Przysyłam logi z przed i po zmianach które mi zaleciłeś.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Tomek (administrator) on TOMEK-KOMPUTER on 28-01-2015 19:48:08
Running from C:\Users\Tomek\Downloads
Loaded Profiles: Tomek & UpdatusUser (Available profiles: Tomek & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Acresso Software Inc.) C:\SIMULIA\License\lmgrd.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Acresso Software Inc.) C:\SIMULIA\License\lmgrd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\ProductPointService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Autodesk Inc.) C:\Users\Tomek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) D:\Antywirus\ccleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dassault Systemes SIMULIA Corp) C:\SIMULIA\License\ABAQUSLM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Tomek\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Tomek\AppData\Local\Akamai\netsession_win.exe
(Enigma Software Group USA, LLC.) C:\Users\Tomek\Downloads\SpyHunter-Installer(1).exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Enigma Software Group USA, LLC) C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla31.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AmIcoSinglun64] = & gt; C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] = & gt; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-04] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] = & gt; C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [ATKOSD2] = & gt; C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] = & gt; C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] = & gt; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] = & gt; C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [GrooveMonitor] = & gt; C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] = & gt; [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] = & gt; C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files (x86)\Java\jre6\bin\jusched.exe [136600 2013-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] = & gt; C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] = & gt; C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software)
HKLM-x32\...\Run: [ADSKAppManager] = & gt; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [480648 2014-04-01] (Autodesk Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] = & gt; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\...\Run: [AutoStartNPSAgent] = & gt; C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\...\Run: [Akamai NetSession Interface] = & gt; C:\Users\Tomek\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\...\Run: [GoogleDriveSync] = & gt; C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\...\Run: [CCleaner Monitoring] = & gt; D:\Antywirus\ccleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000
HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\...\Policies\Explorer: []
HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\...\MountPoints2: {9dc1fdc6-5e6d-11e1-9e4f-806e6f6e6963} - F:\InstAll.exe
HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\...\MountPoints2: {bd5983ca-6edf-11e1-a6ec-742f68da936e} - I:\START.EXE
HKU\S-1-5-18\...\Run: [Autodesk Sync] = & gt; C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] = & gt; C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll = & gt; C:\Windows\system32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll = & gt; c:\windows\syswow64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll = & gt; C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk - & gt; C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windchill ProductPoint Client Manager.lnk
ShortcutTarget: Windchill ProductPoint Client Manager.lnk - & gt; C:\Windows\Installer\{129024FF-A6C9-4696-91BC-570C6C05193A}\_F5BCEE176F60B4DABC6DF8.exe ()
Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] - & gt; {36A21736-36C2-4C11-8ACB-D4136F2B57BD} = & gt; C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [Uchwyt nakładania ikony podpisu cyfrowego] - & gt; {36A21736-36C2-4C11-8ACB-D4136F2B57BD} = & gt; C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction & lt; ======= ATTENTION
CHR HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\SOFTWARE\Policies\Google: Policy restriction & lt; ======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=180 & d=20140603
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms} & FORM=AVASDF & PC=AV01
HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - & gt; {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms} & FORM=AVASDF & PC=AV01
SearchScopes: HKU\S-1-5-21-3186882651-1329203845-2472975216-1000 - & gt; {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms} & FORM=AVASDF & PC=AV01
SearchScopes: HKU\S-1-5-21-3186882651-1329203845-2472975216-1000 - & gt; {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO-x32: Adobe PDF Reader Link Helper - & gt; {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - & gt; C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class - & gt; {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - & gt; C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\b3jy8c5s.default
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE - & gt; disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - & gt; C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - & gt; E:\picasa\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - & gt; C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\b3jy8c5s.default\searchplugins\bing-avast.xml
FF Extension: Adblock Plus - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\b3jy8c5s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-21]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Antywirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-05]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-05]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Antywirus\Mozilla Thunderbird
Chrome:
=======
CHR HomePage: Default - & gt; hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: Default - & gt; " hxxp://www.msn.com/?pc=AV01 "
CHR DefaultSearchKeyword: Default - & gt; bing1.com
CHR DefaultSearchURL: Default - & gt; http://www.bing.com/search?q={searchTerms} & FORM=AVASDF & PC=AV01
CHR DefaultSuggestURL: Default - & gt; http://api.bing.com/osjson.aspx?query={searchTerms} & language={language} & FORM=AVASDF & PC=AV01
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Picasa) - E:\picasa\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Profile: C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]
CHR HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tomek\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-03]
CHR HKU\S-1-5-21-3186882651-1329203845-2472975216-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 SIMULIA FLEXnet License Server; C:\SIMULIA\License\lmgrd.exe [1767688 2011-07-18] (Acresso Software Inc.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [581000 2014-04-01] (Autodesk Inc.)
R2 Atheros Bt & Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-02] (AVAST Software)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [153600 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [5624320 2010-09-17] (Firebird Project) [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-12-09] (Freemake) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [216080 2012-05-16] (Nitro PDF Software)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-03-31] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-15] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S0 qujmqewn; System32\drivers\ulutrta.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 19:48 - 2015-01-28 19:49 - 00022565 _____ () C:\Users\Tomek\Downloads\FRST.txt
2015-01-28 19:48 - 2015-01-28 19:48 - 00000000 ____D () C:\FRST
2015-01-28 19:47 - 2015-01-28 19:47 - 02130432 _____ (Farbar) C:\Users\Tomek\Downloads\FRST64.exe
2015-01-28 19:05 - 2015-01-28 19:06 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Tomek\Downloads\SpyHunter-Installer(1).exe
2015-01-28 15:04 - 2015-01-28 15:04 - 00006240 _____ () C:\Users\Tomek\Downloads\sidoma(3).jnlp
2015-01-28 12:17 - 2015-01-28 12:17 - 00000198 ____H () C:\Users\Tomek\Downloads\TomekPrzesmycka.dwl2
2015-01-28 12:17 - 2015-01-28 12:17 - 00000048 ____H () C:\Users\Tomek\Downloads\TomekPrzesmycka.dwl
2015-01-28 12:04 - 2015-01-28 12:13 - 304226362 _____ () C:\Users\Tomek\Downloads\TomekPrzesmycka.dwg
2015-01-26 22:41 - 2015-01-26 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 09:31 - 2015-01-24 09:31 - 20324640 _____ () C:\Users\Tomek\Desktop\sprawoydanie.rar
2015-01-24 09:23 - 2015-01-24 09:30 - 00000000 ____D () C:\Users\Tomek\Desktop\sprawoydanie
2015-01-23 10:40 - 2015-01-23 10:40 - 00000269 _____ () C:\Users\Tomek\Desktop\support octane one truvativ shimano.URL
2015-01-21 17:07 - 2015-01-21 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-21 17:07 - 2015-01-21 17:07 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-14 20:52 - 2015-01-14 20:53 - 22248113 _____ () C:\Users\Tomek\Downloads\Projekt-TiTB.rar
2015-01-14 14:05 - 2015-01-14 14:09 - 06649717 _____ () C:\Users\Tomek\Downloads\fwdbezwykopowe.zip
2015-01-14 13:57 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 13:57 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 13:57 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 13:57 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 13:57 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 13:57 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 13:57 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 13:48 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 13:48 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 13:48 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 13:48 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 13:48 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 13:48 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 13:32 - 2015-01-14 13:32 - 00000034 ____H () C:\Users\Tomek\Downloads\.picasa.ini
2015-01-13 19:03 - 2015-01-13 19:30 - 49073647 _____ () C:\Users\Tomek\Downloads\Techniki i technologie bezwykopowe.rar
2015-01-11 15:26 - 2015-01-11 15:26 - 00213802 _____ () C:\Users\Tomek\Downloads\7.dwg
2015-01-11 14:43 - 2015-01-11 14:44 - 00970349 _____ () C:\Users\Tomek\Downloads\SPRAWOZDANIE CHARAKTERYSTYKA WENTYLATORA OSIOWEGO 2.pptx
2015-01-11 14:43 - 2015-01-11 14:43 - 00061440 _____ () C:\Users\Tomek\Downloads\tom.xls
2015-01-11 14:43 - 2015-01-11 14:43 - 00058368 _____ () C:\Users\Tomek\Downloads\Wentylatory.xls
2015-01-11 14:43 - 2015-01-11 14:43 - 00027429 _____ () C:\Users\Tomek\Downloads\Obliczenia moje.xlsx
2015-01-11 14:43 - 2015-01-11 14:43 - 00022861 _____ () C:\Users\Tomek\Downloads\Charakterystyka wentylatora -excel.xlsx
2015-01-10 18:55 - 2015-01-10 18:55 - 00072929 _____ () C:\Users\Tomek\Downloads\graf(1).dwg
2015-01-10 13:25 - 2015-01-10 13:25 - 00072929 _____ () C:\Users\Tomek\Downloads\graf.dwg
2015-01-10 10:17 - 2015-01-10 10:17 - 00574863 _____ () C:\Users\Tomek\Downloads\fwdzarzadzanie.zip
2015-01-09 17:45 - 2015-01-09 17:45 - 00187924 _____ () C:\Users\Tomek\Downloads\02.dwg
2015-01-09 02:15 - 2015-01-09 02:15 - 00002525 _____ () C:\Users\Tomek\Downloads\setup.exe
2015-01-09 00:53 - 2015-01-09 00:54 - 01162817 _____ () C:\Users\Tomek\Downloads\the%20egyptian%20pyramids%20olivia%20pandolfi.ppt
2015-01-09 00:49 - 2015-01-09 00:50 - 00469504 _____ () C:\Users\Tomek\Downloads\7wonders-pyramid.ppt
2015-01-09 00:38 - 2015-01-09 00:40 - 02778624 _____ () C:\Users\Tomek\Downloads\Building the Ancient Pyramids_Work, Simple Machines and Energy.ppt
2015-01-04 03:54 - 2015-01-04 03:54 - 00000000 __SHD () C:\Users\Tomek\AppData\Local\EmieBrowserModeList
2014-12-29 14:53 - 2015-01-03 12:48 - 00000000 ____D () C:\Users\Tomek\Desktop\Ania
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 19:17 - 2012-10-25 17:54 - 00000000 ____D () C:\Users\Tomek\AppData\Local\LogMeIn Hamachi
2015-01-28 19:17 - 2012-03-06 22:46 - 00000000 ____D () C:\Users\Tomek\AppData\Local\CrashDumps
2015-01-28 19:06 - 2014-10-13 13:17 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2015-01-28 18:52 - 2013-09-05 21:27 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 18:52 - 2012-09-03 07:44 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 18:47 - 2014-10-20 15:01 - 01504771 ____N () C:\Windows\WindowsUpdate.log
2015-01-28 18:47 - 2013-05-06 11:20 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Akamai
2015-01-28 15:11 - 2009-07-14 05:45 - 00028096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 15:11 - 2009-07-14 05:45 - 00028096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 15:01 - 2014-08-03 20:28 - 00000000 ___RD () C:\Users\Tomek\Dysk Google
2015-01-28 14:59 - 2013-09-05 21:27 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 14:59 - 2012-02-09 19:46 - 00000000 ___HD () C:\ASUS.DAT
2015-01-28 14:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 13:14 - 2012-06-01 15:32 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Nitro PDF
2015-01-28 12:17 - 2014-01-05 09:30 - 00000000 ____D () C:\Users\Tomek\AppData\Local\cache
2015-01-28 08:55 - 2012-05-07 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 20:43 - 2014-11-03 20:33 - 00003884 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1415043224
2015-01-27 20:43 - 2014-11-03 20:33 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-27 20:40 - 2013-06-23 20:25 - 00000000 ____D () C:\Users\Tomek\Desktop\PAWEŁ
2015-01-27 13:56 - 2014-08-03 20:18 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-27 13:56 - 2014-08-03 20:18 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-27 13:56 - 2014-08-03 20:18 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-27 13:56 - 2014-08-03 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 13:01 - 2013-01-23 07:32 - 00000000 ____D () C:\Users\Tomek\Desktop\Piotr Drożyński
2015-01-25 23:52 - 2012-09-03 07:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 23:52 - 2012-09-03 07:44 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 23:52 - 2012-03-06 22:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 12:29 - 2014-10-20 00:03 - 00000000 ____D () C:\Users\Tomek\Desktop\Tomek sem 2
2015-01-21 20:35 - 2009-07-14 18:55 - 00752084 _____ () C:\Windows\system32\perfh015.dat
2015-01-21 20:35 - 2009-07-14 18:55 - 00159966 _____ () C:\Windows\system32\perfc015.dat
2015-01-21 20:35 - 2009-07-14 06:13 - 01701278 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 20:19 - 2013-09-05 21:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-14 11:32 - 2012-10-25 20:36 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-01-14 00:58 - 2014-01-05 09:33 - 00000000 ____D () C:\Users\Tomek\AppData\Local\WMTools Downloaded Files
2015-01-11 11:36 - 2014-10-17 14:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-06 04:36 - 2013-04-13 10:16 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 23:58 - 2013-10-24 22:49 - 00000000 ____D () C:\Users\Tomek\Desktop\Tomek
==================== Files in the root of some directories =======
2014-01-05 16:22 - 2014-11-13 21:57 - 0012288 _____ () C:\Users\Tomek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-17 21:33 - 2014-11-17 21:33 - 0032196 _____ () C:\Users\Tomek\AppData\Local\recently-used.xbel
2012-04-30 22:36 - 2012-04-30 22:36 - 0002180 _____ () C:\Users\Tomek\AppData\Local\unins000.dat
2012-04-30 22:36 - 2012-04-30 22:36 - 0707504 _____ () C:\Users\Tomek\AppData\Local\unins000.exe
2012-04-30 22:36 - 2012-04-30 22:36 - 0011761 _____ () C:\Users\Tomek\AppData\Local\unins000.msg
2014-02-24 18:49 - 2014-02-24 18:49 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-24 18:00 - 2014-07-29 12:10 - 0000205 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Files to move or delete:
====================
C:\Users\Tomek\bobob.exe
C:\Users\Tomek\heheh.exe
C:\Users\Tomek\jijij.exe
C:\Users\Tomek\vuvuv.exe
C:\Users\Tomek\wuwuw.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe = & gt; File is digitally signed
C:\Windows\System32\wininit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\wininit.exe = & gt; File is digitally signed
C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe = & gt; File is digitally signed
C:\Windows\System32\svchost.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe = & gt; File is digitally signed
C:\Windows\System32\services.exe = & gt; File is digitally signed
C:\Windows\System32\User32.dll = & gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll = & gt; File is digitally signed
C:\Windows\System32\userinit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe = & gt; File is digitally signed
C:\Windows\System32\rpcss.dll = & gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys = & gt; File is digitally signed
LastRegBack: 2014-04-29 18:18
==================== End Of Log ============================