Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 23.04.2018 Uruchomiony przez User (administrator) 6F6A33318EF04FE (01-05-2018 19:38:42) Uruchomiony z C:\Documents and Settings\TEMP.6F6A33318EF04FE\Pulpit Załadowane profile: User (Dostępne profile: User) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Adobe Systems Incorporated) C:\Albion\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) D:\Gry\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (DEVGURU Co., LTD.) D:\USB Drivers\25_escape\conn\ss_conn_service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (Google Inc.) C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16875008 2008-06-27] (Realtek Semiconductor Corp.) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2008-06-18] (Realtek Semiconductor Corp.) HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2008-06-19] (RealTek Semicoductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.) HKLM\...\Run: [GEST] => = HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1657376 2009-07-09] () HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [MyWebSearch Plugin] => rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF HKLM\...\Run: [BearShare] => "C:\Program Files\BearShare\BearShare.exe" /pause HKLM\...\Run: [lxcgmon.exe] => C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [200704 2005-07-21] () HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 2300 Series\ezprint.exe [94208 2005-08-01] (Lexmark International Inc.) HKLM\...\Run: [LXCGCATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16************************************************************************************************************************ (dane wartości zawierają 59 znaków więcej). HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1045720 2015-09-14] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [8900328 2016-08-09] (AVAST Software) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\cryptnet32: cryptnet32.dll [X] Startup: C:\Documents and Settings\User\Menu Start\Programy\Autostart\fliptoast.lnk [2011-12-08] ShortcutTarget: fliptoast.lnk -> C:\Program Files\fliptoast\fliptoast.exe (Brak pliku) Startup: C:\Documents and Settings\User\Menu Start\Programy\Autostart\GameAIR.lnk [2015-04-19] ShortcutTarget: GameAIR.lnk -> C:\Program Files\Ganymede\GameAIR\GameAIR.exe (Brak pliku) Startup: C:\Documents and Settings\User\Menu Start\Programy\Autostart\Mopy Points Collector.lnk [2011-08-01] ShortcutTarget: Mopy Points Collector.lnk -> C:\MOPYFISH\GETPOINT.EXE (Brak pliku) Startup: C:\Documents and Settings\User\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2009-12-24] ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) GroupPolicy: Ograniczenia - Chrome <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3271BCB7-A93C-4EC4-BB62-23D5B78A18DA}: [NameServer] 192.168.1.1 Tcpip\..\Interfaces\{96A41A46-D5C3-4157-B390-3169D5439212}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B1CCE6DE-EC18-4923-A7FF-81D8D55543F9}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URLSearchHook: [S-1-5-21-1644491937-1935655697-1801674531-1004] UWAGA => Brak domyślnego URLSearchHook HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== UWAGA SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll => Brak pliku BHO: Brak nazwy -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> Brak pliku BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => Brak pliku BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2016-07-18] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => Brak pliku BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Documents and Settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll => Brak pliku DPF: {112857FE-11D5-03FF-9A3F-0080C8D85044} hxxp://cached.gamedesire.com/g_bin/pl/solitaire_2_0_0_31.cab DPF: {18506D80-11D4-9B80-82C2-0080C8D7ED4A} hxxp://cached.gamedesire.com/g_bin/pl/roulette_2_0_0_30.cab DPF: {2A781DED-4153-C22D-9812-CEA98A32981C} hxxp://cached.gamedesire.com/g_bin/pl/cardsmakao_2_0_0_32.cab DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {41ACD49D-791A-1974-0981-AA9872721044} hxxp://cached.gamedesire.com/g_bin/pl/boards_2_0_0_38.cab DPF: {4539348E-11D5-01D7-9A39-0080C8D85044} hxxp://cached.gamedesire.com/g_bin/pl/slots90_2_0_0_38.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {9085316E-11D4-42BA-BAA3-0080C8D7ED4A} hxxp://cached.gamedesire.com/g_bin/pl/hunter_2_0_0_30.cab DPF: {A6212120-11D5-01D4-9A39-0080C8D85044} hxxp://cached.gamedesire.com/g_bin/pl/slots70_2_0_0_38.cab DPF: {A7196C8E-4FF0-35A5-9E46-E28918B5CAF6} hxxp://cached.gamedesire.com/g_bin/pl/domino_2_0_0_36.cab DPF: {A854AD6D-41FB-6DB5-8044-0BD38092A007} hxxp://cached.gamedesire.com/g_bin/pl/sudoku_2_0_0_18.cab DPF: {A9ED6AA2-4D71-D9D4-9586-E293E2E3580B} hxxp://cached.gamedesire.com/g_bin/pl/marbles_2_0_0_35.cab DPF: {AC120B1D-4111-9411-AF52-118052D85D45} hxxp://cached.gamedesire.com/g_bin/pl/darts_2_0_0_48.cab DPF: {AD7013FF-4F36-1D9A-94A6-3CD408A663F9} hxxp://cached.gamedesire.com/g_bin/pl/breakout_2_0_0_32.cab DPF: {BFA1F11D-AFE1-3121-4112-894323212DAC} hxxp://cached.gamedesire.com/g_bin/pl/words_2_0_0_54.cab DPF: {BFA1F11D-AFE1-3121-4112-983219421AEF} hxxp://cached.gamedesire.com/g_bin/pl/wordssingle_2_0_0_51.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E23FABEE-33DA-12E3-DA12-195DAC123984} hxxp://cached.gamedesire.com/g_bin/pl/mahjong_2_0_0_34.cab DPF: {E95CF138-4C54-A587-8175-3AD80997CB14} hxxp://cached.gamedesire.com/g_bin/pl/soccer_2_0_0_26.cab DPF: {ECEAD8AE-11D5-01D6-9A39-0080C8D85044} hxxp://cached.gamedesire.com/g_bin/pl/slots80_2_0_0_38.cab DPF: {FDDBE2B8-4AD8-6602-946D-94C5A32FA6C1} hxxp://cached.gamedesire.com/g_bin/pl/billard8_2_0_0_40.cab FireFox: ======== FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-02] [Przestarzałe] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2016-07-18] [Przestarzałe] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2016-07-18] [Przestarzałe] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] () FF Plugin: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files\Ganymede\Plugins\npganymedenet.dll [2009-09-18] ( ) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-06-01] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-01] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [Brak pliku] FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-07-06] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-07-06] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-07-06] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-07-06] Chrome: ======= CHR Profile: C:\Documents and Settings\TEMP.6F6A33318EF04FE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default [2018-05-01] CHR Extension: (Dokumenty) - C:\Documents and Settings\TEMP.6F6A33318EF04FE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-29] CHR Extension: (Dysk Google) - C:\Documents and Settings\TEMP.6F6A33318EF04FE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-29] CHR Extension: (YouTube) - C:\Documents and Settings\TEMP.6F6A33318EF04FE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-29] CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\TEMP.6F6A33318EF04FE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-29] CHR Extension: (Avast Online Security) - C:\Documents and Settings\TEMP.6F6A33318EF04FE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-29] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\TEMP.6F6A33318EF04FE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-29] CHR Extension: (Gmail) - C:\Documents and Settings\TEMP.6F6A33318EF04FE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-29] CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-04-12] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - StartMenuInternet: chrome.exe - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe StartMenuInternet: Google Chrome - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeActiveFileMonitor10.0; C:\Albion\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated) R2 AdobeActiveFileMonitor11.0; D:\Gry\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-04-10] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [197128 2016-07-18] (AVAST Software) R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120 2012-07-19] (WIBU-SYSTEMS AG) S3 GalaxyService; C:\Program Files\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com) R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [80392 2008-07-11] () S3 lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [491520 2005-07-25] ( ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes) R2 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [168004 2009-07-14] (NVIDIA Corporation) [Brak podpisu cyfrowego] S4 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [Brak podpisu cyfrowego] S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [Brak podpisu cyfrowego] R2 ss_conn_service; D:\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-10-15] (TuneUp Software) S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-07-18] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-07-18] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91680 2016-07-18] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-07-18] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-07-18] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [816304 2016-07-18] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [438296 2016-07-18] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-07-18] (AVAST Software) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-07-18] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-08-06] (AVAST Software) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R3 gdrv; C:\WINDOWS\gdrv.sys [16608 2018-05-01] (Windows (R) 2000 DDK provider) S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40160 2018-04-29] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [220896 2018-04-30] (Malwarebytes) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation) S3 QCDonner; C:\WINDOWS\System32\DRIVERS\OVCD.sys [28032 2001-08-17] (Microsoft Corporation) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2011-01-18] () R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software) S3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation) U3 asgs75vv; C:\WINDOWS\system32\Drivers\asgs75vv.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder) S4 IntelIde; Brak ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-15] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-05-01 19:38 - 2018-05-01 19:42 - 000021523 _____ C:\Documents and Settings\TEMP.6F6A33318EF04FE\Pulpit\FRST.txt 2018-05-01 17:44 - 2018-05-01 17:44 - 000000000 ____H C:\Documents and Settings\All Users\Dane aplikacji\cm-lock 2018-04-30 21:07 - 2018-04-30 21:07 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Pulpit\zdjecia 2018-04-30 21:02 - 2018-05-01 18:38 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Pulpit\Originals 2018-04-30 20:57 - 2018-05-01 19:23 - 000194560 ____H C:\Documents and Settings\TEMP.6F6A33318EF04FE\Pulpit\photothumb.db 2018-04-30 20:57 - 2018-05-01 17:58 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Dane aplikacji\PhotoScape 2018-04-30 20:54 - 2018-04-30 20:54 - 000000000 ___RD C:\Documents and Settings\TEMP.6F6A33318EF04FE\Moje dokumenty\Moje obrazy 2018-04-30 12:28 - 2018-04-30 15:04 - 000036864 ___SH C:\Documents and Settings\TEMP.6F6A33318EF04FE\Pulpit\Thumbs.db 2018-04-30 12:21 - 2018-04-30 12:21 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Dane aplikacji\Macromedia 2018-04-30 12:19 - 2018-04-30 12:19 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Dane aplikacji\Mozilla 2018-04-30 12:18 - 2018-04-30 12:21 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Dane aplikacji\GG 2018-04-29 22:14 - 2018-05-01 19:38 - 000000000 ____D C:\FRST 2018-04-29 22:03 - 2018-04-29 22:03 - 002066432 _____ (Farbar) C:\Documents and Settings\TEMP.6F6A33318EF04FE\Pulpit\FRST.exe 2018-04-29 20:50 - 2018-04-29 20:51 - 000040160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-04-29 20:49 - 2018-04-30 22:02 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2018-04-29 20:40 - 2018-04-29 20:40 - 000001715 _____ C:\Documents and Settings\All Users\Pulpit\Malwarebytes.lnk 2018-04-29 20:40 - 2018-04-29 20:40 - 000000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes 2018-04-29 20:39 - 2018-04-29 20:39 - 000000000 ____D C:\Program Files\Malwarebytes 2018-04-29 20:39 - 2018-04-29 20:39 - 000000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2018-04-29 20:39 - 2018-03-19 12:57 - 000058656 _____ C:\WINDOWS\system32\Drivers\mbae.sys 2018-04-29 13:37 - 2018-04-30 20:54 - 000000000 ___RD C:\Documents and Settings\TEMP.6F6A33318EF04FE\Moje dokumenty 2018-04-29 13:29 - 2018-04-29 13:29 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Dane aplikacji\TuneUp Software 2018-04-29 13:26 - 2018-04-30 20:57 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Dane aplikacji 2018-04-29 13:18 - 2018-05-01 19:38 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Pulpit 2018-04-29 13:18 - 2018-04-29 13:18 - 000000000 ___RD C:\Documents and Settings\TEMP.6F6A33318EF04FE\Ulubione 2018-04-29 13:18 - 2018-04-29 13:18 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Menu Start\Programy\Autostart 2018-04-29 13:18 - 2018-04-29 13:18 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Menu Start\Programy 2018-04-29 13:18 - 2018-04-29 13:18 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE\Menu Start 2018-04-29 13:12 - 2018-04-29 13:12 - 000000020 ___SH C:\Documents and Settings\TEMP.6F6A33318EF04FE\ntuser.ini 2018-04-29 13:12 - 2018-04-29 13:12 - 000000000 ___HD C:\Documents and Settings\TEMP.6F6A33318EF04FE\Szablony 2018-04-29 13:11 - 2018-04-29 13:11 - 000000000 ____D C:\Documents and Settings\TEMP\Dane aplikacji\AVAST Software 2018-04-29 13:10 - 2018-04-30 23:06 - 000000000 ____D C:\Documents and Settings\TEMP.6F6A33318EF04FE 2018-04-29 13:10 - 2018-04-29 13:36 - 000000000 ___HD C:\Documents and Settings\TEMP.6F6A33318EF04FE\Ustawienia lokalne 2018-04-29 13:10 - 2018-04-29 13:10 - 000000000 __SHD C:\Documents and Settings\TEMP\IETldCache 2018-04-29 13:10 - 2018-04-29 13:10 - 000000000 ___RD C:\Documents and Settings\TEMP\Ulubione 2018-04-29 13:10 - 2018-04-29 13:10 - 000000000 ___RD C:\Documents and Settings\TEMP\Moje dokumenty\Moje obrazy 2018-04-29 13:10 - 2018-04-29 13:10 - 000000000 ___RD C:\Documents and Settings\TEMP\Moje dokumenty\Moja muzyka 2018-04-29 13:10 - 2018-04-29 13:10 - 000000000 ___RD C:\Documents and Settings\TEMP\Moje dokumenty 2018-04-29 13:10 - 2018-04-29 13:10 - 000000000 ____D C:\Documents and Settings\TEMP\Menu Start\Programy\Akcesoria 2018-04-29 13:10 - 2018-04-29 13:10 - 000000000 ____D C:\Documents and Settings\TEMP\Dane aplikacji\Apple Computer 2018-04-29 13:10 - 2018-04-29 13:10 - 000000000 ____D C:\Documents and Settings\TEMP\Dane aplikacji\Adobe 2018-04-29 13:10 - 2018-04-29 13:10 - 000000000 ____D C:\Documents and Settings\TEMP\Dane aplikacji 2018-04-29 13:09 - 2018-04-29 13:10 - 000000000 ____D C:\Documents and Settings\TEMP\Ustawienia lokalne 2018-04-29 13:09 - 2018-04-29 13:10 - 000000000 ____D C:\Documents and Settings\TEMP\Menu Start\Programy 2018-04-29 13:09 - 2018-04-29 13:10 - 000000000 ____D C:\Documents and Settings\TEMP 2018-04-29 13:09 - 2018-04-29 13:09 - 000000000 ____D C:\Documents and Settings\TEMP\Pulpit 2018-04-29 13:09 - 2018-04-29 13:09 - 000000000 ____D C:\Documents and Settings\TEMP\Menu Start\Programy\Autostart 2018-04-29 13:09 - 2018-04-29 13:09 - 000000000 ____D C:\Documents and Settings\TEMP\Menu Start 2018-04-25 17:36 - 2018-04-25 17:36 - 000977712 _____ C:\Documents and Settings\User\Pulpit\blog-04-25-2018.xml 2018-04-24 22:45 - 2018-04-24 22:45 - 000000030 _____ C:\Documents and Settings\User\Pulpit\predator.txt 2018-04-19 23:01 - 2018-04-19 23:01 - 001418154 _____ C:\Documents and Settings\User\Pulpit\Rocky.pptx 2018-04-11 19:41 - 2018-04-25 17:37 - 000093326 _____ C:\Documents and Settings\User\Pulpit\theme-5029048195701578777.xml ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-05-01 19:24 - 2011-12-23 17:36 - 000001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1935655697-1801674531-1004UA.job 2018-05-01 19:15 - 2013-02-25 19:22 - 000000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2018-05-01 19:10 - 2018-03-28 19:10 - 000000282 ____H C:\WINDOWS\Tasks\CCleaner Update.job 2018-05-01 19:10 - 2018-01-09 20:10 - 000000366 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job 2018-05-01 18:51 - 2010-01-31 15:02 - 000001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2018-05-01 18:46 - 2014-02-07 22:41 - 000001152 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2018-05-01 17:45 - 2014-03-19 18:24 - 000000220 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2018-05-01 17:45 - 2012-01-21 19:53 - 000000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1935655697-1801674531-1004.job 2018-05-01 17:45 - 2010-01-31 15:02 - 000001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2018-05-01 17:45 - 2009-11-14 20:57 - 000000416 _____ C:\WINDOWS\Tasks\PCConfidential.job 2018-05-01 17:44 - 2009-09-10 15:14 - 000000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2018-05-01 17:44 - 2009-09-10 13:34 - 000016608 _____ (Windows (R) 2000 DDK provider) C:\WINDOWS\gdrv.sys 2018-05-01 17:44 - 2009-09-10 13:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-04-30 23:06 - 2013-01-18 17:51 - 000393216 _____ C:\WINDOWS\system32\config\TuneUp.evt 2018-04-30 23:06 - 2009-09-10 13:30 - 000032340 _____ C:\WINDOWS\SchedLgU.Txt 2018-04-30 23:03 - 2013-10-06 19:58 - 000000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1644491937-1935655697-1801674531-1004UA.job 2018-04-30 22:27 - 2016-11-06 00:09 - 000000000 ____D C:\Program Files\ByteFence 2018-04-30 22:22 - 2015-06-17 18:04 - 000000000 ____D C:\Program Files\Picexa 2018-04-30 22:22 - 2009-10-01 11:52 - 000000000 ____D C:\Program Files\EMCO Acrobat Reader Deploy 6.x 2018-04-30 21:52 - 2009-10-10 12:45 - 000388408 _____ C:\WINDOWS\ntbtlog.txt 2018-04-30 20:24 - 2011-12-23 17:36 - 000001076 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1935655697-1801674531-1004Core.job 2018-04-30 20:03 - 2013-10-06 19:58 - 000000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1644491937-1935655697-1801674531-1004Core.job 2018-04-29 22:48 - 2008-04-15 14:00 - 000013646 _____ C:\WINDOWS\system32\wpa.dbl 2018-04-29 20:40 - 2009-09-10 15:14 - 000000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2018-04-29 20:40 - 2009-09-10 15:14 - 000000000 ____D C:\Documents and Settings\All Users\Pulpit 2018-04-29 14:27 - 2009-09-10 13:32 - 000000000 ____D C:\Documents and Settings\User\Pulpit 2018-04-29 13:27 - 2015-03-29 21:42 - 000809860 _____ C:\lxcgUNST.csv 2018-04-29 13:27 - 2015-03-29 21:42 - 000809860 _____ C:\lxcgUNST.002 2018-04-29 13:27 - 2010-11-05 14:47 - 000000000 ____D C:\Program Files\Kangurek Kao - Runda 2 2018-04-29 13:27 - 2009-09-10 15:14 - 000000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2018-04-29 13:27 - 2009-09-10 13:23 - 000000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Narzędzia administracyjne 2018-04-29 13:27 - 2009-09-10 13:23 - 000000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Gry 2018-04-29 13:27 - 2009-09-10 13:18 - 000000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria 2018-04-29 13:14 - 2009-09-10 15:13 - 000262144 _____ C:\WINDOWS\system32\config\userdiff 2018-04-29 13:10 - 2009-09-10 15:14 - 000000000 ____D C:\Documents and Settings 2018-04-29 13:10 - 2009-09-10 13:25 - 000001351 _____ C:\WINDOWS\OEWABLog.txt 2018-04-29 13:10 - 2009-07-14 13:34 - 000000000 _____ C:\WINDOWS\system32\NvApps.xml 2018-04-29 00:11 - 2012-07-09 18:41 - 000000000 ____D C:\Documents and Settings\User\Dane aplikacji\GG 2018-04-29 00:11 - 2009-09-10 13:32 - 000000188 ___SH C:\Documents and Settings\User\ntuser.ini 2018-04-28 23:01 - 2018-03-14 19:16 - 000000980 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job 2018-04-28 23:01 - 2009-09-10 13:24 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-04-28 21:46 - 2014-02-07 22:41 - 000001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2018-04-28 20:53 - 2009-10-03 12:50 - 018086400 ___SH C:\Documents and Settings\User\Pulpit\Thumbs.db 2018-04-28 18:53 - 2012-01-21 19:53 - 000000284 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1935655697-1801674531-1004.job 2018-04-27 16:59 - 2011-03-07 13:54 - 000000000 ____D C:\Program Files\Lx_cats 2018-04-25 17:35 - 2015-12-26 00:01 - 000000000 ____D C:\Documents and Settings\User\Pulpit\Notatki 2018-04-25 17:34 - 2016-01-17 22:53 - 000000000 ____D C:\Documents and Settings\User\Pulpit\do segregacji 2018-04-24 17:24 - 2009-09-10 13:32 - 000000000 ___RD C:\Documents and Settings\User\Moje dokumenty\Moje obrazy 2018-04-23 10:42 - 2018-02-27 16:02 - 000000000 ____D C:\Documents and Settings\User\Pulpit\Originals 2018-04-23 10:39 - 2013-11-17 19:52 - 000067584 ____H C:\Documents and Settings\User\Pulpit\photothumb.db 2018-04-10 22:54 - 2017-12-20 22:49 - 000000000 ____D C:\Documents and Settings\User\Dane aplikacji\uTorrent 2018-04-10 14:15 - 2013-02-25 19:22 - 000804864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2018-04-10 14:15 - 2011-11-13 19:16 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2018-04-08 15:21 - 2014-03-19 18:24 - 000000214 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2018-04-05 18:32 - 2015-03-29 19:28 - 000000000 ____D C:\KMPlayer ==================== Pliki w katalogu głównym wybranych folderów ======= 2009-11-20 17:24 - 2012-10-29 20:26 - 000000088 __RSH () C:\Documents and Settings\All Users\Dane aplikacji\86ACFEB4A5.sys 2018-05-01 17:44 - 2018-05-01 17:44 - 000000000 ____H () C:\Documents and Settings\All Users\Dane aplikacji\cm-lock 2009-11-20 17:24 - 2012-10-29 20:26 - 000002984 ___SH () C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys 2009-05-28 10:11 - 2009-05-28 10:11 - 000002045 ____H () C:\Documents and Settings\All Users\Dane aplikacji\whlb32g.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================