Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 16.01.2019 01 Uruchomiony przez user (administrator) USER-KOMPUTER (19-01-2019 18:34:18) Uruchomiony z C:\Users\user\Desktop Załadowane profile: user (Dostępne profile: user & UpdatusUser) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 10 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software) C:\Program Files\Opera\57.0.3098.116\opera.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-06] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-06] (AVAST Software) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-3099186090-2590542960-4084621217-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd) HKU\S-1-5-21-3099186090-2590542960-4084621217-1000\...\MountPoints2: {1259552e-09db-11e5-a5a7-6c626d44eaae} - I:\INSTALL_ADB_RNDIS.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] () HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] () HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] () HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\i420vfw.dll [70656 2004-01-24] (www.helixcommunity.org) HKLM\...\Drivers32-x32: [vidc.yv12] => C:\Windows\SysWOW64\yv12vfw.dll [70656 2004-01-24] (www.helixcommunity.org) HKLM\...\Drivers32-x32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) HKLM\...\Drivers32-x32: [vidc.DIVX] => C:\Windows\SysWOW64\divx.dll [682496 2007-12-04] (DivX, Inc.) HKLM\...\Drivers32-x32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-14] (Fraunhofer Institut Integrierte Schaltungen IIS) HKLM\...\Drivers32-x32: [vidc.iv31] => C:\Windows\SysWOW64\ir32_32.dll [197632 2009-07-14] (Intel(R) Corporation) HKLM\...\Drivers32-x32: [vidc.iv32] => C:\Windows\SysWOW64\ir32_32.dll [197632 2009-07-14] (Intel(R) Corporation) HKLM\...\Drivers32-x32: [vidc.iv41] => ir41_32.ax HKLM\...\Drivers32-x32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [746496 2009-07-14] (Intel Corporation) HKLM\...\Drivers32-x32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] () HKLM\...\Drivers32-x32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] () HKLM\...\Drivers32-x32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] () HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2007-08-23] (Hewlett-Packard Company) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corp.) GroupPolicy: Ograniczenia - Chrome <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{E568B232-37A2-41DE-B9F2-21B9005EF5A1}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-3099186090-2590542960-4084621217-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=pl-pl URLSearchHook: HKLM-x32 -> Domyślne = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} URLSearchHook: HKU\S-1-5-21-3099186090-2590542960-4084621217-1000 -> Domyślne = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} URLSearchHook: HKU\S-1-5-21-3099186090-2590542960-4084621217-1000 - (Brak nazwy) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - Brak pliku SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-3099186090-2590542960-4084621217-1000 -> DefaultScope 2E6FD9385AC449F496D188A74893907C URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3099186090-2590542960-4084621217-1000 -> 2E6FD9385AC449F496D188A74893907C URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3099186090-2590542960-4084621217-1000 -> {5E72377D-008B-4A21-A6CC-C493858A3ED3} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9U91779717797&ts=1374084350 SearchScopes: HKU\S-1-5-21-3099186090-2590542960-4084621217-1000 -> {63058B72-F7D9-4221-B76F-6D3057BA29F6} URL = hxxp://isearch.avg.com/search?cid={C06B6C8C-45D1-4182-8F66-8AF44DF20AC8}&mid=758d8e50f50747d08cc8bd2b2ba0035d-33d4866a9e818fd66b528f04a17b59c23d6bbcc9&lang=pl&ds=ac011&pr=sa&d=2012-06-30 23:47:47&v=11.1.0.12&sap=dsp&q={searchTerms} BHO-x32: Brak nazwy -> {61DB16C5-B733-43F4-872E-B20DC9E72740} -> Brak pliku BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-12-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-31] (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku Toolbar: HKU\S-1-5-21-3099186090-2590542960-4084621217-1000 -> Brak nazwy - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - Brak pliku Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Brak pliku Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g8hqiun1.default [2019-01-19] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-09-17] [Przestarzałe] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll [Brak pliku] FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-03-16] (DivX, LLC) FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [Brak pliku] FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [Brak pliku] FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-31] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl CHR StartupUrls: Default -> "hxxp://pl.msn.com/?pc=UP97&ocid=UP97DHP" CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2019-01-19] CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-12-19] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22] CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-29] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-19] CHR HKU\S-1-5-21-3099186090-2590542960-4084621217-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx CHR HKU\S-1-5-21-3099186090-2590542960-4084621217-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3099186090-2590542960-4084621217-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (Turn Off the Lights) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccbdoklfbpcifppcfahmmpmbkfdjjccm [2018-07-30] OPR Extension: (SurfEasy VPN - Bezpieczeństwo, Prywatność, Odblokowywanie Stron) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2018-10-24] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-06] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-06] (AVAST Software) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-03-31] (EasyAntiCheat Ltd) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Brak podpisu cyfrowego] S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-20] (Electronic Arts) S3 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S3 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37304 2019-01-06] (AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-06] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [223056 2019-01-14] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-06] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-06] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-06] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239808 2019-01-06] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-06] (AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-06] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166792 2019-01-18] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-06] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-06] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-06] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-06] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-06] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-06] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-05-09] (DT Soft Ltd) R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.) R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-11-21] (Razer, Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-05-02] (Duplex Secure Ltd.) U3 ajrzksec; C:\Windows\System32\Drivers\ajrzksec.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder) S3 ALSysIO; \??\C:\Users\user\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA S3 clwvd; system32\DRIVERS\clwvd.sys [X] S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X] S3 MBAMProtection; system32\DRIVERS\mbam.sys [X] S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X] S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 X6va007; \??\C:\Users\user\AppData\Local\Temp\007DCE3.tmp [X] <==== UWAGA S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-01-19 18:34 - 2019-01-19 18:35 - 000022141 _____ C:\Users\user\Desktop\FRST.txt 2019-01-19 18:33 - 2019-01-19 18:34 - 000000000 ____D C:\FRST 2019-01-19 18:32 - 2019-01-19 18:32 - 002427904 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2019-01-19 18:32 - 2019-01-19 18:32 - 001787392 _____ (Farbar) C:\Users\user\Desktop\FRST.exe 2019-01-18 23:24 - 2019-01-18 23:24 - 000042119 _____ C:\Users\user\Downloads\schorzenia.pdf 2019-01-18 23:18 - 2019-01-18 23:18 - 000223224 _____ C:\Users\user\Downloads\Baza Powiatowych Zesplow Orzekajacych 14 marca 2018 r..pdf 2019-01-14 16:04 - 2019-01-14 16:04 - 003156035 _____ C:\Users\user\Downloads\manual-urz0323m.pdf 2019-01-14 15:52 - 2019-01-14 15:52 - 000223056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys 2019-01-06 19:50 - 2019-01-06 19:48 - 000320888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys 2019-01-06 19:50 - 2019-01-06 19:48 - 000196264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys 2019-01-06 19:50 - 2019-01-06 19:48 - 000058160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys 2019-01-06 19:50 - 2019-01-06 19:48 - 000037304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys 2019-01-06 19:49 - 2019-01-06 19:48 - 000361352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2019-01-05 14:18 - 2019-01-05 14:18 - 000175257 _____ C:\Users\user\Downloads\Traktatowi sojusznicy USA w regionie Azji i Pacyfiku.pdf 2019-01-04 17:00 - 2019-01-04 17:00 - 000000000 ____D C:\Users\user\AppData\Local\{18197CDF-836B-4825-B45D-3809BBDE87A1} 2019-01-02 11:03 - 2019-01-02 11:03 - 015110010 _____ C:\Users\user\Downloads\[HD] SHANGUY - KING OF THE JUNGLE SYLWESTER MARZEŃ 2019 ZAKOPANE.mp4 2019-01-01 22:34 - 2019-01-01 22:35 - 000000000 ____D C:\Users\user\AppData\Local\{5AD6F6B0-8334-4772-B548-7AB25C3B6275} 2019-01-01 20:00 - 2019-01-01 20:01 - 014919680 _____ C:\Users\user\Desktop\000.ts 2018-12-31 13:22 - 2018-12-31 13:22 - 000202802 _____ C:\Users\user\Downloads\3f85020c-5fe6-40d7-955d-dfec9defb72a.pdf 2018-12-31 13:00 - 2018-12-31 13:00 - 000000000 ____D C:\Users\user\AppData\Local\{7232663D-8FC4-4545-8C06-2045ECB85D4E} 2018-12-29 12:10 - 2018-12-29 12:10 - 004206263 _____ C:\Users\user\Downloads\CIA-RDP78-00915R000500070001-8.pdf 2018-12-27 21:26 - 2018-12-27 21:26 - 000103670 _____ C:\Users\user\Downloads\zdalny_zabojca.pdf 2018-12-27 21:19 - 2018-12-27 21:19 - 000111703 _____ C:\Users\user\Downloads\nikita_chruszczow.pdf 2018-12-27 19:37 - 2018-12-27 19:37 - 000018381 _____ C:\Users\user\Downloads\Сестра Джеки Nurse Jackie Сезон 2 Серии 1-12 из 12 (Пол Фиг, Стив Бушеми) [2009, США, драма, комедия, HDRip] MVO (Universa [rutracker-3447069].torrent 2018-12-25 20:41 - 2018-12-25 20:41 - 000010694 _____ C:\Users\user\Downloads\nurse.jackie.s01.e10.ring.finger.(2009).pol.1cd.(3638186).zip 2018-12-25 20:40 - 2018-12-25 20:40 - 000011891 _____ C:\Users\user\Downloads\nurse.jackie.s01.e10.ring.finger.(2009).eng.1cd.(3629072).zip 2018-12-25 14:00 - 2018-12-25 14:00 - 000011312 _____ C:\Users\user\Downloads\nurse.jackie.s01.e09.nose.bleed.(2009).pol.1cd.(4202293).zip 2018-12-23 22:28 - 2018-12-23 22:28 - 000128507 _____ C:\Users\user\Downloads\pntern_prot.pdf ==================== Jeden miesiąc (zmodyfikowane) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-01-19 18:34 - 2009-07-14 05:45 - 000010416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-01-19 18:34 - 2009-07-14 05:45 - 000010416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-01-19 18:26 - 2012-03-26 15:31 - 000000000 ____D C:\ProgramData\NVIDIA 2019-01-19 18:26 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-01-19 13:22 - 2009-07-14 18:55 - 000750048 _____ C:\Windows\system32\perfh015.dat 2019-01-19 13:22 - 2009-07-14 18:55 - 000161526 _____ C:\Windows\system32\perfc015.dat 2019-01-19 13:22 - 2009-07-14 06:13 - 001699290 _____ C:\Windows\system32\PerfStringBackup.INI 2019-01-19 13:22 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2019-01-19 13:18 - 2016-06-07 13:14 - 000000000 ____D C:\Users\user\AppData\Roaming\MPC-HC 2019-01-19 13:18 - 2012-05-06 00:11 - 000000000 ____D C:\Users\user\AppData\Roaming\PhotoScape 2019-01-18 20:59 - 2012-03-27 11:23 - 000166792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2019-01-17 14:09 - 2012-05-06 00:15 - 000023552 ____H C:\Users\user\Desktop\photothumb.db 2019-01-13 22:00 - 2018-04-24 16:36 - 000002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2019-01-13 22:00 - 2018-04-24 13:58 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update 2019-01-13 22:00 - 2017-05-04 17:34 - 000003886 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1493915677 2019-01-13 22:00 - 2016-07-20 00:54 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2019-01-13 22:00 - 2015-12-21 23:35 - 000003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-01-13 22:00 - 2015-12-21 23:35 - 000003354 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-01-13 22:00 - 2015-12-04 01:10 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software 2019-01-11 13:31 - 2017-05-04 17:34 - 000000000 ____D C:\Program Files\Opera 2019-01-06 19:51 - 2018-10-19 20:32 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2019-01-06 19:48 - 2018-10-19 20:31 - 000042488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2019-01-06 19:48 - 2017-12-21 22:03 - 000239808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2019-01-06 19:48 - 2017-11-09 22:05 - 000203488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2019-01-06 19:48 - 2014-10-03 12:12 - 000218056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2019-01-06 19:48 - 2014-10-03 12:12 - 000046584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2019-01-06 19:48 - 2013-03-07 10:26 - 000380144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2019-01-06 19:48 - 2013-03-07 10:26 - 000088144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2019-01-06 19:48 - 2012-03-27 11:23 - 001034056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2019-01-06 19:48 - 2012-03-27 11:23 - 000474648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2019-01-06 19:48 - 2012-03-27 11:23 - 000111992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2019-01-05 12:47 - 2016-07-20 00:54 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-01-01 22:27 - 2012-03-28 14:41 - 000000000 ____D C:\Users\user\AppData\Roaming\uTorrent 2018-12-31 21:15 - 2013-11-17 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-12-31 21:15 - 2012-03-28 20:06 - 000000000 ____D C:\Program Files (x86)\Java 2018-12-31 21:12 - 2015-11-09 01:46 - 000098680 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ==================== Pliki w katalogu głównym wybranych folderów ======= 2012-05-08 12:38 - 2012-05-08 12:38 - 010522967 _____ (CTYDEHT ) C:\Users\user\DAEMON Tools Pro 4.41.0315.0262 RePack by CTYDEHT.exe 2012-03-31 09:31 - 2012-03-31 09:31 - 001528184 _____ (Microsoft Corporation) C:\Users\user\GenuineCheck.exe 2012-04-09 17:46 - 2012-04-09 17:46 - 002050600 _____ () C:\Users\user\Hellgate_Global_Downloader.exe 2012-03-29 15:59 - 2012-03-29 15:59 - 002459488 _____ () C:\Users\user\mp3tagv250setup_www.INSTALKI.pl.exe 2002-08-08 05:11 - 2002-08-08 05:11 - 000319488 ____R () C:\Users\user\AppData\Roaming\MafiaSetup.exe 2013-12-12 17:49 - 2013-12-17 14:10 - 000071680 _____ () C:\Users\user\AppData\Roaming\RZR_0020b12e4dc6b1bddac8e2a8225b.db 2013-07-27 15:09 - 2013-10-24 16:09 - 000000108 _____ () C:\Users\user\AppData\Roaming\WB.CFG 2013-06-17 15:09 - 2013-10-24 16:09 - 000000006 _____ () C:\Users\user\AppData\Roaming\WBPU-TTL.DAT 2012-04-04 20:53 - 2012-04-04 20:53 - 000000092 _____ () C:\Users\user\AppData\Local\fusioncache.dat 2012-10-24 20:17 - 2012-10-24 20:17 - 000004096 ____H () C:\Users\user\AppData\Local\keyfile3.drm 2013-09-30 16:09 - 2013-10-04 16:09 - 000361117 _____ () C:\Users\user\AppData\Local\newhb2.crx 2015-11-11 01:33 - 2015-11-11 01:33 - 000000818 _____ () C:\Users\user\AppData\Local\recently-used.xbel ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2019-01-14 15:08 ==================== Koniec FRST.txt ============================