Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015 Ran by SYSTEM on MININT-6GKF88D (08-12-2015 17:23:08) Running from E:\ Platform: WIN_8 (X64) Language: Angielski (Stany Zjednoczone) Boot Mode: Recovery ATTENTION: Could not load system hive. Operacja ukonczona pomyslnie. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Winlogon: [Userinit] HKLM-x32\...\Winlogon: [Userinit] [X] HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess? HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] <==== ATTENTION ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-08 17:22 - 2015-12-08 17:23 - 00000000 ____D C:\FRST 2015-12-04 18:17 - 2015-12-04 18:17 - 00003920 ____N C:\bootsqm.dat 2015-12-04 18:17 - 2015-12-04 18:17 - 00000000 __SHD C:\found.000 2015-12-03 13:41 - 2015-12-03 13:41 - 06420480 _____ C:\Program Files (x86)\GUTC8E7.tmp 2015-12-03 13:41 - 2015-12-03 13:41 - 00000000 ____D C:\Program Files (x86)\GUMC8E6.tmp 2015-12-03 13:38 - 2015-12-03 13:43 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-03 13:38 - 2015-12-03 13:41 - 00000000 ____D C:\Users\Szycha\AppData\Local\Google 2015-12-03 13:38 - 2015-12-03 13:38 - 00003794 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-03 13:38 - 2015-12-03 13:38 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-03 13:38 - 2015-12-03 13:38 - 00000000 ____D C:\Program Files (x86)\Google 2015-12-03 13:38 - 2015-12-03 13:38 - 00000000 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-03 13:37 - 2015-12-03 13:37 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-12-03 13:37 - 2015-12-03 13:37 - 00000000 ____D C:\chrome 2015-12-03 13:15 - 2015-12-03 13:15 - 00000363 _____ C:\Users\Szycha\Desktop\Komputer — skrót.lnk 2015-12-03 12:39 - 2015-12-03 12:39 - 00000000 ____D C:\Users\Szycha\AppData\Roaming\Macromedia 2015-12-03 12:39 - 2015-12-03 12:39 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-01 21:08 - 2015-12-07 21:27 - 00000000 _____ C:\Recovery.txt 2015-12-01 20:42 - 2015-12-01 20:42 - 00000000 ____D C:\Users\Szycha\AppData\Local\Deployment 2015-12-01 20:42 - 2015-12-01 20:42 - 00000000 ____D C:\Users\Szycha\AppData\Local\Apps\2.0 2015-12-01 20:42 - 2013-09-23 12:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys 2015-12-01 20:37 - 2015-12-01 20:37 - 00000000 ____D C:\Users\Szycha\AppData\Local\CrashDumps 2015-12-01 20:30 - 2015-12-03 13:23 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-861196279-326279508-2452354940-1001 2015-12-01 20:27 - 2015-12-01 20:27 - 00000000 ____D C:\Windows\SysWOW64\VAIO Startup Setting Tool 2015-12-01 20:27 - 2015-12-01 20:27 - 00000000 ____D C:\Windows\pss 2015-12-01 20:27 - 2015-12-01 20:27 - 00000000 ____D C:\Users\Szycha\AppData\Local\Sony Corporation 2015-12-01 20:26 - 2015-12-01 20:27 - 00000000 ____D C:\Users\Szycha\AppData\Roaming\Sony Corporation 2015-12-01 20:25 - 2015-12-01 20:25 - 00000000 ____D C:\Users\Szycha\Documents\Bluetooth Folder 2015-12-01 20:25 - 2015-12-01 20:25 - 00000000 ____D C:\Users\Szycha\AppData\Roaming\ATI 2015-12-01 20:25 - 2015-12-01 20:25 - 00000000 ____D C:\Users\Szycha\AppData\Local\BMExplorer 2015-12-01 20:25 - 2015-12-01 20:25 - 00000000 ____D C:\Users\Szycha\AppData\Local\ATI 2015-12-01 20:24 - 2015-12-01 20:24 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-12-01 20:24 - 2015-12-01 20:24 - 00000000 ____D C:\Users\Szycha\AppData\Roaming\Atheros 2015-12-01 20:23 - 2015-12-01 20:23 - 00000000 ____D C:\Users\Szycha\AppData\Roaming\Adobe 2015-12-01 20:22 - 2015-12-01 20:22 - 00000000 ____D C:\Users\Szycha\AppData\Local\VirtualStore 2015-12-01 20:21 - 2015-12-01 20:23 - 00000000 ____D C:\Users\Szycha\AppData\Local\Packages 2015-12-01 20:21 - 2015-12-01 20:23 - 00000000 ____D C:\users\Szycha 2015-12-01 20:21 - 2015-12-01 20:21 - 00000020 ___SH C:\Users\Szycha\ntuser.ini 2015-12-01 20:21 - 2015-12-01 20:21 - 00000000 _SHDL C:\Users\Szycha\Ustawienia lokalne 2015-12-01 20:21 - 2015-12-01 20:21 - 00000000 _SHDL C:\Users\Szycha\Szablony 2015-12-01 20:21 - 2015-12-01 20:21 - 00000000 _SHDL C:\Users\Szycha\Moje dokumenty 2015-12-01 20:21 - 2015-12-01 20:21 - 00000000 _SHDL C:\Users\Szycha\Menu Start 2015-12-01 20:21 - 2015-12-01 20:21 - 00000000 _SHDL C:\Users\Szycha\Documents\Moje wideo 2015-12-01 20:21 - 2015-12-01 20:21 - 00000000 _SHDL C:\Users\Szycha\Documents\Moje obrazy 2015-12-01 20:21 - 2015-12-01 20:21 - 00000000 _SHDL C:\Users\Szycha\Documents\Moja muzyka 2015-12-01 20:21 - 2015-12-01 20:21 - 00000000 _SHDL C:\Users\Szycha\Dane aplikacji 2015-12-01 20:21 - 2015-12-01 20:21 - 00000000 _SHDL C:\Users\Szycha\AppData\Local\Historia 2015-12-01 20:21 - 2015-12-01 20:21 - 00000000 _SHDL C:\Users\Szycha\AppData\Local\Dane aplikacji 2015-12-01 20:09 - 2015-12-01 20:09 - 00000000 __RHD C:\Users\Public\AccountPictures ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-03 13:50 - 2012-07-26 05:26 - 00262144 ___SH C:\Windows\System32\config\BBI 2015-12-03 13:44 - 2013-06-01 18:50 - 00000000 ____D C:\ProgramData\MOCP 2015-12-03 13:14 - 2013-06-01 18:14 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-12-03 13:12 - 2012-08-03 22:48 - 00712522 _____ C:\Windows\System32\perfh01D.dat 2015-12-03 13:12 - 2012-08-03 22:48 - 00148908 _____ C:\Windows\System32\perfc01D.dat 2015-12-03 13:12 - 2012-08-03 22:26 - 00776694 _____ C:\Windows\System32\prfh0816.dat 2015-12-03 13:12 - 2012-08-03 22:26 - 00159974 _____ C:\Windows\System32\prfc0816.dat 2015-12-03 13:12 - 2012-08-03 22:19 - 00794946 _____ C:\Windows\System32\perfh015.dat 2015-12-03 13:12 - 2012-08-03 22:19 - 00159530 _____ C:\Windows\System32\perfc015.dat 2015-12-03 13:12 - 2012-08-03 22:12 - 00440762 _____ C:\Windows\System32\perfh014.dat 2015-12-03 13:12 - 2012-08-03 22:12 - 00076914 _____ C:\Windows\System32\perfc014.dat 2015-12-03 13:12 - 2012-08-03 22:05 - 00730544 _____ C:\Windows\System32\perfh00E.dat 2015-12-03 13:12 - 2012-08-03 22:05 - 00174018 _____ C:\Windows\System32\perfc00E.dat 2015-12-03 13:12 - 2012-08-03 21:59 - 00426314 _____ C:\Windows\System32\perfh00B.dat 2015-12-03 13:12 - 2012-08-03 21:59 - 00081450 _____ C:\Windows\System32\perfc00B.dat 2015-12-03 13:12 - 2012-08-03 21:52 - 00541792 _____ C:\Windows\System32\perfh008.dat 2015-12-03 13:12 - 2012-08-03 21:52 - 00088858 _____ C:\Windows\System32\perfc008.dat 2015-12-03 13:12 - 2012-08-03 21:46 - 00455676 _____ C:\Windows\System32\perfh006.dat 2015-12-03 13:12 - 2012-08-03 21:46 - 00079422 _____ C:\Windows\System32\perfc006.dat 2015-12-03 13:12 - 2012-08-03 21:40 - 00718298 _____ C:\Windows\System32\perfh005.dat 2015-12-03 13:12 - 2012-08-03 21:40 - 00147876 _____ C:\Windows\System32\perfc005.dat 2015-12-03 13:12 - 2012-07-26 07:28 - 07539758 _____ C:\Windows\System32\PerfStringBackup.INI 2015-12-03 13:12 - 2012-07-26 05:37 - 00000000 ____D C:\Windows\Inf 2015-12-03 13:11 - 2012-07-26 05:26 - 00262144 ___SH C:\Windows\System32\config\ELAM 2015-12-03 13:07 - 2013-06-01 18:14 - 00000000 ____D C:\ProgramData\McAfee 2015-12-03 13:07 - 2013-06-01 18:14 - 00000000 ____D C:\Program Files\Common Files\mcafee 2015-12-03 13:07 - 2012-07-26 07:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-03 13:04 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\NDF 2015-12-01 21:08 - 2012-07-26 08:13 - 00262144 _____ C:\Windows\System32\config\BCD-Template 2015-12-01 20:41 - 2012-07-26 08:12 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-12-01 20:27 - 2013-06-01 18:45 - 00000000 ____D C:\Windows\System32\Tasks\SONY 2015-12-01 20:27 - 2013-06-01 18:17 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation 2015-12-01 20:27 - 2012-07-26 05:37 - 00000000 ____D C:\Windows 2015-12-01 20:25 - 2013-06-01 19:58 - 00000000 ____D C:\ProgramData\Atheros 2015-12-01 20:22 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\WinStore 2015-12-01 20:21 - 2012-07-26 08:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2015-12-01 20:20 - 2013-06-01 17:58 - 00301824 _____ C:\Windows\System32\FNTCACHE.DAT 2015-12-01 20:16 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\rescache ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll [2013-06-01 17:03] - [2012-09-20 06:31] - 0604672 ____A (Microsoft Corporation) B16A14270DB26838B48A06835FDBBFB4 C:\Windows\SysWOW64\dnsapi.dll [2013-06-01 17:03] - [2012-09-20 05:53] - 0461824 ____A (Microsoft Corporation) BB3717D6FC27A22D0403C825A93BC068 C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE Association (Whitelisted) ============= HKLM\...\.exe: => <===== ATTENTION HKLM\...\exefile\DefaultIcon: <===== ATTENTION HKLM\...\exefile\open\command: <===== ATTENTION ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 4043.27 MB Available physical RAM: 3334.08 MB Total Virtual: 4043.27 MB Available Virtual: 3339.08 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:661.45 GB) (Free:620.71 GB) NTFS Drive e: () (Removable) (Total:7.23 GB) (Free:2.81 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 6EC19FF3) Partition: GPT. ======================================================== Disk: 1 (Size: 7.2 GB) (Disk ID: 04DD5721) Partition 1: (Active) - (Size=7.2 GB) - (Type=0B) LastRegBack: 2012-08-03 21:06 ==================== End of FRST.txt ============================