Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:09-01-2015 Uruchomiony przez Kinka (administrator) KAROLINA (10-01-2016 13:15:20) Uruchomiony z C:\Users\Kinka\Downloads Załadowane profile: Kinka (Dostępne profile: Kinka) Platform: Windows 7 Home Premium (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Farbar) C:\Users\Kinka\Downloads\FRST64 (1).exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10804256 2010-05-04] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-15] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-03-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-04-26] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2014-10-27] (Apple Computer, Inc.) HKLM-x32\...\Run: [PC Suite for Smartphones] => E:\sony\Application Launcher\Application Launcher.exe [548864 2007-12-25] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKU\S-1-5-21-1240939702-4100533018-1437353843-1000\...\MountPoints2: {5159380d-1fb0-11e4-a7c1-1c4bd61d49e0} - H:\autorun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-21] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-08-09] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2014-08-09] ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CC1813E3-5344-4A03-AA00-BA17AEC45BF5}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-21] (AVAST Software) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-18] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-21] (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-18] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Kinka\AppData\Roaming\Mozilla\Firefox\Profiles\nypqd97m.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-18] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10] Chrome: ======= CHR HomePage: Default -> hxxp://home.sweetim.com/?crg=3.1010000.10009&barid={BE458C68-8F41-4396-A8EF-7C79373C8704} CHR StartupUrls: Default -> "hxxp://home.sweetim.com/?crg=3.1010000.10009&barid={BE458C68-8F41-4396-A8EF-7C79373C8704}","about:blank","hxxp://www.google.com","hxxp://www.google.com/","hxxp://start.qone8.com/?type=hp&ts=1397024244&from=smt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E739112091120","hxxp://www.mystartsearch.com/?type=hp&ts=1424996642&from=wpc&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E739112091120" CHR Profile: C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Barbara Real Makeover) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\belcopojfpdnmbfhfiliddjobjiopebi [2014-08-10] CHR Extension: (Adblock Plus) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-09] CHR Extension: (Crazy4Jigsaws) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgliemokfgimmfodoeboneoibjklncc [2014-08-10] CHR Extension: (Google Search) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Hangman) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpfaaakmnhcembbiennfjiaodandmhg [2015-04-16] CHR Extension: (Fireboy and Watergirl 3: The Ice Temple) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffeedhglbjadgihihmleepiobmkagbok [2014-08-10] CHR Extension: (200 MPH Thunder Road NASCAR) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbcbnaniomdflholmhbekclihacmjdl [2014-08-10] CHR Extension: (Vector Racer) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlopomddhnaodbjochfdcebknmejgei [2015-04-16] CHR Extension: (Pulpit zdalny Chrome) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-07] CHR Extension: (AdBlock) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-09] CHR Extension: (Avast Online Security) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-07] CHR Extension: (Fireboy & Watergirl 4 Crystal Temple) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbioademamgcidpknbkilibejpjhhoak [2014-08-10] CHR Extension: (The RGB Game) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnieofmjopiiifehpejcgcpailcndege [2015-04-16] CHR Extension: (Silent Rider) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilappllkolejmoibpnlobambnoeblgmh [2015-04-16] CHR Extension: (Fire Boy And Water Girl) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\iogblfbfoldfgammcabomglfajocfpea [2014-08-10] CHR Extension: (CZERWONY BALL 2) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\klcajmodecbmmlimiiccmdnchceeehha [2014-08-10] CHR Extension: (Raptor Safari) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjiabhmjjhkojhibllnomcgmfgehjkcf [2014-08-10] CHR Extension: (LEGO Bricks for Kids - Duckie Deck) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbganapjeophmimeokdffcajbbphfedb [2015-04-16] CHR Extension: (Sumon) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddpmdmpdcbnnkjfplckngdkhhmmbjaf [2015-04-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22] CHR Extension: (Oscar de la Renta) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphgjnagopjcejpncakmojifbeakeilb [2015-12-02] CHR Extension: (Hydraulik z dżungli) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpobnopmcjkgbgakigfoemfgfcdiefi [2015-04-16] CHR Extension: (Canvas Rider) - C:\Users\Kinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-08] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-21] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-21] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-21] (Avast Software) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-21] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-21] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-21] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-21] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-21] (AVAST Software) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-21] (AVAST Software) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] () U5 UnlockerDriver5; E:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-21] (Avast Software) R1 wfdrvr_vt_1_10_0_25; C:\Windows\System32\drivers\wfdrvr_vt_1_10_0_25.sys [61296 2015-09-30] (WF) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-10 13:15 - 2016-01-10 13:15 - 00016131 _____ C:\Users\Kinka\Downloads\FRST.txt 2016-01-10 13:13 - 2016-01-10 13:15 - 00000000 ____D C:\FRST 2016-01-10 13:13 - 2016-01-10 12:59 - 02370560 _____ (Farbar) C:\Users\Kinka\Downloads\FRST64 (1).exe 2016-01-10 13:13 - 2016-01-10 12:59 - 00380416 _____ C:\Users\Kinka\Downloads\0yr3lccu.exe 2016-01-10 12:08 - 2016-01-10 12:08 - 00452968 _____ C:\Users\Kinka\Downloads\InsaneColdBacktotheIceAgePl_20092D1860.exe 2016-01-10 11:57 - 2016-01-10 11:58 - 03139072 _____ C:\Users\Kinka\Downloads\NewYorkMysteries_HighVoltage_CE (1).exe 2016-01-10 11:57 - 2016-01-10 11:57 - 04546560 _____ C:\Users\Kinka\Downloads\InsaneCold (1).exe 2016-01-10 11:55 - 2016-01-10 11:56 - 00452968 _____ C:\Users\Kinka\Downloads\InsaneColdBacktotheIceAgePl_20092D5386.exe 2016-01-10 11:09 - 2016-01-10 11:09 - 04160064 _____ (Crystal Dew World ) C:\Users\Kinka\Downloads\CrystalDiskInfo6_6_1-en.exe 2016-01-09 15:56 - 2016-01-09 15:56 - 00000000 ____D C:\Users\Kinka\AppData\Roaming\Argali 2016-01-09 15:55 - 2016-01-09 15:55 - 00000780 _____ C:\Users\Kinka\Desktop\Świąteczna przygoda Burza słodyczy.lnk 2016-01-09 15:40 - 2016-01-09 15:40 - 06212096 _____ (Menge) C:\Users\Kinka\Downloads\Christmas Adventure - Candy Storm.exe 2016-01-09 15:40 - 2016-01-09 15:40 - 00452968 _____ C:\Users\Kinka\Downloads\ChristmasAdventureCandyStormPl_20092D3777.exe 2016-01-09 15:38 - 2016-01-09 15:39 - 00452968 _____ C:\Users\Kinka\Downloads\NewYorkMysteriesHighVoltageCollectorsEditionPl_20092D1809.exe 2016-01-09 15:38 - 2016-01-09 15:38 - 03139072 _____ C:\Users\Kinka\Downloads\NewYorkMysteries_HighVoltage_CE.exe 2016-01-09 15:37 - 2016-01-09 15:38 - 04546560 _____ C:\Users\Kinka\Downloads\InsaneCold.exe 2016-01-09 15:37 - 2016-01-09 15:37 - 00452968 _____ C:\Users\Kinka\Downloads\InsaneColdBacktotheIceAgePl_20092D5792.exe 2016-01-04 18:15 - 2016-01-04 18:15 - 00452968 _____ C:\Users\Kinka\Downloads\InsaneColdBacktotheIceAgePl_20092D8443.exe 2015-12-12 20:43 - 2015-12-12 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-12-12 20:42 - 2015-12-12 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2015-12-12 20:42 - 2015-12-12 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2015-12-12 20:40 - 2015-12-12 20:40 - 00000000 ____D C:\Program Files\Microsoft Office 2015-12-12 20:39 - 2015-12-12 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-12-12 20:39 - 2015-12-12 20:39 - 00000000 ____D C:\Users\Kinka\AppData\Local\Microsoft Help 2015-12-12 20:39 - 2015-12-12 20:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2015-12-12 20:38 - 2015-12-12 20:38 - 00000000 __RHD C:\MSOCache ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-10 13:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2016-01-10 13:09 - 2014-08-09 11:41 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-10 13:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-10 13:07 - 2009-07-14 05:45 - 00018176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-10 13:07 - 2009-07-14 05:45 - 00018176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-10 13:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-01-10 13:02 - 2009-07-14 18:55 - 00737480 _____ C:\Windows\system32\perfh015.dat 2016-01-10 13:02 - 2009-07-14 18:55 - 00154136 _____ C:\Windows\system32\perfc015.dat 2016-01-10 13:02 - 2009-07-14 06:13 - 01661232 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-10 12:59 - 2015-02-19 17:15 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-10 12:58 - 2014-08-09 11:42 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-01-10 11:49 - 2014-08-09 11:41 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-10 11:10 - 2014-10-18 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2016-01-09 15:55 - 2014-11-07 12:57 - 00000000 ____D C:\Users\Kinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CasualGameBox 2016-01-09 15:55 - 2014-08-16 22:10 - 00000000 ____D C:\ProgramData\AlawarWrapper 2016-01-03 11:59 - 2015-02-19 17:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-01-03 11:59 - 2015-02-19 17:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-03 11:59 - 2015-02-19 17:15 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-17 12:24 - 2009-07-14 05:45 - 00411976 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-12 20:48 - 2015-07-31 13:10 - 00000000 ____D C:\Users\Kinka\Desktop\Kinka 2015-12-12 20:46 - 2014-08-09 11:19 - 00108840 _____ C:\Users\Kinka\AppData\Local\GDIPFONTCACHEV1.DAT 2015-12-12 20:42 - 2009-07-14 19:09 - 00000000 ____D C:\Windows\ShellNew 2015-12-12 20:42 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-12-12 20:40 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-12-12 20:39 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-08-19 09:07 - 2015-08-19 09:07 - 0000000 _____ () C:\Users\Kinka\AppData\Local\{7F66A88A-338C-4F3F-BD8A-0BC962CC8DF1} Niektóre pliki w TEMP: ==================== C:\Users\Kinka\AppData\Local\Temp\BehindtheReflection2WitchsRevengePl_26559.exe C:\Users\Kinka\AppData\Local\Temp\bitool.dll C:\Users\Kinka\AppData\Local\Temp\ClockworkTalesOfGlassandInkCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\DarkArcanaTheCarnivalCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\DarkStrokesTheLegendofSnowKingdomCollectorsEditionPl_20002.exe C:\Users\Kinka\AppData\Local\Temp\DeadlyPuzzlesToymakerPl_20002.exe C:\Users\Kinka\AppData\Local\Temp\drm_dialogs.dll C:\Users\Kinka\AppData\Local\Temp\drm_dyndata_7350007.dll C:\Users\Kinka\AppData\Local\Temp\FloriaPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\GhostTownsTheCatsOfUltharCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\GrimLegendsTheForsakenBrideCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\ICSW1.14_1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I1.14.exe C:\Users\Kinka\AppData\Local\Temp\InsaneColdBacktotheIceAgePl_20092.exe C:\Users\Kinka\AppData\Local\Temp\JodieDrakeandtheWorldinPerilPl_26559.exe C:\Users\Kinka\AppData\Local\Temp\LeftintheDarkNoOneonBoardPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\LivingLegendsWrathoftheBeastCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\LostLandsDarkOverlordCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\LostLandsTheFourHorsemenCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\MindsEyeSecretsOfTheForgottenPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\MindsEyeSecretsOfTheForgottenPl_26559.exe C:\Users\Kinka\AppData\Local\Temp\MountainTrapTheManorofMemoriesPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\MysteryTrackersFourAcesCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\MythsOfOrionLightfromtheNorthDeluxeEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\NewYorkMysteriesSecretsoftheMafiaCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\NightfallMysteriesCurseoftheOperaPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\NightmaresfromtheDeepDavyJonesCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\NightmaresfromtheDeepTheCursedHeartPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\PanopticonPathofReflectionsPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\PortalofEvilStolenRunesCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\RedemptionCemeteryGraveTestimonyCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\RunawayExpressMysteryPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\SacraTerraAngelicNightCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\ShiverTheLilysRequiemCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\SnarkBustersHighSocietyPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\TheCursedIslandMaskofBaragusCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\TheOtherSideTowerofSoulsPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\Uninstall.exe C:\Users\Kinka\AppData\Local\Temp\VoyageToFantasyPart1Pl_20092.exe C:\Users\Kinka\AppData\Local\Temp\WeirdParkBrokenTuneCollectorsEditionPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\WeirdParkScaryTalesPl_20092.exe C:\Users\Kinka\AppData\Local\Temp\_is771C.exe C:\Users\Kinka\AppData\Local\Temp\_is90A3.exe C:\Users\Kinka\AppData\Local\Temp\_is915E.exe C:\Users\Kinka\AppData\Local\Temp\_isB8A1.exe C:\Users\Kinka\AppData\Local\Temp\{E7FDE8E7-5C67-4DDE-9A2A-8171B2F5E026}-44.0.2403.157_44.0.2403.155_chrome_updater.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-01-03 14:20 ==================== Koniec FRST.txt ============================