Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 12.02.2018 Uruchomiony przez Tom (administrator) COMPUTER (16-02-2018 23:43:23) Uruchomiony z C:\Users\Tom\Desktop\Programy\Naprawa Załadowane profile: Tom (Dostępne profile: Tom) Platform: Windows 8.1 Pro (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Astonsoft) C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-04] (AVAST Software) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-30] (Realtek Semiconductor) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17509232 2015-02-06] (Astonsoft) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [AceStream] => C:\Users\Tom\AppData\Roaming\ACEStream\engine\ace_engine.exe [28024 2017-03-20] (Innovative Digital Technologies) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [Spotify] => C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe [21091728 2018-02-04] (Spotify Ltd) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Run: [Spotify Web Helper] => C:\Users\Tom\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-02-04] (Spotify Ltd) HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\MountPoints2: {62e6dd3c-6dc6-11e5-8470-d43d7e59adea} - "K:\Kurs_AutoCAD_2010_PL.exe" HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\MountPoints2: {62e6dd3e-6dc6-11e5-8470-d43d7e59adea} - "L:\setup.exe" HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\MountPoints2: {81b0fd73-c9ba-11e4-826b-d43d7e59adea} - "L:\setup.exe" HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\MountPoints2: {c9194106-3d29-11e7-8b1c-d43d7e59adea} - "E:\LGAutoRun.exe" GroupPolicy: Ograniczenia <==== UWAGA GroupPolicy\User: Ograniczenia <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 127.0.0.1 clients2.google.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{112643C3-9924-43EF-B654-4E66957BA431}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B3B9B21C-B20B-4C18-A81C-88CD5F48FB07}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3585312160-345975134-3153727662-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811141 HKU\S-1-5-21-3585312160-345975134-3153727662-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp HKU\S-1-5-21-3585312160-345975134-3153727662-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome SearchScopes: HKU\S-1-5-21-3585312160-345975134-3153727662-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B50A97ECF-19C2-403C-B8D8-053718DD94B3%7D&gp=811142 SearchScopes: HKU\S-1-5-21-3585312160-345975134-3153727662-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B50A97ECF-19C2-403C-B8D8-053718DD94B3%7D&gp=811142 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-16] (AVAST Software) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2018-01-09] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-16] (AVAST Software) BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Tom\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2018-01-09] (Mail.Ru) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2018-01-09] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf.default [2018-02-16] FF Homepage: Mozilla\Firefox\Profiles\1cZrfFOf.default -> hxxp://mail.ru/cnt/10445?gp=811141 FF NewTab: Mozilla\Firefox\Profiles\1cZrfFOf.default -> FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf.default\Extensions\homepage@mail.ru.xpi [2018-01-09] FF Extension: (Mail.Ru) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf.default\Extensions\search@mail.ru.xpi [2018-01-09] FF Extension: (uBlock Origin) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf.default\Extensions\uBlock0@raymondhill.net.xpi [2017-04-08] [Przestarzałe] FF Extension: (Пульт) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi [2018-01-09] FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf.default\searchplugins\luck.xml [2017-04-06] FF HKU\S-1-5-21-3585312160-345975134-3153727662-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Tom\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi FF Extension: (__MSG_extName__) - C:\Users\Tom\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-11-09] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-01-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-01-09] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3585312160-345975134-3153727662-1001: @acestream.net/acestreamplugin,version=3.1.12.1 -> C:\Users\Tom\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies) FF Plugin HKU\S-1-5-21-3585312160-345975134-3153727662-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\Tom\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies) Chrome: ======= CHR DefaultProfile: Profile 4 CHR HomePage: Profile 4 -> inline.go.mail.ru CHR StartupUrls: Profile 4 -> "hxxp://google.pl/" CHR DefaultSearchURL: Profile 4 -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.23 CHR DefaultSearchKeyword: Profile 4 -> inline.go.mail.ru CHR DefaultSuggestURL: Profile 4 -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms} CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-02-16] CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 4 [2018-02-16] CHR Extension: (Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-08] CHR Extension: (Dysk Google) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-08] CHR Extension: (Mail.Ru) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2018-01-09] CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-08] CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2018-01-09] CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-08] CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 5 [2018-02-16] CHR Extension: (Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-08] CHR Extension: (Dysk Google) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-08] CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-08] CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-08] CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-16] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3585312160-345975134-3153727662-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dijfnbhlogmffhgpelodglnnkncadnbi] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-04] (AVAST Software) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-04] (AVAST Software) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-04] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-04] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-04] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-04] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-04] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-04] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-04] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-10] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-04] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-04] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-10] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-04] (AVAST Software) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-13] (Disc Soft Ltd) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] () R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-01-10] (NVIDIA Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-08-27] (Duplex Secure Ltd.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-16 23:31 - 2018-02-16 23:31 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\uTorrent 2018-02-16 21:55 - 2018-02-16 21:55 - 000000000 ____D C:\ProgramData\SWCUTemp 2018-02-14 20:10 - 2018-02-14 20:10 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-02-14 20:09 - 2018-02-14 20:09 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-02-10 23:14 - 2018-02-16 23:14 - 000000000 ___HD C:\Users\Tom\AppData\Local\Local Recovery 2018-02-09 18:47 - 2018-02-09 18:48 - 000000000 ____D C:\Users\Tom\Desktop\OneDrive-2018-02-09 2018-02-07 21:53 - 2018-02-07 21:53 - 000046643 _____ C:\Users\Tom\Desktop\FS 13_U_2018 końcowa faktura.pdf 2018-02-03 16:57 - 2018-02-03 16:57 - 000031901 _____ C:\Users\Tom\Desktop\25531423_494_d.jpeg 2018-01-29 23:14 - 2018-02-16 23:41 - 000153088 _____ C:\Windows\SysWOW64\conhost64.exe 2018-01-28 23:42 - 2018-01-28 23:42 - 009649770 _____ C:\Users\Tom\Desktop\katalog_DRZWI_WIKĘD_2017_Luty.pdf 2018-01-24 23:23 - 2018-01-24 23:23 - 012439515 _____ C:\Users\Tom\Downloads\2007-kia-sportage-99254.pdf 2018-01-22 23:02 - 2018-01-22 23:02 - 000284540 _____ C:\Users\Tom\Downloads\Wniosek - rejestr. pojazdu sprowadzonego z zagranicy.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-16 23:42 - 2015-03-06 18:16 - 000000000 ____D C:\ProgramData\NVIDIA 2018-02-16 23:42 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-02-16 23:41 - 2017-04-07 22:32 - 000000000 ____D C:\FRST 2018-02-16 23:41 - 2015-03-13 23:05 - 000000000 ____D C:\Users\Tom\AppData\Local\CrashDumps 2018-02-16 23:40 - 2018-01-09 23:14 - 000003484 _____ C:\Windows\System32\Tasks\oudkhUIy 2018-02-16 23:31 - 2016-06-02 20:29 - 000000000 ____D C:\Users\Tom\AppData\Roaming\uTorrent 2018-02-16 23:29 - 2018-01-09 18:50 - 000000000 ____D C:\Users\Tom\Documents\FIFA 18 2018-02-16 23:29 - 2015-03-14 15:56 - 000000000 ____D C:\Gry 2018-02-16 23:24 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2018-02-16 22:06 - 2013-09-30 05:15 - 001838024 _____ C:\Windows\system32\PerfStringBackup.INI 2018-02-16 22:06 - 2013-09-30 04:56 - 000806956 _____ C:\Windows\system32\perfh015.dat 2018-02-16 22:06 - 2013-09-30 04:56 - 000163808 _____ C:\Windows\system32\perfc015.dat 2018-02-16 22:05 - 2015-03-06 17:30 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3585312160-345975134-3153727662-1001 2018-02-16 22:00 - 2015-03-06 17:24 - 000000000 ____D C:\Users\Tom 2018-02-13 22:40 - 2015-03-19 13:46 - 000000000 ____D C:\Users\Tom\AppData\Local\Spotify 2018-02-13 22:40 - 2015-03-19 13:44 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Spotify 2018-02-13 22:36 - 2017-04-22 17:41 - 000000000 ____D C:\Users\Tom\AppData\Roaming\.ACEStream 2018-02-13 22:35 - 2017-04-22 17:46 - 000000000 ___HD C:\_acestream_cache_ 2018-02-13 22:24 - 2018-01-09 23:14 - 000003268 _____ C:\Windows\System32\Tasks\SAAUauULUHEA 2018-02-11 17:56 - 2018-01-09 23:14 - 000003612 _____ C:\Windows\System32\Tasks\pduTE 2018-02-11 17:56 - 2018-01-09 23:13 - 000003590 _____ C:\Windows\System32\Tasks\dzopercomjhar 2018-02-11 17:56 - 2017-09-06 19:56 - 000003958 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1490380310 2018-02-11 17:56 - 2017-05-13 20:01 - 000004570 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-02-11 17:56 - 2017-05-13 20:01 - 000004424 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-02-11 17:56 - 2017-04-11 20:36 - 000003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-02-11 17:56 - 2017-04-11 20:36 - 000003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-02-11 17:56 - 2017-02-15 19:48 - 000003964 _____ C:\Windows\System32\Tasks\e-pity2016a_styczen 2018-02-11 17:56 - 2017-02-15 19:48 - 000003964 _____ C:\Windows\System32\Tasks\e-pity2016a_kwiecien 2018-02-11 17:56 - 2016-03-02 16:51 - 000003972 _____ C:\Windows\System32\Tasks\e-pity2015a_styczen 2018-02-11 17:56 - 2016-03-02 16:51 - 000003972 _____ C:\Windows\System32\Tasks\e-pity2015a_kwiecien 2018-02-11 17:56 - 2015-12-03 17:12 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software 2018-02-11 17:56 - 2015-03-20 14:33 - 000002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-02-11 08:49 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2018-02-07 22:08 - 2017-11-28 23:02 - 000009103 _____ C:\Users\Tom\Desktop\Najbl wydatki.xlsx 2018-02-06 21:06 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-02-06 21:06 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\Macromed 2018-02-02 18:19 - 2016-05-05 20:47 - 000000000 ____D C:\Users\Tom\AppData\Local\Windows Live 2018-01-25 19:36 - 2015-03-17 21:52 - 000000000 ____D C:\Users\Tom\AppData\Local\ElevatedDiagnostics ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-08-22 04:39 - 2013-08-22 04:39 - 000001227 _____ () C:\Users\Tom\VieKIdn.bat 2018-01-09 23:14 - 2013-08-22 04:39 - 000192512 _____ (Microsoft Corporation) C:\Program Files (x86)\yeIGOyz.exe 2018-01-09 23:14 - 2013-08-22 04:39 - 000000050 _____ () C:\Program Files (x86)\Common Files\oDilKaTEO 2013-08-22 04:39 - 2013-08-22 04:39 - 000000050 _____ () C:\Program Files (x86)\Common Files\oDilKaTEO.bat 2018-01-09 23:14 - 2013-08-22 04:39 - 000000059 _____ () C:\Users\Tom\AppData\Roaming\EvuyXJiab 2013-08-22 04:39 - 2013-08-22 04:39 - 000000059 _____ () C:\Users\Tom\AppData\Roaming\EvuyXJiab.bat 2017-08-19 21:32 - 2017-08-19 21:41 - 000000132 _____ () C:\Users\Tom\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe 2018-01-09 23:14 - 2013-08-22 04:56 - 000055808 _____ (Microsoft Corporation) C:\Users\Tom\AppData\Local\eoAAiZW.exe 2016-07-06 20:49 - 2016-07-06 20:49 - 000000001 _____ () C:\Users\Tom\AppData\Local\llftool.4.40.agreement 2017-04-05 16:05 - 2017-04-05 16:05 - 000000017 _____ () C:\Users\Tom\AppData\Local\resmon.resmoncfg 2016-10-20 15:43 - 2016-10-20 15:43 - 000000003 _____ () C:\Users\Tom\AppData\Local\updater.log 2016-10-20 15:43 - 2016-10-20 15:43 - 000000424 _____ () C:\Users\Tom\AppData\Local\UserProducts.xml 2018-01-09 23:14 - 2018-01-09 23:14 - 000000001 _____ () C:\Users\Tom\AppData\Local\WMI.ini ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-02-07 19:11 ==================== Koniec FRST.txt ============================