Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 13-03-2019 01 Uruchomiony przez PAWEŁ (administrator) PIERWSZY-LAPEK (13-03-2019 22:29:40) Uruchomiony z C:\Users\PAWEŁ\Desktop Załadowane profile: PAWEŁ & UpdatusUser (Dostępne profile: PAWEŁ & UpdatusUser & Gość) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Microsoft Windows Hardware Compatibility Publisher -> Agere Systems) C:\Windows\System32\agrsmsvc.exe (Intel(R) Corporation) [Brak podpisu cyfrowego] C:\Program Files\Intel\WiFi\bin\EvtEng.exe (FingerPower Digital Technology Ltd. -> ) C:\Users\PAWEŁ\AppData\Local\Kingosoft\Kingo Root\update_54326\bin\KingoSoftService.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfSrv.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Novatel Wireless, Inc. -> ) C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe (Protexis Inc. -> ) [Brak podpisu cyfrowego] C:\Program Files\Common Files\Protexis\License Service\PSIService.exe (RealNetworks, Inc. -> ) C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Intel(R) Corporation) [Brak podpisu cyfrowego] C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (CyberLink -> ) C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () [Brak podpisu cyfrowego] C:\Program Files\blueconnect\AssistantServices.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe (Samsung Electronics Co., Ltd.) [Brak podpisu cyfrowego] C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (SAMSUNG Electronics co., LTD.) [Brak podpisu cyfrowego] C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (Samsung Electronics Co., Ltd.) [Brak podpisu cyfrowego] C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics) [Brak podpisu cyfrowego] C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics Incorporated -> Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink -> Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Panda Security S.L -> Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe () [Brak podpisu cyfrowego] C:\Program Files\blueconnect\UIExec.exe (InstallShield Software Corporation) [Brak podpisu cyfrowego] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () [Brak podpisu cyfrowego] C:\Program Files\Unlocker\UnlockerAssistant.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehtray.exe (CyberLink -> Cyberlink) C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Telespree Communications -> Telespree Communications) C:\Program Files\Telespree\Self Service Assistant - Data Usage Meter\SSADataMeter.exe (Synaptics Incorporated -> Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\MSC\mcuimgr.exe (Google Inc -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\conime.exe (Google Inc -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics Incorporated -> Synaptics, Inc.) HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (CyberLink -> Cyberlink Corp.) HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] (CyberLink -> ) [Brak podpisu cyfrowego] HKLM\...\Run: [mcagent_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [582992 2007-08-03] (McAfee, Inc. -> McAfee, Inc.) HKLM\...\Run: [SpeedTouch USB Diagnostics] => C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [888832 2004-03-23] (THOMSON Telecom Belgium) [Brak podpisu cyfrowego] HKLM\...\Run: [SSC Service Utility] => C:\Program Files\SSCService Utility\ssc_serv.exe [665600 2007-10-09] (SSC Localization Group) [Brak podpisu cyfrowego] HKLM\...\Run: [UIExec] => C:\Program Files\blueconnect\UIExec.exe [132608 2009-09-15] () [Brak podpisu cyfrowego] HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) [Brak podpisu cyfrowego] HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] () [Brak podpisu cyfrowego] HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-02-17] (RealNetworks, Inc. -> RealNetworks, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle America, Inc. -> Oracle Corporation) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (Canon Inc. -> CANON INC.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\...\Run: [Gadu-Gadu] => C:\Program Files\Gadu-Gadu\gg.exe [2127296 2008-03-20] (Gadu-Gadu sp. z o.o. -> Gadu-Gadu S.A.) HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-02] (Google Inc -> Google Inc.) HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\...\Run: [Power2GoExpress] => C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2512168 2008-02-25] (CyberLink -> Cyberlink) HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) [Brak podpisu cyfrowego] HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Software Sarl -> Skype Technologies S.A.) [Brak podpisu cyfrowego] HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\...\MountPoints2: {39a91d8f-fe01-11de-8757-9bdfcafa1994} - G:\Install.exe HKU\S-1-5-21-3541930631-1061133730-2441918338-1007\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [220672 2009-04-11] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS) HKLM\...\Drivers32: [msacm.clmp3enc] => C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM [217088 2005-05-13] (CyberLink Corp.) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [7680 2008-06-12] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [msacm.avis] => C:\Windows\system32\ff_acm.acm [6144 2008-06-12] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [56832 2008-01-21] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Drivers32: [VIDC.WMV3] => C:\Windows\system32\wmv9vcm.dll [1696256 2013-05-09] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [180224 2008-12-04] () [Brak podpisu cyfrowego] HKLM\Software\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe [2016-04-08] (Google Inc -> Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk [2008-07-16] ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) Startup: C:\Users\PAWEŁ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Przypominacz.lnk [2009-04-09] ShortcutTarget: Przypominacz.lnk -> C:\Users\PAWEŁ\Desktop\przypom\Przypominacz.exe () [Brak podpisu cyfrowego] Startup: C:\Users\PAWEŁ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Self Service Assistant - Data Usage Meter.lnk [2019-03-13] ShortcutTarget: Self Service Assistant - Data Usage Meter.lnk -> C:\Users\PAWEŁ\AppData\Roaming\Microsoft\Installer\{BDE9D8BB-F146-4BBE-A527-CC89ADC0AB84}\_16496df1.exe () [Brak podpisu cyfrowego] GroupPolicy\User: Ograniczenia ? <==== UWAGA GroupPolicyUsers\S-1-5-21-3541930631-1061133730-2441918338-1007\User: Ograniczenia <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation) Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation) Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation) Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation) Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation) Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation) Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation) Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation) Winsock: Catalog9 20 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.20.1.132 10.20.1.133 194.204.152.34 Tcpip\..\Interfaces\{428C6F3E-94C8-400D-B556-DC69ECBD721C}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C071CFC3-957C-422B-BEAA-8B20BB891200}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{C73CCBDF-67EF-4B9E-AEA3-B02F07C01090}: [DhcpNameServer] 10.20.1.132 10.20.1.133 194.204.152.34 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp:\\www.samsungcomputer.com HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp:\\www.samsungcomputer.com HKU\S-1-5-21-3541930631-1061133730-2441918338-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader) BHO: DivX Plus Web Player HTML5