Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2017 Ran by Kamil (administrator) on KAMIL-PC (14-07-2017 21:48:22) Running from C:\Users\Kamil\Downloads Loaded Profiles: Kamil (Available Profiles: Kamil) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe () C:\Windows\SysWOW64\ASGT.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) D:\programy\VPN Client\cvpnd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Oracle Corporation) E:\app\Kamil\product\11.2.0\dbhome_3\BIN\nmesrvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Oracle Corporation) E:\app\Kamil\product\11.2.0\dbhome_2\BIN\nmesrvc.exe (Oracle Corporation) E:\app\Kamil\product\11.2.0\dbhome_4\BIN\nmesrvc.exe (Oracle Corporation) E:\app\Kamil\product\11.2.0\dbhome_3\BIN\TNSLSNR.EXE (Oracle Corporation) E:\app\Kamil\product\11.2.0\dbhome_4\BIN\TNSLSNR.EXE (Oracle Corporation) E:\app\Kamil\product\11.2.0\dbhome_3\BIN\oracle.exe (Oracle Corporation) E:\app\Kamil\product\11.2.0\dbhome_2\BIN\oracle.exe (Oracle Corporation) E:\app\Kamil\product\11.2.0\dbhome_4\BIN\oracle.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) D:\programy\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe () E:\app\Kamil\product\11.2.0\dbhome_2\perl\bin\perl.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Sun Microsystems, Inc.) E:\app\Kamil\product\11.2.0\dbhome_2\jdk\bin\java.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Oracle Corporation) E:\app\Kamil\product\11.2.0\dbhome_2\BIN\emagent.exe () E:\app\Kamil\product\11.2.0\dbhome_4\perl\bin\perl.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe () E:\app\Kamil\product\11.2.0\dbhome_3\perl\bin\perl.exe (Sun Microsystems, Inc.) E:\app\Kamil\product\11.2.0\dbhome_4\jdk\bin\java.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Sun Microsystems, Inc.) E:\app\Kamil\product\11.2.0\dbhome_3\jdk\bin\java.exe (Oracle Corporation) E:\app\Kamil\product\11.2.0\dbhome_4\BIN\emagent.exe (Oracle Corporation) E:\app\Kamil\product\11.2.0\dbhome_3\BIN\emagent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Samsung Electronics Co., Ltd.) D:\programy\AllShare\AllShareDMS\AllShareDMS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-29] (Logitech Inc.) HKLM-x32\...\Run: [AllShareAgent] => D:\programy\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11344848 2016-11-11] (Micro-Star INT'L CO., LTD.) HKU\S-1-5-21-1350829211-2713675066-2306640670-1000\...\Run: [EADM] => D:\programy\Origin\Origin.exe [3638256 2015-09-01] (Electronic Arts) HKU\S-1-5-21-1350829211-2713675066-2306640670-1000\...\Run: [GG] => C:\Users\Kamil\AppData\Local\GG\Application\gghub.exe [4078144 2015-03-24] (GG Network S.A.) HKU\S-1-5-21-1350829211-2713675066-2306640670-1000\...\Run: [Google Update] => C:\Users\Kamil\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-28] (Google Inc.) HKU\S-1-5-21-1350829211-2713675066-2306640670-1000\...\Run: [Steam] => D:\programy\steam\steam.exe [3019552 2017-03-14] (Valve Corporation) HKU\S-1-5-21-1350829211-2713675066-2306640670-1000\...\Run: [Spotify Web Helper] => C:\Users\Kamil\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-24] (Spotify Ltd) HKU\S-1-5-21-1350829211-2713675066-2306640670-1000\...\Run: [Spotify] => C:\Users\Kamil\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-24] (Spotify Ltd) HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-01-10] ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2015-01-13] ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe () Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wysyłanie do programu OneNote.lnk [2015-12-10] ShortcutTarget: Wysyłanie do programu OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{3C88293E-13A1-4C30-816A-3706B259FBFA}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3FAF331E-2365-4180-BC36-1EE17D1CF57C}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== HKU\S-1-5-21-1350829211-2713675066-2306640670-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.pl/ BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: kq7ooj02.default FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\kq7ooj02.default [2017-06-01] FF Homepage: Mozilla\Firefox\Profiles\kq7ooj02.default -> chrome://speeddial/content/speeddial.xul FF Extension: (CSS Usage) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\kq7ooj02.default\Extensions\csscoverage@spaghetticoder.org.xpi [2016-05-11] FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\kq7ooj02.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-19] FF Extension: (Firebug) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\kq7ooj02.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-15] FF Extension: (PHP Developer Toolbar) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\kq7ooj02.default\Extensions\php_dev_bar@php_dev_bar.org.xpi [2016-04-28] FF Extension: (LastPass: Free Password Manager) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\kq7ooj02.default\Extensions\support@lastpass.com [2017-05-30] FF Extension: (Speed Dial) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\kq7ooj02.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-09-22] FF Extension: (Password Exporter) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\kq7ooj02.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2017-03-15] FF Extension: (Flash and Video Download) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\kq7ooj02.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-03-16] FF Extension: (Adblock Plus) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\kq7ooj02.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-28] FF Extension: (Tab Mix Plus) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\kq7ooj02.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-05-30] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-13] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File] FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-13] () FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-30] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1350829211-2713675066-2306640670-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kamil\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-28] (Google Inc.) FF Plugin HKU\S-1-5-21-1350829211-2713675066-2306640670-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kamil\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-28] (Google Inc.) StartMenuInternet: FIREFOX.EXE - D:\programy\Mozilla Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default [2017-07-14] CHR Extension: (Prezentacje Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-30] CHR Extension: (Dokumenty Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-30] CHR Extension: (Dysk Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-30] CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-30] CHR Extension: (Arkusze Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-30] CHR Extension: (Dokumenty Google offline) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-24] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-30] CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-30] CHR Extension: (Chrome Media Router) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed] R2 CVPND; D:\Programy\VPN Client\cvpnd.exe [1529856 2011-03-04] (Cisco Systems, Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-29] (Logitech Inc.) S3 Mezzmo; D:\programy\Mezzmo\MezzmoMediaServer.exe [4324648 2015-01-12] (Conceiva Pty. Ltd.) [File not signed] R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2236880 2016-11-10] (Micro-Star INT'L CO., LTD.) R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-01-23] (Microsoft) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation) R2 OracleDBConsoledbrdf; E:\app\Kamil\product\11.2.0\dbhome_3\bin\nmesrvc.exe [49152 2010-03-02] (Oracle Corporation) [File not signed] R2 OracleDBConsoleorcl; E:\app\Kamil\product\11.2.0\dbhome_2\bin\nmesrvc.exe [49152 2010-03-02] (Oracle Corporation) [File not signed] R2 OracleDBConsolerdfdb; E:\app\Kamil\product\11.2.0\dbhome_4\bin\nmesrvc.exe [49152 2010-03-02] (Oracle Corporation) [File not signed] S4 OracleJobSchedulerDBRDF; e:\app\kamil\product\11.2.0\dbhome_3\Bin\extjob.exe [49152 2010-04-02] () [File not signed] S4 OracleJobSchedulerORCL; e:\app\kamil\product\11.2.0\dbhome_2\Bin\extjob.exe [49152 2010-04-02] () [File not signed] S4 OracleJobSchedulerRDFDB; e:\app\kamil\product\11.2.0\dbhome_4\Bin\extjob.exe [49152 2010-04-02] () [File not signed] S2 OracleMTSRecoveryService; E:\app\Kamil\product\11.2.0\dbhome_2\bin\omtsreco.exe [69632 2010-04-01] (Oracle Corporation) [File not signed] S3 OracleOraDb11g_home2ClrAgent; E:\app\Kamil\product\11.2.0\dbhome_3\bin\OraClrAgnt.exe [38400 2010-02-28] (Oracle Corporation) [File not signed] S3 OracleOraDb11g_home3ClrAgent; E:\app\Kamil\product\11.2.0\dbhome_4\bin\OraClrAgnt.exe [38400 2010-02-28] (Oracle Corporation) [File not signed] R2 OracleServiceDBRDF; e:\app\kamil\product\11.2.0\dbhome_3\bin\ORACLE.EXE [106487808 2010-04-02] (Oracle Corporation) [File not signed] R2 OracleServiceORCL; e:\app\kamil\product\11.2.0\dbhome_2\bin\ORACLE.EXE [106487808 2010-04-02] (Oracle Corporation) [File not signed] R2 OracleServiceRDFDB; e:\app\kamil\product\11.2.0\dbhome_4\bin\ORACLE.EXE [106487808 2010-04-02] (Oracle Corporation) [File not signed] S3 OracleVssWriterDBRDF; e:\app\kamil\product\11.2.0\dbhome_3\bin\OraVSSW.exe [159744 2010-04-02] () [File not signed] S3 OracleVssWriterORCL; e:\app\kamil\product\11.2.0\dbhome_2\bin\OraVSSW.exe [159744 2010-04-02] () [File not signed] S3 OracleVssWriterRDFDB; e:\app\kamil\product\11.2.0\dbhome_4\bin\OraVSSW.exe [159744 2010-04-02] () [File not signed] S3 Origin Client Service; D:\programy\Origin\OriginClientService.exe [2057736 2015-09-01] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-07-01] () R2 SamsungAllShareV2.0; D:\programy\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-03-02] (Samsung Electronics Co., Ltd.) S3 SimpleSlideShowServer; D:\programy\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TeamViewer; d:\Programy\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 OracleOraDb11g_home1TNSListener; E:\app\Kamil\product\11.2.0\dbhome_2\BIN\TNSLSNR [X] R2 OracleOraDb11g_home2TNSListener; E:\app\Kamil\product\11.2.0\dbhome_3\BIN\TNSLSNR [X] R2 OracleOraDb11g_home3TNSListener; E:\app\Kamil\product\11.2.0\dbhome_4\BIN\TNSLSNR [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-03-02] (LG Electronics Inc.) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15648 2014-01-06] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation) S3 RivaTuner64; D:\programy\riva tuner\RivaTuner64.sys [19952 2015-01-14] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-14 21:48 - 2017-07-14 21:48 - 00022379 _____ C:\Users\Kamil\Downloads\FRST.txt 2017-07-14 21:47 - 2017-07-14 21:48 - 00000000 ____D C:\FRST 2017-07-14 21:45 - 2017-07-14 21:45 - 02435584 _____ (Farbar) C:\Users\Kamil\Downloads\FRST64.exe 2017-07-14 21:45 - 2017-07-14 21:45 - 01780736 _____ (Farbar) C:\Users\Kamil\Downloads\FRST.exe 2017-07-14 21:41 - 2017-07-14 21:41 - 00602112 _____ (OldTimer Tools) C:\Users\Kamil\Downloads\OTL.exe 2017-07-14 20:32 - 2017-07-14 20:32 - 00023582 _____ C:\Windows\SysWOW64\nmesrvc_core_2017_7_14_20_32_45.dmp 2017-07-14 20:32 - 2017-07-14 20:32 - 00021558 _____ C:\Windows\SysWOW64\nmesrvc_core_2017_7_14_20_32_49.dmp 2017-07-14 19:35 - 2017-07-14 19:35 - 00001000 _____ C:\Users\Kamil\Desktop\DragonNetworkHB — skrót.lnk 2017-07-13 23:30 - 2017-07-13 23:30 - 01816452 _____ C:\Users\Kamil\Downloads\DragonNetworkHB.zip 2017-06-24 19:07 - 2017-07-14 20:49 - 00000000 ____D C:\Users\Kamil\AppData\Local\Spotify 2017-06-24 19:07 - 2017-06-24 19:07 - 00001813 _____ C:\Users\Kamil\Desktop\Spotify.lnk 2017-06-24 19:07 - 2017-06-24 19:07 - 00001799 _____ C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2017-06-24 19:06 - 2017-07-14 20:53 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Spotify ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-14 21:47 - 2015-02-04 20:20 - 00000000 ____D C:\TEMP 2017-07-14 21:34 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-07-14 21:34 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-07-14 21:01 - 2015-03-10 20:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2017-07-14 20:50 - 2015-04-20 20:07 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\GG 2017-07-14 20:34 - 2015-02-15 21:17 - 00000000 ____D C:\ProgramData\NVIDIA 2017-07-14 20:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-07-13 15:42 - 2017-05-30 21:36 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-07-13 15:42 - 2017-05-30 21:36 - 00002198 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-07-13 10:54 - 2016-08-23 22:44 - 00000000 ____D C:\Windows\Minidump 2017-07-13 10:32 - 2015-01-17 21:48 - 00004412 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-07-13 10:32 - 2015-01-10 19:41 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-07-13 10:32 - 2015-01-10 19:41 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-07-13 10:31 - 2015-07-15 18:36 - 05824512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2017-07-13 10:31 - 2015-01-10 19:41 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-07-13 10:31 - 2015-01-10 19:41 - 00000000 ____D C:\Windows\system32\Macromed 2017-06-24 22:12 - 2015-07-09 13:25 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-06-24 18:49 - 2015-01-10 19:10 - 00743132 _____ C:\Windows\system32\perfh015.dat 2017-06-24 18:49 - 2015-01-10 19:10 - 00156586 _____ C:\Windows\system32\perfc015.dat 2017-06-24 18:49 - 2009-07-14 07:13 - 01678208 _____ C:\Windows\system32\PerfStringBackup.INI 2017-06-24 18:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf ==================== Files in the root of some directories ======= 2016-06-01 22:39 - 2016-06-01 22:39 - 0000132 _____ () C:\Users\Kamil\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG 2015-03-10 20:51 - 2017-03-23 22:55 - 0008641 _____ () C:\Users\Kamil\AppData\Local\unins000.dat 2017-03-23 22:55 - 2017-03-23 22:55 - 0711640 _____ () C:\Users\Kamil\AppData\Local\unins000.exe 2015-03-10 20:51 - 2017-03-23 22:55 - 0011761 _____ () C:\Users\Kamil\AppData\Local\unins000.msg Some files in TEMP: ==================== 2011-10-19 23:24 - 2011-10-19 23:24 - 0336280 ____R (Microsoft Corporation) C:\Users\Kamil\AppData\Local\Temp\rootsupd.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-05-28 23:03 ==================== End of FRST.txt ============================