Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:30-08-2015 Uruchomiony przez bartek (administrator) BART (31-08-2015 12:18:24) Uruchomiony z C:\Users\bartek\Downloads Załadowane profile: bartek (Dostępne profile: bartek) Platform: Windows 8.1 Pro (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files\Allway Sync\Bin\SyncService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (BitTorrent Inc.) C:\Users\bartek\AppData\Roaming\uTorrent\uTorrent.exe (SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2000-01-01] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2793200 2013-11-29] (Synaptics Incorporated) HKLM-x32\...\Run: [CheckNDISPortF0acD2] => C:\Program Files (x86)\4G Hostless Modem\PLAY ONLINE\CheckNDISPort_df.exe [459008 2013-07-26] () HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\4G Hostless Modem\PLAY ONLINE\CancelAutoPlay_df.exe [446208 2013-07-26] () HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-26] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe [729088 2003-11-25] (Corel Corporation) HKU\S-1-5-21-2583632134-391550566-361833250-1001\...\Run: [SoftonicAssistant] => "C:\Users\bartek\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe" HKU\S-1-5-21-2583632134-391550566-361833250-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2583632134-391550566-361833250-1001\...\Run: [uTorrent] => C:\Users\bartek\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-08-29] (BitTorrent Inc.) HKU\S-1-5-21-2583632134-391550566-361833250-1001\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26168088 2015-06-19] (SlimWare Utilities, Inc.) HKU\S-1-5-21-2583632134-391550566-361833250-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-24] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-02-14] ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mcserver.lnk [2014-10-14] ShortcutTarget: mcserver.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE) Startup: C:\Users\bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk [2014-09-05] ShortcutTarget: HDDlife.lnk -> C:\Program Files (x86)\BinarySense\HDDlife 4\HDDlifePro.exe (Brak pliku) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci..) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{5C54D7B3-62A5-4B2B-B358-AE331ADB9EEA}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{F2731DD8-CAF9-4FE6-B4D2-FC8A45A6DA8A}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-24] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-24] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\bartek\AppData\Roaming\Mozilla\Firefox\Profiles\4mm1cg1j.default-1424774700421 FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-17] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-17] () FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\bartek\AppData\Roaming\Mozilla\Firefox\Profiles\4mm1cg1j.default-1424774700421\searchplugins\geogebra-materials.xml [2015-06-10] FF Extension: Adblock Plus - C:\Users\bartek\AppData\Roaming\Mozilla\Firefox\Profiles\4mm1cg1j.default-1424774700421\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-18] FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon [2014-10-14] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-24] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-24] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-24] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-24] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-24] (Avast Software) R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [262144 2014-06-24] () [Brak podpisu cyfrowego] R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [244504 2015-06-19] (SlimWare Utilities, Inc.) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-24] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-24] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-24] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-24] (AVAST Software) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] R0 BMLoad; C:\Windows\SysWOW64\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-23] (Disc Soft Ltd) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-24] (AVAST Software) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-07-23] (Duplex Secure Ltd.) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2015-08-31] (SlimWare Utilities, Inc.) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] R1 tcpipBM; C:\Windows\SysWOW64\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-24] (Avast Software) S3 zte_cdc_acm; C:\Windows\system32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-10] (ZTE) S3 zte_cpo; C:\Windows\system32\DRIVERS\zte_cpo.sys [14336 2011-08-10] (ZTE) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-08-31 12:18 - 2015-08-31 12:18 - 00019484 _____ C:\Users\bartek\Downloads\FRST.txt 2015-08-31 12:18 - 2015-08-31 12:18 - 00000000 ____D C:\FRST 2015-08-31 12:17 - 2015-08-31 12:17 - 02188288 _____ (Farbar) C:\Users\bartek\Downloads\FRST64.exe 2015-08-31 12:17 - 2015-08-31 12:17 - 00000307 _____ C:\Users\bartek\Desktop\fixlist.txt 2015-08-29 11:30 - 2015-08-29 11:30 - 00020792 _____ C:\Users\bartek\Desktop\bike ride.svg 2015-08-29 11:29 - 2015-08-29 11:34 - 00000000 ____D C:\Users\bartek\Documents\Corel User Files 2015-08-29 10:53 - 2015-08-29 10:53 - 00000000 ____D C:\Users\bartek\AppData\Roaming\Corel 2015-08-29 10:52 - 2015-08-29 13:54 - 00000000 ____D C:\Users\bartek\Desktop\Plakat 2015-08-29 10:48 - 2015-08-29 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 12 2015-08-29 10:47 - 2015-08-29 10:47 - 00000000 ____D C:\Program Files (x86)\Corel 2015-08-28 08:56 - 2015-08-29 00:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-27 10:20 - 2015-08-27 12:59 - 00000000 ____D C:\Users\bartek\Desktop\Nieruchomosci CV 2015-08-27 08:15 - 2015-08-27 08:15 - 00000000 _____ C:\Windows\system32\RENC71D.tmp 2015-08-27 08:12 - 2015-08-27 08:12 - 00000000 ____D C:\Users\bartek\AppData\Roaming\Sun 2015-08-27 08:12 - 2015-08-27 08:12 - 00000000 ____D C:\Users\bartek\.oracle_jre_usage 2015-08-27 08:12 - 2015-08-27 08:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-08-27 08:11 - 2015-08-27 08:11 - 00584288 _____ (Oracle Corporation) C:\Users\bartek\Downloads\jxpiinstall.exe 2015-08-26 21:36 - 2015-08-26 21:36 - 00000160 _____ C:\Users\bartek\Desktop\Biografia - Benjamina Franklina.txt 2015-08-26 17:16 - 2015-08-26 17:16 - 00000037 _____ C:\Users\bartek\Desktop\strona 144.txt 2015-08-26 14:57 - 2015-08-26 14:57 - 00000035 _____ C:\Users\bartek\Desktop\praktyki tuz.txt 2015-08-24 13:18 - 2015-08-24 13:18 - 00000000 ____D C:\Users\bartek\AppData\Roaming\AVAST Software 2015-08-24 11:33 - 2015-08-24 11:33 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-08-24 11:33 - 2015-08-24 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-08-24 11:32 - 2015-08-24 11:33 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-08-24 11:32 - 2015-08-24 11:32 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-24 11:32 - 2015-08-24 11:32 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-24 11:32 - 2015-08-24 11:32 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-24 11:32 - 2015-08-24 11:32 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-08-24 11:32 - 2015-08-24 11:32 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-08-24 11:32 - 2015-08-24 11:32 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-08-24 11:32 - 2015-08-24 11:32 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-24 11:32 - 2015-08-24 11:32 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-08-24 11:32 - 2015-08-24 11:32 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-08-24 11:32 - 2015-08-24 11:32 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-24 11:19 - 2015-08-24 11:19 - 00000000 ____D C:\Program Files\AVAST Software 2015-08-24 11:16 - 2015-08-24 11:17 - 05500000 _____ (Avast Software s.r.o.) C:\Users\bartek\Downloads\avast_free_antivirus_setup_online.exe 2015-08-20 19:12 - 2015-08-20 19:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-08-20 07:57 - 2015-08-20 07:57 - 00000038 _____ C:\Users\bartek\Desktop\Piosenka tanca.txt 2015-08-13 09:36 - 2015-08-13 09:36 - 00000056 _____ C:\Users\bartek\Desktop\Obejrzec film Efekt motyla.txt 2015-08-06 11:58 - 2015-08-06 12:00 - 00000000 _____ C:\Users\bartek\Documents\Nuance Image Printer Writer Port 2015-08-06 11:58 - 2015-08-06 11:58 - 00000000 ____D C:\Users\bartek\Documents\Moje dokumenty programu PaperPort 2015-08-06 11:58 - 2015-08-06 11:58 - 00000000 ____D C:\Users\bartek\AppData\Roaming\Zeon 2015-08-03 12:01 - 2015-08-03 12:02 - 00000000 ____D C:\Users\Demon\Desktop\Matma 2015-08-03 12:01 - 2015-08-03 12:01 - 00000000 ____D C:\Users\Demon 2015-08-03 12:00 - 2015-08-03 12:00 - 00000000 ____D C:\Nowy folder 2015-08-03 11:47 - 2015-08-03 11:48 - 47880526 _____ C:\Users\bartek\Downloads\kalendarz(1).zip ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-08-31 12:16 - 2015-05-06 21:34 - 00000000 ____D C:\Users\bartek\AppData\Roaming\uTorrent 2015-08-31 12:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-08-31 11:22 - 2014-09-04 14:33 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-31 11:10 - 2014-09-01 15:40 - 01507425 _____ C:\Windows\WindowsUpdate.log 2015-08-31 11:07 - 2015-07-21 11:07 - 00000368 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - bartek).job 2015-08-31 07:04 - 2015-07-21 10:54 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys 2015-08-31 07:04 - 2015-07-21 10:54 - 00000422 _____ C:\Windows\Tasks\SlimDrivers Startup.job 2015-08-29 12:51 - 2014-09-01 15:46 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2583632134-391550566-361833250-1001 2015-08-29 10:49 - 2014-09-05 11:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-08-29 00:06 - 2015-02-24 12:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-28 23:50 - 2014-09-01 15:42 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-28 23:50 - 2013-08-23 01:12 - 00807160 _____ C:\Windows\system32\perfh015.dat 2015-08-28 23:50 - 2013-08-23 01:12 - 00163478 _____ C:\Windows\system32\perfc015.dat 2015-08-28 17:59 - 2014-12-25 16:29 - 00873984 _____ C:\Users\bartek\Desktop\Budzet 01.01.15-30.12.15.xls 2015-08-27 12:59 - 2015-03-28 13:35 - 00000000 ____D C:\Users\bartek\Desktop\CV - pod praktyki letnie 28.03.15 2015-08-27 12:06 - 2015-07-29 10:47 - 00007256 _____ C:\Users\bartek\Desktop\List mot. Bartłomiej Chojnacki.odt 2015-08-27 09:51 - 2014-10-19 10:37 - 00000505 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-08-27 09:50 - 2014-09-01 15:40 - 00000000 ____D C:\Users\bartek 2015-08-27 09:50 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-27 09:48 - 2014-09-01 15:31 - 00759770 _____ C:\Windows\PFRO.log 2015-08-27 08:16 - 2014-09-26 13:53 - 00000000 ____D C:\ProgramData\Oracle 2015-08-27 08:15 - 2015-06-26 11:48 - 00000000 ____D C:\Program Files (x86)\Java 2015-08-27 08:14 - 2014-11-05 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-08-27 08:13 - 2014-11-25 22:07 - 00000000 ____D C:\Users\bartek\Desktop\Bartek 25.11.14 2015-08-27 08:12 - 2013-08-22 16:46 - 00026608 _____ C:\Windows\setupact.log 2015-08-24 11:34 - 2014-12-14 15:09 - 00000000 ____D C:\Windows\SysWOW64\vbox 2015-08-24 11:34 - 2014-12-14 15:09 - 00000000 ____D C:\Windows\system32\vbox 2015-08-24 11:17 - 2014-12-14 15:05 - 00000000 ____D C:\ProgramData\AVAST Software 2015-08-20 20:22 - 2014-08-21 08:49 - 00000000 ____D C:\Users\bartek\Desktop\2. Bartek 2015-08-19 22:48 - 2015-01-11 20:47 - 00003864 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1421002029 2015-08-19 22:48 - 2015-01-11 20:47 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-08-19 22:48 - 2015-01-11 20:46 - 00000000 ____D C:\Program Files (x86)\Opera 2015-08-17 13:22 - 2014-09-04 14:33 - 00003818 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-06 11:58 - 2015-02-12 11:23 - 00000000 ____D C:\Users\bartek\AppData\Roaming\Nuance 2015-08-03 11:59 - 2015-07-31 20:25 - 34975744 _____ C:\Users\bartek\Downloads\kal - Kopia2.mdb ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-06-28 18:07 - 2015-06-28 18:07 - 0003584 _____ () C:\Users\bartek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-04 17:32 - 2015-01-04 17:32 - 0007600 _____ () C:\Users\bartek\AppData\Local\Resmon.ResmonCfg 2014-09-05 11:17 - 2014-09-05 11:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Niektóre pliki w TEMP: ==================== C:\Users\bartek\AppData\Local\Temp\APNSetup.exe C:\Users\bartek\AppData\Local\Temp\javagiac0.06755204322773278.dll C:\Users\bartek\AppData\Local\Temp\javagiac0.23380375246724783.dll C:\Users\bartek\AppData\Local\Temp\javagiac0.3045335674836831.dll C:\Users\bartek\AppData\Local\Temp\javagiac0.4117755054070563.dll C:\Users\bartek\AppData\Local\Temp\javagiac0.4467592702641905.dll C:\Users\bartek\AppData\Local\Temp\javagiac0.5604367597010557.dll C:\Users\bartek\AppData\Local\Temp\javagiac0.6245565961387655.dll C:\Users\bartek\AppData\Local\Temp\javagiac0.7276441897514859.dll C:\Users\bartek\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\bartek\AppData\Local\Temp\ose00000.exe C:\Users\bartek\AppData\Local\Temp\Quarantine.exe C:\Users\bartek\AppData\Local\Temp\scp8717.tmp.exe C:\Users\bartek\AppData\Local\Temp\SimBundD.exe C:\Users\bartek\AppData\Local\Temp\SimBundD[1].exe C:\Users\bartek\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe C:\Users\bartek\AppData\Local\Temp\sqlite3.dll C:\Users\bartek\AppData\Local\Temp\_is14AC.exe C:\Users\bartek\AppData\Local\Temp\_is2FAB.exe C:\Users\bartek\AppData\Local\Temp\_isDF41.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-08-18 07:58 ==================== Koniec FRST.txt ============================