Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 12-11-2016 Uruchomiony przez Modliszka (administrator) MODLISZKA-PC (13-11-2016 16:35:52) Uruchomiony z C:\Users\Modliszka\Desktop Załadowane profile: Modliszka (Dostępne profile: Modliszka) Platform: Microsoft® Windows Vista™ Home Premium (X86) Język: Polski (Polska) Internet Explorer Wersja 7 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files\ATK Hotkey\ASLDRSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (CompSoft) C:\Program Files\DoroPDFWriter\DoroServer.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brother Help\BrotherHelp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe () C:\Brother\BPRSP\resources\BrSupSsp.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Microsoft Corporation) C:\Windows\System32\wermgr.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Microsoft Corporation) C:\Windows\System32\WerFault.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-08-24] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894248 2007-06-22] (Synaptics, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION) HKLM\...\Run: [MSConfig] => C:\Windows\system32\msconfig.exe [222208 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1699400 2016-01-05] (APN) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [DoroServer] => C:\Program Files\DoroPDFWriter\DoroServer.exe [196608 2013-10-24] (CompSoft) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-08] (AVAST Software) HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) HKLM\...\Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-479307222-4290763350-3312522515-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [436088 2007-06-27] () HKU\S-1-5-21-479307222-4290763350-3312522515-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation) HKU\S-1-5-21-479307222-4290763350-3312522515-1000\...\MountPoints2: {ca0dd620-876f-11e3-8377-001e6874582a} - D:\LGAutoRun.exe ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-10-12] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-11-04] (AVAST Software) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Brak pliku Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother PORPB.lnk [2014-09-11] ShortcutTarget: Brother PORPB.lnk -> C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-01] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Modliszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pampers Pregnancy Widget.lnk [2013-11-16] ShortcutTarget: Pampers Pregnancy Widget.lnk -> C:\Users\Modliszka\AppData\Local\Temp\Temp1_PGPregnancyWidget_Win_pl_PL.zip\PampersPregnancyWidget.exe (Brak pliku) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 85.255.255.1 85.255.255.30 Tcpip\..\Interfaces\{E4192F17-7301-4DE5-BF05-9375B00761FE}: [DhcpNameServer] 85.255.255.1 85.255.255.30 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130862023608250088&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-479307222-4290763350-3312522515-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130862023608860088&GUID=00000000-0000-0000-0000-000000000000 URLSearchHook: HKU\S-1-5-21-479307222-4290763350-3312522515-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll Brak pliku SearchScopes: HKU\S-1-5-21-479307222-4290763350-3312522515-1000 -> DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-479307222-4290763350-3312522515-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-479307222-4290763350-3312522515-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D653001E6874582A&affID=119357&tsp=4956 SearchScopes: HKU\S-1-5-21-479307222-4290763350-3312522515-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05] (McAfee, Inc.) BHO: DealPly Shopping -> {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} -> C:\Program Files\DealPly\DealPlyIE.dll [2013-03-19] (DealPly) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-01] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-04] (AVAST Software) BHO: BrowseFox -> {b9507101-e464-4b3b-a4cb-291aaedd94f2} -> C:\Program Files\BrowseFox\BrowseFoxBHO.dll [2013-10-10] (Browse Fox) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-01] (Oracle Corporation) Toolbar: HKLM - Brak nazwy - {D4027C7F-154A-4066-A1AD-4243D8127440} - Brak pliku Toolbar: HKU\S-1-5-21-479307222-4290763350-3312522515-1000 -> Brak nazwy - {D4027C7F-154A-4066-A1AD-4243D8127440} - Brak pliku DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab FireFox: ======== FF ProfilePath: C:\Users\Modliszka\AppData\Roaming\Mozilla\Firefox\Profiles\50r0oo3m.default-1455310572040 [2016-11-13] FF Homepage: Mozilla\Firefox\Profiles\50r0oo3m.default-1455310572040 -> hxxp://belchatow.naszemiasto.pl/ FF Extension: (Firefox Hotfix) - C:\Users\Modliszka\AppData\Roaming\Mozilla\Firefox\Profiles\50r0oo3m.default-1455310572040\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-13] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-15] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-13] FF HKU\S-1-5-21-479307222-4290763350-3312522515-1000\...\Firefox\Extensions: [lyrmix@lyrmix.net] - C:\Program Files\Lyrmix\FF => nie znaleziono FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] () FF Plugin: @ganymede/MAKAOV2,version=1.0 -> C:\Program Files\Ganymede\Plugins\MAKAOV2\NPMAKAOV2.dll [2011-07-15] (Ganymede Technologies) FF Plugin: @ganymede/NAVY,version=1.0 -> C:\Program Files\Ganymede\Plugins\NAVY\NPNAVY.dll [2011-07-15] (Ganymede Technologies) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-01] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-01] (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [2013-02-05] (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPMAKAOV2.dll [2011-07-15] (Ganymede Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPNAVY.dll [2011-07-15] (Ganymede Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://do-search.com/?type=hp&ts=1433113354&z=64cd4aca49210340d770ba5gazccec7g4g3c3cewee&from=cor&uid=HitachiXHTS542525K9SA00_080524BB6F00WDJBYVEGX CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1433113354&z=64cd4aca49210340d770ba5gazccec7g4g3c3cewee&from=cor&uid=HitachiXHTS542525K9SA00_080524BB6F00WDJBYVEGX" CHR DefaultSearchURL: Default -> hxxp://do-search.com/web/?type=ds&ts=1433113354&z=64cd4aca49210340d770ba5gazccec7g4g3c3cewee&from=cor&uid=HitachiXHTS542525K9SA00_080524BB6F00WDJBYVEGX&q={searchTerms} CHR DefaultSearchKeyword: Default -> do-search CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Brak pliku CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => Brak pliku CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll => Brak pliku CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll => Brak pliku CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Profile: C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default [2016-11-12] CHR Extension: (Ask Toolbar) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajabnoiehionljhjpclogplgillib [2015-05-09] CHR Extension: (Dysk Google) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12] CHR Extension: (YouTube) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-12] CHR Extension: (Adblock Plus) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-22] CHR Extension: (Google Search) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12] CHR Extension: (Rebecca Taylor) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahpkkfpjpdcfdkbpeoibdhfadicnhdj [2013-10-20] CHR Extension: (Dokumenty Google offline) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-16] CHR Extension: (Crazy Score) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklebndkmkifcnomkippjabjamgcmflo [2015-05-23] [UpdateUrl: hxxp://cdn.crazyscore.net/update] <==== UWAGA CHR Extension: (Avast Online Security) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-22] CHR Extension: (Ikariam CR Converter) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhgfdcidfmnknpcdhfaahkomnhamkjdl [2013-02-14] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-16] CHR Extension: (Gmail) - C:\Users\Modliszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-09] CHR HKLM\...\Chrome\Extension: [aaaajabnoiehionljhjpclogplgillib] - C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx [2015-11-13] CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ\CRX\ToolbarCR.crx [2016-01-05] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx CHR HKLM\...\Chrome\Extension: [jofdlbdmefjogcipddjnblinigmpagoj] - C:\Program Files\Lyrmix\Chrome.crx CHR HKLM\...\Chrome\Extension: [ppdjnkblmcjfnlogjjhpigpdgpcgdpll] - C:\Program Files\BrowseFox\ppdjnkblmcjfnlogjjhpigpdgpcgdpll.crx Opera: ======= OPR StartupUrls: "hxxp://do-search.com/?type=hp&ts=1433113354&z=64cd4aca49210340d770ba5gazccec7g4g3c3cewee&from=cor&uid=HitachiXHTS542525K9SA00_080524BB6F00WDJBYVEGX" OPR Extension: (Crazy Score) - C:\Users\Modliszka\AppData\Roaming\Opera Software\Opera Stable\Extensions\gklebndkmkifcnomkippjabjamgcmflo [2015-05-22] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-01-05] (APN LLC.) R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [Brak podpisu cyfrowego] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-04] (AVAST Software) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [Brak podpisu cyfrowego] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [Brak podpisu cyfrowego] S2 rpcnet; C:\Windows\system32\rpcnet.exe [73232 2016-06-07] (Absolute Software Corp.) R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-07-26] (TOSHIBA Corporation) [Brak podpisu cyfrowego] R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [Brak podpisu cyfrowego] R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-08-24] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-11-04] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-11-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-11-04] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-11-04] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-11-04] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-11-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-11-04] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-11-04] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-11-04] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-11-04] (AVAST Software) R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices) S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-11-08] () [Brak podpisu cyfrowego] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 igfx; system32\DRIVERS\igdkmd32.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-11-13 16:35 - 2016-11-13 16:36 - 00023437 _____ C:\Users\Modliszka\Desktop\FRST.txt 2016-11-13 16:34 - 2016-11-13 16:35 - 00000000 ____D C:\FRST 2016-11-13 16:33 - 2016-11-13 16:33 - 01760768 _____ (Farbar) C:\Users\Modliszka\Desktop\FRST.exe 2016-11-13 15:50 - 2016-11-13 15:50 - 03910208 _____ C:\Users\Modliszka\Desktop\adwcleaner_6.030.exe 2016-11-13 14:50 - 2016-11-13 14:50 - 00001834 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-11-13 14:48 - 2016-11-04 11:57 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-11-12 18:29 - 2016-11-12 18:29 - 00120369 _____ C:\Users\Modliszka\AppData\Local\recently-used.xbel 2016-11-09 22:48 - 2016-11-09 22:48 - 00034935 _____ C:\Users\Modliszka\Desktop\3317661001.PDF 2016-11-07 14:47 - 2016-11-07 14:47 - 00000000 ____D C:\Users\Modliszka\Documents\pulpit 2016-11-07 14:34 - 2016-11-07 14:39 - 126079291 _____ C:\Users\Modliszka\Documents\Poradnik przezwajania silników indukcyjnych - ZEMBRZUSKI JAN.rar 2016-11-07 10:27 - 2016-11-07 10:28 - 23232985 _____ C:\Users\Modliszka\Documents\Katalog części i jednostek montażowych T-25A.pdf 2016-11-07 10:26 - 2016-11-07 10:26 - 01701788 _____ C:\Users\Modliszka\Documents\T25_A schemat instalacji.rar 2016-11-04 13:03 - 2016-11-04 13:03 - 00000901 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-11-04 13:03 - 2016-11-04 13:03 - 00000901 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-11-04 12:58 - 2016-11-13 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-11-04 12:58 - 2016-11-13 14:42 - 00000000 ____D C:\Program Files\Common Files\Skype 2016-11-04 12:37 - 2016-11-04 12:37 - 00000000 ____D C:\Users\Modliszka\AppData\Local\CEF 2016-11-04 12:15 - 2016-11-13 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-11-04 12:14 - 2016-11-04 11:57 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2016-11-04 12:14 - 2016-11-04 11:57 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-11-04 11:58 - 2016-11-04 11:57 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll 2016-11-04 11:57 - 2016-11-04 11:57 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-11-04 11:50 - 2016-11-04 11:50 - 06253648 _____ (AVAST Software) C:\Users\Modliszka\Desktop\avast_free_antivirus_setup_online.exe 2016-10-28 22:32 - 2016-10-28 22:32 - 00034680 _____ C:\Users\Modliszka\Desktop\3317651789.PDF 2016-10-22 08:40 - 2016-10-22 13:14 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-11-13 16:27 - 2014-06-04 09:05 - 00073232 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll 2016-11-13 16:27 - 2014-05-16 03:58 - 00017408 _____ C:\Windows\system32\rpcnetp.exe 2016-11-13 16:26 - 2012-12-28 22:26 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-13 16:26 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-13 16:26 - 2006-11-02 13:47 - 00004976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-13 16:26 - 2006-11-02 13:47 - 00004976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-13 15:57 - 2006-11-02 14:01 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-11-13 15:42 - 2012-12-28 22:26 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-13 15:05 - 2012-12-28 20:00 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-11-13 15:02 - 2013-09-16 11:27 - 00000292 _____ C:\Windows\Tasks\Registry Optimizer_DEFAULT.job 2016-11-13 14:42 - 2016-03-24 00:06 - 00000000 ____D C:\Users\Modliszka\AppData\Local\gtk-2.0 2016-11-13 14:42 - 2014-07-18 15:14 - 00000000 ___RD C:\Program Files\Skype 2016-11-13 14:42 - 2014-05-01 12:05 - 00000000 ____D C:\ProgramData\HP Product Assistant 2016-11-13 14:42 - 2013-09-17 16:23 - 00000000 ____D C:\Program Files\BrowseFox 2016-11-13 14:42 - 2013-06-05 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-11-13 14:42 - 2013-02-17 21:07 - 00000000 ____D C:\Users\Modliszka\AppData\Roaming\mp3DirectCut 2016-11-13 14:42 - 2013-01-30 13:59 - 00000000 ____D C:\Users\Modliszka\AppData\Roaming\PhotoScape 2016-11-13 14:42 - 2013-01-14 21:24 - 00000000 ____D C:\Users\Modliszka\Desktop\Skróty 2016-11-13 14:42 - 2013-01-01 22:13 - 00000000 ____D C:\Users\Modliszka\AppData\Roaming\GHISLER 2016-11-13 14:42 - 2012-12-28 21:54 - 00000000 ____D C:\Users\Modliszka\AppData\Roaming\Winamp 2016-11-13 14:42 - 2012-12-28 17:38 - 00000000 ____D C:\Users\Modliszka 2016-11-13 14:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool 2016-11-13 14:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration 2016-11-13 14:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf 2016-11-13 14:42 - 2006-11-02 11:22 - 36700160 _____ C:\Windows\system32\config\software_previous 2016-11-13 14:42 - 2006-11-02 11:22 - 28835840 _____ C:\Windows\system32\config\system_previous 2016-11-13 14:34 - 2006-11-02 11:22 - 27000832 _____ C:\Windows\system32\config\components_previous 2016-11-13 14:34 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security_previous 2016-11-13 14:34 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam_previous 2016-11-13 14:34 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\default_previous 2016-11-13 14:30 - 2014-07-18 16:08 - 00000000 ____D C:\Users\Modliszka\AppData\Local\Skype 2016-11-13 14:30 - 2013-11-30 23:46 - 00000000 ____D C:\Program Files\Mobogenie 2016-11-13 14:30 - 2013-01-04 15:15 - 00000000 ____D C:\Users\Modliszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar.pl 2016-11-13 14:30 - 2013-01-04 15:15 - 00000000 ____D C:\Program Files\Alawar.pl 2016-11-12 18:30 - 2016-03-07 23:38 - 00000000 ____D C:\Users\Modliszka\.gimp-2.8 2016-11-11 18:48 - 2016-08-28 07:13 - 00000000 ____D C:\Users\Modliszka\Desktop\Nowy folder 2016-11-11 18:46 - 2015-10-02 09:57 - 00026624 ____H C:\Users\Modliszka\Desktop\photothumb.db 2016-11-10 08:14 - 2013-07-11 09:27 - 00000000 ____D C:\Windows\system32\MRT 2016-11-10 08:03 - 2006-11-02 11:24 - 138444440 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe 2016-11-10 00:01 - 2015-10-02 09:54 - 00000000 ____D C:\Users\Modliszka\Desktop\Zdjęcia 2016-11-09 12:27 - 2013-09-16 11:27 - 00000300 _____ C:\Windows\Tasks\Registry Optimizer_UPDATES.job 2016-11-08 18:05 - 2012-12-28 19:59 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-11-08 18:05 - 2012-12-28 19:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-11-08 18:05 - 2007-08-24 09:38 - 00000000 ____D C:\Windows\system32\Macromed 2016-11-06 17:56 - 2006-12-05 06:22 - 00585220 _____ C:\Windows\system32\perfh015.dat 2016-11-06 17:56 - 2006-12-05 06:22 - 00109170 _____ C:\Windows\system32\perfc015.dat 2016-11-06 17:56 - 2006-11-02 11:33 - 01464060 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-04 16:53 - 2014-05-16 03:59 - 00017408 _____ C:\Windows\system32\rpcnetp.dll 2016-11-04 15:08 - 2014-07-18 15:14 - 00000000 ____D C:\Users\Modliszka\AppData\Roaming\Skype 2016-11-04 13:00 - 2013-01-15 16:48 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-11-04 13:00 - 2012-12-28 22:22 - 00000000 ____D C:\ProgramData\AVAST Software 2016-11-04 13:00 - 2012-12-28 22:22 - 00000000 ____D C:\Program Files\AVAST Software 2016-11-04 12:58 - 2014-07-20 21:07 - 00000000 ____D C:\ProgramData\Skype 2016-11-04 12:14 - 2013-03-14 17:39 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-11-04 12:14 - 2012-12-28 22:25 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-11-04 12:14 - 2012-12-28 22:25 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2016-11-04 11:57 - 2013-03-14 17:39 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-11-04 11:57 - 2012-12-28 22:25 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-11-04 11:57 - 2012-12-28 22:25 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2016-11-04 11:57 - 2012-12-28 22:25 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2016-11-03 10:24 - 2014-09-11 12:43 - 00007889 _____ C:\Windows\BRRBCOM.INI 2016-10-26 16:29 - 2012-12-29 14:18 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-10-22 13:14 - 2016-09-24 12:57 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak 2016-10-22 13:14 - 2012-12-28 19:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-12-18 19:14 - 2016-08-21 18:14 - 0000245 _____ () C:\Users\Modliszka\AppData\Roaming\WB.CFG 2013-01-04 22:05 - 2013-01-04 22:05 - 0000552 _____ () C:\Users\Modliszka\AppData\Local\d3d8caps.dat 2012-12-28 17:38 - 2016-01-30 23:57 - 0000680 _____ () C:\Users\Modliszka\AppData\Local\d3d9caps.dat 2013-01-21 14:52 - 2016-04-19 22:00 - 0066048 _____ () C:\Users\Modliszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-11-12 18:29 - 2016-11-12 18:29 - 0120369 _____ () C:\Users\Modliszka\AppData\Local\recently-used.xbel 2013-01-01 22:19 - 2015-11-03 21:21 - 0033367 _____ () C:\ProgramData\hpzinstall.log Niektóre pliki w TEMP: ==================== C:\Users\Modliszka\AppData\Local\Temp\APNStub.exe C:\Users\Modliszka\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Modliszka\AppData\Local\Temp\AskSLib.dll C:\Users\Modliszka\AppData\Local\Temp\cct.dll C:\Users\Modliszka\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ey5ss.dll C:\Users\Modliszka\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Modliszka\AppData\Local\Temp\JavaIC.dll C:\Users\Modliszka\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Modliszka\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\Modliszka\AppData\Local\Temp\mgsqlite3.dll C:\Users\Modliszka\AppData\Local\Temp\msscct32.dll C:\Users\Modliszka\AppData\Local\Temp\setup.exe C:\Users\Modliszka\AppData\Local\Temp\SymLCSVC.EXE C:\Users\Modliszka\AppData\Local\Temp\uninst1.exe C:\Users\Modliszka\AppData\Local\Temp\vcredist9_x86.exe C:\Users\Modliszka\AppData\Local\Temp\vlc-2.0.5-win32.exe C:\Users\Modliszka\AppData\Local\Temp\_is6D53.exe C:\Users\Modliszka\AppData\Local\Temp\{1704E54C-2E2B-4EF7-A360-FE5757C05070}-25.0.1364.152_25.0.1364.97_chrome_updater.exe C:\Users\Modliszka\AppData\Local\Temp\{F52EAD7D-E8E0-40E3-8A95-1FAB26B4CED2}-GoogleUpdateSetup.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-11-13 16:33 ==================== Koniec FRST.txt ============================