Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015 Ran by 1 (administrator) on 1-KOMPUTER on 15-04-2015 10:48:38 Running from E:\Programy\Na awarie z kompem Loaded Profiles: 1 (Available profiles: 1) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (TeamSpeak Systems GmbH) E:\Programy\ts\ts3client_win32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated) HKU\S-1-5-21-1725100775-652941961-2121536281-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1725100775-652941961-2121536281-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hr32b6a1.default FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-02-15] (Adobe Systems Incorporated) S3 Origin Client Service; E:\Programy\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-04-03] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-03-07] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 10:42 - 2015-04-15 10:42 - 00000000 ____D () C:\MATS 2015-04-15 10:40 - 2015-04-15 10:41 - 00347816 _____ (Microsoft Corporation) C:\Users\1\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe 2015-04-15 10:20 - 2015-04-15 10:20 - 00000000 ____D () C:\Users\1\AppData\Roaming\Mozilla 2015-04-15 10:20 - 2015-04-15 10:20 - 00000000 ____D () C:\Users\1\AppData\Local\Mozilla 2015-04-15 08:40 - 2015-04-15 10:48 - 00000000 ____D () C:\FRST 2015-04-09 20:50 - 2015-04-09 20:50 - 00008330 _____ () C:\Users\1\Downloads\P4030460.xmp 2015-04-09 20:49 - 2015-04-09 20:50 - 13197722 _____ () C:\Users\1\Downloads\P4030461.ORF 2015-04-09 20:43 - 2015-04-09 20:44 - 13208973 _____ () C:\Users\1\Downloads\P4030460 (1).ORF 2015-04-09 20:41 - 2015-04-09 20:42 - 13208973 _____ () C:\Users\1\Downloads\P4030460.ORF 2015-04-09 20:41 - 2015-04-09 20:41 - 00006722 _____ () C:\Users\1\Downloads\P4030442.xmp 2015-04-09 20:38 - 2015-04-09 20:39 - 14480278 _____ () C:\Users\1\Downloads\P4030442.ORF 2015-04-09 17:58 - 2015-04-15 08:20 - 00000000 ____D () C:\Users\1\Desktop\Nowy folder 2015-04-06 16:38 - 2015-04-06 16:38 - 01088384 _____ (Unity Technologies ApS) C:\Users\1\Downloads\UnityWebPlayer (2).exe 2015-04-06 16:37 - 2015-04-06 16:38 - 01088384 _____ (Unity Technologies ApS) C:\Users\1\Downloads\UnityWebPlayer.exe 2015-04-06 16:37 - 2015-04-06 16:38 - 01088384 _____ (Unity Technologies ApS) C:\Users\1\Downloads\UnityWebPlayer (1).exe 2015-04-06 12:21 - 2015-04-06 12:21 - 00000778 _____ () C:\Users\1\Desktop\Dejli — skrót.lnk 2015-04-06 11:41 - 2015-04-06 11:42 - 00237086 _____ () C:\Users\1\Downloads\video-1428227920.mp4.mp4 2015-04-03 10:53 - 2015-04-15 10:45 - 00002470 _____ () C:\Windows\PFRO.log 2015-04-03 10:12 - 2015-04-15 09:24 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2015-04-03 10:12 - 2015-04-03 10:12 - 00000000 ____D () C:\Users\1\AppData\Local\PunkBuster 2015-04-03 10:03 - 2015-04-03 10:03 - 00000000 ____D () C:\Users\1\AppData\Local\ESN 2015-04-03 10:03 - 2015-04-03 10:03 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2015-04-03 09:59 - 2015-04-03 10:11 - 00000000 ____D () C:\Users\1\Documents\Battlefield 3 2015-04-03 09:59 - 2015-04-03 10:05 - 00000000 ____D () C:\ProgramData\Electronic Arts 2015-04-03 09:59 - 2015-04-03 09:59 - 00000000 ____D () C:\ProgramData\EA Core 2015-04-03 09:50 - 2015-04-15 09:24 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-04-03 09:50 - 2015-04-11 22:55 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-04-03 09:50 - 2015-04-03 10:20 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-04-03 09:48 - 2015-04-03 09:49 - 00018321 _____ () C:\Windows\DirectX.log 2015-04-03 09:37 - 2015-04-03 09:59 - 00000000 ____D () C:\Users\1\AppData\Local\Origin 2015-04-03 09:37 - 2015-04-03 09:56 - 00000000 ____D () C:\Users\1\AppData\Roaming\Origin 2015-04-03 09:35 - 2015-04-15 09:18 - 00000000 ____D () C:\ProgramData\Origin 2015-04-03 09:27 - 2015-04-03 09:42 - 00000000 ____D () C:\Users\1\AppData\Local\Ubisoft Game Launcher 2015-04-03 09:27 - 2015-04-03 09:27 - 00000000 ____D () C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2015-04-02 17:22 - 2015-04-15 10:45 - 00002688 _____ () C:\Windows\setupact.log 2015-04-02 17:22 - 2015-04-02 17:22 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-30 15:47 - 2015-03-30 15:47 - 00000000 ____D () C:\Users\1\AppData\Roaming\MPC-HC 2015-03-18 18:36 - 2015-03-18 18:36 - 00000000 ____D () C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 10:48 - 2015-03-07 15:58 - 00653137 _____ () C:\Windows\WindowsUpdate.log 2015-04-15 10:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-15 10:44 - 2009-07-14 06:45 - 00016832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-15 10:44 - 2009-07-14 06:45 - 00016832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-14 02:08 - 2015-03-07 20:13 - 00000000 ____D () C:\Users\1\AppData\Roaming\Skype 2015-04-13 19:54 - 2011-04-12 15:21 - 00739694 _____ () C:\Windows\system32\perfh015.dat 2015-04-13 19:54 - 2011-04-12 15:21 - 00155268 _____ () C:\Windows\system32\perfc015.dat 2015-04-13 19:54 - 2009-07-14 07:13 - 01668226 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-03 09:51 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-04-02 12:15 - 2015-03-07 15:53 - 00000000 ____D () C:\Windows\Panther 2015-03-30 16:30 - 2015-03-12 23:34 - 00000000 ____D () C:\Users\1\AppData\Roaming\vlc 2015-03-22 22:57 - 2015-03-13 13:04 - 00000000 ____D () C:\Users\1\AppData\Roaming\foobar2000 2015-03-18 01:26 - 2015-03-07 16:33 - 00000000 ____D () C:\Users\1\AppData\Roaming\Adobe 2015-03-16 17:36 - 2015-03-08 10:45 - 00000000 ____D () C:\Users\1\AppData\Local\PAYDAY 2 ==================== Files in the root of some directories ======= 2015-03-13 13:21 - 2015-03-13 13:21 - 0000112 _____ () C:\Users\1\AppData\Roaming\Preferencje wtyczki JP2K CS6 2015-04-15 10:14 - 2015-04-15 10:14 - 0011554 _____ () C:\Users\1\AppData\Local\Temp-log.txt 2015-03-07 16:12 - 2015-03-07 16:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 09:07 ==================== End Of Log ============================