Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:05-03-2016 01 Uruchomiony przez K (administrator) ZBORESLAV (28-03-2016 21:46:57) Uruchomiony z E:\ Załadowane profile: K (Dostępne profile: K) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RiccoVPN] => [X] HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-13] (AVAST Software) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-06-28] (RealNetworks, Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2015-07-26] (Murray Hurps Software Pty Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\...\Run: [Spotify Web Helper] => C:\Users\K\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-02-04] (Spotify Ltd) HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google) HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\...\Run: [Dropbox Update] => C:\Users\K\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.) HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\...\Run: [tray] => C:\Program Files (x86)\Pogoda\pogoda.exe [2364416 2006-07-22] (Pogoda Inc.) HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\...\MountPoints2: {e7fc1855-e49c-11e3-80de-0016d449af32} - E:\AutoRun.exe HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\...\MountPoints2: {e7fc1865-e49c-11e3-80de-0016d449af32} - E:\AutoRun.exe HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\...\MountPoints2: {e7fc1879-e49c-11e3-80de-0016d449af32} - E:\AutoRun.exe ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-13] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\K\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\K\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\K\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\K\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\K\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\K\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\K\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mcserver.lnk [2014-09-10] ShortcutTarget: mcserver.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE) Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-23] ShortcutTarget: Dropbox.lnk -> C:\Users\K\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LINKI — skrót.lnk [2014-01-21] ShortcutTarget: LINKI — skrót.lnk -> C:\KAMIL\Dropbox\LINKI.xlsm () Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2015-01-03] ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr — skrót.lnk [2012-09-06] ShortcutTarget: taskmgr — skrót.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation) Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winamp.lnk [2015-07-17] ShortcutTarget: Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{28DC91FD-25E1-46D3-BDC7-18CD91383C71}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{5DE8BD60-82FE-463E-AFD4-D8C66DFBF62A}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{C40B240B-72D9-4776-AFBC-A9B54D6ECBAC}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{EDC1DAE8-67AC-4D2F-8493-AE54962CE979}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/ HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2472659487-2852608981-1873138556-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-2472659487-2852608981-1873138556-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-06-10] (RealDownloader) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-25] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-06-10] (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-05] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-25] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-05] (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Google (avast) FF Homepage: hxxps://www.google.pl FF Session Restore: -> [funkcja włączona] FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @comarch.com/NOL,version=3.0 -> C:\Program Files (x86)\Common Files\NOL3\npn30plugin.dll [2013-04-04] (COMARCH S.A.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-05] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-06-28] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-06-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-06-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-06-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-06-28] (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-06-28] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-29] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-29] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-29] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-29] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-29] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-06-28] (RealPlayer Cloud) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.) FF SearchPlugin: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\searchplugins\filmwebpl.xml [2015-03-22] FF SearchPlugin: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\searchplugins\google-avast.xml [2014-12-24] FF Extension: Xmarks - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\extensions\foxmarks@kei.com [2015-11-26] FF Extension: Forecastfox - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2015-12-05] FF Extension: Flashblock - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-02] FF Extension: Gmail Watcher - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\extensions\gmailwatcher@sonthakit.xpi [2016-01-31] FF Extension: EPUBReader - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-02-15] FF Extension: LeechBlock - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2016-02-21] FF Extension: Saved Password Editor - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\extensions\savedpasswordeditor@daniel.dawson.xpi [2016-02-23] FF Extension: OneTab - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\Extensions\extension@one-tab.com.xpi [2015-05-29] FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\Extensions\fbp@fbpurity.com.xpi [2016-02-12] FF Extension: BPH Sign Plugin - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\Extensions\SignPlugin@bph.pl [2013-02-03] [Brak podpisu cyfrowego] FF Extension: uBlock Origin - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\Extensions\uBlock0@raymondhill.net.xpi [2016-02-22] FF Extension: Adblock Plus - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-13] FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-28] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon [2010-04-01] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\s4er7xer.default\extensions\detgdp@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-13] Chrome: ======= CHR HomePage: Default -> hxxp://google.pl/ CHR Session Restore: Default -> [funkcja włączona] CHR Plugin: (Widevine Content Decryption Module) - C:\Users\K\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => Brak pliku CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => Brak pliku CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => Brak pliku CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => Brak pliku CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => Brak pliku CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => Brak pliku CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll => Brak pliku CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => Brak pliku CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Brak pliku CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll => Brak pliku CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => Brak pliku CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) CHR Profile: C:\Users\K\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Xmarks Bookmark Sync) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-03-14] CHR Extension: (Dysk Google) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10] CHR Extension: (Dokumenty Google offline) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-28] CHR Extension: (FlashBlock) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl [2014-02-15] CHR Extension: (RealPlayer Downloader) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-30] CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-02-20] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-27] CHR HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\K\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-12] CHR HKU\S-1-5-21-2472659487-2852608981-1873138556-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-25] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10] Opera: ======= OPR Extension: (Adblock Plus) - C:\Users\K\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-01] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-13] (AVAST Software) S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-28] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [Brak podpisu cyfrowego] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-13] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-13] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-13] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-13] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-13] (AVAST Software) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] R0 BMLoad; C:\Windows\SysWOW64\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [137472 2007-05-09] (Texas Instruments) R3 NETwLx64; C:\Windows\System32\DRIVERS\NETwLx64.sys [7442432 2010-08-16] (Intel Corporation) S3 Passthru; C:\Windows\System32\DRIVERS\PPFlt.sys [27160 2012-09-15] () R3 PrivacyProtectorMP; C:\Windows\System32\DRIVERS\PPFlt.sys [27160 2012-09-15] () R3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [3398800 2014-07-04] (MediaTek Inc.) R3 SMSCIRDA; C:\Windows\System32\DRIVERS\SMSCir64.sys [37760 2007-04-25] (SMSC) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] R1 tcpipBM; C:\Windows\SysWOW64\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] R3 tifm21; C:\Windows\System32\drivers\tifm21.sys [319488 2009-10-12] (Texas Instruments) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-10] (ZTE) S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-08-10] (ZTE) S3 DIRECTIORM; \??\C:\Program Files\RAMMon\DirectIo64.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-03-28 21:46 - 2016-03-28 21:46 - 00000000 ____D C:\FRST 2016-03-02 23:46 - 2016-02-28 16:11 - 00118252 _____ C:\Users\K\Desktop\Mon roi 1080p BluRay.en.srt 2016-02-27 23:39 - 2016-02-27 23:41 - 00000000 ____D C:\bc9547da805d2bc7d2587e497b ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-03-28 21:45 - 2015-01-03 13:54 - 00002562 _____ C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c 2016-03-28 21:45 - 2015-01-03 13:54 - 00000296 _____ C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job 2016-03-28 21:45 - 2014-09-09 18:50 - 00078032 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2016-03-28 21:45 - 2012-09-06 21:13 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-28 21:45 - 2012-09-06 20:54 - 00017408 _____ C:\Windows\system32\rpcnetp.exe 2016-03-28 21:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-28 19:50 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-28 19:50 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-28 19:36 - 2012-09-06 21:13 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-28 19:26 - 2015-06-17 19:16 - 00001146 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2472659487-2852608981-1873138556-1001UA.job 2016-03-28 19:23 - 2013-04-13 12:55 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-28 19:03 - 2011-04-12 15:21 - 00745166 _____ C:\Windows\system32\perfh015.dat 2016-03-28 19:03 - 2011-04-12 15:21 - 00158724 _____ C:\Windows\system32\perfc015.dat 2016-03-28 19:03 - 2009-07-14 07:13 - 01683824 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-28 19:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-03-28 17:48 - 2015-06-17 19:16 - 00001094 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2472659487-2852608981-1873138556-1001Core.job 2016-03-04 22:49 - 2014-09-08 18:16 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.exe 2016-03-04 22:49 - 2014-09-08 18:16 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.dll 2016-03-04 22:38 - 2014-02-15 16:02 - 02125540 _____ C:\Windows\ntbtlog.txt 2016-03-04 21:09 - 2009-07-14 04:34 - 00000219 _____ C:\Windows\system.ini 2016-03-03 20:43 - 2016-02-03 20:55 - 00003890 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1388498497 2016-03-03 20:43 - 2013-12-31 16:01 - 00000000 ____D C:\Program Files (x86)\Opera 2016-03-03 20:34 - 2012-09-06 21:26 - 00000000 ____D C:\Users\K\AppData\Roaming\Dropbox 2016-03-03 20:33 - 2014-02-12 00:23 - 00000000 ___RD C:\Users\K\Dysk Google 2016-03-02 22:11 - 2012-09-06 21:13 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2016-03-01 21:20 - 2012-09-06 21:13 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-02-27 04:00 - 2015-04-04 23:22 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-02-27 04:00 - 2015-04-04 23:22 - 00000000 ___SD C:\Windows\system32\GWX ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-10-23 07:59 - 2013-10-23 07:59 - 0000000 _____ () C:\Users\K\AppData\Local\AtStart.txt 2013-10-23 07:59 - 2013-10-23 07:59 - 0000000 _____ () C:\Users\K\AppData\Local\DSwitch.txt 2015-11-11 17:47 - 2015-11-11 17:47 - 0000000 _____ () C:\Users\K\AppData\Local\FnF4.txt 2013-10-23 07:59 - 2013-10-23 07:59 - 0000000 _____ () C:\Users\K\AppData\Local\QSwitch.txt 2012-12-31 22:28 - 2012-12-31 22:28 - 0007601 _____ () C:\Users\K\AppData\Local\Resmon.ResmonCfg 2013-04-29 20:50 - 2014-04-10 14:56 - 0014964 _____ () C:\Users\K\AppData\Local\unins000.dat 2014-04-10 14:56 - 2014-04-10 14:55 - 0707504 _____ () C:\Users\K\AppData\Local\unins000.exe 2013-04-29 20:50 - 2014-04-10 14:56 - 0011761 _____ () C:\Users\K\AppData\Local\unins000.msg Niektóre pliki w TEMP: ==================== C:\Users\K\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2ktmqc.dll C:\Users\K\AppData\Local\Temp\FoxitUpdater.exe C:\Users\K\AppData\Local\Temp\jre-8u51-windows-au.exe C:\Users\K\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\K\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\K\AppData\Local\Temp\jre-8u71-windows-au.exe C:\Users\K\AppData\Local\Temp\jre-8u73-windows-au.exe C:\Users\K\AppData\Local\Temp\{D1A20F35-48E1-49EF-862B-338C1D0B479E}-DropboxClient_3.8.6.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-03-28 17:43 ==================== Koniec FRST.txt ============================