Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:27-01-2016
Uruchomiony przez Marek (administrator)  MAREK-KOMPUTER (02-02-2016 11:41:39)
Uruchomiony z C:\Users\Marek\Downloads
Załadowane profile: Marek (Dostępne profile: Marek)
Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2583040 2009-09-21] (VIA)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-1938689811-882601846-2576079812-1001\...\Run: [ALLUpdate] => E:\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Brak pliku
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{96199ED5-D6D9-4A47-9F29-48FEE500E72C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-1938689811-882601846-2576079812-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1938689811-882601846-2576079812-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1938689811-882601846-2576079812-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=183
URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-26] (Oracle Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> gazeta.allplayer.org/
CHR Profile: C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-24]
CHR Extension: (Dokumenty Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-24]
CHR Extension: (Dysk Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
CHR Extension: (Google Search) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Gazeta.pl) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efhdjkbfpoohkmfaldijcpbnmbpefpkb [2015-10-25]
CHR Extension: (Arkusze Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-24]
CHR HKU\S-1-5-21-1938689811-882601846-2576079812-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - E:\ALLPlayer\AllPlayer.crx [2015-10-25]
CHR HKLM-x32\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - E:\ALLPlayer\AllPlayer.crx [2015-10-25]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Brak podpisu cyfrowego]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Brak podpisu cyfrowego]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2012-08-22] (Windows (R) Codename Longhorn DDK provider)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-10-14] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-06-22] (Sony Mobile Communications)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [242688 2013-01-15] (QUALCOMM Incorporated)
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-02-02 11:41 - 2016-02-02 11:41 - 00014097 _____ C:\Users\Marek\Downloads\FRST.txt
2016-02-02 11:40 - 2016-02-02 11:41 - 00000000 ____D C:\FRST
2016-02-02 11:39 - 2016-02-02 11:39 - 00380416 _____ C:\Users\Marek\Downloads\9smuvt5s.exe
2016-02-02 11:37 - 2016-02-02 11:37 - 02370560 _____ (Farbar) C:\Users\Marek\Downloads\FRST64.exe
2016-02-02 11:37 - 2016-01-29 21:46 - 00010916 _____ C:\Users\Marek\Desktop\ComboFix.txt
2016-02-02 11:26 - 2016-02-02 11:26 - 00380416 _____ C:\Users\Marek\Downloads\6vk77b7s.exe
2016-02-02 11:21 - 2016-02-02 11:21 - 00619688 _____ (Duplex Secure Ltd) C:\Users\Marek\Downloads\SPTDinst-v187-x64.exe
2016-02-02 10:33 - 2016-02-02 10:33 - 00000000 ____D C:\Users\Marek\Documents\League of Legends
2016-02-01 21:57 - 2016-02-01 21:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-01 21:57 - 2016-02-01 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-01 21:56 - 2016-02-01 21:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-01 21:56 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-01 21:56 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-01 21:56 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-29 22:18 - 2016-01-29 22:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-29 21:46 - 2016-01-29 21:46 - 00010916 _____ C:\ComboFix.txt
2016-01-16 22:51 - 2016-01-16 22:51 - 00000000 ____D C:\Users\Marek\AppData\LocalLow\uTorrent
2016-01-06 09:25 - 2016-01-06 09:25 - 00000049 _____ C:\Users\Marek\Desktop\Nowy dokument tekstowy (2).txt

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-02-02 11:34 - 2015-04-24 09:44 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-02 11:33 - 2015-04-24 09:57 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-02 11:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 11:32 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-02 11:32 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-02 10:55 - 2015-04-24 09:44 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-02 09:50 - 2015-04-24 09:44 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 09:50 - 2015-04-24 09:44 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 09:42 - 2015-04-24 14:11 - 00000000 ____D C:\Users\Marek\AppData\Local\Battle.net
2016-02-02 09:32 - 2015-06-07 23:51 - 00000000 ____D C:\ProgramData\MFAData
2016-02-01 20:31 - 2015-06-27 16:57 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Skype
2016-01-29 22:38 - 2015-04-24 13:09 - 00001214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2016-01-29 22:38 - 2015-04-24 09:45 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-29 22:38 - 2015-04-24 09:40 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-01-29 22:38 - 2015-04-24 09:40 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-01-29 22:38 - 2009-07-14 05:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-29 22:38 - 2009-07-14 05:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-01-29 22:38 - 2009-07-14 05:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-01-29 22:38 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-01-29 22:38 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-01-29 22:37 - 2015-11-29 12:30 - 00000836 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-29 22:37 - 2015-06-29 21:20 - 00001190 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk
2016-01-29 22:37 - 2015-06-10 22:06 - 00001503 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-01-29 22:37 - 2015-04-24 19:36 - 00000266 __RSH C:\ProgramData\ntuser.pol
2016-01-29 22:37 - 2015-04-24 14:10 - 00000655 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-01-29 22:37 - 2015-04-24 13:48 - 00000665 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-01-29 22:37 - 2015-04-24 13:39 - 00000512 _____ C:\Users\Public\Desktop\Steam.lnk
2016-01-29 22:37 - 2015-04-24 09:45 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-29 22:37 - 2015-04-24 09:43 - 00001421 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-29 22:37 - 2009-07-14 06:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-01-29 22:37 - 2009-07-14 05:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-01-29 22:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Branding
2016-01-29 22:34 - 2015-10-25 20:43 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-29 22:34 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-29 21:46 - 2015-12-05 11:11 - 00000000 ____D C:\Qoobox
2016-01-29 21:45 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-01-29 21:37 - 2015-12-05 11:10 - 05653508 ____R (Swearware) C:\Users\Marek\Downloads\ComboFix.exe
2016-01-26 07:13 - 2015-09-01 15:43 - 00000000 ____D C:\Users\Marek\.oracle_jre_usage
2016-01-26 07:13 - 2015-05-07 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-26 07:13 - 2015-05-07 18:56 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-26 07:12 - 2015-05-07 18:57 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-23 17:57 - 2015-04-25 03:17 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-23 17:57 - 2015-04-24 14:11 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Battle.net
2016-01-23 17:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-01-23 17:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-23 17:56 - 2015-05-07 18:52 - 00000000 ____D C:\Users\Marek\AppData\Roaming\.minecraft
2016-01-23 09:04 - 2015-06-07 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-23 08:58 - 2015-04-24 09:42 - 00000000 ____D C:\Users\Marek
2016-01-21 13:19 - 2015-04-24 13:48 - 00000000 ____D C:\Users\Marek\AppData\Roaming\TS3Client
2016-01-17 09:04 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-17 02:04 - 2015-04-27 14:22 - 00000000 ____D C:\Users\Marek\AppData\Roaming\uTorrent
2016-01-07 00:22 - 2015-11-29 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-06 20:33 - 2015-12-10 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2016-01-03 16:41 - 2015-12-02 12:03 - 00000000 ____D C:\ProgramData\Adobe

==================== Pliki w katalogu głównym wybranych folderów =======

2015-05-09 01:44 - 2015-05-09 01:44 - 0007606 _____ () C:\Users\Marek\AppData\Local\Resmon.ResmonCfg

Niektóre pliki w TEMP:
====================
C:\Users\Marek\AppData\Local\Temp\t.dll


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2016-01-29 07:21

==================== Koniec  FRST.txt ============================