SYS [12464 2013-09-29] (Macrovision Europe Ltd) [Brak podpisu cyfrowego] S3 ew_hwusbdev; C:\WINDOWS\System32\DRIVERS\ew_hwusbdev.sys [102784 2012-06-06] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] S3 ew_usbenumfilter; C:\WINDOWS\System32\DRIVERS\ew_usbenumfilter.sys [11136 2012-06-06] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2013-02-17] (Windows (R) 2000 DDK provider) S3 ggsomc; C:\WINDOWS\System32\DRIVERS\ggsomc.sys [26328 2016-03-26] (Sony Mobile Communications) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2013-10-15] (Aladdin Knowledge Systems) [Brak podpisu cyfrowego] S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2012-06-06] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2012-06-06] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2012-06-06] (Huawei Technologies Co., Ltd.) R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [118952 2007-11-26] (Nero AG) R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [36776 2007-11-26] (Nero AG) U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16040 2007-11-26] (Nero AG) R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [38440 2007-11-26] (Nero AG) R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.) R2 Kmm4xNT; C:\WINDOWS\system32\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) [Brak podpisu cyfrowego] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 s1039mdm; C:\WINDOWS\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation) S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35088 2013-04-30] (The OpenVPN Project) S3 catchme; \??\C:\DOCUME~1\DROSAN\USTAWI~1\Temp\catchme.sys [X] S4 IntelIde; Brak ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U3 TlntSvr; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-07-25 13:29 - 2018-07-25 13:30 - 000000000 ____D C:\Documents and Settings\DROSAN\Pulpit\FRST 2018-07-25 10:03 - 2018-07-25 13:03 - 000000334 _____ C:\WINDOWS\Tasks\ReimageUpdater.job 2018-07-25 10:03 - 2018-07-25 10:04 - 000000000 ____D C:\rei 2018-07-25 10:03 - 2018-07-25 10:04 - 000000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Reimage Protector 2018-07-25 10:03 - 2018-07-25 10:03 - 000001689 _____ C:\Documents and Settings\All Users\Pulpit\PC Scan & Repair by Reimage.lnk 2018-07-25 10:03 - 2018-07-25 10:03 - 000000000 ____D C:\Program Files\Reimage 2018-07-25 10:03 - 2018-07-25 10:03 - 000000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Reimage Repair 2018-07-25 10:02 - 2018-07-25 10:04 - 000000140 _____ C:\WINDOWS\Reimage.ini 2018-07-25 10:02 - 2018-07-25 10:02 - 000000000 ___HD C:\$AV_ASW 2018-07-24 09:14 - 2018-07-24 09:14 - 000000427 _____ C:\Documents and Settings\DROSAN\Pulpit\wakacje.lnk 2018-07-23 09:48 - 2018-07-23 09:51 - 072033704 _____ (xiaomi) C:\Documents and Settings\DROSAN\Pulpit\MiCloud Setup 0.1.24-ia32.exe 2018-06-26 09:07 - 2018-06-26 09:07 - 000002002 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Avast Secure Browser.lnk 2018-06-26 09:07 - 2018-06-26 09:07 - 000001994 _____ C:\Documents and Settings\All Users\Pulpit\Avast Secure Browser.lnk 2018-06-26 09:06 - 2018-07-25 13:11 - 000001074 _____ C:\WINDOWS\Tasks\AvastUpdateTaskMachineUA.job 2018-06-26 09:06 - 2018-07-25 10:30 - 000001070 _____ C:\WINDOWS\Tasks\AvastUpdateTaskMachineCore.job 2018-06-26 09:05 - 2018-06-26 09:05 - 000000000 ____D C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\AVAST Software ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-07-25 13:31 - 2013-02-17 12:41 - 000000000 ____D C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp 2018-07-25 13:31 - 2013-02-17 12:41 - 000000000 ____D C:\Documents and Settings\DROSAN 2018-07-25 13:30 - 2017-02-07 09:36 - 000000000 ____D C:\FRST 2018-07-25 13:29 - 2013-02-17 12:41 - 000000000 ____D C:\Documents and Settings\DROSAN\Pulpit 2018-07-25 13:26 - 2018-06-23 08:21 - 000000000 ____D C:\Program Files\ByteFence 2018-07-25 13:24 - 2016-11-29 14:16 - 000007136 _____ C:\WINDOWS\system32\nvAppTimestamps 2018-07-25 13:13 - 2014-03-03 09:19 - 000001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2018-07-25 12:50 - 2017-02-03 11:14 - 000000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2018-07-25 12:36 - 2018-06-23 08:36 - 000000294 _____ C:\WINDOWS\Tasks\DivXUpdate.job 2018-07-25 11:54 - 2017-08-15 17:43 - 000000358 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job 2018-07-25 10:55 - 2016-01-12 16:34 - 000000000 ____D C:\Documents and Settings\DROSAN\Dane aplikacji\GIRDAC 2018-07-25 10:54 - 2013-02-17 13:19 - 000000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy 2018-07-25 10:54 - 2013-02-17 12:41 - 000000000 ___RD C:\Documents and Settings\DROSAN\Menu Start\Programy 2018-07-25 10:31 - 2017-08-09 06:55 - 000000280 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-1336601894-839522115-1004.job 2018-07-25 10:31 - 2013-02-17 12:48 - 000000526 _____ C:\RTHDCPL_Dump.txt 2018-07-25 10:30 - 2014-03-27 20:13 - 000000224 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2018-07-25 10:30 - 2014-03-03 09:19 - 000001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2018-07-25 10:30 - 2013-12-14 18:12 - 000000288 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-1336601894-839522115-1004.job 2018-07-25 10:30 - 2013-02-17 12:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-07-25 10:28 - 2013-02-17 12:42 - 000000188 ___SH C:\Documents and Settings\DROSAN\ntuser.ini 2018-07-25 10:28 - 2013-02-17 12:41 - 000032616 _____ C:\WINDOWS\SchedLgU.Txt 2018-07-25 10:04 - 2013-02-17 13:19 - 000000000 ____D C:\Documents and Settings\All Users\Pulpit 2018-07-25 10:03 - 2013-02-17 13:19 - 000000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2018-07-25 08:54 - 2006-03-02 14:00 - 000013754 _____ C:\WINDOWS\system32\wpa.dbl 2018-07-24 14:13 - 2013-02-17 12:41 - 000000000 ___HD C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji 2018-07-24 08:14 - 2017-02-24 09:14 - 000000000 _____ C:\WINDOWS\system32\last.dump 2018-07-23 19:15 - 2013-02-17 18:12 - 000000069 _____ C:\WINDOWS\NeroDigital.ini 2018-07-23 19:06 - 2013-02-17 18:12 - 000034816 _____ C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-07-23 18:20 - 2013-02-17 13:11 - 000000000 ___HD C:\WINDOWS\inf 2018-07-20 07:57 - 2013-04-02 13:56 - 000000436 _____ C:\Documents and Settings\DROSAN\Pulpit\Skrót do Dokumenty udostępnione.lnk 2018-07-19 12:06 - 2013-02-17 13:19 - 000000000 ___RD C:\Documents and Settings\All Users\Dokumenty 2018-07-17 09:03 - 2013-02-17 12:35 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-07-11 09:32 - 2013-02-18 10:56 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service 2018-07-10 13:37 - 2016-11-18 10:19 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-06-26 09:09 - 2013-02-18 14:47 - 000000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2018-06-26 09:05 - 2013-02-18 14:47 - 000000000 ____D C:\Program Files\AVAST Software 2018-06-25 08:25 - 2018-06-23 08:34 - 000000000 ____D C:\Documents and Settings\DROSAN\Dane aplikacji\DivX ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-02-17 18:12 - 2018-07-23 19:06 - 000034816 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-06-30 08:39 - 2017-06-30 08:39 - 000000218 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\recently-used.xbel 2018-06-23 11:21 - 2018-06-23 11:22 - 000003481 _____ () C:\Documents and Settings\All Users\Dane aplikacji\lpm.dat Niektóre pliki w TEMP: ==================== 2016-12-19 14:44 - 2016-12-19 14:45 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\-arwnwdw.dll 2016-08-28 22:25 - 2016-08-28 22:25 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\37llq5xl.dll 2017-07-18 21:13 - 2017-07-18 21:13 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\3sv-mfds.dll 2017-04-07 10:12 - 2017-04-07 10:12 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\41n1ky-_.dll 2016-12-26 22:20 - 2016-12-26 22:20 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\4dynlye8.dll 2017-07-24 23:34 - 2017-07-24 23:34 - 000000000 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\6ko7wzba.dll 2017-03-19 19:10 - 2017-03-19 19:10 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\8ofun3c8.dll 2017-04-14 11:29 - 2017-04-14 11:29 - 000000000 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\a-qqt5-b.dll 2017-01-31 19:58 - 2017-01-31 19:58 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\ffbzd5rw.dll 2016-09-21 11:33 - 2016-09-21 11:34 - 033612096 _____ (Ellora Assets Corporation ) C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\FreemakeVideoConverterFull.exe 2016-07-21 22:46 - 2016-07-21 22:46 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\hhlh0oju.dll 2016-07-30 12:46 - 2010-01-28 23:21 - 000477184 _____ (Wise Solutions, Inc.) C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\InitBDE.exe 2017-07-25 22:46 - 2017-07-25 22:46 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\it_gzdqn.dll 2017-01-25 14:58 - 2017-01-25 14:58 - 000739904 _____ (Oracle Corporation) C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\jre-8u121-windows-au.exe 2016-05-07 13:01 - 2016-05-07 13:01 - 000739904 _____ (Oracle Corporation) C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\jre-8u91-windows-au.exe 2016-08-30 18:46 - 2016-08-30 18:46 - 000000000 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\jzlsjp3k.dll 2017-07-12 22:32 - 2017-07-12 22:32 - 000000000 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\kkq3km_f.dll 2017-04-21 15:29 - 2017-04-21 15:29 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\kyp1slv-.dll 2016-09-11 18:56 - 2016-09-11 18:56 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\m9izlauy.dll 2017-06-10 20:46 - 2017-06-10 20:46 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\micnhg3c.dll 2017-07-21 17:25 - 2017-07-21 17:25 - 000001536 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\NEventMessages.dll 2017-07-21 17:25 - 2017-07-21 17:25 - 000001536 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\NOSEventMessages.dll 2016-11-17 11:38 - 2016-11-17 11:38 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\oolho2md.dll 2017-02-27 14:39 - 2017-02-27 14:39 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\poocectn.dll 2016-12-30 09:37 - 2016-12-30 09:37 - 000008192 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\pwincnwj.dll 2018-07-25 10:02 - 2018-07-25 10:03 - 013621608 _____ (Reimage) C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\ReimagePackage.exe 2016-02-12 09:08 - 2017-01-10 15:46 - 000040960 _____ (Realtek) C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\rtdrvmon.exe 2017-07-29 23:27 - 2017-07-29 23:27 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\rtxfala_.dll 2016-11-07 09:16 - 2016-11-07 09:16 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\s6-ebcwm.dll 2016-06-30 20:27 - 2016-06-30 20:27 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\sk_xw54r.dll 2017-06-05 19:35 - 2017-06-05 19:35 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\tbh5aq0a.dll 2016-04-26 17:29 - 2016-04-26 17:29 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\tfylyx3i.dll 2017-07-14 14:27 - 2017-07-14 14:27 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\uz7zl569.dll 2017-05-18 12:16 - 2017-05-18 12:16 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\vktwhaia.dll 2017-04-09 20:04 - 2017-04-09 20:04 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\witsdk7c.dll 2017-05-29 15:58 - 2017-05-29 15:58 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\xdkzkdxr.dll 2017-06-06 22:12 - 2017-06-06 22:12 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\xu8xtrej.dll 2017-07-14 17:06 - 2017-07-14 17:06 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\zlzfpvjf.dll 2018-02-17 17:52 - 2018-02-17 17:52 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\zsrlrn4j.dll 2017-01-22 18:36 - 2017-01-22 18:36 - 000011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\_kig_n1o.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================