Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:30-04-2016 Uruchomiony przez Arek (administrator) DESKTOP-78KDRPR (01-05-2016 18:38:50) Uruchomiony z C:\Users\Arek\Desktop Załadowane profile: Arek (Dostępne profile: Arek) Platform: Windows 10 Enterprise (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Windows\syswow64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe () C:\Windows\KMS-R@1nhook.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKU\S-1-5-21-1585059127-2730434103-678098393-1002\...\Run: [GG] => C:\Users\Arek\AppData\Local\GG\Application\gghub.exe [4078144 2015-06-17] (GG Network S.A.) HKU\S-1-5-21-1585059127-2730434103-678098393-1002\...\Run: [GmailNotifierPro] => C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe /minimized HKU\S-1-5-21-1585059127-2730434103-678098393-1002\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-1585059127-2730434103-678098393-1002\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-1585059127-2730434103-678098393-1002\...\Run: [Steam] => H:\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation) HKU\S-1-5-21-1585059127-2730434103-678098393-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.) HKU\S-1-5-21-1585059127-2730434103-678098393-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd) HKU\S-1-5-21-1585059127-2730434103-678098393-1002\...\MountPoints2: {cc841190-78d6-11e5-9bc7-002522fb3382} - "E:\Startme.exe" IFEO\OSppSvc.exe: [Debugger] KMS-R@1nhook.exe IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nhook.exe Startup: C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FZOCgcQLiOBfgSCUICF.lnk [2016-02-29] ShortcutTarget: FZOCgcQLiOBfgSCUICF.lnk -> C:\Users\Arek\AppData\Local\Temp\elf.exe (Brak pliku) Startup: C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XenoSuite.lnk [2016-04-24] ShortcutTarget: XenoSuite.lnk -> H:\Xenobot\XenoSuite.exe () GroupPolicyScripts: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{d7dd35e7-6457-4677-863b-7cd64f4030e8}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-28] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-28] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Arek\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF DefaultSearchEngine: hohosearch FF SelectedSearchEngine: hohosearch FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-13] () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-13] () FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-28] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-10-26] [Brak podpisu cyfrowego] Chrome: ======= CHR HomePage: Default -> hxxp://google.pl/ CHR StartupUrls: Default -> "hxxp://google.pl/" CHR Profile: C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-26] CHR Extension: (Dokumenty Google) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-26] CHR Extension: (Dysk Google) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26] CHR Extension: (Web Developer) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-10-26] CHR Extension: (YouTube) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-26] CHR Extension: (Google Search) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (SEOrch - OnPage SEO Tool) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofplnfijbongplmhcpoobljlfjeaank [2015-10-26] CHR Extension: (Arkusze Google) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-26] CHR Extension: (Dokumenty Google offline) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13] CHR Extension: (SEO for Chrome) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2015-10-26] CHR Extension: (ColorPick Eyedropper) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2016-02-21] CHR Extension: (Gmail) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-26] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1281056 2015-12-24] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG) S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3643520 2016-01-07] (INCA Internet Co., Ltd.) S3 Origin Client Service; H:\Origin\OriginClientService.exe [2120712 2016-04-29] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-04-24] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-10-18] (Advanced Micro Devices) S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-18] (Disc Soft Ltd) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-01] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-18] (Intel Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2016-01-18] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2015-11-03] (SlimWare Utilities, Inc.) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-18] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-18] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-01 18:38 - 2016-05-01 18:39 - 00014903 _____ C:\Users\Arek\Desktop\FRST.txt 2016-05-01 18:35 - 2016-05-01 18:35 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-78KDRPR_Arek_HistoryPrediction.bin 2016-05-01 18:32 - 2016-05-01 18:32 - 00009242 _____ C:\Users\Arek\Desktop\Fixlog.txt 2016-05-01 15:41 - 2016-05-01 15:50 - 00177300 _____ C:\WINDOWS\ntbtlog.txt 2016-05-01 15:41 - 2016-05-01 15:41 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-05-01 14:45 - 2016-05-01 15:53 - 00000000 ____D C:\Users\Arek\Desktop\gmer 2016-05-01 14:45 - 2016-05-01 14:45 - 00371282 _____ C:\Users\Arek\Desktop\gmer.zip 2016-05-01 14:00 - 2016-05-01 14:00 - 01192976 _____ (Microsoft Corporation) C:\Users\Arek\Desktop\sdksetup.exe 2016-05-01 13:59 - 2016-05-01 13:59 - 02377216 _____ (Farbar) C:\Users\Arek\Desktop\FRST64.exe 2016-05-01 13:54 - 2016-05-01 13:54 - 00090834 _____ C:\Users\Arek\Downloads\Extras.Txt 2016-05-01 13:53 - 2016-05-01 13:53 - 00175972 _____ C:\Users\Arek\Downloads\OTL.Txt 2016-05-01 13:47 - 2016-05-01 13:47 - 00602112 _____ (OldTimer Tools) C:\Users\Arek\Downloads\OTL.exe 2016-05-01 13:46 - 2016-05-01 13:46 - 15490865 _____ C:\Users\Arek\Downloads\XenoBot10.92R2.zip 2016-05-01 13:46 - 2016-05-01 13:46 - 00000000 ____D C:\Users\Arek\Desktop\XenoBot10.92R2 2016-05-01 13:33 - 2016-05-01 13:33 - 595498786 _____ C:\WINDOWS\MEMORY.DMP 2016-05-01 13:33 - 2016-05-01 13:33 - 00972800 _____ C:\WINDOWS\Minidump\050116-31890-01.dmp 2016-04-28 20:20 - 2016-04-28 20:20 - 00000995 _____ C:\Users\Arek\Desktop\HD Tune.lnk 2016-04-28 20:20 - 2016-04-28 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2016-04-28 20:20 - 2016-04-28 20:20 - 00000000 ____D C:\Program Files (x86)\HD Tune 2016-04-28 19:31 - 2016-04-28 19:35 - 1456414720 _____ C:\Users\Arek\Desktop\Deadpool.2016.PL.480p.BDRiP.XViD.AC3-K12 (1).avi 2016-04-28 18:40 - 2016-04-28 18:40 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2016-04-28 18:40 - 2016-04-28 18:40 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-04-28 18:40 - 2016-04-28 18:40 - 00000000 ____D C:\Program Files\CCleaner 2016-04-28 18:31 - 2016-04-28 18:31 - 00000000 ____D C:\Users\Arek\AppData\Roaming\Oracle 2016-04-27 22:29 - 2016-04-27 22:58 - 00000000 ____D C:\Users\Arek\AppData\Roaming\Tibiacast 2016-04-27 22:28 - 2016-04-27 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibiacast 2016-04-27 22:28 - 2016-04-27 22:28 - 00000000 ____D C:\Program Files (x86)\Tibiacast 2016-04-27 22:27 - 2016-04-27 22:27 - 00858672 _____ C:\Users\Arek\Desktop\tibiacast_3_1_59_0.zip 2016-04-27 22:27 - 2016-04-27 22:27 - 00000000 ____D C:\Users\Arek\Desktop\tibiacast_3_1_59_0 2016-04-27 22:19 - 2016-04-27 22:22 - 00000000 ____D C:\Users\Arek\Desktop\Polska kwiecien 2016-04-24 15:12 - 2016-04-29 18:51 - 00282296 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr 2016-04-24 15:12 - 2016-04-24 15:12 - 00000000 ____D C:\Users\Arek\Documents\BFBC2 2016-04-24 15:12 - 2016-04-24 15:12 - 00000000 ____D C:\Users\Arek\AppData\Local\PunkBuster 2016-04-24 15:11 - 2016-04-24 15:11 - 02434856 _____ C:\WINDOWS\SysWOW64\pbsvc.exe 2016-04-24 15:11 - 2016-04-24 15:11 - 00000978 _____ C:\Users\Public\Desktop\Battlefield Bad Company 2.lnk 2016-04-24 15:11 - 2016-04-24 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Bad Company 2 2016-04-24 14:26 - 2016-04-24 14:26 - 00021288 _____ (RW-Everything) C:\WINDOWS\SysWOW64\Drivers\AsrSmartConnectDrv.sys 2016-04-24 14:21 - 2016-04-24 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2016-04-24 14:21 - 2016-04-24 14:21 - 00000000 ____D C:\Program Files\Oracle 2016-04-24 14:21 - 2016-04-18 15:33 - 00916520 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys 2016-04-24 14:21 - 2016-04-18 15:33 - 00143568 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2016-04-24 14:20 - 2016-04-24 14:20 - 00000000 ____D C:\Intel 2016-04-24 13:42 - 2016-04-24 13:42 - 00000000 ____D C:\Users\Arek\AppData\Local\TeamViewer 2016-04-24 13:24 - 2016-04-24 13:24 - 00000894 _____ C:\Users\Public\Desktop\Battlefield 3.lnk 2016-04-24 13:24 - 2016-04-24 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 2016-04-24 13:23 - 2016-04-29 18:51 - 00282296 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2016-04-24 13:23 - 2016-04-29 18:48 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2016-04-24 13:23 - 2016-04-24 15:37 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe 2016-04-24 12:23 - 2016-04-24 12:23 - 00000000 ____D C:\Users\Arek\AppData\Roaming\One Click Root 2016-04-24 12:23 - 2016-04-24 12:23 - 00000000 ____D C:\Users\Arek\AppData\Local\oneClickRoot 2016-04-24 12:23 - 2016-04-24 12:23 - 00000000 ____D C:\Users\Arek\AppData\Local\AWSToolkit 2016-04-24 11:38 - 2016-04-29 20:23 - 00000000 ____D C:\ProgramData\Origin 2016-04-24 11:38 - 2016-04-24 13:04 - 00000000 ____D C:\Users\Arek\AppData\Local\Origin 2016-04-24 11:38 - 2016-04-24 12:53 - 00000000 ____D C:\Users\Arek\AppData\Roaming\Origin 2016-04-24 11:38 - 2016-04-24 11:42 - 00000561 _____ C:\Users\Public\Desktop\Origin.lnk 2016-04-24 11:38 - 2016-04-24 11:38 - 00000000 ____D C:\ProgramData\Electronic Arts 2016-04-23 23:51 - 2016-04-23 23:51 - 00000000 ____D C:\Users\Arek\Desktop\Nowy folder 2016-04-23 18:31 - 2016-04-23 18:32 - 00000000 ____D C:\Users\Arek\Desktop\Vedia x55 2016-04-23 17:30 - 2016-04-23 17:30 - 00000000 ____D C:\ProgramData\Tencent 2016-04-23 17:29 - 2016-04-28 18:31 - 00000000 ____D C:\Program Files (x86)\ROMasterLab 2016-04-23 17:29 - 2016-04-23 17:30 - 00000000 ____D C:\Users\Arek\AppData\Roaming\Tencent 2016-04-23 17:24 - 2016-04-28 18:31 - 00000000 ____D C:\Users\Arek\AppData\Roaming\mgyun 2016-04-23 17:24 - 2016-04-28 18:30 - 00000000 ____D C:\Program Files (x86)\iRoot 2016-04-23 11:35 - 2016-04-23 11:35 - 00000000 ____D C:\Users\Arek\.swt 2016-04-23 11:35 - 2016-04-23 11:35 - 00000000 ____D C:\Users\Arek\.flashTool 2016-04-23 11:33 - 2016-04-28 18:30 - 00000000 ____D C:\Flashtool 2016-04-21 19:48 - 2016-04-28 18:30 - 00000000 ____D C:\Program Files (x86)\Kingo ROOT 2016-04-21 19:48 - 2016-04-21 19:48 - 00000000 ____D C:\Users\Arek\AppData\Roaming\Kingosoft 2016-04-21 19:48 - 2016-04-21 19:48 - 00000000 ____D C:\Users\Arek\AppData\Local\Kingosoft 2016-04-21 17:39 - 2016-04-21 17:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2016-04-21 17:39 - 2011-10-29 10:43 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll 2016-04-21 17:39 - 2011-10-29 10:43 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll 2016-04-21 17:08 - 2016-04-21 17:08 - 00000000 ____D C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools 2016-04-21 17:07 - 2016-04-21 17:07 - 00000000 ____D C:\Users\Arek\AppData\Local\Android 2016-04-21 17:06 - 2016-04-28 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2016-04-21 17:06 - 2016-04-28 18:30 - 00000000 ____D C:\Program Files\Java 2016-04-20 21:14 - 2016-04-23 17:32 - 00000000 ____D C:\Users\Arek\Documents\download 2016-04-20 21:12 - 2016-04-21 17:27 - 00000000 ____D C:\Users\Arek\.android 2016-04-20 21:12 - 2016-04-20 21:16 - 00000000 ____D C:\Users\Arek\AppData\Roaming\zhuodashi 2016-04-20 21:11 - 2016-04-21 17:22 - 00001100 _____ C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ˢ»úרĽŇ(׿´óʦ).lnk 2016-04-20 21:11 - 2016-04-20 21:11 - 14973024 _____ (北京耘升天下科技有限公司) C:\Users\Arek\Downloads\zds_setup_OPDA.exe 2016-04-20 21:10 - 2016-04-28 18:31 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android 2016-04-20 21:10 - 2011-11-25 01:25 - 00015360 _____ (June Fabrics Technology Inc.) C:\WINDOWS\system32\Drivers\pneteth.sys 2016-04-20 20:59 - 2016-04-20 21:00 - 00000266 __RSH C:\Users\Arek\ntuser.pol 2016-04-20 20:28 - 2016-04-20 20:28 - 00008780 _____ C:\WINDOWS\System32\Tasks\Holuge System 2016-04-20 20:28 - 2016-04-20 20:28 - 00000000 ____D C:\Users\Public\Documents\dmp 2016-04-20 20:28 - 2016-04-20 20:28 - 00000000 ____D C:\Program Files (x86)\Holuge 2016-04-18 15:33 - 2016-04-18 15:33 - 00192352 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys 2016-04-18 15:33 - 2016-04-18 15:33 - 00119712 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys 2016-04-13 22:20 - 2016-03-25 08:38 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-04-13 22:20 - 2016-03-25 08:25 - 12505600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-04-13 22:20 - 2016-03-25 08:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-04-13 22:20 - 2016-03-16 05:56 - 03467784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2016-04-13 22:20 - 2016-03-16 05:55 - 02495768 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-13 22:20 - 2016-03-16 05:47 - 22610328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-04-13 22:20 - 2016-03-16 05:45 - 00140536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe 2016-04-13 22:20 - 2016-03-16 05:37 - 01010016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2016-04-13 22:20 - 2016-03-16 05:21 - 01767000 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-04-13 22:20 - 2016-03-16 05:11 - 21088728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-04-13 22:20 - 2016-03-16 05:00 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-04-13 22:20 - 2016-03-16 04:49 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-04-13 22:20 - 2016-03-16 04:40 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-04-13 22:20 - 2016-03-16 04:39 - 03363328 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-04-13 22:20 - 2016-03-16 04:35 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxApplicabilityEngine.dll 2016-04-13 22:20 - 2016-03-16 04:21 - 18796544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-04-13 22:20 - 2016-03-16 04:17 - 03680256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2016-04-13 22:20 - 2016-03-16 04:17 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-04-13 22:19 - 2016-03-29 07:40 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-04-13 22:19 - 2016-03-29 07:40 - 01381376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-04-13 22:19 - 2016-03-25 08:13 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-04-13 22:19 - 2016-03-25 07:55 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-04-13 22:19 - 2016-03-25 07:54 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-04-13 22:19 - 2016-03-16 05:56 - 01022664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-04-13 22:19 - 2016-03-16 05:56 - 00861512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-04-13 22:19 - 2016-03-16 05:55 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-04-13 22:19 - 2016-03-16 05:55 - 01299032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-04-13 22:19 - 2016-03-16 05:55 - 01127024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-04-13 22:19 - 2016-03-16 05:55 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-04-13 22:19 - 2016-03-16 05:54 - 00595016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2016-04-13 22:19 - 2016-03-16 05:47 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-04-13 22:19 - 2016-03-16 05:47 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-04-13 22:19 - 2016-03-16 05:46 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2016-04-13 22:19 - 2016-03-16 05:41 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-04-13 22:19 - 2016-03-16 05:41 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-04-13 22:19 - 2016-03-16 05:39 - 00983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2016-04-13 22:19 - 2016-03-16 05:21 - 01531888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-04-13 22:19 - 2016-03-16 05:11 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-04-13 22:19 - 2016-03-16 05:11 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-04-13 22:19 - 2016-03-16 05:08 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-04-13 22:19 - 2016-03-16 05:06 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-04-13 22:19 - 2016-03-16 05:05 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-04-13 22:19 - 2016-03-16 05:03 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-04-13 22:19 - 2016-03-16 05:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-04-13 22:19 - 2016-03-16 04:56 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll 2016-04-13 22:19 - 2016-03-16 04:56 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll 2016-04-13 22:19 - 2016-03-16 04:55 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll 2016-04-13 22:19 - 2016-03-16 04:55 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2016-04-13 22:19 - 2016-03-16 04:55 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll 2016-04-13 22:19 - 2016-03-16 04:55 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll 2016-04-13 22:19 - 2016-03-16 04:51 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-04-13 22:19 - 2016-03-16 04:51 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-04-13 22:19 - 2016-03-16 04:49 - 01416192 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-04-13 22:19 - 2016-03-16 04:47 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-04-13 22:19 - 2016-03-16 04:47 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2016-04-13 22:19 - 2016-03-16 04:47 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll 2016-04-13 22:19 - 2016-03-16 04:46 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll 2016-04-13 22:19 - 2016-03-16 04:44 - 01016832 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-04-13 22:19 - 2016-03-16 04:43 - 00573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll 2016-04-13 22:19 - 2016-03-16 04:43 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-04-13 22:19 - 2016-03-16 04:42 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-04-13 22:19 - 2016-03-16 04:42 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-04-13 22:19 - 2016-03-16 04:42 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2016-04-13 22:19 - 2016-03-16 04:41 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-04-13 22:19 - 2016-03-16 04:40 - 00931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2016-04-13 22:19 - 2016-03-16 04:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2016-04-13 22:19 - 2016-03-16 04:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll 2016-04-13 22:19 - 2016-03-16 04:40 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll 2016-04-13 22:19 - 2016-03-16 04:40 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll 2016-04-13 22:19 - 2016-03-16 04:40 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll 2016-04-13 22:19 - 2016-03-16 04:40 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll 2016-04-13 22:19 - 2016-03-16 04:39 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-04-13 22:19 - 2016-03-16 04:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2016-04-13 22:19 - 2016-03-16 04:38 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2016-04-13 22:19 - 2016-03-16 04:37 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-04-13 22:19 - 2016-03-16 04:37 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll 2016-04-13 22:19 - 2016-03-16 04:37 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll 2016-04-13 22:19 - 2016-03-16 04:37 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll 2016-04-13 22:19 - 2016-03-16 04:37 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll 2016-04-13 22:19 - 2016-03-16 04:37 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll 2016-04-13 22:19 - 2016-03-16 04:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll 2016-04-13 22:19 - 2016-03-16 04:35 - 01794560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-04-13 22:19 - 2016-03-16 04:35 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll 2016-04-13 22:19 - 2016-03-16 04:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2016-04-13 22:19 - 2016-03-16 04:35 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2016-04-13 22:19 - 2016-03-16 04:34 - 01871872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2016-04-13 22:19 - 2016-03-16 04:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-04-13 22:19 - 2016-03-16 04:32 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2016-04-13 22:19 - 2016-03-16 04:31 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2016-04-13 22:19 - 2016-03-16 04:31 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll 2016-04-13 22:19 - 2016-03-16 04:31 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll 2016-04-13 22:19 - 2016-03-16 04:28 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll 2016-04-13 22:19 - 2016-03-16 04:27 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-04-13 22:19 - 2016-03-16 04:24 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2016-04-13 22:19 - 2016-03-16 04:24 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll 2016-04-13 22:19 - 2016-03-16 04:24 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll 2016-04-13 22:19 - 2016-03-16 04:20 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-04-13 22:19 - 2016-03-16 04:18 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-04-13 22:19 - 2016-03-16 04:18 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll 2016-04-13 22:19 - 2016-03-16 04:17 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2016-04-13 22:19 - 2016-03-16 04:17 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll 2016-04-13 22:19 - 2016-03-16 04:17 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll 2016-04-13 22:19 - 2016-03-16 04:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll 2016-04-13 22:19 - 2016-03-16 04:16 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-04-13 22:19 - 2016-03-16 04:14 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll 2016-04-13 22:19 - 2016-03-16 04:14 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll 2016-04-13 22:19 - 2016-03-16 04:14 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll 2016-04-13 22:19 - 2016-03-16 04:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll 2016-04-13 22:19 - 2016-03-16 04:12 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll 2016-04-13 22:19 - 2016-03-16 04:11 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2016-04-13 22:19 - 2016-03-16 04:10 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-01 18:38 - 2016-03-03 20:55 - 00000000 ____D C:\FRST 2016-05-01 18:36 - 2016-03-02 20:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-05-01 18:36 - 2015-10-26 16:04 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-01 18:35 - 2015-10-26 15:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-05-01 18:35 - 2015-10-26 14:21 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2016-05-01 18:21 - 2015-10-26 16:04 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-01 18:06 - 2016-01-06 20:03 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-05-01 18:06 - 2015-11-01 15:55 - 00000000 ____D C:\Users\Arek\AppData\Roaming\TS3Client 2016-05-01 16:38 - 2015-10-27 19:53 - 00005346 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-78KDRPR-Arek DESKTOP-78KDRPR 2016-05-01 15:57 - 2015-10-26 15:55 - 01836100 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-05-01 15:57 - 2015-10-26 14:37 - 00812520 _____ C:\WINDOWS\system32\perfh015.dat 2016-05-01 15:57 - 2015-10-26 14:37 - 00156054 _____ C:\WINDOWS\system32\perfc015.dat 2016-05-01 15:57 - 2015-10-26 14:32 - 00000000 ____D C:\WINDOWS\INF 2016-05-01 15:36 - 2015-10-26 15:50 - 00000000 ____D C:\Users\Arek 2016-05-01 13:36 - 2015-10-26 16:58 - 00004222 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3D4CEE00-F3ED-4E33-96B2-BDB9B1F1AC6B} 2016-05-01 13:33 - 2015-12-27 14:12 - 00000000 ____D C:\WINDOWS\Minidump 2016-05-01 02:00 - 2015-10-26 16:24 - 00000000 ____D C:\Users\Arek\AppData\Local\Adobe 2016-04-30 21:17 - 2015-11-01 15:55 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2016-04-30 15:03 - 2015-10-26 14:33 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-30 14:58 - 2015-10-26 14:33 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-30 14:50 - 2015-10-26 15:53 - 00000000 ____D C:\Users\Arek\AppData\Local\Packages 2016-04-30 12:06 - 2015-10-26 16:51 - 00000000 ____D C:\Users\Arek\AppData\Roaming\Skype 2016-04-30 10:57 - 2016-01-16 17:59 - 00000000 ____D C:\Users\Arek\AppData\Roaming\TeamViewer 2016-04-28 22:22 - 2015-10-26 16:04 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-28 19:36 - 2015-10-31 00:40 - 00000000 ____D C:\Users\Arek\AppData\Roaming\vlc 2016-04-28 18:42 - 2016-01-27 23:18 - 00000000 ____D C:\Users\Arek\AppData\Roaming\MPC-HC 2016-04-28 18:42 - 2015-10-31 13:40 - 00000000 ____D C:\Users\Arek\AppData\Roaming\FileZilla 2016-04-28 18:42 - 2015-10-26 16:56 - 00000000 ____D C:\Users\Arek\AppData\Roaming\uTorrent 2016-04-28 18:41 - 2015-11-12 18:03 - 00000000 ____D C:\Users\Arek\AppData\Local\CrashDumps 2016-04-28 18:41 - 2015-10-26 14:40 - 00000000 ___DC C:\WINDOWS\Panther 2016-04-28 18:32 - 2015-12-28 12:21 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2016-04-28 18:32 - 2015-12-09 19:58 - 00000000 ____D C:\Program Files (x86)\Kodi 2016-04-28 18:31 - 2015-10-26 16:56 - 00000000 ____D C:\ProgramData\Oracle 2016-04-28 18:31 - 2015-10-26 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-04-28 18:31 - 2015-10-26 16:56 - 00000000 ____D C:\Program Files (x86)\Java 2016-04-28 18:30 - 2015-10-26 16:56 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2016-04-28 18:30 - 2015-10-19 19:21 - 00000000 ____D C:\Users\Arek\.oracle_jre_usage 2016-04-24 14:27 - 2015-10-21 21:03 - 00000000 ____D C:\Users\Arek\.VirtualBox 2016-04-24 13:52 - 2015-10-26 14:33 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-04-24 11:42 - 2016-02-20 18:56 - 00000549 _____ C:\Users\Public\Desktop\Tibia.lnk 2016-04-24 11:42 - 2016-01-16 17:59 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-04-24 11:42 - 2015-10-31 00:12 - 00001612 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC (64 Bit).lnk 2016-04-24 11:42 - 2015-10-28 22:54 - 00001942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-04-24 11:42 - 2015-10-26 16:46 - 00001219 _____ C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk 2016-04-24 11:42 - 2015-10-26 16:31 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk 2016-04-24 11:42 - 2015-10-26 16:28 - 00001615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2016-04-24 11:42 - 2015-10-26 16:24 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk 2016-04-24 11:42 - 2015-10-26 16:24 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk 2016-04-24 11:42 - 2015-10-26 16:24 - 00002126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk 2016-04-24 11:42 - 2015-10-26 15:56 - 00002375 _____ C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-04-24 11:42 - 2015-07-10 12:01 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk 2016-04-24 11:42 - 2015-07-10 12:01 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk 2016-04-24 11:42 - 2015-07-10 12:01 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk 2016-04-24 11:42 - 2015-07-10 12:00 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk 2016-04-24 11:42 - 2015-07-10 12:00 - 00001590 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk 2016-04-24 11:42 - 2015-07-10 12:00 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk 2016-04-24 11:38 - 2015-10-26 15:45 - 00000000 ____D C:\ProgramData\Package Cache 2016-04-24 02:29 - 2016-01-29 22:04 - 00000000 ____D C:\Users\Arek\Desktop\POPRAWINY 2016-04-23 23:56 - 2015-10-26 15:53 - 00000000 ____D C:\Users\Arek\AppData\Roaming\Adobe 2016-04-20 21:00 - 2015-10-26 16:39 - 00000266 __RSH C:\ProgramData\ntuser.pol 2016-04-20 20:58 - 2015-10-26 14:37 - 00000000 ____D C:\WINDOWS\DigitalLocker 2016-04-20 20:33 - 2016-03-02 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-04-20 20:33 - 2016-03-02 20:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-04-20 20:29 - 2015-10-26 14:33 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-04-20 18:29 - 2016-01-16 19:29 - 00000000 ___RD C:\Users\Arek\Documents\Scanned Documents 2016-04-19 18:35 - 2015-10-26 14:33 - 00000000 ____D C:\WINDOWS\rescache 2016-04-17 20:21 - 2015-10-18 14:14 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-04-17 20:13 - 2015-10-26 14:33 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-04-16 00:33 - 2015-10-26 14:25 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-04-13 22:50 - 2015-10-26 17:41 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-04-13 22:42 - 2015-10-26 17:41 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-04-13 22:06 - 2016-01-06 20:03 - 00003916 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-04-06 19:32 - 2015-10-26 14:34 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-04-06 19:32 - 2015-10-26 14:34 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-01-11 19:47 - 2016-01-11 19:47 - 0046537 _____ () C:\Users\Arek\AppData\Roaming\FZOCgcQLiOBfgSCUICF.au3 2016-01-11 19:47 - 2016-01-11 19:47 - 0696336 _____ () C:\Users\Arek\AppData\Roaming\KLgeFYabEfiGVZUIg 2016-03-28 11:05 - 2016-03-28 12:36 - 0000132 _____ () C:\Users\Arek\AppData\Roaming\Preferencje CC formatu GIF firmy Adobe 2015-12-10 21:19 - 2016-03-28 11:05 - 0000132 _____ () C:\Users\Arek\AppData\Roaming\Preferencje CC formatu PNG firmy Adobe 2016-03-28 13:04 - 2016-03-28 15:05 - 0001496 _____ () C:\Users\Arek\AppData\Local\Adobe Zapisz dla Internetu 13.0 Prefs Niektóre pliki w TEMP: ==================== C:\Users\Arek\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Arek\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-04-27 17:31 ==================== Koniec FRST.txt ============================