Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 07-12-2016 Uruchomiony przez Nesste (administrator) NESTE (12-12-2016 17:46:50) Uruchomiony z C:\Users\Nesste\Desktop\Nowy folder (2) Załadowane profile: Nesste (Dostępne profile: Nesste) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrA.exe (StarWind Software) E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Wargaming.net) E:\Gry\WoT\WargamingGameUpdater.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor) HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-10-25] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKU\S-1-5-21-2816774600-1235983040-3463408076-1000\...\Run: [World of Tanks] => E:\Gry\WoT\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net) HKU\S-1-5-21-2816774600-1235983040-3463408076-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd) HKU\S-1-5-21-2816774600-1235983040-3463408076-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [978456 2016-08-03] (BlueStack Systems, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.99.99 Tcpip\..\Interfaces\{66F21D74-F112-4F2F-A518-694DA8CC407D}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{ECF23C1C-01F2-4091-AF4B-472D33120739}: [DhcpNameServer] 192.168.99.99 Tcpip\..\Interfaces\{FB2AB971-E764-4476-9D5B-1DDCF3871F53}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2816774600-1235983040-3463408076-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\pepflashplayer64_23_0_0_207.dll () CHR Profile: C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default [2016-12-12] CHR Extension: (Prezentacje Google) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-12] CHR Extension: (Dokumenty Google) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-12] CHR Extension: (Dysk Google) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-12] CHR Extension: (YouTube) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-12] CHR Extension: (Arkusze Google) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-12] CHR Extension: (Gmail) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdpfakmkmnhbmpkjoalflbdchkpggned [2016-12-12] CHR Extension: (Dokumenty Google offline) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-12] CHR Extension: (Szukaj w Google) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpjmkngecpnnajkmdhplmeoelenkpgk [2016-12-12] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-12] CHR Extension: (Gmail) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-12] CHR Extension: (Chrome Media Router) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-12] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-10-25] (Advanced Micro Devices) [Brak podpisu cyfrowego] S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S2 AxAutoMntSrv; E:\Programy\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [445976 2016-08-03] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [425496 2016-08-03] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [462360 2016-08-03] (BlueStack Systems, Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Brak podpisu cyfrowego] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-03-29] () R2 StarWindServiceAE; E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Brak podpisu cyfrowego] S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-10-25] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2014-09-02] () R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2016-08-03] (BlueStack Systems) R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. ) S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-08-16] (Sony Mobile Communications) R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-08-31] (Highresolution Enterprises [www.highrez.co.uk]) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-09-02] () R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-12] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-12] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-12] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-12] (Malwarebytes) S3 netfitsprocadapter; C:\Windows\System32\DRIVERS\netfitsproc.sys [30480 2016-12-10] (Netfits) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.) S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [126208 2012-10-26] (QUALCOMM Incorporated) [Brak podpisu cyfrowego] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-02-05] (Duplex Secure Ltd.) R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [208696 2007-03-28] (StorageCraft) U3 airyhytm; C:\Windows\System32\Drivers\airyhytm.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) NETSVCx32: HpSvc -> Brak ścieżki do pliku. NETSVCx32: WpSvc -> Brak ścieżki do pliku. NETSVCx32: GmSvc -> Brak ścieżki do pliku. ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-12 17:43 - 2016-12-12 17:45 - 00000000 ____D C:\AdwCleaner 2016-12-12 17:37 - 2016-12-12 17:37 - 00000008 __RSH C:\ProgramData\ntuser.pol 2016-12-12 17:32 - 2016-12-12 17:32 - 00000000 _____ C:\Users\Nesste\Desktop\Nowy dokument tekstowy.txt 2016-12-12 16:07 - 2016-12-12 16:07 - 00000000 ____D C:\Users\Nesste\Desktop\Nowy folder (3) 2016-12-12 01:42 - 2016-12-12 16:23 - 00012354 _____ C:\Users\Nesste\Desktop\GMER.txt 2016-12-12 01:41 - 2016-12-12 17:36 - 00000000 ____D C:\Users\Nesste\Desktop\Nowy folder (2) 2016-12-12 01:41 - 2016-12-12 01:41 - 00000022 _____ C:\Users\Nesste\Downloads\Upload.zip 2016-12-12 01:38 - 2016-12-12 17:46 - 00000000 ____D C:\FRST 2016-12-12 01:35 - 2016-12-12 01:35 - 00022688 _____ C:\Users\Nesste\Downloads\FRST.txt 2016-12-12 01:04 - 2016-12-12 17:38 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-12-12 01:04 - 2016-12-12 01:04 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2016-12-12 01:04 - 2016-12-12 01:04 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2016-12-12 01:03 - 2016-12-12 17:38 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-12 01:03 - 2016-12-12 17:38 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-12-12 01:03 - 2016-12-12 01:03 - 00001875 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2016-12-12 01:03 - 2016-12-12 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-12-12 01:03 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2016-12-12 01:02 - 2016-12-12 01:03 - 51969976 _____ (Malwarebytes ) C:\Users\Nesste\Downloads\mb3-setup-consumer-3.0.4.1269.exe 2016-12-12 00:01 - 2016-12-12 01:43 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-12 00:00 - 2016-12-12 17:37 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-12-12 00:00 - 2016-12-12 17:05 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-12-12 00:00 - 2016-12-12 00:13 - 00000000 ____D C:\Users\Nesste\AppData\Local\Google 2016-12-12 00:00 - 2016-12-12 00:01 - 00000000 ____D C:\Program Files (x86)\Google 2016-12-12 00:00 - 2016-12-12 00:00 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-12 00:00 - 2016-12-12 00:00 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-11 23:42 - 2016-12-11 23:42 - 01065376 _____ (Google Inc.) C:\Users\Nesste\Desktop\ChromeSetup.exe 2016-12-11 23:31 - 2016-12-11 23:38 - 00000000 ____D C:\EEK 2016-12-11 23:31 - 2016-12-11 23:31 - 266094448 _____ C:\Users\Nesste\Downloads\EmsisoftEmergencyKit.exe 2016-12-11 23:27 - 2016-12-11 23:27 - 01626336 _____ C:\Users\Nesste\Downloads\Emsisoft-Emergency-Kit-13269-dp.exe 2016-12-11 22:14 - 2016-12-11 22:14 - 00028304 _____ C:\ComboFix.txt 2016-12-11 22:04 - 2016-12-12 01:04 - 00240894 _____ C:\Windows\ntbtlog.txt 2016-12-11 21:52 - 2016-12-11 22:14 - 00000000 ____D C:\Qoobox 2016-12-11 21:52 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2016-12-11 21:52 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2016-12-11 21:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-12-11 21:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-12-11 21:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-12-11 21:52 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2016-12-11 21:52 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2016-12-11 21:52 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2016-12-11 20:49 - 2016-12-11 22:53 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\Lenovo 2016-12-11 01:19 - 2016-12-11 01:19 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-10 23:31 - 2016-12-11 21:38 - 00000000 ____D C:\$AVG 2016-12-10 23:30 - 2016-12-10 23:46 - 00000000 ____D C:\Users\Nesste\Doctor Web 2016-12-10 23:21 - 2016-12-11 22:00 - 00000000 ____D C:\Windows\erdnt 2016-12-10 23:21 - 2016-12-10 23:21 - 00000000 ____D C:\Program Files\McAfee 2016-12-10 23:20 - 2016-12-10 23:20 - 05658636 ____R (Swearware) C:\Users\Nesste\Downloads\ComboFix 16.11.13.01 [1].exe 2016-12-10 22:47 - 2016-12-10 22:47 - 00250912 _____ C:\Windows\SysWOW64\kz.exe 2016-12-10 22:45 - 2016-12-12 17:37 - 00000008 __RSH C:\Users\Nesste\ntuser.pol 2016-12-10 22:42 - 2016-12-10 22:42 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-12-10 22:41 - 2016-12-10 22:41 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2016-12-10 22:41 - 2016-12-10 22:41 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2016-12-10 22:41 - 2016-12-10 22:41 - 00000000 ____D C:\ProgramData\{D0717883-7508-4308-9A88-311E19C5C458}.tmp 2016-12-10 22:40 - 2016-12-11 22:53 - 00000000 ____D C:\Program Files (x86)\Lenovo 2016-12-10 22:40 - 2016-12-10 22:40 - 00030480 _____ (Netfits) C:\Windows\system32\Drivers\netfitsproc.sys 2016-12-10 22:38 - 2016-12-10 22:38 - 00000000 ____D C:\ProgramData\Avira 2016-12-10 22:37 - 2016-12-11 00:20 - 00000000 ____D C:\ProgramData\AVAST Software 2016-12-10 22:37 - 2016-12-10 22:37 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll 2016-12-10 22:37 - 2016-12-10 22:37 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll 2016-12-10 22:37 - 2016-12-10 22:37 - 00003512 _____ C:\Windows\System32\Tasks\d6a959b4fd1aaa581ab458d9d73c08ff 2016-12-10 22:36 - 2016-12-12 17:36 - 00000000 ____D C:\Users\Nesste\AppData\Local\Dritopy 2016-12-10 22:36 - 2016-12-11 02:17 - 00000000 ____D C:\Program Files (x86)\Arozalyprogly 2016-12-10 22:36 - 2016-12-10 22:44 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\Elukweceward 2016-12-10 22:36 - 2016-12-10 22:36 - 00000000 ____D C:\Users\Public\Thunder Network 2016-12-10 22:36 - 2016-11-09 15:55 - 00778752 _____ C:\Windows\system32\chtbrkg.dll 2016-12-10 22:36 - 2016-11-09 15:55 - 00590848 _____ C:\Windows\SysWOW64\chtbrkg.dll 2016-12-10 22:34 - 2016-12-10 22:34 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2016-12-10 21:58 - 2016-12-10 22:37 - 00000000 ____D C:\Program Files (x86)\RAR Password Unlocker 2016-12-10 21:23 - 2016-12-10 22:37 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2016-12-10 21:23 - 2016-12-10 21:23 - 00001217 _____ C:\Users\Nesste\Desktop\Uplay.lnk 2016-12-10 21:23 - 2016-12-10 21:23 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2016-12-10 19:28 - 2016-12-10 19:28 - 00000000 ____D C:\Users\Nesste\AppData\LocalLow\uTorrent 2016-12-07 20:12 - 2016-12-07 20:12 - 00000372 _____ C:\Users\Nesste\Desktop\DiRT2 — skrót.lnk 2016-12-05 00:12 - 2016-12-05 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace 2016-12-04 22:08 - 2016-12-04 22:09 - 00000000 ____D C:\Users\Nesste\Documents\NFS Most Wanted 2016-12-04 22:06 - 2016-12-04 22:06 - 00000819 _____ C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk 2016-11-26 18:02 - 2016-11-26 18:02 - 00001771 _____ C:\Users\Nesste\Desktop\SpinTires.exe — skrót.lnk 2016-11-26 16:36 - 2016-11-28 19:24 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\SpinTires 2016-11-20 00:34 - 2016-11-20 00:34 - 00000520 _____ C:\Users\Nesste\Desktop\Battlefield™ Hardline — skrót.lnk 2016-11-19 22:39 - 2016-11-19 22:43 - 00000000 ____D C:\Users\Nesste\Documents\BFH 2016-11-19 22:38 - 2016-11-19 22:38 - 00000000 ____D C:\Program Files\BreakPoint Software 2016-11-19 22:37 - 2016-11-19 22:37 - 18864464 _____ (BreakPoint Software) C:\Users\Nesste\Downloads\hw_v680.exe 2016-11-19 21:56 - 2016-12-10 22:37 - 00000000 ____D C:\Program Files (x86)\BFH 2016-11-15 16:15 - 2016-11-15 16:15 - 00678753 _____ C:\Users\Nesste\Desktop\skierowanie 2.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-12 17:42 - 2011-04-12 14:21 - 13598684 _____ C:\Windows\system32\perfh015.dat 2016-12-12 17:42 - 2011-04-12 14:21 - 04565296 _____ C:\Windows\system32\perfc015.dat 2016-12-12 17:42 - 2009-07-14 06:13 - 00006212 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-12 17:37 - 2013-12-31 20:31 - 00000000 ____D C:\Users\Nesste 2016-12-12 17:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-12 17:36 - 2016-09-17 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warblade 2016-12-12 17:36 - 2015-01-12 19:35 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder 2016-12-12 17:36 - 2014-03-16 18:29 - 00000000 ____D C:\Users\Nesste\Documents\Euro Truck Simulator 2 2016-12-12 17:36 - 2014-02-04 08:50 - 00000000 ____D C:\Users\Nesste\AppData\LocalLow\Temp 2016-12-12 17:36 - 2013-12-31 21:34 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2016-12-12 17:36 - 2013-12-31 20:32 - 00001186 _____ C:\Users\Nesste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-12-12 17:36 - 2013-12-31 20:32 - 00001186 _____ C:\Users\Nesste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-12-12 17:36 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-12-12 01:03 - 2016-05-14 21:11 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-12 00:07 - 2016-02-12 10:46 - 00000000 ____D C:\Users\Nesste\AppData\Local\ElevatedDiagnostics 2016-12-11 23:47 - 2014-09-01 19:48 - 00000000 ____D C:\ProgramData\McAfee 2016-12-11 23:46 - 2009-07-14 05:45 - 00031728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-11 23:46 - 2009-07-14 05:45 - 00031728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-11 22:32 - 2015-02-03 22:13 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2016-12-11 22:13 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2016-12-11 21:51 - 2014-07-19 14:49 - 00000000 ___RD C:\Users\Nesste\Desktop\Pobrane 2016-12-11 21:50 - 2016-11-09 15:16 - 00000000 ____D C:\Users\Nesste\Desktop\Nowy folder 2016-12-11 21:49 - 2014-07-19 15:02 - 00000000 ___RD C:\Users\Nesste\Desktop\Programy 2016-12-11 21:47 - 2016-05-14 23:36 - 00000000 ____D C:\Users\Nesste\AppData\Local\AvgSetupLog 2016-12-11 21:47 - 2014-04-13 20:05 - 00000000 ____D C:\ProgramData\AVG 2016-12-11 21:46 - 2015-07-03 22:15 - 00000000 ____D C:\Users\Nesste\AppData\Local\Avg 2016-12-11 21:46 - 2014-04-14 18:39 - 00000000 ____D C:\ProgramData\MFAData 2016-12-11 01:39 - 2016-10-19 15:33 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-12-10 23:32 - 2015-08-27 23:21 - 00000000 ____D C:\Program Files\Common Files\AV 2016-12-10 22:45 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-10 22:43 - 2014-01-06 13:00 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\uTorrent 2016-12-10 22:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-12-10 22:40 - 2014-11-02 15:03 - 00000000 ____D C:\Users\Nesste\AppData\Local\Chromium 2016-12-10 22:38 - 2016-11-10 18:39 - 00000000 ____D C:\Program Files (x86)\FreeMouseAutoClicker 2016-12-10 22:38 - 2016-10-16 03:01 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2016-12-10 22:38 - 2014-01-06 17:53 - 00000000 ____D C:\Program Files (x86)\OpenAL 2016-12-10 22:38 - 2014-01-01 13:14 - 00000000 ____D C:\Program Files (x86)\Adobe Story 2016-12-10 22:38 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-12-10 22:37 - 2016-11-05 19:27 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2016-12-10 22:37 - 2016-10-21 21:51 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2016-12-10 22:37 - 2016-09-18 02:48 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-12-10 22:37 - 2016-09-18 02:48 - 00000000 ____D C:\Program Files (x86)\AMD 2016-12-10 22:37 - 2016-08-31 00:08 - 00000000 ____D C:\Program Files (x86)\Kerish Doctor 2016-12-10 22:37 - 2016-08-27 13:40 - 00000000 ____D C:\Program Files (x86)\Panda Security 2016-12-10 22:37 - 2016-07-31 12:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2016-12-10 22:37 - 2016-07-31 12:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2016-12-10 22:37 - 2016-07-31 12:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2016-12-10 22:37 - 2016-07-31 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-12-10 22:37 - 2016-06-15 00:08 - 00000000 ____D C:\Program Files (x86)\mp3DirectCut 2016-12-10 22:37 - 2016-05-20 21:01 - 00000000 ____D C:\Program Files (x86)\Steam 2016-12-10 22:37 - 2016-05-14 20:26 - 00000000 ____D C:\Program Files (x86)\ChomikBox 2016-12-10 22:37 - 2015-12-25 21:47 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2016-12-10 22:37 - 2015-10-31 10:48 - 00000000 ____D C:\Program Files (x86)\Drakensang Online 2016-12-10 22:37 - 2015-09-07 23:04 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE 2016-12-10 22:37 - 2015-03-15 01:08 - 00000000 ____D C:\Program Files (x86)\WinHex 2016-12-10 22:37 - 2015-01-23 01:30 - 00000000 ____D C:\Program Files (x86)\DataMax 2016-12-10 22:37 - 2014-10-06 21:29 - 00000000 ____D C:\Program Files (x86)\AIMP3 2016-12-10 22:37 - 2014-08-16 18:11 - 00000000 ____D C:\Program Files (x86)\Sony Mobile 2016-12-10 22:37 - 2014-08-16 18:08 - 00000000 ____D C:\Program Files (x86)\Sony 2016-12-10 22:37 - 2014-07-09 22:51 - 00000000 ____D C:\Program Files (x86)\QUALCOMM Incorporated 2016-12-10 22:37 - 2014-02-09 10:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-12-10 22:37 - 2014-01-05 21:51 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2016-12-10 22:37 - 2014-01-05 18:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2016-12-10 22:37 - 2013-12-31 21:30 - 00000000 ____D C:\Program Files (x86)\AMD APP 2016-12-10 22:37 - 2013-12-31 21:28 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2016-12-10 22:37 - 2013-12-31 21:25 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-12-10 22:37 - 2013-12-31 21:11 - 00000000 ____D C:\Program Files (x86)\GIGABYTE 2016-12-10 22:37 - 2013-12-31 20:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-12-10 22:37 - 2013-12-31 20:49 - 00000000 ____D C:\Program Files (x86)\Realtek 2016-12-10 22:37 - 2013-12-31 20:48 - 00000000 ___HD C:\Program Files (x86)\Temp 2016-12-10 22:37 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2016-12-10 22:37 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-12-10 22:37 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2016-12-10 22:37 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-12-10 22:37 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-12-10 22:37 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Windows NT 2016-12-10 22:34 - 2016-10-16 03:00 - 00000000 _____ C:\TOSTACK 2016-12-10 21:42 - 2016-06-03 21:44 - 00000000 ____D C:\Users\Nesste\AppData\Local\Ubisoft Game Launcher 2016-12-10 21:12 - 2013-12-31 21:45 - 00000000 ____D C:\Windows\SysWOW64\directx 2016-12-10 19:56 - 2014-01-05 16:06 - 00000651 _____ C:\Users\Nesste\Documents\ax_files.xml 2016-12-09 16:35 - 2014-03-02 08:47 - 00000000 ____D C:\Windows\Minidump 2016-12-09 16:35 - 2013-12-31 03:20 - 00287333 ____N C:\Windows\Minidump\120916-17643-01.dmp 2016-12-05 13:52 - 2009-07-14 05:45 - 04981736 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-05 00:27 - 2015-01-12 19:35 - 00000000 ____D C:\Users\Nesste\Documents\My Games 2016-12-05 00:27 - 2014-01-06 17:54 - 00000000 ____D C:\ProgramData\Codemasters 2016-12-05 00:04 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-12-04 22:06 - 2015-02-11 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2016-12-04 21:56 - 2016-07-04 22:59 - 00111144 _____ C:\Users\Nesste\AppData\Local\GDIPFONTCACHEV1.DAT 2016-12-04 12:01 - 2013-12-31 03:20 - 00287013 ____N C:\Windows\Minidump\120416-26847-01.dmp 2016-12-03 15:17 - 2016-09-17 14:01 - 00000000 ____D C:\ProgramData\AlawarWrapper 2016-12-03 15:05 - 2016-10-30 10:45 - 00000000 ____D C:\Users\Nesste\Documents\The Witcher 3 2016-12-02 19:20 - 2014-10-06 21:29 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\AIMP3 2016-11-30 20:12 - 2014-07-19 14:57 - 00000000 ___RD C:\Users\Nesste\Desktop\Gry 2016-11-29 12:32 - 2013-12-31 03:20 - 00287269 ____N C:\Windows\Minidump\112916-17253-01.dmp ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-03-15 03:27 - 2015-03-15 03:27 - 0000001 _____ () C:\Users\Nesste\AppData\Local\llftool.4.40.agreement 2014-01-03 00:28 - 2014-01-03 00:28 - 0007605 _____ () C:\Users\Nesste\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll [2010-11-21 04:24] - [2016-08-30 23:43] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2010-11-21 04:24] - [2016-08-30 23:43] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-12-09 16:05 ==================== Koniec FRST.txt ============================