Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 19-02-2017 Uruchomiony przez DROSAN (administrator) DROSAN1 (22-02-2017 08:33:56) Uruchomiony z C:\Documents and Settings\DROSAN\Pulpit Załadowane profile: DROSAN (Dostępne profile: DROSAN) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE (Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe (Nalpeiron Ltd.) C:\WINDOWS\system32\NLSSRV32.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe () C:\Program Files\Bloody6\Bloody6\Bloody6.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16860672 2007-12-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-02] (AVAST Software) HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2015-08-21] (RealNetworks, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM\...\Run: [] => [X] HKLM\...\Run: [Lexmark X74-X75] => "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2593056 2014-07-02] () HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-2000478354-1336601894-839522115-1004\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia) HKU\S-1-5-21-2000478354-1336601894-839522115-1004\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom) HKU\S-1-5-21-2000478354-1336601894-839522115-1004\...\Run: [Bloody2] => C:\Program Files\Bloody6\Bloody6\Bloody6.exe [19335680 2016-12-29] () HKU\S-1-5-21-2000478354-1336601894-839522115-1004\...\Run: [DriverToolkit] => "C:\Program Files\DriverToolkit\DriverToolkit.exe" --autorun ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-01-02] (AVAST Software) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2007-02-12] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [Uchwyt nakładania ikony podpisu cyfrowego] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2007-02-12] (Autodesk, Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Speed Launcher.lnk [2017-02-22] ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2016-08-22] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1 Tcpip\..\Interfaces\{05103C25-DEC4-4831-9578-42B7D3504295}: [NameServer] 77.234.40.79 Tcpip\..\Interfaces\{FB2590EE-66D0-4694-9111-9104C4EEE237}: [DhcpNameServer] 194.204.152.34 194.204.159.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-2000478354-1336601894-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2000478354-1336601894-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ HKU\S-1-5-21-2000478354-1336601894-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-08-12] (RealDownloader) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-25] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-02] (AVAST Software) BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-25] (Oracle Corporation) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2000478354-1336601894-839522115-1004 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku Toolbar: HKU\S-1-5-21-2000478354-1336601894-839522115-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\DROSAN\Dane aplikacji\TomTom\HOME\Profiles\rsf3rgm0.default [2017-02-15] FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2013-07-25] [Brak podpisu cyfrowego] FF ProfilePath: C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default [2017-02-22] FF NewTab: C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default -> chrome://quick_start/content/index.html FF Homepage: C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default -> hxxps://www.google.pl/ FF Extension: (Aktualizacja dodatku Adobe Flash) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\dodatek@flash2.pl.xpi [2016-08-07] FF Extension: (Iplex to ALLPlayer) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\IplextoALL@ALLPlayer.org [2013-02-18] [Brak podpisu cyfrowego] FF Extension: (url2pdf) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\jid1-7PW8PxvGvu9qAw@jetpack.xpi [2016-04-28] FF Extension: (New Tab Homepage) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-12-26] FF Extension: (Adblock Plus) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] FF Extension: (SHA-1 deprecation staged rollout) - C:\Documents and Settings\DROSAN\Dane aplikacji\Mozilla\Firefox\Profiles\jva1py4q.default\features\{3983a75f-876f-4162-8ac8-891db365353a}\disableSHA1rollout@mozilla.org.xpi [2017-02-17] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-02] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-27] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-08-21] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-02] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-03] () FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-25] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2014-08-01] (Nitro PDF) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( ) FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2015-08-21] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2015-08-21] (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2014-08-12] (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2004-12-14] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2015-08-21] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2015-08-21] (RealPlayer) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.pl/?gfe_rd=cr&ei=rYRSWMeNI6Sg8weziqOgBg&gws_rd=ssl CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://www.aartemis.com/web/?type=ds&ts=1387037805&from=cor&uid=WDCXWD20EARX-00PASB0_WD-WCAZAH43270832708&q={searchTerms} CHR DefaultSearchKeyword: Default -> aartemis CHR Profile: C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default [2017-02-21] CHR Extension: (Dokumenty Google) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-08] CHR Extension: (Dysk Google) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (Avast SafePrice) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-04] CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20] CHR Extension: (Gmail) - C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-02] (AVAST Software) S4 C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [54784 2013-02-17] (Macrovision) [Brak podpisu cyfrowego] S4 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1554728 2007-11-26] (Nero AG) R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2002-10-14] (Lexmark International, Inc.) R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-08-01] (Nitro PDF Software) R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [392712 2014-08-01] () R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] () S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software) S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.) S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2017-01-02] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2017-01-02] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2017-01-02] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2017-01-02] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2017-01-02] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2017-01-02] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2017-01-02] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2017-01-02] (AVAST Software) S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2014-09-07] (The OpenVPN Project) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2017-01-02] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224752 2017-01-02] (AVAST Software) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R2 CdaC15BA; C:\WINDOWS\system32\drivers\CDAC15BA.SYS [12464 2013-09-29] (Macrovision Europe Ltd) [Brak podpisu cyfrowego] S3 ew_hwusbdev; C:\WINDOWS\System32\DRIVERS\ew_hwusbdev.sys [102784 2012-06-06] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] S3 ew_usbenumfilter; C:\WINDOWS\System32\DRIVERS\ew_usbenumfilter.sys [11136 2012-06-06] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2013-02-17] (Windows (R) 2000 DDK provider) S3 ggsomc; C:\WINDOWS\System32\DRIVERS\ggsomc.sys [26328 2016-03-26] (Sony Mobile Communications) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2013-10-15] (Aladdin Knowledge Systems) [Brak podpisu cyfrowego] S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2012-06-06] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2012-06-06] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2012-06-06] (Huawei Technologies Co., Ltd.) R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [118952 2007-11-26] (Nero AG) R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [36776 2007-11-26] (Nero AG) U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16040 2007-11-26] (Nero AG) R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [38440 2007-11-26] (Nero AG) R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35088 2013-04-30] (The OpenVPN Project) S3 catchme; \??\C:\DOCUME~1\DROSAN\USTAWI~1\Temp\catchme.sys [X] S4 IntelIde; Brak ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U3 TlntSvr; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-22 08:33 - 2017-02-22 08:34 - 00021952 _____ C:\Documents and Settings\DROSAN\Pulpit\FRST.txt 2017-02-22 08:31 - 2017-02-22 08:31 - 01764864 _____ (Farbar) C:\Documents and Settings\DROSAN\Pulpit\FRST.exe 2017-02-16 09:21 - 2017-02-16 09:21 - 00000563 _____ C:\Documents and Settings\DROSAN\Pulpit\Edytor.lnk 2017-02-16 09:21 - 2017-02-16 09:21 - 00000000 ____D C:\Ulica 2017-02-16 09:21 - 2017-02-16 09:21 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Edytor 2017-02-07 08:36 - 2017-02-22 08:33 - 00000000 ____D C:\FRST 2017-02-06 21:16 - 2017-02-22 08:23 - 00000280 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-1336601894-839522115-1004.job 2017-02-06 08:55 - 2017-02-06 08:55 - 00000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab 2017-02-06 07:43 - 2017-02-06 07:43 - 02671128 _____ (Kaspersky Lab) C:\Documents and Settings\DROSAN\Pulpit\kss16.0.0.1344en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_ko_id_pt_ar_vi_hi_zh-hant_fa_10519.exe 2017-02-03 10:14 - 2017-02-21 20:50 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-03 09:12 - 2017-02-03 09:12 - 00000668 _____ C:\Documents and Settings\DROSAN\Pulpit\HEXwrite.lnk 2017-02-03 09:12 - 2017-02-03 09:12 - 00000000 ____D C:\Program Files\HEXwrite 2017-02-03 09:12 - 2017-02-03 09:12 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\HEXwrite 2017-02-03 09:12 - 1997-12-12 22:31 - 00094720 _____ (Jin Hui E-mail: shjh@usa.net) C:\WINDOWS\system32\splitter.ocx 2017-02-02 11:49 - 2017-02-02 11:49 - 00000000 ____D C:\Documents and Settings\DROSAN\Dane aplikacji\Mael 2017-02-02 11:47 - 2017-02-02 11:50 - 00000000 ____D C:\Program Files\HxD 2017-02-02 11:47 - 2017-02-02 11:47 - 00000568 _____ C:\Documents and Settings\All Users\Pulpit\HxD.lnk 2017-02-02 11:47 - 2017-02-02 11:47 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\HxD Hex Editor 2017-02-02 07:51 - 2017-02-02 07:51 - 04015056 _____ C:\Documents and Settings\DROSAN\Pulpit\adwcleaner_6.043.exe 2017-02-01 13:04 - 2017-02-01 13:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf 2017-02-01 13:04 - 2017-02-01 13:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2017-02-01 13:04 - 2016-03-26 15:51 - 00026328 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggsomc.sys 2017-02-01 13:04 - 2016-03-26 15:51 - 00013528 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggflt.sys 2017-02-01 11:34 - 2017-02-01 11:34 - 00000000 ____D C:\Documents and Settings\DROSAN\Dane aplikacji\XperiFirm 2017-02-01 11:34 - 2017-02-01 11:34 - 00000000 ____D C:\Documents and Settings\DROSAN\.android 2017-02-01 11:32 - 2017-02-01 11:34 - 00000000 ____D C:\Documents and Settings\DROSAN\.flashTool 2017-02-01 11:32 - 2017-02-01 11:32 - 00000000 ____D C:\Documents and Settings\DROSAN\.swt 2017-02-01 11:28 - 2017-02-01 11:28 - 00000000 ____D C:\Documents and Settings\DROSAN\Menu Start\Programy\Flashtool 2017-02-01 11:27 - 2017-02-01 12:55 - 00000000 ____D C:\Flashtool 2017-02-01 10:23 - 2017-02-01 10:23 - 00000000 ____D C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\DriverToolkit 2017-02-01 08:15 - 2017-02-01 08:16 - 00000000 ____D C:\tel 2017-01-29 12:56 - 2017-01-29 12:56 - 00000518 _____ C:\Documents and Settings\DROSAN\Pulpit\BMW Scanner v1.4.0.lnk 2017-01-29 12:56 - 2017-01-29 12:56 - 00000000 ____D C:\BMWScan140 2017-01-26 08:32 - 2017-01-26 08:36 - 00000000 ____D C:\Documents and Settings\DROSAN\Pulpit\FOTY TEL 2017-01-25 14:12 - 2017-01-25 14:12 - 00000000 ____D C:\Program Files\Common Files\Java 2017-01-25 14:12 - 2017-01-25 14:12 - 00000000 ____D C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Sun ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-22 08:34 - 2013-02-17 11:41 - 00000000 ____D C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp 2017-02-22 08:33 - 2013-02-17 11:41 - 00000000 ____D C:\Documents and Settings\DROSAN\Pulpit 2017-02-22 08:30 - 2016-11-29 13:16 - 00004412 _____ C:\WINDOWS\system32\nvAppTimestamps 2017-02-22 08:23 - 2016-05-09 06:19 - 00000526 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1462771139.job 2017-02-22 08:23 - 2014-03-27 19:13 - 00000224 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2017-02-22 08:23 - 2014-03-03 08:19 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2017-02-22 08:23 - 2013-12-14 17:12 - 00000288 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-1336601894-839522115-1004.job 2017-02-22 08:23 - 2013-02-17 11:48 - 00000526 _____ C:\RTHDCPL_Dump.txt 2017-02-22 07:59 - 2013-02-18 13:47 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2017-02-22 07:59 - 2013-02-17 11:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-21 20:59 - 2013-02-17 11:42 - 00000188 ___SH C:\Documents and Settings\DROSAN\ntuser.ini 2017-02-21 20:59 - 2013-02-17 11:41 - 00032606 _____ C:\WINDOWS\SchedLgU.Txt 2017-02-21 20:52 - 2014-03-03 08:19 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2017-02-21 08:25 - 2006-03-02 13:00 - 00013754 _____ C:\WINDOWS\system32\wpa.dbl 2017-02-19 07:14 - 2013-02-17 12:19 - 00000000 ____D C:\Documents and Settings\All Users 2017-02-19 07:13 - 2013-02-17 12:19 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2017-02-19 07:11 - 2013-02-17 12:19 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2017-02-19 07:11 - 2013-02-17 12:19 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy 2017-02-17 09:31 - 2013-02-18 11:00 - 00000000 ____D C:\Documents and Settings\DROSAN\Pulpit\BMW 2017-02-17 08:52 - 2013-02-17 11:41 - 00000000 ___HD C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji 2017-02-14 12:13 - 2006-03-02 13:00 - 00000634 _____ C:\WINDOWS\win.ini 2017-02-08 15:00 - 2014-03-27 19:13 - 00000218 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2017-02-07 09:19 - 2013-02-17 13:04 - 00000000 ____D C:\Program Files\Microsoft Office 2017-02-06 09:24 - 2014-05-27 17:39 - 00000000 ____D C:\AdwCleaner 2017-02-03 17:50 - 2013-02-17 11:41 - 00000000 ____D C:\Documents and Settings\DROSAN 2017-02-03 17:30 - 2013-05-05 10:13 - 00000000 ____D C:\Program Files\WinRAR 2017-02-03 13:47 - 2013-12-07 08:48 - 00000000 ____D C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\Thunderbird 2017-02-03 10:23 - 2013-12-07 08:48 - 00000780 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Thunderbird.lnk 2017-02-03 10:23 - 2013-12-07 08:48 - 00000774 _____ C:\Documents and Settings\All Users\Pulpit\Mozilla Thunderbird.lnk 2017-02-03 10:23 - 2013-12-07 08:48 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2017-02-03 10:18 - 2015-10-18 13:19 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2017-02-03 10:18 - 2015-10-18 13:19 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2017-02-03 10:18 - 2013-05-05 10:13 - 00000000 ____D C:\Documents and Settings\DROSAN\Menu Start\Programy\WinRAR 2017-02-03 10:18 - 2013-05-05 10:13 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR 2017-02-03 10:17 - 2013-02-17 11:35 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-02 11:49 - 2013-02-17 11:41 - 00000000 __RHD C:\Documents and Settings\DROSAN\Dane aplikacji 2017-02-01 14:04 - 2013-02-17 12:11 - 00000000 ___HD C:\WINDOWS\inf 2017-02-01 11:28 - 2013-02-17 11:41 - 00000000 ___RD C:\Documents and Settings\DROSAN\Menu Start\Programy 2017-01-30 07:46 - 2013-02-18 09:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-01-29 12:12 - 2016-11-18 09:19 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-01-26 08:39 - 2016-10-21 15:22 - 00000000 ____D C:\Documents and Settings\DROSAN\Pulpit\Wózek 2017-01-26 08:39 - 2015-04-28 18:17 - 00000000 ____D C:\Documents and Settings\DROSAN\Pulpit\Xperia 2017-01-25 14:12 - 2014-11-24 17:45 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Java 2017-01-25 14:12 - 2013-02-17 11:40 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji 2017-01-25 14:11 - 2014-11-24 17:45 - 00160256 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2017-01-25 14:11 - 2014-11-24 17:45 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2017-01-25 14:11 - 2014-11-24 17:45 - 00000000 ____D C:\Program Files\Java 2017-01-24 09:20 - 2013-12-15 19:29 - 00372982 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2017-01-23 13:54 - 2013-12-15 19:29 - 02027227 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-2000478354-1336601894-839522115-1004-0.dat ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-02-17 17:12 - 2016-09-21 10:55 - 0028160 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-15 09:50 - 2014-07-15 09:50 - 0001780 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Dane aplikacji\recently-used.xbel Niektóre pliki w TEMP: ==================== 2016-12-19 13:44 - 2016-12-19 13:45 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\-arwnwdw.dll 2016-08-28 21:25 - 2016-08-28 21:25 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\37llq5xl.dll 2016-12-26 21:20 - 2016-12-26 21:20 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\4dynlye8.dll 2017-01-31 18:58 - 2017-01-31 18:58 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\ffbzd5rw.dll 2016-09-21 10:33 - 2016-09-21 10:34 - 33612096 _____ (Ellora Assets Corporation ) C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\FreemakeVideoConverterFull.exe 2016-03-29 12:59 - 2016-03-29 12:59 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\h2jiz_-5.dll 2016-07-21 21:46 - 2016-07-21 21:46 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\hhlh0oju.dll 2016-07-30 11:46 - 2010-01-28 22:21 - 0477184 _____ (Wise Solutions, Inc.) C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\InitBDE.exe 2017-01-25 13:58 - 2017-01-25 13:58 - 0739904 _____ (Oracle Corporation) C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\jre-8u121-windows-au.exe 2016-05-07 12:01 - 2016-05-07 12:01 - 0739904 _____ (Oracle Corporation) C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\jre-8u91-windows-au.exe 2016-08-30 17:46 - 2016-08-30 17:46 - 0000000 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\jzlsjp3k.dll 2016-09-11 17:56 - 2016-09-11 17:56 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\m9izlauy.dll 2016-02-10 21:18 - 2016-02-10 21:18 - 0001536 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\NEventMessages.dll 2016-02-10 21:18 - 2016-02-10 21:18 - 0001536 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\NOSEventMessages.dll 2016-11-17 10:38 - 2016-11-17 10:38 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\oolho2md.dll 2016-12-30 08:37 - 2016-12-30 08:37 - 0008192 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\pwincnwj.dll 2016-02-12 08:08 - 2017-01-10 14:46 - 0040960 _____ (Realtek) C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\rtdrvmon.exe 2016-11-07 08:16 - 2016-11-07 08:16 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\s6-ebcwm.dll 2016-06-30 19:27 - 2016-06-30 19:27 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\sk_xw54r.dll 2016-04-26 16:29 - 2016-04-26 16:29 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\tfylyx3i.dll 2016-02-15 21:41 - 2016-02-15 21:41 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\v_q2i2y5.dll 2017-01-22 17:36 - 2017-01-22 17:36 - 0011776 _____ () C:\Documents and Settings\DROSAN\Ustawienia lokalne\Temp\_kig_n1o.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================