Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 24-07-2016 Uruchomiony przez Pawel (administrator) PAWEL-KOMPUTER (25-07-2016 17:23:47) Uruchomiony z C:\Users\Pawel\Downloads Załadowane profile: Pawel (Dostępne profile: Pawel) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () D:\Programy\ScreenShooter5\ScreenShooter5.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () D:\Programy\Gaming Keyboard\Monitor.EXE (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation) HKLM-x32\...\Run: [Dare-U Keyboard] => D:\Programy\Gaming Keyboard\Monitor.exe [745472 2013-05-15] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6723856 2016-06-29] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-3103190666-1964943653-1976880572-1001\...\Run: [ScreenShooter] => D:\Programy\ScreenShooter5\ScreenShooter5.exe [967680 2015-09-19] () HKU\S-1-5-21-3103190666-1964943653-1976880572-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.) HKU\S-1-5-21-3103190666-1964943653-1976880572-1001\...\Run: [DAEMON Tools Lite] => D:\Programy\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd) HKU\S-1-5-21-3103190666-1964943653-1976880572-1001\...\MountPoints2: {c07a417d-48ef-11e6-96fb-fcaa149ed2d1} - G:\startme.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-08-21] ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) GroupPolicy: Ograniczenia - Chrome <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A2B5A533-C2C7-4005-9E1F-E4F4D2729C11}: [DhcpNameServer] 10.21.64.199 Tcpip\..\Interfaces\{E4EA07BB-3F32-466B-8FC5-60D762A34C27}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKLM -> DefaultScope - brak wartości SearchScopes: HKLM-x32 -> DefaultScope - brak wartości BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Programy\Java\bin\ssv.dll [2015-11-16] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Programy\Java\bin\jp2ssv.dll [2015-11-16] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] () FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> D:\Programy\Java\bin\dtplugin\npDeployJava1.dll [2015-11-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> D:\Programy\Java\bin\plugin2\npjp2.dll [2015-11-16] (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://google.pl/" CHR Profile: C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-07] CHR Extension: (Dokumenty Google) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-07] CHR Extension: (Dysk Google) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07] CHR Extension: (YouTube) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-07] CHR Extension: (Adblock Plus) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29] CHR Extension: (Google Search) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07] CHR Extension: (Arkusze Google) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-07] CHR Extension: (AdBlock) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-05] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01] CHR Extension: (Gmail) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-07] CHR HKLM\...\Chrome\Extension: [ncadhpiimldiaggdmgilboibgpkamcdf] - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncadhpiimldiaggdmgilboibgpkamcdf.crx CHR HKLM-x32\...\Chrome\Extension: [ncadhpiimldiaggdmgilboibgpkamcdf] - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncadhpiimldiaggdmgilboibgpkamcdf.crx ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [637944 2016-06-29] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5251808 2016-06-29] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712792 2016-06-29] (AVG Technologies CZ, s.r.o.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1392648 2016-07-11] () S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc.) R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [Brak podpisu cyfrowego] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-12-28] (EasyAntiCheat Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation) S3 Origin Client Service; D:\Programy\Origin\OriginClientService.exe [2104840 2016-02-02] (Electronic Arts) S3 OverwolfUpdater; D:\Programy\Overwolf\OverwolfUpdater.exe [1309936 2016-07-06] (Overwolf LTD) R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [Brak podpisu cyfrowego] S2 SkypeUpdate; D:\Programy\Skype\Updater\Updater.exe [327808 2016-03-23] (Skype Technologies) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-06-09] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [249088 2016-06-02] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [280320 2016-06-01] (AVG Technologies CZ, s.r.o.) R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [76544 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154168 2016-04-26] (BlueStack Systems) R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. ) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-12-11] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [46392 2015-12-11] (Disc Soft Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-12-11] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-16] () R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation) R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-10-03] (NVIDIA Corporation) R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation) R3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.) R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation) R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation) S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] U3 awddrkog; \??\C:\Users\Pawel\AppData\Local\Temp\awddrkog.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-07-25 17:23 - 2016-07-25 17:23 - 00017885 _____ C:\Users\Pawel\Downloads\FRST.txt 2016-07-25 17:23 - 2016-07-25 17:23 - 00000000 ____D C:\FRST 2016-07-25 17:20 - 2016-07-25 17:21 - 00380928 _____ C:\Users\Pawel\Downloads\giiofylb.exe 2016-07-25 17:20 - 2016-07-25 17:20 - 02394112 _____ (Farbar) C:\Users\Pawel\Downloads\FRST64.exe 2016-07-25 16:54 - 2016-07-25 16:57 - 00067526 _____ C:\net-log.txt 2016-07-25 16:53 - 2016-07-25 16:53 - 00215040 _____ C:\Users\Pawel\Downloads\net-log.exe 2016-07-23 16:40 - 2016-07-23 17:02 - 00000000 ____D C:\Users\Pawel\Desktop\Bot 2016-07-16 18:57 - 2016-07-25 15:06 - 00000000 ____D C:\Users\Pawel\vmlogs 2016-07-16 18:57 - 2016-07-25 15:06 - 00000000 ____D C:\Users\Pawel\.android 2016-07-16 18:57 - 2016-07-16 18:57 - 00000000 ____D C:\Users\Pawel\Nox_share 2016-07-16 18:56 - 2016-07-25 15:06 - 00000000 ____D C:\Users\Pawel\.BigNox 2016-07-16 18:56 - 2016-07-16 18:56 - 00000758 _____ C:\Users\Pawel\Desktop\Nox.lnk 2016-07-16 18:56 - 2016-07-16 18:56 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Start Menu\Nox 2016-07-16 18:56 - 2016-07-16 18:56 - 00000000 ____D C:\Program Files\DIFX 2016-07-16 18:56 - 2016-07-16 18:56 - 00000000 ____D C:\Program Files\Bignox 2016-07-16 18:56 - 2015-09-16 08:07 - 00127432 _____ (BigNox Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2016-07-16 18:56 - 2015-09-16 05:29 - 00253384 _____ (BigNox Corporation) C:\Windows\system32\Drivers\XQHDrv.sys 2016-07-16 18:55 - 2016-07-25 15:09 - 00000000 ____D C:\Users\Pawel\AppData\Local\Nox 2016-07-15 20:01 - 2016-07-15 20:10 - 00000000 ____D C:\Users\Pawel\Documents\APK 2016-07-12 12:19 - 2016-07-12 12:21 - 00000017 _____ C:\Users\Pawel\Desktop\mail internetia.txt 2016-07-07 12:25 - 2016-07-24 21:21 - 00000000 ____D C:\Users\Pawel\Desktop\Nowy folder 2016-07-05 23:56 - 2016-07-12 15:56 - 00000000 ____D C:\Users\Pawel\.afrls 2016-07-05 23:56 - 2016-07-05 23:56 - 00000662 _____ C:\Users\Public\Desktop\AFR-launcher.lnk 2016-07-05 23:56 - 2016-07-05 23:56 - 00000662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AFR-launcher.lnk 2016-07-05 14:04 - 2016-07-05 14:11 - 00000000 ____D C:\Users\Pawel\AppData\Local\Arma 3 Launcher 2016-07-05 14:04 - 2016-07-05 14:04 - 00000000 ____D C:\Users\Pawel\AppData\Local\Bohemia_Interactive 2016-07-04 22:33 - 2016-07-07 14:00 - 00000000 ____D C:\Users\Pawel\Documents\Arma 3 - Other Profiles 2016-07-04 22:27 - 2016-07-12 15:56 - 00000000 ____D C:\Users\Pawel\AppData\Local\Arma 3 2016-07-04 22:27 - 2016-07-12 03:38 - 00000000 ____D C:\Users\Pawel\Documents\Arma 3 2016-07-04 22:27 - 2016-07-04 22:27 - 00000000 ____D C:\ProgramData\Bohemia Interactive 2016-07-04 22:23 - 2016-07-04 22:23 - 00000646 _____ C:\Users\Public\Desktop\A3Launcher.lnk 2016-07-04 22:23 - 2016-07-04 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A3Launcher 2016-07-04 14:09 - 2016-07-04 14:09 - 00000211 _____ C:\Users\Pawel\Desktop\Arma 3.url 2016-06-29 16:38 - 2016-06-29 16:38 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Mozilla 2016-06-29 16:38 - 2016-06-29 16:38 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Macromedia 2016-06-29 16:38 - 2016-06-29 16:38 - 00000000 ____D C:\Users\Pawel\AppData\Local\Macromedia 2016-06-29 16:33 - 2016-06-29 16:38 - 00000000 ____D C:\ProgramData\BlueStacksGameManager 2016-06-29 16:33 - 2016-06-29 16:33 - 00001701 _____ C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk 2016-06-29 16:33 - 2016-06-29 16:33 - 00000000 ____D C:\ProgramData\BlueStacks 2016-06-29 16:33 - 2016-06-29 16:33 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2016-06-29 16:29 - 2016-07-25 17:10 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2016-06-29 16:29 - 2016-06-29 16:29 - 00000000 ____D C:\Users\Pawel\AppData\Local\Bluestacks 2016-06-29 14:05 - 2016-06-29 14:06 - 00000000 ____D C:\Users\Pawel\AppData\Local\PAYDAY 2 2016-06-29 14:05 - 2016-06-29 14:05 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-07-25 17:12 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-25 17:12 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-25 17:11 - 2011-04-12 15:21 - 00741136 _____ C:\Windows\system32\perfh015.dat 2016-07-25 17:11 - 2011-04-12 15:21 - 00156208 _____ C:\Windows\system32\perfc015.dat 2016-07-25 17:11 - 2009-07-14 07:13 - 01672612 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-25 17:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-07-25 17:05 - 2015-12-07 10:19 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-25 17:05 - 2015-11-16 22:10 - 00003436 _____ C:\Windows\System32\Tasks\SteamClient 2016-07-25 17:05 - 2015-11-10 19:10 - 00000000 ____D C:\ProgramData\MFAData 2016-07-25 17:05 - 2014-08-21 13:14 - 00000000 ____D C:\ProgramData\NVIDIA 2016-07-25 17:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-25 16:43 - 2015-12-07 10:19 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-25 16:23 - 2015-11-10 19:19 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\TS3Client 2016-07-21 17:28 - 2015-12-27 00:38 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Audacity 2016-07-16 18:57 - 2015-11-10 18:00 - 00000000 ____D C:\Users\Pawel 2016-07-16 13:47 - 2015-12-09 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-07-12 18:58 - 2015-12-01 11:20 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-12 18:58 - 2015-12-01 11:20 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-07-06 10:57 - 2016-02-18 23:48 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Mumble 2016-07-05 23:56 - 2015-11-16 21:27 - 00000000 ____D C:\Users\Pawel\.oracle_jre_usage 2016-07-05 14:03 - 2014-08-21 13:02 - 01644282 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-07-04 22:21 - 2015-12-07 13:05 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Skype 2016-06-29 22:11 - 2015-12-09 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-06-29 16:38 - 2015-12-01 11:27 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Adobe 2016-06-29 16:33 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries 2016-06-27 22:41 - 2015-11-19 17:03 - 00000154 _____ C:\Users\Pawel\Desktop\GTA SA budynki N4G 17.07.2016.txt 2016-06-25 10:27 - 2015-11-19 21:27 - 00000000 ___RD C:\Users\Pawel\Desktop\Gry ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-05-30 22:23 - 2016-06-02 21:14 - 0000098 _____ () C:\Users\Pawel\AppData\Roaming\LauncherSettings_live.cfg 2016-05-30 22:17 - 2016-05-30 22:18 - 0000040 _____ () C:\Users\Pawel\AppData\Roaming\TheHunterSettings_steam_live.cfg 2015-12-01 11:45 - 2015-12-01 11:45 - 0000057 _____ () C:\ProgramData\Ament.ini Niektóre pliki w TEMP: ==================== C:\Users\Pawel\AppData\Local\Temp\avg-6f684d76-19b9-4c54-82c7-3c3f474cac5b.exe C:\Users\Pawel\AppData\Local\Temp\avguirn_081554797730.exe C:\Users\Pawel\AppData\Local\Temp\avguirn_081808189256.exe C:\Users\Pawel\AppData\Local\Temp\avguirn_081943299508.exe C:\Users\Pawel\AppData\Local\Temp\avguirn_081973252950.exe C:\Users\Pawel\AppData\Local\Temp\avguirn_08262337371.exe C:\Users\Pawel\AppData\Local\Temp\avguirn_08531860518.exe C:\Users\Pawel\AppData\Local\Temp\avguirn_08714634343.exe C:\Users\Pawel\AppData\Local\Temp\avguirn_08903049437.exe C:\Users\Pawel\AppData\Local\Temp\avguirn_08958562447.exe C:\Users\Pawel\AppData\Local\Temp\Bass.dll C:\Users\Pawel\AppData\Local\Temp\Bass.Net.dll C:\Users\Pawel\AppData\Local\Temp\bitool.dll C:\Users\Pawel\AppData\Local\Temp\GTA_V_Launcher_1_0_757_3.exe C:\Users\Pawel\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Pawel\AppData\Local\Temp\nvStInst.exe C:\Users\Pawel\AppData\Local\Temp\sqlite3.dll C:\Users\Pawel\AppData\Local\Temp\Uninstall.exe C:\Users\Pawel\AppData\Local\Temp\utils.dll C:\Users\Pawel\AppData\Local\Temp\_is52A2.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-07-23 18:29 ==================== Koniec FRST.txt ============================