Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 31-08-2016 Uruchomiony przez Jurek (administrator) JUREK-KOMPUTER (06-09-2016 17:43:17) Uruchomiony z C:\Users\Jurek\Downloads\Nowy folder (2) Załadowane profile: Jurek (Dostępne profile: Jurek & Gość) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Solvusoft Corporation) C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-23] (Acer Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-11] (Advanced Micro Devices, Inc.) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2809649214-3554048560-1684349070-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-2809649214-3554048560-1684349070-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-08-31] (Electronic Arts) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{2CB0C26E-9B8F-429E-A677-B69F8E1953B5}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{7919BAC1-5E35-4E32-9B2D-D9C860F854BB}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{A8AA306B-24DC-4279-B388-49A030A2436F}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120141124 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120141124 HKU\S-1-5-21-2809649214-3554048560-1684349070-1000\Software\Microsoft\Internet Explorer\Main,Start Page = URLSearchHook: HKU\S-1-5-21-2809649214-3554048560-1684349070-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-2809649214-3554048560-1684349070-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-02-17] (McAfee, Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-02-17] (McAfee, Inc.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-02-17] (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-02-17] (McAfee, Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-02-17] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-02-17] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-02-17] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-02-17] (McAfee, Inc.) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2012-02-17] (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-05-02] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-05-02] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-02-28] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Jurek\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com FF Extension: (SpeedAnalysis.com) - C:\Users\Jurek\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013-04-13] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-23] [Brak podpisu cyfrowego] FF HKU\S-1-5-21-2809649214-3554048560-1684349070-1000\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Jurek\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com Chrome: ======= CHR Profile: C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Music App) - C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaikjhckghnoaaaehhmgjcfajoabi [2015-03-15] CHR Extension: (SiteAdvisor) - C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-14] CHR Extension: (RealDownloader) - C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-03-15] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-27] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-02-28] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06] Opera: ======= OPR StartupUrls: "hxxp://onet.pl/" OPR Session Restore: -> [funkcja włączona] OPR Extension: (Internet Speed Checker) - C:\Users\Jurek\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbglkiiiofelplniblholffbhhjmdhhi [2015-01-18] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-31] (Electronic Arts) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [6408704 2010-11-29] (Etron) [Brak podpisu cyfrowego] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-06 17:00 - 2016-09-06 17:12 - 00000000 ____D C:\Users\Jurek\Downloads\Nowy folder (2) 2016-09-05 22:05 - 2016-09-05 22:05 - 00037477 _____ C:\Users\Jurek\Downloads\AdwCleanerS0.txt 2016-09-05 21:54 - 2016-09-05 21:54 - 00000000 ____D C:\Users\Jurek\AppData\Roaming\Solvusoft 2016-09-05 21:39 - 2016-09-05 21:52 - 00000000 ____D C:\AdwCleaner 2016-09-05 21:39 - 2016-09-05 21:39 - 03826240 _____ C:\Users\Jurek\Desktop\adwcleaner_6.010.exe 2016-09-01 20:38 - 2016-09-01 20:38 - 00010630 _____ C:\Users\Jurek\Desktop\gmer.txt 2016-09-01 18:28 - 2016-09-05 22:15 - 00143252 _____ C:\Users\Jurek\Downloads\Shortcut.txt 2016-09-01 18:22 - 2016-09-05 22:15 - 00105725 _____ C:\Users\Jurek\Downloads\Addition.txt 2016-09-01 18:13 - 2016-09-01 18:37 - 733984768 _____ C:\Users\Jurek\Desktop\Zanim się pojawiłeś.avi 2016-09-01 17:55 - 2016-09-05 21:55 - 00003352 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2809649214-3554048560-1684349070-1000 2016-08-31 22:45 - 2016-08-31 22:45 - 00380928 _____ C:\Users\Jurek\Downloads\yugbsd4m.exe 2016-08-31 22:32 - 2016-09-06 17:43 - 00000000 ____D C:\FRST 2016-08-31 14:16 - 2016-08-31 14:16 - 00002206 _____ C:\Users\Public\Desktop\The Sims™ 3 Zwierzaki.lnk 2016-08-31 13:58 - 2016-08-31 14:21 - 00000000 ____D C:\Program Files (x86)\Origin Games 2016-08-31 13:57 - 2016-08-31 14:18 - 00000000 ____D C:\Users\Jurek\AppData\Local\Origin 2016-08-31 13:35 - 2016-08-31 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2016-08-31 13:35 - 2016-08-31 13:35 - 00000989 _____ C:\Users\Public\Desktop\Origin.lnk 2016-08-31 13:34 - 2016-08-31 14:17 - 00000000 ____D C:\Program Files (x86)\Origin 2016-08-31 13:33 - 2016-08-31 13:33 - 00002206 _____ C:\Users\Public\Desktop\The Sims™ 3 Po zmroku.lnk 2016-08-31 13:12 - 2016-08-31 13:12 - 00002288 _____ C:\Users\Public\Desktop\The Sims™ 3 Wymarzone Podróże.lnk 2016-08-31 11:08 - 2016-08-31 11:08 - 00000000 ____D C:\Users\Jurek\Documents\Electronic Arts 2016-08-31 11:05 - 2016-08-31 11:05 - 00002090 _____ C:\Users\Public\Desktop\The Sims™ 3.lnk 2016-08-30 23:36 - 2011-04-05 13:26 - 00252712 _____ (ELAN Microelectronics Corp.) C:\Windows\ETDUninst.dll 2016-08-30 14:22 - 2016-08-30 14:22 - 00003094 _____ C:\Windows\System32\Tasks\{16701D5A-2B24-4185-B291-EF40ACD2D43F} 2016-08-30 14:19 - 2016-08-30 14:19 - 00000000 ____D C:\Users\Jurek\AppData\Local\{6F05A601-5B80-46B9-9A16-774315428950} 2016-08-29 17:44 - 2016-08-31 14:35 - 00000000 ____D C:\Users\Jurek\Desktop\Ola 2016-08-26 19:32 - 2016-09-05 21:55 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2809649214-3554048560-1684349070-1000 2016-08-22 17:55 - 2016-08-22 17:55 - 00000000 ____D C:\Users\Jurek\AppData\Local\{D89AEA30-8D38-4625-B026-CAE0B9C6E004} ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-06 17:19 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-06 17:19 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-06 17:17 - 2013-05-21 10:20 - 00000000 ____D C:\ProgramData\Origin 2016-09-06 17:17 - 2013-05-02 15:19 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2016-09-06 17:16 - 2015-05-16 10:11 - 00003122 _____ C:\Windows\System32\Tasks\DriverDocRunAtStartup 2016-09-06 17:13 - 2014-09-24 15:46 - 00000008 __RSH C:\ProgramData\ntuser.pol 2016-09-06 17:13 - 2013-05-02 17:06 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-09-06 17:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-06 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2016-09-06 17:12 - 2013-05-30 16:23 - 00000000 ____D C:\Users\Gość.Jurek-Komputer\AppData\LocalLow\Temp 2016-09-06 17:06 - 2013-07-21 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CheboMan 2016-09-06 17:05 - 2011-08-14 20:07 - 00001174 _____ C:\Users\Jurek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-09-06 17:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\GroupPolicy 2016-09-06 16:01 - 2015-03-12 19:14 - 00000278 _____ C:\Windows\Tasks\DriverDoc_UPDATES.job 2016-09-05 21:59 - 2015-03-12 19:15 - 00003032 _____ C:\Windows\System32\Tasks\DriverDoc_UPDATES 2016-09-05 19:24 - 2011-05-29 17:03 - 00745634 _____ C:\Windows\system32\perfh015.dat 2016-09-05 19:24 - 2011-05-29 17:03 - 00158934 _____ C:\Windows\system32\perfc015.dat 2016-09-05 19:24 - 2009-07-14 07:13 - 00902304 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-05 19:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-09-05 17:56 - 2011-08-15 14:59 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} 2016-09-03 09:16 - 2014-09-22 20:59 - 00000000 ____D C:\Program Files (x86)\Opera 2016-09-01 20:41 - 2011-08-15 13:00 - 00000000 ____D C:\Users\Jurek\AppData\Roaming\SoftGrid Client 2016-09-01 20:35 - 2011-08-14 20:07 - 00000000 ____D C:\Users\Jurek\AppData\Roaming\Adobe 2016-09-01 17:55 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2016-08-31 14:19 - 2013-05-21 10:20 - 00000000 ____D C:\Users\Jurek\AppData\Roaming\Origin 2016-08-31 14:16 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-08-31 14:10 - 2014-07-08 18:42 - 00000000 ____D C:\ProgramData\Package Cache 2016-08-31 14:07 - 2011-08-31 10:26 - 00000000 ____D C:\Program Files (x86)\Electronic Arts 2016-08-31 14:07 - 2011-03-25 06:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-08-31 13:35 - 2011-08-31 10:49 - 00000000 ____D C:\ProgramData\Electronic Arts 2016-08-31 00:11 - 2011-12-11 12:33 - 00000000 ____D C:\Program Files (x86)\TV 2016-08-31 00:08 - 2011-08-14 20:07 - 00058904 _____ C:\Users\Jurek\AppData\Local\GDIPFONTCACHEV1.DAT 2016-08-31 00:05 - 2009-07-14 06:45 - 00275968 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-30 23:58 - 2011-03-25 08:08 - 00000000 ____D C:\ProgramData\BackupManager 2016-08-30 23:57 - 2011-03-25 07:26 - 00000000 ____D C:\Program Files (x86)\Acer 2016-08-30 23:55 - 2014-07-08 18:42 - 00000000 ____D C:\Program Files\Adblock Plus for IE 2016-08-30 23:54 - 2011-03-25 07:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2016-08-30 23:51 - 2012-01-18 21:29 - 00000000 ____D C:\Program Files (x86)\ChomikBox 2016-08-30 23:48 - 2011-05-29 16:35 - 00000000 ____D C:\ProgramData\CyberLink 2016-08-30 23:45 - 2011-08-14 22:07 - 00000000 ____D C:\Users\Jurek\AppData\Local\Cyberlink 2016-08-30 23:37 - 2011-09-18 21:43 - 00000000 ____D C:\Program Files (x86)\Canon 2016-08-30 23:21 - 2014-06-04 10:04 - 00000000 ____D C:\Users\Jurek\AppData\Local\GG 2016-08-30 23:21 - 2012-09-21 13:07 - 00002122 _____ C:\Windows\wininit.ini 2016-08-30 23:19 - 2011-08-18 11:36 - 00000000 ____D C:\Program Files (x86)\Google 2016-08-30 23:13 - 2011-09-07 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2016-08-30 22:59 - 2013-11-04 21:51 - 00000000 ____D C:\Program Files (x86)\Nokia 2016-08-30 22:57 - 2013-11-04 21:55 - 00000000 ____D C:\ProgramData\Nokia 2016-08-30 22:56 - 2013-11-04 22:09 - 00000000 ____D C:\Users\Jurek\AppData\Roaming\Nokia Suite 2016-08-30 22:56 - 2013-11-04 22:09 - 00000000 ____D C:\Users\Jurek\AppData\Roaming\Nokia 2016-08-30 22:50 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-08-30 22:48 - 2011-05-29 16:31 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9Acer.dll 2016-08-30 18:30 - 2013-01-12 17:00 - 00000000 ____D C:\ProgramData\InstallMate 2016-08-30 18:26 - 2011-08-16 18:28 - 00000000 ____D C:\Users\Jurek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar.pl 2016-08-30 18:26 - 2011-08-16 18:28 - 00000000 ____D C:\Program Files (x86)\Alawar.pl 2016-08-30 14:50 - 2011-08-15 12:19 - 00000000 ____D C:\Program Files (x86)\Turtix Misja Ratunkowa 2016-08-30 14:29 - 2014-07-08 18:42 - 00000000 ____D C:\Users\Jurek\AppData\LocalLow\Adblock Plus for IE 2016-08-30 14:24 - 2012-01-21 22:00 - 00000000 ____D C:\Program Files (x86)\Winamp 2016-08-29 19:29 - 2013-07-14 12:45 - 00000000 ____D C:\Users\Jurek\Desktop\JUREK 2016-08-29 18:23 - 2013-07-14 12:54 - 00000000 ____D C:\Users\Jurek\Documents\Folder 2016-08-29 18:22 - 2013-01-09 21:00 - 00000000 ____D C:\Users\Jurek\Downloads\Nowy folder 2016-08-29 17:39 - 2014-06-04 10:07 - 00000000 ___SD C:\Users\Jurek\GG dysk 2016-08-28 22:15 - 2013-09-27 15:42 - 00000241 _____ C:\Users\Jurek\AppData\Roaming\WB.CFG 2016-08-16 21:10 - 2014-12-14 21:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-08-09 20:23 - 2014-09-22 21:00 - 00003900 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1411412399 ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-09-19 16:47 - 2015-09-19 16:48 - 6420480 _____ () C:\Program Files (x86)\GUTE051.tmp 2012-06-10 18:13 - 2012-06-10 18:13 - 0000272 _____ () C:\Users\Jurek\AppData\Roaming\.backup.dm 2013-05-26 13:40 - 2013-05-30 12:28 - 0000298 _____ () C:\Users\Jurek\AppData\Roaming\KosztKonfig.xml 2013-05-30 12:28 - 2013-05-30 12:28 - 0000298 _____ () C:\Users\Jurek\AppData\Roaming\KosztKonfig.xml.bak 2012-01-11 18:05 - 2011-11-17 07:38 - 0153088 _____ () C:\Users\Jurek\AppData\Roaming\Other.res 2013-09-27 15:42 - 2016-08-28 22:15 - 0000241 _____ () C:\Users\Jurek\AppData\Roaming\WB.CFG 2011-09-19 19:15 - 2013-11-16 17:37 - 0006656 _____ () C:\Users\Jurek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-07-04 19:21 - 2014-02-04 18:20 - 0007599 _____ () C:\Users\Jurek\AppData\Local\Resmon.ResmonCfg 2012-01-11 21:45 - 2012-01-11 21:45 - 0000000 _____ () C:\Users\Jurek\AppData\Local\{7116CF05-1700-4965-89C2-C349967D44D1} 2011-09-28 16:56 - 2011-09-28 16:56 - 0000000 _____ () C:\Users\Jurek\AppData\Local\{9195DDC2-837B-4E3F-827A-989DFD791ABA} 2011-09-28 16:58 - 2011-09-28 16:58 - 0000000 _____ () C:\Users\Jurek\AppData\Local\{CFA15332-569C-4664-9D4A-AE760CAA06B8} 2011-11-06 22:05 - 2011-11-06 22:05 - 0000000 _____ () C:\Users\Jurek\AppData\Local\{E972B417-0ADF-4159-AB63-DB20FE483C17} 2011-05-29 16:35 - 2011-05-29 16:43 - 0015211 _____ () C:\ProgramData\ArcadeDeluxe5.log 2011-03-25 07:07 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe 2016-08-30 23:45 - 2016-08-30 23:47 - 0000032 _____ () C:\ProgramData\PS.log ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-08-30 21:50 ==================== Koniec FRST.txt ============================