Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:27-01-2016 Uruchomiony przez wizard (administrator) WIZARD-KOMPUTER (02-02-2016 11:49:10) Uruchomiony z C:\Users\wizard\Downloads Załadowane profile: wizard (Dostępne profile: wizard) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Firebird Project) C:\Program Files\Firebird\Firebird\bin\fbguard.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) C:\Windows\System32\HPSIsvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\wizard\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Firebird Project) C:\Program Files\Firebird\Firebird\bin\fbserver.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Acronis) C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (PhotoSoft Marcin Kozak) C:\Program Files\PhotoSoft\EasyUploader\EasyUploader.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [UsBuga Acronis Scheduler2] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391232 2010-09-21] (Acronis) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2727568 2015-04-26] () HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company) HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-15] (AVAST Software) HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536752 2010-09-02] (Acronis) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5511008 2010-09-21] (Acronis) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\Run: [Spotify Web Helper] => C:\Users\wizard\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-25] (Spotify Ltd) HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\MountPoints2: {027832db-c593-11e5-b1d4-00219b508944} - H:\AutoRun.exe HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\MountPoints2: {2b22f6d0-28f8-11e2-aeb9-00219b508944} - G:\SISetup.exe HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\MountPoints2: {391ec6e6-9488-11e3-8ec9-00219b508944} - L:\MicroLauncher.exe HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\MountPoints2: {7f20cbd0-03e0-11e3-bd72-00219b508944} - F:\AutoRun.exe HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\MountPoints2: {ca9845df-5e99-11e5-9966-00219b508944} - F:\AutoRun.exe HKU\S-1-5-21-1983712293-639761611-1462550138-1000\...\MountPoints2: {ca9845ee-5e99-11e5-9966-00219b508944} - F:\AutoRun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-15] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2012-11-07] ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Users\wizard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Quick Launcher.lnk [2014-02-04] ShortcutTarget: Adobe Quick Launcher.lnk -> C:\Users\wizard\AppData\Local\Temp\AcroRdr.exe (Brak pliku) Startup: C:\Users\wizard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-08-26] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) GroupPolicyScripts: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 91.206.64.15 8.8.8.8 Tcpip\..\Interfaces\{20DCCE02-0EB2-41CE-816E-FC2EE2710B7A}: [DhcpNameServer] 91.206.64.15 8.8.8.8 Tcpip\..\Interfaces\{70EFCB86-FCAE-4ED2-A9F6-FC0D2700009B}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{73F66179-8F7C-46BC-9326-E2AA5CB90377}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{940E71FC-D93D-4F7A-99CA-402DBCF834A5}: [NameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{DC15A3F8-9957-4E7F-B581-31286060DFF2}: [DhcpNameServer] 91.206.64.15 8.8.8.8 Tcpip\..\Interfaces\{E4D1EF5E-CFC7-458A-A4E3-4900CE51A288}: [DhcpNameServer] 91.206.64.15 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1983712293-639761611-1462550138-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1983712293-639761611-1462550138-1000 -> DefaultScope {90DA6600-B649-4A6C-A974-BFEB2539AD82} URL = hxxp://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKU\S-1-5-21-1983712293-639761611-1462550138-1000 -> {8B910753-EAE5-4AA8-9D6E-26C74F7B89BC} URL = hxxp://www.allegro.pl/search.php?sg=0&string={searchTerms} SearchScopes: HKU\S-1-5-21-1983712293-639761611-1462550138-1000 -> {90DA6600-B649-4A6C-A974-BFEB2539AD82} URL = hxxp://www.google.com/search?hl=pl&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-07] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-15] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-07] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-15] (AVAST Software) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation) Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\wizard\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF DefaultSearchEngine: yessearches FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=8D98544BB291868C8954371BB6FF547B&ptid=ior&ts=AHEpB3EkAHUmBU..&v=20160121&mode=ffexttoolbar&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-11-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-11-07] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-26] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-26] (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-12-14] (Zeon Corporation) FF Plugin HKU\S-1-5-21-1983712293-639761611-1462550138-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\wizard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-12] (Unity Technologies ApS) FF SearchPlugin: C:\Users\wizard\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yessearches.xml [2016-02-02] FF Extension: PEKAO S.A. Sign Plugin - C:\Users\wizard\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\SignPlugin@pekao.pl [2016-02-02] FF Extension: PEKAO S.A. Sign Plugin - C:\Users\wizard\AppData\Roaming\Mozilla\Firefox\Profiles\t64isnye.default\Extensions\SignPlugin@pekao.pl [2015-12-22] FF Extension: GsearchFinder - C:\Users\wizard\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-01-21] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-16] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-15] Chrome: ======= CHR StartupUrls: Default -> "hxxp://player.polskieradio.pl/-3" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\ppGoogleNaClPluginChrome.dll => Brak pliku CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\pdf.dll => Brak pliku CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll => Brak pliku CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => Brak pliku CHR Plugin: (DocuCom PDF Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => Brak pliku CHR Profile: C:\Users\wizard\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dysk Google) - C:\Users\wizard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30] CHR Extension: (YouTube) - C:\Users\wizard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Google Search) - C:\Users\wizard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Dokumenty Google offline) - C:\Users\wizard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19] CHR Extension: (Avast Online Security) - C:\Users\wizard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-05] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\wizard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-14] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\wizard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29] CHR Extension: (Gmail) - C:\Users\wizard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31] CHR HKU\S-1-5-21-1983712293-639761611-1462550138-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-15] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-15] (AVAST Software) R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird\bin\fbguard.exe [155136 2011-10-03] (Firebird Project) [Brak podpisu cyfrowego] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird\bin\fbserver.exe [5683712 2011-10-03] (Firebird Project) [Brak podpisu cyfrowego] R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [Brak podpisu cyfrowego] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2693448 2015-04-26] () S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2015-09-19] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 Winsere; C:\Program Files (x86)\Winsere\Winsere\Winsere.exe [295096 2016-01-25] () ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-15] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-15] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-15] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-11-05] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2015-09-19] (Huawei Technologies Co., Ltd.) R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) [Brak podpisu cyfrowego] S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) S3 massfilter; system32\drivers\massfilter.sys [X] U4 WMCoreService; Brak ImagePath S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-02-02 11:49 - 2016-02-02 11:49 - 00023805 _____ C:\Users\wizard\Downloads\FRST.txt 2016-02-02 11:48 - 2016-02-02 11:49 - 00000000 ____D C:\FRST 2016-02-02 11:47 - 2016-02-02 11:47 - 02370560 _____ (Farbar) C:\Users\wizard\Downloads\FRST64.exe 2016-02-02 10:10 - 2016-02-02 10:10 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-02-02 10:09 - 2016-02-02 10:09 - 00987728 _____ (Google Inc.) C:\Users\wizard\Downloads\ChromeSetup(2).exe 2016-02-02 10:07 - 2016-02-02 10:07 - 00987728 _____ (Google Inc.) C:\Users\wizard\Downloads\ChromeSetup(1).exe 2016-02-02 10:06 - 2016-02-02 10:06 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd 2016-02-02 09:56 - 2016-02-02 09:57 - 00987728 _____ (Google Inc.) C:\Users\wizard\Downloads\ChromeSetup.exe 2016-02-02 09:53 - 2016-02-02 09:53 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-02-02 09:51 - 2016-02-02 09:52 - 00242312 _____ C:\Users\wizard\Downloads\Firefox Setup Stub 44.0.exe 2016-02-02 09:33 - 2016-02-02 09:33 - 01508352 _____ C:\Users\wizard\Downloads\adwcleaner_5.032.exe 2016-02-02 09:30 - 2016-02-02 09:32 - 00000000 ____D C:\Users\wizard\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-02-02 09:30 - 2016-02-02 09:30 - 06160320 _____ (LinuxLive USB Creator) C:\Users\wizard\Downloads\LinuxLive USB Creator 2.9.4 [1].exe 2016-02-02 09:30 - 2016-02-02 09:30 - 00015236 _____ C:\Windows\System32\Tasks\WinTaske 2016-02-02 09:30 - 2016-02-02 09:30 - 00000000 ____D C:\Users\Public\Documents\dmp 2016-02-02 09:30 - 2016-02-02 09:30 - 00000000 ____D C:\Program Files (x86)\WinTaske 2016-02-02 09:30 - 2016-02-02 09:30 - 00000000 ____D C:\Program Files (x86)\Winsere 2016-02-02 09:03 - 2016-02-02 09:03 - 00007680 ___SH C:\Users\wizard\Downloads\Thumbs.db 2016-02-02 08:56 - 2016-02-02 09:38 - 00098304 ___SH C:\Users\wizard\Desktop\Thumbs.db 2016-02-01 13:36 - 2016-02-01 13:36 - 00000546 _____ C:\Users\wizard\Desktop\swieta.txt 2016-02-01 12:21 - 2016-02-01 12:21 - 00194488 _____ C:\Users\wizard\Desktop\FK0001_02_16 - Faktura korygują.pdf 2016-02-01 09:08 - 2016-02-01 09:11 - 00000038 _____ C:\Users\wizard\Desktop\SZUMIEC.txt 2016-01-30 09:25 - 2016-01-30 09:52 - 00000164 _____ C:\Users\wizard\Desktop\Nowy dokument tekstowy (2).txt 2016-01-29 10:10 - 2016-01-29 10:10 - 00000000 _____ C:\Users\wizard\Desktop\Nowy dokument tekstowy.txt 2016-01-28 12:53 - 2015-08-11 12:22 - 03067392 _____ C:\Windows\system32\pwNative.exe 2016-01-28 12:53 - 2013-09-30 15:26 - 00019152 ____N C:\Windows\system32\pwdrvio.sys 2016-01-28 12:53 - 2013-09-30 15:26 - 00012504 ____N C:\Windows\system32\pwdspio.sys 2016-01-28 11:33 - 2016-01-28 12:53 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1 2016-01-28 11:33 - 2016-01-28 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.1 2016-01-28 11:27 - 2016-01-28 11:28 - 32262960 _____ (MiniTool Solution Ltd. ) C:\Users\wizard\Downloads\pwfree91.exe 2016-01-27 09:49 - 2016-01-27 09:49 - 00000014 _____ C:\Users\wizard\Desktop\15158.txt 2016-01-27 09:49 - 2016-01-27 09:49 - 00000000 ____D C:\Users\wizard\AppData\Roaming\PC Suite 2016-01-27 09:49 - 2016-01-27 09:49 - 00000000 ____D C:\Users\wizard\AppData\Roaming\Nokia 2016-01-27 09:49 - 2016-01-27 09:49 - 00000000 ____D C:\ProgramData\PC Suite 2016-01-27 09:29 - 2016-01-27 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite 2016-01-27 09:28 - 2016-01-27 09:29 - 00000000 ____D C:\Program Files\DIFX 2016-01-27 09:28 - 2016-01-27 09:28 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution 2016-01-27 09:28 - 2012-06-11 11:33 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys 2016-01-27 09:28 - 2012-01-09 17:28 - 00057856 _____ (Nokia) C:\Windows\system32\nmwcdclsX64.dll 2016-01-27 09:27 - 2016-01-27 09:27 - 00000000 ____D C:\ProgramData\Installations 2016-01-18 13:23 - 2016-01-28 17:06 - 00000000 ____D C:\Users\wizard\Desktop\REKLAMACJE 2016-01-16 10:32 - 2016-02-01 10:51 - 00000000 ____D C:\Users\wizard\Desktop\UH17380E 2016-01-16 10:20 - 2016-01-16 11:18 - 00000000 ____D C:\Users\wizard\Desktop\UH17109S 2016-01-16 10:11 - 2016-01-16 10:48 - 00000000 ____D C:\Users\wizard\Desktop\UH17010E 2016-01-14 14:14 - 2016-01-22 17:04 - 00000000 ____D C:\Users\wizard\Desktop\DO_WYSTAWIENIA_2016 2016-01-13 10:26 - 2016-01-13 10:26 - 00001564 _____ C:\Users\wizard\Desktop\TŁUMACZENIA PANELIPRALEK.txt 2016-01-12 16:59 - 2016-01-22 16:53 - 00000156 _____ C:\Users\wizard\Desktop\TRUSZC_ZESTAW.txt 2016-01-11 09:07 - 2016-01-11 10:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2016-01-07 11:53 - 2016-02-01 17:05 - 00000000 ____D C:\Users\wizard\Desktop\Miniaturki 2016-01-07 10:50 - 2016-02-01 12:02 - 00000000 ____D C:\Users\wizard\Desktop\MINIATURKA 2016-01-07 09:32 - 2016-02-02 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-02-02 11:40 - 2015-08-12 16:00 - 00000000 ____D C:\Users\wizard\Desktop\DOKUMENTY 2016-02-02 11:27 - 2015-07-10 11:06 - 00000000 ____D C:\Users\wizard\Desktop\KEX_KT 2016-02-02 11:08 - 2015-11-23 15:50 - 00000000 ____D C:\Users\wizard\Desktop\PRZESYŁKI 2016-02-02 11:02 - 2013-01-03 13:02 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-02 11:00 - 2015-09-23 11:00 - 00042746 _____ C:\Users\wizard\Network_Meter_Data.js 2016-02-02 10:53 - 2014-03-01 09:30 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-02-02 10:12 - 2013-01-22 09:34 - 00000000 ____D C:\ProgramData\firebird 2016-02-02 10:12 - 2009-07-14 05:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-02 10:12 - 2009-07-14 05:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-02 10:10 - 2013-01-03 13:03 - 00002290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-02 10:05 - 2015-09-23 10:50 - 00005717 _____ C:\Users\wizard\IP_Log_Data.js 2016-02-02 10:04 - 2013-01-03 13:02 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-02 10:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-02 10:03 - 2015-09-18 08:50 - 00000000 ____D C:\AdwCleaner 2016-02-02 10:03 - 2015-08-22 09:11 - 00000000 ____D C:\ProgramData\NVIDIA 2016-02-02 10:03 - 2012-11-07 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-02 09:57 - 2013-01-03 13:02 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-02 09:57 - 2013-01-03 13:02 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-02 09:53 - 2012-11-07 15:38 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-02-02 09:39 - 2012-11-08 15:01 - 00000000 ____D C:\Users\wizard\Desktop\Firma 2016-02-02 09:30 - 2011-04-12 14:21 - 00787146 _____ C:\Windows\system32\perfh015.dat 2016-02-02 09:30 - 2011-04-12 14:21 - 00173654 _____ C:\Windows\system32\perfc015.dat 2016-02-02 09:30 - 2009-07-14 06:13 - 01802008 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-02 09:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-02-02 08:58 - 2015-12-06 12:58 - 00000000 ____D C:\Users\wizard\AppData\Roaming\TS3Client 2016-02-02 08:58 - 2015-11-05 14:31 - 00000000 ____D C:\Users\wizard\AppData\Roaming\DAEMON Tools Lite 2016-02-01 17:25 - 2015-09-23 10:53 - 00000026 _____ C:\Users\wizard\AppData\Roaming\Network Meter_Usage.ini 2016-01-30 12:41 - 2015-09-01 14:52 - 00000000 ____D C:\Users\wizard\Desktop\LOGA 2016-01-28 08:46 - 2014-02-05 12:47 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-01-27 09:28 - 2015-01-13 09:34 - 00000000 ____D C:\Program Files (x86)\Nokia 2016-01-26 13:03 - 2015-09-09 13:22 - 00000000 ____D C:\Users\wizard\AppData\Local\CrashDumps 2016-01-22 10:36 - 2015-05-28 13:09 - 00000000 ____D C:\Users\wizard\.swt 2016-01-22 08:50 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-01-21 08:51 - 2014-02-05 12:47 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2016-01-21 08:51 - 2014-02-05 12:47 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2016-01-20 11:53 - 2014-03-01 09:30 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-01-20 11:53 - 2012-11-07 15:07 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-01-20 11:53 - 2012-11-07 15:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-14 09:05 - 2015-09-03 15:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-01-14 09:05 - 2015-09-03 15:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-01-13 16:06 - 2015-11-07 12:02 - 00000000 ____D C:\Users\wizard\Documents\Corel User Files 2016-01-13 11:02 - 2015-12-05 09:36 - 00000000 ____D C:\Users\wizard\Desktop\skan dawid 2016-01-08 11:01 - 2015-08-05 09:16 - 00001123 _____ C:\Users\wizard\Desktop\EasyUploader v3.lnk 2016-01-05 09:51 - 2015-08-08 08:20 - 00000000 ____D C:\FAKTUR_BAZA ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-03-05 11:05 - 2014-06-25 09:30 - 0000529 _____ () C:\Users\wizard\AppData\Roaming\burnaware.ini 2015-09-23 10:51 - 2015-10-01 10:17 - 0001047 _____ () C:\Users\wizard\AppData\Roaming\Network Meter_Settings.ini 2015-09-23 10:53 - 2016-02-01 17:25 - 0000026 _____ () C:\Users\wizard\AppData\Roaming\Network Meter_Usage.ini 2012-11-09 13:26 - 2014-03-26 09:10 - 0000600 _____ () C:\Users\wizard\AppData\Local\PUTTY.RND 2013-05-22 11:13 - 2013-05-22 11:13 - 0000838 _____ () C:\Users\wizard\AppData\Local\recently-used.xbel 2013-03-13 11:17 - 2013-03-13 11:17 - 0000017 _____ () C:\Users\wizard\AppData\Local\resmon.resmoncfg 2013-05-02 10:21 - 2010-03-30 11:12 - 0024772 _____ () C:\ProgramData\P1210DEF.css 2013-05-02 10:21 - 2013-05-02 10:21 - 0014969 _____ () C:\ProgramData\P1210OS.HTM 2013-05-02 10:21 - 2010-03-30 11:12 - 0002944 _____ () C:\ProgramData\P1210SIG.GIF Pliki do przeniesienia lub usunięcia: ==================== C:\Users\wizard\IP_Log_Data.js C:\Users\wizard\Network_Meter_Data.js Niektóre pliki w TEMP: ==================== C:\Users\wizard\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-01-29 17:26 ==================== Koniec FRST.txt ============================