Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:27-01-2016 Uruchomiony przez Marek (administrator) MAREK-KOMPUTER (02-02-2016 11:41:39) Uruchomiony z C:\Users\Marek\Downloads Załadowane profile: Marek (Dostępne profile: Marek) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2583040 2009-09-21] (VIA) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation) HKU\S-1-5-21-1938689811-882601846-2576079812-1001\...\Run: [ALLUpdate] => E:\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{96199ED5-D6D9-4A47-9F29-48FEE500E72C}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-1938689811-882601846-2576079812-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1938689811-882601846-2576079812-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1938689811-882601846-2576079812-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=183 URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-26] (Oracle Corporation) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-26] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) Chrome: ======= CHR HomePage: Default -> gazeta.allplayer.org/ CHR Profile: C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-24] CHR Extension: (Dokumenty Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-24] CHR Extension: (Dysk Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05] CHR Extension: (Google Search) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Gazeta.pl) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efhdjkbfpoohkmfaldijcpbnmbpefpkb [2015-10-25] CHR Extension: (Arkusze Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-24] CHR Extension: (Dokumenty Google offline) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23] CHR Extension: (Gmail) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-24] CHR HKU\S-1-5-21-1938689811-882601846-2576079812-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - E:\ALLPlayer\AllPlayer.crx [2015-10-25] CHR HKLM-x32\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - E:\ALLPlayer\AllPlayer.crx [2015-10-25] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Brak podpisu cyfrowego] S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation) S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Brak podpisu cyfrowego] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2012-08-22] (Windows (R) Codename Longhorn DDK provider) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-10-14] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-06-22] (Sony Mobile Communications) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [242688 2013-01-15] (QUALCOMM Incorporated) S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-02-02 11:41 - 2016-02-02 11:41 - 00014097 _____ C:\Users\Marek\Downloads\FRST.txt 2016-02-02 11:40 - 2016-02-02 11:41 - 00000000 ____D C:\FRST 2016-02-02 11:39 - 2016-02-02 11:39 - 00380416 _____ C:\Users\Marek\Downloads\9smuvt5s.exe 2016-02-02 11:37 - 2016-02-02 11:37 - 02370560 _____ (Farbar) C:\Users\Marek\Downloads\FRST64.exe 2016-02-02 11:37 - 2016-01-29 21:46 - 00010916 _____ C:\Users\Marek\Desktop\ComboFix.txt 2016-02-02 11:26 - 2016-02-02 11:26 - 00380416 _____ C:\Users\Marek\Downloads\6vk77b7s.exe 2016-02-02 11:21 - 2016-02-02 11:21 - 00619688 _____ (Duplex Secure Ltd) C:\Users\Marek\Downloads\SPTDinst-v187-x64.exe 2016-02-02 10:33 - 2016-02-02 10:33 - 00000000 ____D C:\Users\Marek\Documents\League of Legends 2016-02-01 21:57 - 2016-02-01 21:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-02-01 21:57 - 2016-02-01 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-02-01 21:56 - 2016-02-01 21:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-02-01 21:56 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-02-01 21:56 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-02-01 21:56 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-01-29 22:18 - 2016-01-29 22:18 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-01-29 21:46 - 2016-01-29 21:46 - 00010916 _____ C:\ComboFix.txt 2016-01-16 22:51 - 2016-01-16 22:51 - 00000000 ____D C:\Users\Marek\AppData\LocalLow\uTorrent 2016-01-06 09:25 - 2016-01-06 09:25 - 00000049 _____ C:\Users\Marek\Desktop\Nowy dokument tekstowy (2).txt ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-02-02 11:34 - 2015-04-24 09:44 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-02 11:33 - 2015-04-24 09:57 - 00000000 ____D C:\ProgramData\NVIDIA 2016-02-02 11:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-02 11:32 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-02 11:32 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-02 10:55 - 2015-04-24 09:44 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-02 09:50 - 2015-04-24 09:44 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-02 09:50 - 2015-04-24 09:44 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-02 09:42 - 2015-04-24 14:11 - 00000000 ____D C:\Users\Marek\AppData\Local\Battle.net 2016-02-02 09:32 - 2015-06-07 23:51 - 00000000 ____D C:\ProgramData\MFAData 2016-02-01 20:31 - 2015-06-27 16:57 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Skype 2016-01-29 22:38 - 2015-04-24 13:09 - 00001214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk 2016-01-29 22:38 - 2015-04-24 09:45 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-01-29 22:38 - 2015-04-24 09:40 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-01-29 22:38 - 2015-04-24 09:40 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-01-29 22:38 - 2009-07-14 05:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-01-29 22:38 - 2009-07-14 05:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2016-01-29 22:38 - 2009-07-14 05:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-01-29 22:38 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-01-29 22:38 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-01-29 22:37 - 2015-11-29 12:30 - 00000836 _____ C:\Users\Public\Desktop\AVG.lnk 2016-01-29 22:37 - 2015-06-29 21:20 - 00001190 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2016-01-29 22:37 - 2015-06-10 22:06 - 00001503 _____ C:\Users\Public\Desktop\League of Legends.lnk 2016-01-29 22:37 - 2015-04-24 19:36 - 00000266 __RSH C:\ProgramData\ntuser.pol 2016-01-29 22:37 - 2015-04-24 14:10 - 00000655 _____ C:\Users\Public\Desktop\Battle.net.lnk 2016-01-29 22:37 - 2015-04-24 13:48 - 00000665 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2016-01-29 22:37 - 2015-04-24 13:39 - 00000512 _____ C:\Users\Public\Desktop\Steam.lnk 2016-01-29 22:37 - 2015-04-24 09:45 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-01-29 22:37 - 2015-04-24 09:43 - 00001421 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-29 22:37 - 2009-07-14 06:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-01-29 22:37 - 2009-07-14 05:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-01-29 22:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Branding 2016-01-29 22:34 - 2015-10-25 20:43 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-01-29 22:34 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-01-29 21:46 - 2015-12-05 11:11 - 00000000 ____D C:\Qoobox 2016-01-29 21:45 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2016-01-29 21:37 - 2015-12-05 11:10 - 05653508 ____R (Swearware) C:\Users\Marek\Downloads\ComboFix.exe 2016-01-26 07:13 - 2015-09-01 15:43 - 00000000 ____D C:\Users\Marek\.oracle_jre_usage 2016-01-26 07:13 - 2015-05-07 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-01-26 07:13 - 2015-05-07 18:56 - 00000000 ____D C:\Program Files (x86)\Java 2016-01-26 07:12 - 2015-05-07 18:57 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-01-23 17:57 - 2015-04-25 03:17 - 00000000 ___SD C:\Windows\system32\GWX 2016-01-23 17:57 - 2015-04-24 14:11 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Battle.net 2016-01-23 17:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2016-01-23 17:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-01-23 17:56 - 2015-05-07 18:52 - 00000000 ____D C:\Users\Marek\AppData\Roaming\.minecraft 2016-01-23 09:04 - 2015-06-07 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-01-23 08:58 - 2015-04-24 09:42 - 00000000 ____D C:\Users\Marek 2016-01-21 13:19 - 2015-04-24 13:48 - 00000000 ____D C:\Users\Marek\AppData\Roaming\TS3Client 2016-01-17 09:04 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-01-17 02:04 - 2015-04-27 14:22 - 00000000 ____D C:\Users\Marek\AppData\Roaming\uTorrent 2016-01-07 00:22 - 2015-11-29 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-01-06 20:33 - 2015-12-10 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts 2016-01-03 16:41 - 2015-12-02 12:03 - 00000000 ____D C:\ProgramData\Adobe ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-05-09 01:44 - 2015-05-09 01:44 - 0007606 _____ () C:\Users\Marek\AppData\Local\Resmon.ResmonCfg Niektóre pliki w TEMP: ==================== C:\Users\Marek\AppData\Local\Temp\t.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-01-29 07:21 ==================== Koniec FRST.txt ============================