Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-08-2016 Ran by SYSTEM on MININT-HKBQ1LP (31-08-2016 11:04:36) Running from G:\ Platform: Windows 7 Professional (X86) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation) HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-21] () HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [4685824 2014-05-15] (Dell Inc.) HKLM\...\Run: [ChangeTPMAuth] => C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12 HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [309184 2012-03-27] (Citrix Systems, Inc.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters). HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters). HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters). HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2016-04-08] (Microsoft Corporation) HKU\rmazurek\...\Run: [Google Update] => C:\Users\rmazurek\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-22] (Google Inc.) HKU\rmazurek.KRASNYSTAW\...\Run: [Google Update] => C:\Users\rmazurek.KRASNYSTAW\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.) HKU\rmazurek.KRASNYSTAW\...\Run: [HW_OPENEYE_OUC_PLAY ONLINE] => C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [110592 2009-04-14] (Huawei Technologies Co., Ltd.) HKU\rmazurek.KRASNYSTAW\...\Policies\system: [Wallpaper] %userprofile%\BGInfo\BGInfo.bmp HKU\rmazurek.KRASNYSTAW\...\Policies\system: [WallpaperStyle] 4 HKU\rmazurek.KRASNYSTAW\...\Policies\system: [NoDispScrSavPage] 1 HKU\rmazurek.KRASNYSTAW\...\Policies\Explorer: [NoAddPrinter] 0 HKU\rmazurek.KRASNYSTAW\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\rszalaj\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.) HKU\rszalaj\...\Run: [HW_OPENEYE_OUC_PLAY ONLINE] => C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [110592 2009-04-14] (Huawei Technologies Co., Ltd.) HKU\rszalaj\...\Policies\system: [NoDispScrSavPage] 1 HKU\rszalaj\...\Policies\Explorer: [NoAddPrinter] 0 ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 cbVSCService; C:\Program Files\Cobian Backup 10\cbVSCService.exe [67584 2010-09-22] (CobianSoft, Luis Cobian) S2 CcmExec; C:\Windows\CCM\CcmExec.exe [1090656 2012-11-20] (Microsoft Corporation) S2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [470112 2012-11-20] (Microsoft Corporation) S2 CobianBackup10; C:\Program Files\Cobian Backup 10\cbService.exe [1125376 2010-09-23] (Luis Cobian, CobianSoft) S3 EHttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\ehttpsrv.exe [32968 2015-07-24] (ESET) S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1575688 2015-07-24] (ESET) S2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1340104 2015-08-21] (ESET) S3 eshasrv; C:\Program Files\ESET\ESET NOD32 Antivirus\eshasrv.exe [163528 2015-07-24] (ESET) S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () S2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-29] () S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation) S3 smstsmgr; C:\Windows\CCM\TSManager.exe [275536 2012-11-20] (Microsoft Corporation) S2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1664304 2010-06-03] (Validity Sensors, Inc.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4038656 2014-05-15] (Dell Inc.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-11-27] (ST Microelectronics) S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2014-05-15] (Broadcom Corporation) S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [198072 2015-07-24] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [145000 2015-07-24] (ESET) S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [130080 2015-07-24] (ESET) S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation) S3 pppop; system32\DRIVERS\pppop.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-31 11:04 - 2016-08-31 11:04 - 00000000 ____D C:\FRST 2016-08-24 02:03 - 2016-08-30 22:01 - 00394126 _____ C:\Windows\ntbtlog.txt 2016-08-23 11:06 - 2016-08-23 11:06 - 00003480 ____N C:\bootsqm.dat 2016-08-23 11:05 - 2016-08-23 11:05 - 00000000 __SHD C:\found.001 2016-08-16 05:07 - 2016-08-17 11:27 - 00019149 _____ C:\Users\rmazurek.KRASNYSTAW\Desktop\Preliminary datasheet.xlsx 2016-08-10 20:01 - 2016-08-10 20:36 - 05711701 _____ C:\Users\rmazurek.KRASNYSTAW\Desktop\Katalog projektów v.8.1.xlsx 2016-08-09 23:31 - 2016-07-08 07:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2016-08-09 23:31 - 2016-07-08 07:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2016-08-09 23:31 - 2016-07-08 07:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll 2016-08-09 23:31 - 2016-07-08 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll 2016-08-09 23:31 - 2016-07-08 06:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe 2016-08-09 23:31 - 2016-07-08 06:51 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys 2016-08-09 23:31 - 2016-07-08 06:51 - 00124416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys 2016-08-09 23:31 - 2016-07-08 06:51 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys 2016-08-09 23:31 - 2016-07-08 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll 2016-08-09 23:31 - 2016-07-08 06:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe 2016-08-09 23:31 - 2016-07-08 06:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll 2016-08-09 23:30 - 2016-08-02 06:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2016-08-09 23:30 - 2016-08-01 22:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2016-08-09 23:30 - 2016-08-01 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2016-08-09 23:30 - 2016-08-01 21:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2016-08-09 23:30 - 2016-08-01 21:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2016-08-09 23:30 - 2016-08-01 21:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\html.iec 2016-08-09 23:30 - 2016-08-01 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2016-08-09 23:30 - 2016-08-01 21:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2016-08-09 23:30 - 2016-08-01 21:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2016-08-09 23:30 - 2016-08-01 21:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2016-08-09 23:30 - 2016-08-01 21:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2016-08-09 23:30 - 2016-08-01 21:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2016-08-09 23:30 - 2016-08-01 21:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2016-08-09 23:30 - 2016-08-01 21:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2016-08-09 23:30 - 2016-08-01 21:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2016-08-09 23:30 - 2016-08-01 21:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2016-08-09 23:30 - 2016-08-01 21:41 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2016-08-09 23:30 - 2016-08-01 21:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2016-08-09 23:30 - 2016-08-01 21:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2016-08-09 23:30 - 2016-08-01 21:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll 2016-08-09 23:30 - 2016-08-01 21:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll 2016-08-09 23:30 - 2016-08-01 21:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2016-08-09 23:30 - 2016-08-01 21:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2016-08-09 23:30 - 2016-08-01 21:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2016-08-09 23:30 - 2016-08-01 21:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll 2016-08-09 23:30 - 2016-08-01 21:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2016-08-09 23:30 - 2016-08-01 21:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2016-08-09 23:30 - 2016-08-01 21:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2016-08-09 23:30 - 2016-08-01 21:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2016-08-09 23:30 - 2016-08-01 21:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2016-08-09 23:30 - 2016-08-01 21:14 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2016-08-09 23:30 - 2016-08-01 21:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2016-08-09 23:30 - 2016-08-01 20:56 - 00000000 _____ C:\Windows\System32\wininet.dll 2016-08-09 23:30 - 2016-08-01 20:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2016-08-09 23:30 - 2016-08-01 20:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2016-08-09 23:30 - 2016-07-08 06:53 - 02399232 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2016-08-07 20:49 - 2016-08-07 20:49 - 00000000 ____D C:\Users\rmazurek.KRASNYSTAW\Desktop\ROK 2017 2016-08-04 01:44 - 2016-08-04 01:42 - 05040676 _____ C:\Users\rmazurek.KRASNYSTAW\Desktop\ot_04.08.2016.pdf 2016-08-03 03:15 - 2016-08-03 03:15 - 00280648 _____ C:\Users\rmazurek.KRASNYSTAW\Downloads\Potwierdzenie.pdf 2016-08-03 03:02 - 2016-08-12 00:04 - 00000000 ____D C:\Users\rmazurek.KRASNYSTAW\Desktop\karty projektów 2016 2016-08-02 01:37 - 2016-08-02 01:37 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2016-08-02 01:35 - 2016-08-02 01:35 - 00000000 ____D C:\Windows\WindowsMobile ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-24 09:00 - 2015-07-21 02:13 - 00000000 ___SD C:\Windows\System32\GWX 2016-08-24 09:00 - 2015-01-08 04:07 - 00000000 ____D C:\Users\rmazurek.KRASNYSTAW\AppData\Roaming\PLAY ONLINE 2016-08-24 09:00 - 2014-09-16 22:40 - 00000000 ____D C:\users\rmazurek.KRASNYSTAW 2016-08-24 09:00 - 2014-05-27 00:23 - 00000000 ____D C:\Windows\CCM 2016-08-24 09:00 - 2014-05-23 00:58 - 00000000 ____D C:\users\cbadmin 2016-08-24 09:00 - 2014-05-22 23:24 - 00000000 ____D C:\Windows\ccmsetup 2016-08-24 09:00 - 2009-07-13 18:37 - 00000000 ___HD C:\Windows\System32\GroupPolicy 2016-08-24 09:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\servicing 2016-08-24 09:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache 2016-08-24 09:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration 2016-08-24 09:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf 2016-08-24 08:59 - 2016-04-22 03:10 - 00000000 ____D C:\Users\rmazurek.KRASNYSTAW\Desktop\INNE 2016-08-24 08:59 - 2014-06-18 03:19 - 00000000 ____D C:\users\rmazurek 2016-08-24 08:59 - 2014-06-17 05:07 - 00000000 ____D C:\users\Administrator 2016-08-24 08:59 - 2014-05-22 01:21 - 00000000 ____D C:\users\rszalaj 2016-08-24 08:59 - 2014-05-14 23:14 - 00000000 ____D C:\users\Cersanit IV 2016-08-23 05:18 - 2014-09-16 22:58 - 00000000 ____D C:\Users\rmazurek.KRASNYSTAW\Documents\Pliki programu Outlook 2016-08-23 05:02 - 2014-10-06 22:07 - 00000118 _____ C:\Users\rmazurek.KRASNYSTAW\Desktop\Support IT.url 2016-08-23 05:02 - 2014-10-06 22:07 - 00000062 _____ C:\Users\rmazurek.KRASNYSTAW\Desktop\SMS.url 2016-08-23 05:02 - 2014-05-22 01:20 - 00000968 _____ C:\Windows\System32\config\netlogon.ftl 2016-08-23 02:17 - 2016-01-18 10:00 - 00000000 ____D C:\Users\rmazurek.KRASNYSTAW\Desktop\ROK 2016 2016-08-21 20:10 - 2014-05-22 01:21 - 00044278 __RSH C:\ProgramData\ntuser.pol 2016-08-21 20:10 - 2014-05-15 09:01 - 00742070 _____ C:\Windows\System32\perfh015.dat 2016-08-21 20:10 - 2014-05-15 09:01 - 00156466 _____ C:\Windows\System32\perfc015.dat 2016-08-21 20:10 - 2014-05-14 23:10 - 01674072 _____ C:\Windows\System32\PerfStringBackup.INI 2016-08-21 20:08 - 2014-05-27 00:23 - 00000570 _____ C:\Windows\SMSCFG.ini 2016-08-21 20:07 - 2014-10-06 22:07 - 00001416 _____ C:\Users\rmazurek.KRASNYSTAW\Desktop\Serwer EVO.lnk 2016-08-17 11:11 - 2009-07-13 20:34 - 00025424 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-17 11:11 - 2009-07-13 20:34 - 00025424 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-11 20:13 - 2009-07-13 20:33 - 00412752 _____ C:\Windows\System32\FNTCACHE.DAT 2016-08-10 22:41 - 2014-05-22 01:21 - 00044278 __RSH C:\ProgramData\tempntuser.pol 2016-08-10 20:36 - 2014-05-15 23:49 - 00000000 ____D C:\Windows\System32\MRT 2016-08-10 20:02 - 2014-05-15 23:49 - 144884648 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe 2016-08-04 03:20 - 2016-06-14 22:08 - 00000000 ____D C:\Users\rmazurek.KRASNYSTAW\Desktop\UNIMAK 2016-08-03 01:43 - 2016-04-22 03:32 - 00000000 ____D C:\Users\rmazurek.KRASNYSTAW\Desktop\PULPIT 2016-08-03 01:38 - 2016-07-25 08:31 - 00000000 ____D C:\Users\rmazurek.KRASNYSTAW\Desktop\umowy 2016 Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\AcDeltree.exe C:\Users\rmazurek.KRASNYSTAW\AppData\Local\Temp\MSETUP4.EXE ==================== Known DLLs (Whitelisted) ========================= [2016-08-09 23:30] - [2016-08-01 20:56] - 0000000 ____A () C:\Windows\System32\WININET.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe [2016-06-14 20:57] - [2016-04-08 21:44] - 2973184 ____A (Microsoft Corporation) 3DA48EA028AD771C5B71727F0C3984E9 C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 2934.68 MB Available physical RAM: 2255.88 MB Total Virtual: 2932.96 MB Available Virtual: 2267.17 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.56 GB) (Free:11.97 GB) NTFS Drive e: () (Fixed) (Total:200.43 GB) (Free:193.15 GB) NTFS Drive f: (GRMCPRVOL_PL_DVD) (CDROM) (Total:2.15 GB) (Free:0 GB) UDF Drive g: (Adata) (Removable) (Total:7.33 GB) (Free:7.3 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: DDF42ECC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.3 GB) (Disk ID: 0003B538) Partition 1: (Active) - (Size=7.3 GB) - (Type=07 NTFS) LastRegBack: 2016-08-22 09:40 ==================== End of FRST.txt ============================