• Ogłoszenie:

Samoistna zmiana pulpitu na czarny ... prosze o sprawdznie w

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Samoistna zmiana pulpitu na czarny ... prosze o sprawdznie w

Postprzez tm72 08 Kwi 2018, 01:19

reklama
Kod: Zaznacz wszystko
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by tomi (administrator) on TOMI-PC (07-04-2018 19:14:13)
Running from D:\pobrane
Loaded Profiles: tomi (Available Profiles: tomi)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(mSejf sp. z o. o.) C:\Program Files\msejf\mSejf.Service.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() D:\pobrane\izswk9qf.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2333968 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [1705432 2018-02-25] (Hola Networks Ltd.) <==== ATTENTION
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [300440 2017-12-20] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: {0230270c-ae8d-11e5-998e-d4182697c988} - G:\SISetup.exe
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: {28a3c274-bb1b-11e5-babb-afa8e6cdfba8} - J:\autorun.EXE
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: {7ed7b40d-772c-11e5-9adb-ad13e4614a8e} - H:\setup.exe
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: {8cb3cbe0-88cb-11e5-8ae5-c6de74289fab} - H:\setup.exe
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: {8cb3cbe7-88cb-11e5-8ae5-c6de74289fab} - G:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1D8EA000-0427-4ECB-8825-025CAF50EBED}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us
SearchScopes: HKU\S-1-5-21-1739965647-1358995362-2564215144-1000 -> DefaultScope {0D7562AE-8EF6-416d-A838-AB665251703A} URL =
SearchScopes: HKU\S-1-5-21-1739965647-1358995362-2564215144-1000 -> {372EB48D-C594-46D7-B379-A77AB46A8D9B} URL = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-16] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-16] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\tomi\AppData\Roaming\TomTom\HOME\Profiles\f8dicxvm.default [2016-01-02]
FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2016-01-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default [2018-04-07]
FF Homepage: Mozilla\Firefox\Profiles\l36maxt0.default -> hxxp://www.interia.pl/
FF NetworkProxy: Mozilla\Firefox\Profiles\l36maxt0.default -> autoconfig_url", "data:text/javascript,"
FF Extension: (Hola Better Internet) - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2017-10-18] [Legacy]
FF Extension: (Screen Sharing Extension for webRTC) - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default\Extensions\support@intervuelive.com.xpi [2016-09-27] [Legacy]
FF Extension: (EPUBReader) - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2017-08-31]
FF Extension: (Adblock Plus) - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF SearchPlugin: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default\searchplugins\bingp.xml [2015-03-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\tomi\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-04-04] ()
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\tomi\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-04-04] (Hola)
FF Plugin HKU\S-1-5-21-1739965647-1358995362-2564215144-1000: @hola.org/FlashPlayer -> C:\Users\tomi\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-04-04] ()
FF Plugin HKU\S-1-5-21-1739965647-1358995362-2564215144-1000: @hola.org/vlc -> C:\Users\tomi\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-04-04] (Hola)
FF Plugin HKU\S-1-5-21-1739965647-1358995362-2564215144-1000: ubisoft.com/uplaypc -> D:\set7\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default [2018-02-14]
CHR Extension: (Prezentacje) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14]
CHR Extension: (Dokumenty) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14]
CHR Extension: (Dysk Google) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-08]
CHR Extension: (YouTube) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-08]
CHR Extension: (Arkusze) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-08]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-08]
CHR Extension: (e-pity - dodatek) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoeigeaodhbjogdigckajfhjbonaofg [2018-02-14]
CHR Extension: (Gmail) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-14]
CHR HKLM\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-24] (Digital Wave Ltd.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1539560 2017-12-20] (ESET)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-12-29] (Teruten) [File not signed]
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [17119704 2018-02-25] (Hola Networks Ltd.) <==== ATTENTION
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [4698752 2016-04-12] (Hola Networks Ltd.) <==== ATTENTION
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2011-01-21] (HP) [File not signed]
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [97912 2012-12-25] (HP) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 msejf.Service; C:\Program Files\msejf\mSejf.Service.exe [16928 2011-09-07] (mSejf sp. z o. o.)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2017-02-22] (Microsoft)
R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646056 2011-03-31] (Rosetta Stone Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50432 2013-09-20] (Advanced Micro Devices)
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-04] (Atheros Communications, Inc.)
R3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [64088 2012-08-13] (Broadcom Corporation)
R3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [18520 2012-08-13] (Broadcom Corporation)
R3 bScsiMSx; C:\Windows\System32\DRIVERS\bScsiMSx.sys [46168 2012-06-19] (Broadcom Corporation)
R3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-08-20] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [114552 2017-12-04] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141480 2017-12-04] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [90136 2017-12-04] (ESET)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [14672 2012-06-29] (ELAN Microelectronic Corp.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-12-29] () [File not signed]
R3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2013-03-06] (The OpenVPN Project)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2009-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 kxldipod; \??\C:\Users\tomi\AppData\Local\Temp\kxldipod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-07 19:14 - 2018-04-07 19:14 - 000000000 ____D C:\FRST
2018-04-06 12:21 - 2018-04-06 12:21 - 000000000 ____D C:\Users\tomi\Documents\Autodesk Application Manager
2018-04-06 12:21 - 2018-04-06 12:21 - 000000000 ____D C:\Users\tomi\AppData\Roaming\Autodesk
2018-04-06 12:21 - 2018-04-06 12:21 - 000000000 ____D C:\Users\tomi\AppData\Local\Autodesk
2018-04-06 12:18 - 2018-04-06 12:23 - 000000000 ____D C:\ProgramData\Autodesk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-07 18:36 - 2015-07-25 16:15 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-04-07 17:26 - 2009-07-14 00:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-07 17:26 - 2009-07-14 00:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-07 17:24 - 2015-03-25 22:27 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-07 17:24 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-04-07 17:23 - 2017-11-30 21:34 - 000000000 ____D C:\Users\tomi\AppData\LocalLow\Mozilla
2018-04-07 17:18 - 2016-01-03 13:10 - 000000344 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2018-04-07 17:18 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-06 16:28 - 2017-11-30 16:48 - 000000000 ____D C:\Users\tomi\AppData\Local\PokerStars
2018-04-06 12:21 - 2015-03-26 02:05 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-21 20:04 - 2017-10-08 13:30 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 20:04 - 2017-10-08 13:30 - 000002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-13 21:47 - 2015-03-28 03:10 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-03-13 21:47 - 2015-03-28 03:10 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-03-13 21:47 - 2015-03-28 03:09 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-12 06:34 - 2015-11-11 09:47 - 000000000 ____D C:\Users\tomi\AppData\Local\JDownloader 2.0

Files to move or delete:
====================
C:\Program Files\Hola\app\hola.exe


Some files in TEMP:
====================
2018-04-06 12:19 - 2017-01-18 13:50 - 000066472 _____ (Autodesk, Inc.) C:\Users\tomi\AppData\Local\Temp\AcDeltree.exe
2018-02-16 09:30 - 2018-02-16 09:30 - 001864256 _____ (Oracle Corporation) C:\Users\tomi\AppData\Local\Temp\jre-8u161-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


Frst nie dziala !
Awatar użytkownika
tm72
~user
 
Posty: 1306
Dołączenie: 02 Sie 2004, 09:37
Miejscowość: Tychy/Mississauga
Pochwały: 48



Samoistna zmiana pulpitu na czarny ... prosze o sprawdznie w

Postprzez ordynat 08 Kwi 2018, 07:14

Brak logu Addition.txt.

Otwórz Notatnik i wklej w nim:
C:\Program Files\Hola\app\hola.exe
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 kxldipod; \??\C:\Users\tomi\AppData\Local\Temp\kxldipod.sys [X]
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [17119704 2018-02-25] (Hola Networks Ltd.) <==== ATTENTION
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [4698752 2016-04-12] (Hola Networks Ltd.) <==== ATTENTION
C:\Program Files\Hola\app\hola_svc.exe
C:\Program Files\Hola\app\hola_updater.exe
SearchScopes: HKU\S-1-5-21-1739965647-1358995362-2564215144-1000 -> DefaultScope {0D7562AE-8EF6-416d-A838-AB665251703A} URL =
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [1705432 2018-02-25] (Hola Networks Ltd.) <==== ATTENTION
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść w folderze D:\pobrane
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
.
ordynat
~user
 
Posty: 4765
Dołączenie: 02 Kwi 2010, 11:18
Pochwały: 866



Samoistna zmiana pulpitu na czarny ... prosze o sprawdznie w

Postprzez tm72 08 Kwi 2018, 20:03

Witam,

zrobilem jak napisales wyglada na to ze wszystko wrocilo do normy ... wkleic jakis log jeszcze i z czego?
Awatar użytkownika
tm72
~user
 
Posty: 1306
Dołączenie: 02 Sie 2004, 09:37
Miejscowość: Tychy/Mississauga
Pochwały: 48



Samoistna zmiana pulpitu na czarny ... prosze o sprawdznie w

Postprzez ordynat 08 Kwi 2018, 20:10

Na wszelki wypadek zrób nowe logi FRST - sprawdzę głównie log Addition.txt
ordynat
~user
 
Posty: 4765
Dołączenie: 02 Kwi 2010, 11:18
Pochwały: 866



Samoistna zmiana pulpitu na czarny ... prosze o sprawdznie w

Postprzez tm72 08 Kwi 2018, 20:49

Kod: Zaznacz wszystko
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by tomi (08-04-2018 14:44:54)
Running from D:\pobrane
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2015-03-26 02:23:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1739965647-1358995362-2564215144-500 - Administrator - Disabled)
Guest (S-1-5-21-1739965647-1358995362-2564215144-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1739965647-1358995362-2564215144-1005 - Limited - Enabled)
tomi (S-1-5-21-1739965647-1358995362-2564215144-1000 - Administrator - Enabled) => C:\Users\tomi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
AirDroid 3.2.2.0 (HKLM\...\AirDroid) (Version: 3.2.2.0 - Sand Studio)
AMD Catalyst Install Manager (HKLM\...\{C2796CF4-6517-00C1-9F70-6A9C50680D29}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AviSynth (HKLM\...\AviSynth) (Version: 2.6.0 MT - )
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
doPDF (HKLM\...\{1F138024-1B3C-4115-BA8A-E27BC94C7C3A}) (Version: 8.8.947 - Softland) Hidden
doPDF 8 (HKLM\...\{40114d1e-366c-42d4-a83c-70c0adfbccf6}) (Version: 8.8.947 - Softland)
e-pity 9.2.11 za rok 2017 (HKLM\...\{80D8170E-5590-218-B9ED-E24E4C99A11D}_is1) (Version: 9.2.11 - e-file sp. z o.o. sp.k.)
ESET Security (HKLM\...\{F2816494-CF25-4B95-B483-1BC3B202BA74}) (Version: 11.0.144.0 - ESET, spol. s r.o.)
Free Audio Converter (HKLM\...\Free Audio Converter_is1) (Version: 5.0.72.1224 - DVDVideoSoft Ltd.)
FreeMouseAutoClicker 3.8.5 (HKLM\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hola™ 1.84.906 - Better Internet (HKLM\...\Hola) (Version: 1.84.906 - Hola Networks Ltd.) <==== ATTENTION
HP LaserJet Professional CP1020 Series (HKLM\...\HP LaserJet Professional CP1020 Series) (Version:  - )
HPLJUT (HKLM\...\{229D6185-BD7E-494B-A73B-C5215BE0690E}) (Version: 1.00.0012 - HP) Hidden
hppLaserJetService (HKLM\...\{5093AE98-D510-4BEB-BAC1-7FC8ECE35B98}) (Version: 007.015.00635 - Hewlett-Packard) Hidden
Java 8 Update 161 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 9.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.7.0 - )
Kodi (HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0.2 (x86 pl) (HKLM\...\Mozilla Firefox 57.0.2 (x86 pl)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
msejf (HKLM\...\{0D2F1A48-CB56-481F-BD7A-F75CAFCD2E7E}) (Version: 2.2.6.0 - mSejf sp. z o.o.)
MyFreeCodec (HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MyFreeCodec) (Version:  - )
novaPDF 8 Printer Driver (HKLM\...\{55E1863B-6AA1-4EE7-BAAE-DD658C86C524}) (Version: 8.8.947 - Softland)
OpenOffice 4.1.1 (HKLM\...\{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}) (Version: 4.11.9775 - Apache Software Foundation)
PhotoFiltre 7 (HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\PhotoFiltre 7) (Version:  - )
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
Python 2.7.11 (HKLM\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Rosetta Stone Ltd Services (HKLM\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM\...\{4010ADCB-1347-D570-FCF1-3002CABEBD2F}) (Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (HKLM\...\{8A1FEA5E-8DB8-AD80-5C14-AEF33D16EF5A}) (Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (HKLM\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.39 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Smart Switch (HKLM\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.2.0 - Synaptics Incorporated)
TomTom HOME (HKLM\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraISO Premium V9.53 (HKLM\...\UltraISO_is1) (Version:  - )
Universal Media Server (HKLM\...\Universal Media Server) (Version: 6.5.0 - Universal Media Server)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.21 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1739965647-1358995362-2564215144-1000_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> E:\folder drive\programy\BESTplayer.exe (Karol Winnicki)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-20] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-03-10] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-20] (ESET)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2009-04-02] (EZB Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2009-04-02] (EZB Systems, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2013-12-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-20] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2009-04-02] (EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-03-10] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {463B62CB-911D-4440-BC70-7C2CDA5926FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {4ADE23C3-64CF-45FE-B3F2-C961DB8D4630} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {4CFB876F-3C5B-4879-93B0-7FE20BA2F254} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-08] (Google Inc.)
Task: {6058C3D4-3A77-4788-9D2E-A48E79022347} - System32\Tasks\DriverToolkit Autorun => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: {6DBFBCAA-A71C-4703-8666-1154FF95CF77} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2017-02-22] ()
Task: {6DDB5946-DC20-49EE-9903-CD34E74D0C26} - System32\Tasks\{9AA76439-746D-4816-9047-083472751161} => C:\Windows\system32\pcalua.exe -a "D:\stery acer5560\broadcom_bcm_43xx_wlan_6_30_223_234_driver\broadcom_bcm43xx_6.30.223.234\Setup.exe" -d "D:\stery acer5560\broadcom_bcm_43xx_wlan_6_30_223_234_driver\broadcom_bcm43xx_6.30.223.234"
Task: {6F0CA830-6A24-4E68-80B9-FB051EE80F87} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {84AC91CF-1CDD-463D-B6C3-4502F562B5BD} - System32\Tasks\SmartShare => C:\Program Files\LG Software\LG Smart Share\SmartShareStart.exe
Task: {8FEE362D-178C-410C-8E7F-9252BB47474D} - System32\Tasks\{1C52B553-FE14-403C-A12C-A33EBEA8B571} => C:\Windows\system32\pcalua.exe -a D:\pobrane\VGA_AMD_8.834.1.2000_W7x64_A\VGA_AMD_8.834.1.2000_W7x64\Setup.exe -d D:\pobrane\VGA_AMD_8.834.1.2000_W7x64_A\VGA_AMD_8.834.1.2000_W7x64
Task: {96A3F31A-20A2-456D-B995-A2B8E62A70C5} - System32\Tasks\cenzura! => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {B302B53F-A7DE-43AF-8FA4-D8C5C65A302E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {B8FF0CE3-CBC8-443B-BB02-CBD7DA155C06} - System32\Tasks\{57723D82-9F49-46CB-8D13-553F593C2C47} => C:\Windows\system32\pcalua.exe -a "D:\stery acer5560\broadcom_bcm_43xx_wlan_6_30_223_234_driver\broadcom_bcm43xx_6.30.223.234\Setup.exe" -d "D:\stery acer5560\broadcom_bcm_43xx_wlan_6_30_223_234_driver\broadcom_bcm43xx_6.30.223.234"
Task: {CC128A10-A8D0-4433-B5A1-59337552DBA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-08] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-12-29 20:47 - 2012-11-28 06:18 - 000119808 _____ () C:\Windows\System32\HPCP1020LM.DLL
2013-12-06 19:05 - 2013-12-06 19:05 - 000203776 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 08:18 - 2013-07-26 08:18 - 003854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-07-26 08:18 - 2013-07-26 08:18 - 000618496 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-12-06 19:04 - 2013-12-06 19:04 - 000114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-01-07 15:10 - 2015-12-24 18:34 - 000110952 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-01-07 15:10 - 2015-12-24 18:34 - 000104296 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-01-07 15:10 - 2015-12-24 18:34 - 000020328 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-01-07 15:10 - 2015-12-24 18:34 - 000253800 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\collector.dll
2016-01-07 15:10 - 2015-12-24 18:34 - 000295272 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\stat.dll
2016-01-07 15:10 - 2015-12-24 18:34 - 000044392 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2017-02-22 05:18 - 2017-02-22 05:18 - 000137632 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT.dll
2013-12-06 19:04 - 2013-12-06 19:04 - 000095744 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\hola.org -> hxxp://hola.org

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\tomi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Universal Media Server.lnk => C:\Windows\pss\Universal Media Server.lnk.CommonStartup
MSCONFIG\startupreg: AirDroid 3 => C:\Program Files\AirDroid\AirDroid.exe /start
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\tomi\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C1ECED41-EB8F-47F1-B274-467247C97500}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C18E2565-C1D6-4536-8CD3-251DC79C06E5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6C20479E-B803-43F0-87C9-6697E606FF2B}] => (Allow) C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{3CF452A4-4335-414F-8C51-C371F6DB380F}] => (Allow) C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{BA27B03B-9F35-4C41-AD90-BFB9AEBC8101}] => (Allow) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{EEA110FD-C067-4C85-A858-6E8B7708812F}] => (Allow) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{1E3D208F-E0F3-4306-9113-64DA84E8FA62}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{53FA51AB-3A28-4361-8FE6-46DD39C7DFFB}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{89713006-A9D1-4997-BFA7-B993E1D4D90D}] => (Allow) C:\Users\tomi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D3AB4725-B865-42CD-9BD4-2DCCA047484F}] => (Allow) C:\Users\tomi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD222BD5-400C-417A-9B7E-840A01E9FDE0}] => (Allow) C:\Users\tomi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8B1C4529-1A34-4AE7-9FCA-09E6334B2F6E}] => (Allow) C:\Users\tomi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F55A6C4A-62F8-4880-9A00-6EE28C5C13EB}] => (Allow) C:\Users\tomi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9BBBD3F-1F96-4DB7-A292-99A0749BCEA0}] => (Allow) C:\Users\tomi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3D24237C-14DF-4953-BF96-1CF8B9F39D7F}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{F1C1E7A0-D630-4289-8655-445AB703ED99}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{A002EFD2-E7F0-4253-8160-6394C13B7A07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BB3B2642-9770-4AEB-AD95-141F80FD8F05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DF235230-0DD8-483A-BA0D-631224FD8239}] => (Allow) LPort=8501
FirewallRules: [{C5B2AF29-1640-437F-8848-C78A3FBA1218}] => (Allow) LPort=8501
FirewallRules: [TCP Query User{A0568C8C-22A8-44E3-8788-801B1FC311FF}C:\users\tomi\desktop\my mobile\mymobiler\mymobiler.exe] => (Allow) C:\users\tomi\desktop\my mobile\mymobiler\mymobiler.exe
FirewallRules: [UDP Query User{D92F8303-5869-4514-8F47-EEFDD6E57184}C:\users\tomi\desktop\my mobile\mymobiler\mymobiler.exe] => (Allow) C:\users\tomi\desktop\my mobile\mymobiler\mymobiler.exe
FirewallRules: [{E9379AC6-DAD1-4035-86A0-EB5F1B09C581}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DD1952CC-D7CD-4842-B0DB-456C81173661}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E9BA8F8E-D603-49ED-8EC7-9E83C258ACA5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-03-2018 03:43:48 Scheduled Checkpoint
11-03-2018 15:50:34 Scheduled Checkpoint
24-03-2018 17:07:54 Scheduled Checkpoint
01-04-2018 11:40:50 Scheduled Checkpoint
06-04-2018 12:20:40 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

==================== Faulty Device Manager Devices =============

Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2018 07:15:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST.exe, version: 14.3.2018.0, time stamp: 0x5aa9504c
Faulting module name: FRST.exe, version: 14.3.2018.0, time stamp: 0x5aa9504c
Exception code: 0xc0000005
Fault offset: 0x0002129e
Faulting process id: 0x1b4
Faulting application start time: 0x01d3cec61af3d51c
Faulting application path: D:\pobrane\FRST.exe
Faulting module path: D:\pobrane\FRST.exe
Report Id: 8ceb4799-3ab9-11e8-8344-f7b15ee1999b

Error: (04/06/2018 12:24:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\jdownload\Autodesk AutoCAD Architecture 2018\Autodesk AutoCAD Architecture 2018\AutoCADArchitect\Setup\UninstallReqCheck_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/06/2018 12:14:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\jdownload\Autodesk AutoCAD Architecture 2018\Autodesk AutoCAD Architecture 2018\AutoCAD_Architecture_2018_English_Win_64bit_dlm\Setup\UninstallReqCheck_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/19/2018 06:08:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 57.0.2.6549, time stamp: 0x5a284a78
Faulting module name: xul.dll, version: 57.0.2.6549, time stamp: 0x5a284a66
Exception code: 0x80000003
Fault offset: 0x00c13d00
Faulting process id: 0x119c
Faulting application start time: 0x01d3a9ce145e637b
Faulting application path: C:\Program Files\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files\Mozilla Firefox\xul.dll
Report Id: 68b74f52-15c1-11e8-82d6-b8b9c3e03de8

Error: (01/07/2018 03:18:36 PM) (Source: MsiInstaller) (EventID: 1021) (User: tomi-PC)
Description: Product: Google Update Helper - Update '{1CAD0644-2CF1-4EA6-B512-0F59D9EAB13C}' could not be removed. Error code 1647. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/06/2018 01:25:28 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (1424) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (01/05/2018 12:49:56 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: HB_StopScreenSaver
Object description:
The HRESULT was 80070005.

Error: (12/30/2017 09:47:02 AM) (Source: CONTENTWALL) (EventID: 2) (User: NT AUTHORITY)
Description: Event-ID 2


System errors:
=============
Error: (04/07/2018 05:17:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:16:48 PM on ‎4/‎7/‎2018 was unexpected.

Error: (04/07/2018 05:15:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:39:37 PM on ‎4/‎7/‎2018 was unexpected.

Error: (03/15/2018 10:51:34 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (03/03/2018 03:04:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (02/19/2018 06:06:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:04:13 PM on ‎2/‎19/‎2018 was unexpected.

Error: (02/14/2018 08:23:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The AMD FUEL Service service hung on starting.

Error: (02/13/2018 07:32:29 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/04/2018 04:55:18 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.


Windows Defender:
===================================
Date: 2017-08-16 00:01:05.489
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{33D63FF7-A27C-4E2F-9BE5-95DD0C0B6D0A}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-07-26 17:41:32.952
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{C73766C1-53BA-40E5-95BC-6A677438C54D}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

CodeIntegrity:
===================================

Date: 2018-01-20 16:52:35.519
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod2351.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-01-20 16:52:35.089
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod2351.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-01-20 16:52:34.748
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod2351.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2015-11-13 08:58:43.800
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\AV\ESET Smart Security 5.2\upgrade.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-12 08:31:19.562
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\AV\ESET Smart Security 5.2\upgrade.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 67%
Total physical RAM: 3062.11 MB
Available physical RAM: 1000.83 MB
Total Virtual: 6122.5 MB
Available Virtual: 2717.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:137.16 GB) (Free:91.23 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:410.16 GB) (Free:323.4 GB) NTFS
Drive e: () (Fixed) (Total:27.37 GB) (Free:4.49 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: E8178FDA)
Partition 1: (Not Active) - (Size=410.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=27.4 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=137.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=21.5 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================


Kod: Zaznacz wszystko
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by tomi (administrator) on TOMI-PC (08-04-2018 14:42:10)
Running from D:\pobrane
Loaded Profiles: tomi (Available Profiles: tomi)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(HP) C:\Windows\System32\HPSIsvc.exe
(mSejf sp. z o. o.) C:\Program Files\msejf\mSejf.Service.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2333968 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [300440 2017-12-20] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: {0230270c-ae8d-11e5-998e-d4182697c988} - G:\SISetup.exe
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: {28a3c274-bb1b-11e5-babb-afa8e6cdfba8} - J:\autorun.EXE
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: {7ed7b40d-772c-11e5-9adb-ad13e4614a8e} - H:\setup.exe
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: {8cb3cbe0-88cb-11e5-8ae5-c6de74289fab} - H:\setup.exe
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\...\MountPoints2: {8cb3cbe7-88cb-11e5-8ae5-c6de74289fab} - G:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1D8EA000-0427-4ECB-8825-025CAF50EBED}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1739965647-1358995362-2564215144-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us
SearchScopes: HKU\S-1-5-21-1739965647-1358995362-2564215144-1000 -> {372EB48D-C594-46D7-B379-A77AB46A8D9B} URL = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-16] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-16] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\tomi\AppData\Roaming\TomTom\HOME\Profiles\f8dicxvm.default [2016-01-02]
FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2016-01-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default [2018-04-08]
FF Homepage: Mozilla\Firefox\Profiles\l36maxt0.default -> hxxp://www.interia.pl/
FF NetworkProxy: Mozilla\Firefox\Profiles\l36maxt0.default -> autoconfig_url", "data:text/javascript,"
FF Extension: (Hola Better Internet) - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2017-10-18] [Legacy]
FF Extension: (Screen Sharing Extension for webRTC) - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default\Extensions\support@intervuelive.com.xpi [2016-09-27] [Legacy]
FF Extension: (EPUBReader) - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2017-08-31]
FF Extension: (Adblock Plus) - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF SearchPlugin: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\l36maxt0.default\searchplugins\bingp.xml [2015-03-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\tomi\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-04-04] ()
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\tomi\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-04-04] (Hola)
FF Plugin HKU\S-1-5-21-1739965647-1358995362-2564215144-1000: @hola.org/FlashPlayer -> C:\Users\tomi\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-04-04] ()
FF Plugin HKU\S-1-5-21-1739965647-1358995362-2564215144-1000: @hola.org/vlc -> C:\Users\tomi\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-04-04] (Hola)
FF Plugin HKU\S-1-5-21-1739965647-1358995362-2564215144-1000: ubisoft.com/uplaypc -> D:\set7\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default [2018-04-08]
CHR Extension: (Prezentacje) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14]
CHR Extension: (Dokumenty) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14]
CHR Extension: (Dysk Google) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-08]
CHR Extension: (YouTube) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-08]
CHR Extension: (Arkusze) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-08]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-08]
CHR Extension: (e-pity - dodatek) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoeigeaodhbjogdigckajfhjbonaofg [2018-02-14]
CHR Extension: (Gmail) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-14]
CHR HKLM\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-24] (Digital Wave Ltd.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1539560 2017-12-20] (ESET)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-12-29] (Teruten) [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2011-01-21] (HP) [File not signed]
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [97912 2012-12-25] (HP) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 msejf.Service; C:\Program Files\msejf\mSejf.Service.exe [16928 2011-09-07] (mSejf sp. z o. o.)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2017-02-22] (Microsoft)
R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646056 2011-03-31] (Rosetta Stone Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50432 2013-09-20] (Advanced Micro Devices)
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-04] (Atheros Communications, Inc.)
R3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [64088 2012-08-13] (Broadcom Corporation)
R3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [18520 2012-08-13] (Broadcom Corporation)
R3 bScsiMSx; C:\Windows\System32\DRIVERS\bScsiMSx.sys [46168 2012-06-19] (Broadcom Corporation)
R3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-08-20] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [114552 2017-12-04] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141480 2017-12-04] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [90136 2017-12-04] (ESET)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [14672 2012-06-29] (ELAN Microelectronic Corp.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-12-29] () [File not signed]
R3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2013-03-06] (The OpenVPN Project)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-08 13:55 - 2018-04-08 13:55 - 000000852 _____ C:\Users\tomi\Desktop\fixlist.txt
2018-04-07 19:14 - 2018-04-08 14:42 - 000000000 ____D C:\FRST
2018-04-06 12:21 - 2018-04-06 12:21 - 000000000 ____D C:\Users\tomi\Documents\Autodesk Application Manager
2018-04-06 12:21 - 2018-04-06 12:21 - 000000000 ____D C:\Users\tomi\AppData\Roaming\Autodesk
2018-04-06 12:21 - 2018-04-06 12:21 - 000000000 ____D C:\Users\tomi\AppData\Local\Autodesk
2018-04-06 12:18 - 2018-04-06 12:23 - 000000000 ____D C:\ProgramData\Autodesk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-08 14:07 - 2009-07-14 00:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-08 14:07 - 2009-07-14 00:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-08 14:05 - 2015-03-25 22:27 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-08 14:05 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-04-08 14:01 - 2017-11-30 21:34 - 000000000 ____D C:\Users\tomi\AppData\LocalLow\Mozilla
2018-04-08 13:59 - 2016-01-03 13:10 - 000000344 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2018-04-08 13:59 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-08 13:57 - 2016-01-06 02:21 - 000000000 ____D C:\Windows\system32\temp
2018-04-07 18:36 - 2015-07-25 16:15 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-04-06 16:28 - 2017-11-30 16:48 - 000000000 ____D C:\Users\tomi\AppData\Local\PokerStars
2018-04-06 12:21 - 2015-03-26 02:05 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-21 20:04 - 2017-10-08 13:30 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 20:04 - 2017-10-08 13:30 - 000002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-13 21:47 - 2015-03-28 03:10 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-03-13 21:47 - 2015-03-28 03:10 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-03-13 21:47 - 2015-03-28 03:09 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-12 06:34 - 2015-11-11 09:47 - 000000000 ____D C:\Users\tomi\AppData\Local\JDownloader 2.0

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-31 11:31

==================== End of FRST.txt ============================
Awatar użytkownika
tm72
~user
 
Posty: 1306
Dołączenie: 02 Sie 2004, 09:37
Miejscowość: Tychy/Mississauga
Pochwały: 48



Samoistna zmiana pulpitu na czarny ... prosze o sprawdznie w

Postprzez ordynat 08 Kwi 2018, 23:07

Tylko kosmetyka:
Otwórz Notatnik i wklej w nim:
Task: {6DDB5946-DC20-49EE-9903-CD34E74D0C26} - System32\Tasks\{9AA76439-746D-4816-9047-083472751161} => C:\Windows\system32\pcalua.exe -a "D:\stery acer5560\broadcom_bcm_43xx_wlan_6_30_223_234_driver\broadcom_bcm43xx_6.30.223.234\Setup.exe" -d "D:\stery acer5560\broadcom_bcm_43xx_wlan_6_30_223_234_driver\broadcom_bcm43xx_6.30.223.234"
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface
C:\Users\tomi\AppData\Local\Akamai\netsession_win.exe
Task: {8FEE362D-178C-410C-8E7F-9252BB47474D} - System32\Tasks\{1C52B553-FE14-403C-A12C-A33EBEA8B571} => C:\Windows\system32\pcalua.exe -a D:\pobrane\VGA_AMD_8.834.1.2000_W7x64_A\VGA_AMD_8.834.1.2000_W7x64\Setup.exe -d D:\pobrane\VGA_AMD_8.834.1.2000_W7x64_A\VGA_AMD_8.834.1.2000_W7x64
Task: {B8FF0CE3-CBC8-443B-BB02-CBD7DA155C06} - System32\Tasks\{57723D82-9F49-46CB-8D13-553F593C2C47} => C:\Windows\system32\pcalua.exe -a "D:\stery acer5560\broadcom_bcm_43xx_wlan_6_30_223_234_driver\broadcom_bcm43xx_6.30.223.234\Setup.exe" -d "D:\stery acer5560\broadcom_bcm_43xx_wlan_6_30_223_234_driver\broadcom_bcm43xx_6.30.223.234"
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść w folderze D:\pobrane
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

.

Autor postu otrzymał pochwałę
ordynat
~user
 
Posty: 4765
Dołączenie: 02 Kwi 2010, 11:18
Pochwały: 866



Samoistna zmiana pulpitu na czarny ... prosze o sprawdznie w

Postprzez tm72 09 Kwi 2018, 16:00

Podziekowal wszystko ok. Pozdrawiam Tomaszek
Awatar użytkownika
tm72
~user
 
Posty: 1306
Dołączenie: 02 Sie 2004, 09:37
Miejscowość: Tychy/Mississauga
Pochwały: 48




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 16 gości