Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015 Ran by Artur (administrator) on ARTUR-PC (30-11-2015 13:59:38) Running from C:\FRST\FRST-OlderVersion\FRST-OlderVersion Loaded Profiles: Artur (Available Profiles: Artur) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 9 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (ALLPlayer.org) C:\Program Files (x86)\ALLMediaServer\mediaserver.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Spotify Ltd) C:\Users\Artur\AppData\Roaming\Spotify\SpotifyWebHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-11-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\chomikbox.exe HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [HTC Home Widget] => C:\Program Files\HTC Home\HTCHome.exe HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [ChicaPasswordManager] => "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [ALLMediaServer] => C:\Program Files (x86)\ALLMediaServer\MediaServer.exe [4985856 2013-07-17] (ALLPlayer.org) HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google) HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [Spotify Web Helper] => C:\Users\Artur\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-18] (Spotify Ltd) HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [GoogleChromeAutoLaunch_3A296C0ACDADF5B094811AC2117AD290] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.) HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\RunOnce: [Adobe Speed Launcher] => 1448881532 HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{1F620D6B-0E3F-4915-8977-141F7C2BC5BA}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{936323A7-FD0B-4FCD-9044-F08753E813ED}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{936323A7-FD0B-4FCD-9044-F08753E813ED}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A2BE7100-E798-44A5-B7C2-AB657945A56D}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{BE3B9C67-EDF3-4F75-8EA2-AF804AA4A8CE}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{BE3B9C67-EDF3-4F75-8EA2-AF804AA4A8CE}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{F9DF8245-4F0A-49AE-BCB8-E571305B69D4}: [NameServer] 104.197.191.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=22.5.5.15 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=22.5.5.15 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=22.5.5.15 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=22.5.5.15 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=22.5.5.15 HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-27] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-27] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2011-10-15] (CANON INC.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2011-10-15] (CANON INC.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) Toolbar: HKU\S-1-5-21-3076302344-2742556548-4197340800-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File FireFox: ======== FF ProfilePath: C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\j9t66fvp.default FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-02-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-27] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-22] (CANON INC.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3076302344-2742556548-4197340800-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-26] (The Happy Cloud) FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2015-11-29] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon Chrome: ======= CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1397921440&from=wpc&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUS50820008200 CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr CHR DefaultSearchKeyword: Default -> NortonSafe CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff CHR Profile: C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Przelewy24) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2015-10-04] CHR Extension: (Dokumenty Google) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Dysk Google) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30] CHR Extension: (YouTube) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Norton Security Toolbar) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-11-30] CHR Extension: (Google Search) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Norton Home Page for Chrome) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-11-29] CHR Extension: (Pulpit zdalny Chrome) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-04] CHR Extension: (Dokumenty Google offline) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (TuneIn Radio) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhkolpgedpldcfmkgbdokgiljfbblpfj [2015-05-27] CHR Extension: (Norton Identity Safe) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-11-29] CHR Extension: (Evernote Web) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-05-27] CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-11-14] CHR Extension: (Norton Safe) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-11-29] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28] CHR Extension: (Gmail) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-29] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Artur\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-03-14] CHR HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-29] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.) S4 downlsad; C:\Users\Artur\AppData\Local\Zottechi.exe [46592 2015-11-26] () [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-11-05] (NVIDIA Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-11-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-11-05] (NVIDIA Corporation) S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\SNSvc.dll",service ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-22] (Symantec Corporation) R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [23944 2010-04-06] (IVT Corporation.) S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2010-04-06] () R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-29] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-29] (Symantec Corporation) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-11-27] () R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151126.001\IDSvia64.sys [767224 2015-11-26] (Symantec Corporation) S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151129.032\ENG64.SYS [138488 2015-11-29] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151129.032\EX64.SYS [2148080 2015-11-29] (Symantec Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-11-05] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-11-05] (NVIDIA Corporation) S3 PN-70A50A; C:\Windows\System32\DRIVERS\PN-70A.sys [594944 2015-01-07] (PIONEER HOME ELECTRONICS) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-12] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-11-29] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-12] (Symantec Corporation) S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] U3 kglorpog; \??\C:\Users\Artur\AppData\Local\Temp\kglorpog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-30 13:58 - 2015-11-30 13:59 - 00026826 _____ C:\Users\Artur\Desktop\GMER.txt 2015-11-30 12:09 - 2015-11-30 12:09 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-11-29 18:37 - 2015-11-29 18:37 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2015-11-29 18:37 - 2015-11-29 18:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2015-11-29 18:27 - 2015-11-29 18:37 - 00002367 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK 2015-11-29 18:27 - 2015-11-29 18:27 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2015-11-29 18:27 - 2015-11-29 18:27 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2015-11-29 18:26 - 2015-11-29 18:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2015-11-29 18:26 - 2015-11-29 18:26 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2015-11-29 18:26 - 2015-11-29 18:26 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2015-11-29 17:57 - 2015-11-29 17:57 - 00000000 __SHD C:\DrWeb Quarantine 2015-11-29 16:25 - 2015-11-29 16:25 - 00000000 ___HD C:\DrWeb Archive 2015-11-29 16:02 - 2015-11-29 16:02 - 00000000 ____D C:\Users\Artur\Doctor Web 2015-11-29 16:00 - 2015-11-29 18:00 - 00000000 ____D C:\Windows\System32\Tasks\Doctor Web 2015-11-29 15:28 - 2015-11-30 12:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-29 15:28 - 2015-11-29 15:28 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-11-29 15:28 - 2015-11-29 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-29 15:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-29 15:28 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-29 15:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-29 15:19 - 2015-11-30 13:59 - 00000000 ____D C:\FRST 2015-11-28 23:37 - 2015-11-28 23:37 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Opera Software 2015-11-28 23:37 - 2015-11-28 23:37 - 00000000 ____D C:\Users\Artur\AppData\Local\Opera Software 2015-11-26 23:55 - 2015-11-26 23:54 - 02001540 _____ C:\Users\Artur\Downloads\PC Decrapifier 3.0.exe 2015-11-26 23:53 - 2015-11-27 23:20 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2015-11-26 22:22 - 2015-11-26 22:22 - 00000000 ___HD C:\Users\Artur\AppData\Roaming\GoldenGate 2015-11-26 22:20 - 2015-11-27 00:07 - 00000000 ____D C:\Users\Artur\AppData\Roaming\WarThunder 2015-11-26 22:20 - 2015-11-26 22:20 - 01733632 _____ C:\Users\Artur\Downloads\AdwCleaner 5.022.exe 2015-11-26 22:11 - 2015-11-29 22:26 - 00001415 _____ C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-11-26 21:48 - 2015-11-26 21:48 - 00000017 _____ C:\Windows\SysWOW64\history.dat 2015-11-26 21:40 - 2015-11-26 21:40 - 00004664 _____ C:\Windows\SysWOW64\Xesmitge.ini 2015-11-26 21:40 - 2015-11-26 21:40 - 00002384 _____ C:\Windows\SysWOW64\XesmitgeOff.ini 2015-11-26 21:40 - 2015-11-26 21:40 - 00002384 _____ C:\Windows\system32\XesmitgeOff.ini 2015-11-26 21:40 - 2015-11-26 21:40 - 00000000 ____D C:\Users\Artur\AppData\Local\Tempfolder 2015-11-26 21:39 - 2015-11-28 00:13 - 00000000 ____D C:\Users\Artur\AppData\LocalLow\Company 2015-11-26 21:39 - 2015-11-26 21:39 - 00000000 ____D C:\uninst 2015-11-26 21:33 - 2015-11-26 21:33 - 00000000 ____D C:\Users\Artur\AppData\Roaming\AVG 2015-11-26 21:31 - 2015-11-26 21:31 - 00000000 ____D C:\Users\Artur\AppData\Local\Avg 2015-11-26 21:30 - 2015-11-26 21:36 - 00000000 ____D C:\ProgramData\AVG 2015-11-26 21:29 - 2015-11-26 22:42 - 00046592 _____ C:\Users\Artur\AppData\Local\Zottechi.exe 2015-11-26 21:29 - 2015-11-26 21:28 - 00000187 _____ C:\Users\Artur\AppData\Local\Zottechi.exe.config 2015-11-26 21:28 - 2015-11-26 21:28 - 00000000 ____D C:\Users\Artur\AppData\Roaming\DivX 2015-11-26 21:28 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-11-26 21:27 - 2015-11-27 00:06 - 00000000 ____D C:\ProgramData\DivX 2015-11-26 21:27 - 2015-11-27 00:06 - 00000000 ____D C:\Program Files (x86)\DivX 2015-11-11 12:35 - 2015-11-11 12:35 - 05286088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-11-11 11:49 - 2015-11-11 11:49 - 00001341 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2015-11-11 11:49 - 2015-11-05 18:13 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-11-11 11:49 - 2015-11-05 18:13 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-11-11 11:48 - 2015-11-05 15:41 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-11-11 11:45 - 2015-11-05 18:13 - 42914096 _____ C:\Windows\system32\nvcompiler.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 22308656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 18362160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 15717864 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 15121784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 11130488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-11-11 11:45 - 2015-11-05 18:13 - 03158736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435891.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435891.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00388208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2015-11-11 11:45 - 2015-11-05 18:13 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2015-11-11 11:45 - 2015-11-05 18:13 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2015-11-10 15:41 - 2015-11-10 15:41 - 00000000 ____D C:\Users\Artur\AppData\Local\Fallout4 2015-11-04 14:10 - 2015-11-04 14:10 - 00059392 _____ C:\Users\Artur\Desktop\Kopia RTV-Akcesoria Listopad.xls ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-30 13:37 - 2013-09-20 21:55 - 00000000 ____D C:\Users\Artur\AppData\Local\CrashDumps 2015-11-30 13:33 - 2012-10-11 22:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-30 13:22 - 2013-08-26 11:11 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-11-30 13:21 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-11-30 12:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-11-30 12:05 - 2014-03-14 20:38 - 00000000 ___RD C:\Users\Artur\Dysk Google 2015-11-30 12:05 - 2012-10-11 22:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-30 12:05 - 2012-07-14 04:07 - 00000000 ____D C:\ProgramData\NVIDIA 2015-11-30 12:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-30 12:03 - 2012-07-14 03:31 - 00000000 ____D C:\Users\Artur 2015-11-30 12:03 - 2009-07-14 05:45 - 00014736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-30 12:03 - 2009-07-14 05:45 - 00014736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-30 11:58 - 2012-08-05 01:04 - 00000000 ____D C:\Users\Artur\AppData\LocalLow\Temp 2015-11-30 09:48 - 2012-07-15 15:16 - 00000000 ____D C:\Program Files (x86)\Essentials Codec Pack 2015-11-30 02:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-11-30 01:42 - 2014-05-14 10:06 - 00000000 ____D C:\Users\Artur\AppData\Local\NPE 2015-11-30 01:14 - 2015-10-28 18:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-11-29 23:57 - 2012-07-14 04:38 - 00747536 _____ C:\Windows\system32\perfh015.dat 2015-11-29 23:57 - 2012-07-14 04:38 - 00160128 _____ C:\Windows\system32\perfc015.dat 2015-11-29 23:57 - 2009-07-14 06:13 - 01692112 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-29 22:33 - 2014-12-24 13:45 - 00000000 ____D C:\ProgramData\DatacardService 2015-11-29 22:27 - 2013-12-09 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2015-11-29 22:27 - 2012-10-11 22:56 - 00000000 ____D C:\Program Files (x86)\Google 2015-11-29 22:27 - 2012-07-15 15:15 - 00000000 ____D C:\Users\Artur\AppData\Local\Google 2015-11-29 22:27 - 2012-07-14 04:07 - 00000000 ____D C:\Program Files (x86)\Opera 2015-11-29 22:26 - 2013-09-03 22:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-29 22:26 - 2012-07-14 03:31 - 00001421 _____ C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-11-29 22:01 - 2014-03-10 13:10 - 00012813 _____ C:\Users\Artur\Desktop\RATY.ods 2015-11-29 19:13 - 2014-04-21 21:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-11-29 18:37 - 2014-04-22 19:39 - 00000000 ____D C:\Windows\system32\Drivers\NISx64 2015-11-29 18:27 - 2014-04-22 19:40 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2015-11-29 18:26 - 2013-09-16 21:53 - 00000000 ____D C:\ProgramData\Norton 2015-11-29 17:57 - 2012-07-24 19:29 - 00000000 ____D C:\Program Files (x86)\NapiProjekt 2015-11-29 16:01 - 2009-07-14 06:08 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-29 15:54 - 2012-10-11 22:55 - 00000000 ____D C:\ProgramData\AVAST Software 2015-11-29 15:41 - 2013-09-16 21:53 - 00000000 ____D C:\ProgramData\NortonInstaller 2015-11-29 15:17 - 2013-10-15 17:42 - 00000000 ____D C:\Users\UpdatusUser 2015-11-28 00:40 - 2015-10-14 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-11-28 00:40 - 2015-10-14 16:17 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-11-28 00:40 - 2015-06-30 19:24 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships 2015-11-28 00:40 - 2015-05-27 22:33 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome 2015-11-28 00:40 - 2015-05-27 22:32 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-11-28 00:40 - 2015-04-07 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships 2015-11-28 00:40 - 2015-01-12 14:41 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2) 2015-11-28 00:40 - 2015-01-12 14:37 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2) 2015-11-28 00:40 - 2015-01-12 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval 2 Total War Gold 2015-11-28 00:40 - 2014-06-28 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG On-Screen Phone 2015-11-28 00:40 - 2014-06-27 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLMediaServer 2015-11-28 00:40 - 2014-05-14 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Player 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\HomeGroupUser$ 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\Guest\AppData\Local\Google 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\Guest 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\ASPNET\AppData\Local\Google 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\ASPNET\AppData\Local\Comodo 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\ASPNET 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo 2015-11-28 00:40 - 2014-04-19 16:29 - 00000000 ____D C:\Users\Administrator 2015-11-28 00:40 - 2014-04-16 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-28 00:40 - 2014-03-26 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-11-28 00:40 - 2014-03-14 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-11-28 00:40 - 2014-01-09 15:36 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2015-11-28 00:40 - 2013-12-26 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-11-28 00:40 - 2013-09-22 21:40 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud 2015-11-28 00:40 - 2013-09-03 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE 2015-11-28 00:40 - 2013-02-25 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Sync Manager WiFi 2015-11-28 00:40 - 2012-10-11 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Anti Keylogger 2015-11-28 00:40 - 2012-09-27 17:07 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DarthMod Empire 2015-11-28 00:40 - 2012-08-25 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-11-28 00:40 - 2012-08-20 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail 2015-11-28 00:40 - 2012-07-24 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt 2015-11-28 00:40 - 2012-07-23 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP640 series 2015-11-28 00:40 - 2012-07-15 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack 2015-11-28 00:40 - 2012-07-14 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRemote 2015-11-28 00:40 - 2012-07-14 04:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-11-28 00:40 - 2012-07-13 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-11-28 00:40 - 2012-07-13 17:09 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander 2015-11-28 00:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2015-11-28 00:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2015-11-27 23:45 - 2014-04-16 22:14 - 00000000 ____D C:\ProgramData\HitmanPro 2015-11-26 23:49 - 2014-04-21 09:01 - 00024502 _____ C:\Windows\system32\.crusader 2015-11-26 22:11 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-11-26 22:11 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-11-26 21:52 - 2014-03-26 22:50 - 00002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-26 21:41 - 2012-07-19 13:38 - 00000000 ____D C:\Users\Artur\AppData\Local\Mirillis 2015-11-26 21:25 - 2012-08-05 01:03 - 00000000 ____D C:\Users\Artur\AppData\Roaming\uTorrent 2015-11-25 15:18 - 2012-08-07 10:02 - 00000000 ____D C:\Users\Artur\AppData\Local\ElevatedDiagnostics 2015-11-19 00:49 - 2014-04-23 19:39 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Spotify 2015-11-18 23:09 - 2014-04-23 19:39 - 00000000 ____D C:\Users\Artur\AppData\Local\Spotify 2015-11-11 11:50 - 2014-03-06 11:55 - 00000000 ____D C:\Users\Artur\AppData\Local\NVIDIA Corporation 2015-11-11 11:49 - 2012-07-14 04:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2015-11-10 15:41 - 2015-04-07 21:55 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-10 15:39 - 2012-07-27 11:58 - 00000000 ____D C:\Users\Artur\Documents\My Games 2015-11-05 18:13 - 2014-03-06 11:55 - 01710752 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-11-05 18:13 - 2014-03-06 11:55 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-11-05 18:13 - 2013-10-15 17:40 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-11-05 18:13 - 2013-10-15 17:40 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2015-11-05 18:13 - 2012-07-14 04:07 - 17515208 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-11-05 18:13 - 2012-07-14 04:07 - 03579000 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-11-05 18:13 - 2012-07-14 04:07 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2015-11-05 18:13 - 2012-07-14 04:07 - 00033607 _____ C:\Windows\system32\nvinfo.pb 2015-11-05 16:13 - 2012-07-14 04:07 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-11-05 16:13 - 2012-07-14 04:07 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-11-05 16:13 - 2012-07-14 04:07 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-11-05 16:13 - 2012-07-14 04:07 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-11-05 16:13 - 2012-07-14 04:07 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-11-05 16:13 - 2012-07-14 04:07 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-11-04 12:55 - 2012-07-20 14:39 - 00000000 ____D C:\Users\Artur\AppData\Roaming\The Bat! ==================== Files in the root of some directories ======= 2012-07-20 14:38 - 2014-02-10 20:58 - 0001918 _____ () C:\Users\Artur\AppData\Roaming\ex_log.txt 2012-09-23 12:48 - 2012-09-23 12:48 - 0000093 _____ () C:\Users\Artur\AppData\Local\fusioncache.dat 2014-01-09 15:59 - 2014-01-09 15:59 - 0001726 _____ () C:\Users\Artur\AppData\Local\recently-used.xbel 2015-11-26 21:29 - 2015-11-26 22:42 - 0046592 _____ () C:\Users\Artur\AppData\Local\Zottechi.exe 2015-11-26 21:29 - 2015-11-26 21:28 - 0000187 _____ () C:\Users\Artur\AppData\Local\Zottechi.exe.config ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll [2012-07-14 16:20] - [2012-10-11 20:38] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2012-07-14 16:20] - [2012-10-11 20:38] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-30 03:15 ==================== End of FRST.txt ============================