FRST.txt

Win 8.1 - Przekierowanie na inne strony z reklamami

Wróciłem po rocznym kontrakcie do Polski, a wcześniejszym użytkownikom to nie przeszkadzało, bądź nie zwrócili na to uwagi. Co najważniejsze nie potrafili podać jakiegoś konkretnego okresu kiedy się to pojawiło, dlatego pozwoliłem sobie dać skanuj 360 dni. Mój błąd.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by user (administrator) on KOMPUTEREK on 23-07-2014 20:00:30
Running from C:\Users\user\Desktop
Platform: Windows 8.1 Pro (X64) OS Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(ATI Technologies) C:\Users\user\AppData\Local\ATI Technologies\atiedxx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1391895032\ee\aolsoftware.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] = & gt; C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] = & gt; C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [IMSS] = & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] = & gt; C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] = & gt; C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [fst_pl_31] = & gt; [X]
HKLM-x32\...\Run: [HostManager] = & gt; C:\Program Files (x86)\Common Files\AOL\1391895032\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Adobe ARM] = & gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoCDBurning] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\Run: [DAEMON Tools Lite] = & gt; C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\Run: [OfficeSyncProcess] = & gt; C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\Run: [AtiDriverStart] = & gt; C:\Users\user\AppData\Local\ATI Technologies\atidxx.exe [55296 2014-04-18] ()
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\Microsoft.com & lt; ===== ATTENTION
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2070900500-1894314203-3353238036-1001\...\MountPoints2: {7295f2ba-7a47-11e3-824f-806e6f6e6963} - " F:\ASRSetup.exe "
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\minibin.lnk
ShortcutTarget: minibin.lnk - & gt; C:\Windows\Components\Kosz Tray\minibin.exe (Mike Edward Moras (e-sushi(TM)) -- www.e-sushi.net)
ShellIconOverlayIdentifiers: 00avast - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; No File
ShellIconOverlayIdentifiers: ShareOverlay - & gt; {594D4122-1F87-41E2-96C7-825FB4796516} = & gt; C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: StorageProviderError - & gt; {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} = & gt; C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: StorageProviderSyncing - & gt; {0A30F902-8398-4ee8-86F7-4CFB589F04D1} = & gt; C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ShareOverlay - & gt; {594D4122-1F87-41E2-96C7-825FB4796516} = & gt; C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: StorageProviderError - & gt; {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} = & gt; C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: StorageProviderSyncing - & gt; {0A30F902-8398-4ee8-86F7-4CFB589F04D1} = & gt; C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected & lt; ======= ATTENTION

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = http://www.google.com/search?hl=en & q={searchTerms} & meta=
BHO: ExplorerBHO Class - & gt; {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - & gt; C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: NeoxtCoup - & gt; {631F5535-371E-04BE-9F36-51E1955A1218} - & gt; C:\Program Files (x86)\NeoxtCoup\Hiw0.x64.dll ()
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - & gt; {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - & gt; C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - & gt; {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - & gt; C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: No Name - & gt; {631F5535-371E-04BE-9F36-51E1955A1218} - & gt; No File
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class - & gt; {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - & gt; C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Dokumenty Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]
CHR Extension: (Dysk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Szukaj w Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-29]
CHR Extension: (NeoxtCoup) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdcmboamgphbmejhdebdmkkccldkmic [2014-07-09]
CHR Extension: (NexttCoupp) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojajgkicdjakddolfkackbhodnkmaijl [2014-07-08]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]
CHR Extension: (NeoxtCoup) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdcmboamgphbmejhdebdmkkccldkmic\1.0 [2014-07-09]
CHR Extension: (NexttCoupp) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojajgkicdjakddolfkackbhodnkmaijl\1.0 [2014-07-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction & lt; ======= ATTENTION

==================== Services (Whitelisted) =================

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-13] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [812312 2013-12-10] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 gupdate; " C:\Program Files (x86)\Google\Update\GoogleUpdate.exe " /svc [X]
S3 gupdatem; " C:\Program Files (x86)\Google\Update\GoogleUpdate.exe " /medsvc [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

==================== Drivers (Whitelisted) ====================

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-06-16] ()
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-01-11] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-01-11] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-06-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-11] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
U0 msahci;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 20:00 - 2014-07-23 20:00 - 00017065 _____ () C:\Users\user\Desktop\FRST.txt
2014-07-23 20:00 - 2014-07-23 20:00 - 00000000 ____D () C:\FRST
2014-07-23 19:58 - 2014-07-23 19:59 - 02091520 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-07-23 19:56 - 2014-07-23 19:56 - 00000000 ____D () C:\Users\user\Desktop\skany wiry
2014-07-23 19:08 - 2014-07-23 19:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 19:08 - 2014-07-23 19:08 - 00001150 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 19:08 - 2014-07-23 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 19:08 - 2014-07-23 19:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 19:08 - 2014-07-23 19:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 19:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-23 19:08 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-23 19:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-23 19:04 - 2014-07-23 19:04 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2014-07-23 00:01 - 2014-07-23 00:01 - 00279456 _____ () C:\Windows\Minidump\072314-23453-01.dmp
2014-07-22 12:27 - 2014-07-22 12:27 - 01354223 _____ () C:\Users\user\Desktop\adwcleaner_3.216.exe
2014-07-21 20:27 - 2014-07-23 00:01 - 360223459 _____ () C:\Windows\MEMORY.DMP
2014-07-21 20:27 - 2014-07-21 20:27 - 00279456 _____ () C:\Windows\Minidump\072114-19359-01.dmp
2014-07-21 19:07 - 2014-07-21 19:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Steam
2014-07-20 00:02 - 2014-07-20 00:02 - 00000000 ____D () C:\Users\user\Documents\Larian Studios
2014-07-19 13:43 - 2014-07-19 13:43 - 00279456 _____ () C:\Windows\Minidump\071914-16828-01.dmp
2014-07-19 13:21 - 2014-07-19 13:21 - 00279456 _____ () C:\Windows\Minidump\071914-16953-01.dmp
2014-07-18 22:20 - 2014-07-18 22:20 - 00279456 _____ () C:\Windows\Minidump\071814-16312-01.dmp
2014-07-18 18:28 - 2014-07-18 18:28 - 00000000 ____D () C:\Users\user\Documents\Egosoft
2014-07-18 18:28 - 2014-07-18 18:28 - 00000000 ____D () C:\Users\user\AppData\Local\SKIDROW
2014-07-18 16:16 - 2014-07-18 16:16 - 00279456 _____ () C:\Windows\Minidump\071814-33015-01.dmp
2014-07-14 23:08 - 2014-07-14 23:08 - 00279456 _____ () C:\Windows\Minidump\071414-19796-01.dmp
2014-07-11 13:17 - 2014-07-11 13:17 - 00000690 _____ () C:\Users\Public\Desktop\Dragon's Prophet.lnk
2014-07-11 13:17 - 2014-07-11 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon's Prophet
2014-07-10 21:21 - 2014-07-10 21:21 - 00279456 _____ () C:\Windows\Minidump\071014-24468-01.dmp
2014-07-10 17:18 - 2014-07-10 17:43 - 00000000 ____D () C:\Users\user\Documents\dragoon
2014-07-10 16:04 - 2014-07-11 13:10 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-09 18:22 - 2013-08-17 00:02 - 00859416 _____ (TMRG, Inc.) C:\Windows\system32\rlls64.dll
2014-07-09 18:22 - 2013-08-17 00:02 - 00593688 _____ (TMRG, Inc.) C:\Windows\SysWOW64\rlls.dll
2014-07-09 11:49 - 2011-07-19 04:05 - 00000046 _____ () C:\Program Files (x86)\Falco.url
2014-07-09 01:28 - 2014-07-09 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-07-09 01:28 - 2014-07-09 01:28 - 00000000 ____D () C:\Program Files\Classic Shell
2014-07-09 01:11 - 2014-07-13 15:40 - 00000000 ____D () C:\Program Files (x86)\NeoxtCoup
2014-07-09 01:11 - 2014-07-09 01:11 - 01899624 _____ (profiler heart of software The) C:\Windows\SysWOW64\setup.exe
2014-07-09 01:11 - 2014-07-09 01:11 - 00000540 __RSH () C:\ProgramData\ntuser.pol
2014-07-09 01:11 - 2014-07-09 01:11 - 00000000 ____D () C:\ProgramData\NeoxtCoup
2014-07-08 11:55 - 2014-07-09 01:11 - 00000000 ____D () C:\ProgramData\NexttCoupp
2014-07-08 11:55 - 2014-07-09 01:10 - 00000000 ____D () C:\Program Files (x86)\NexttCoupp
2014-07-07 20:18 - 2014-07-07 20:18 - 00000803 _____ () C:\Users\Public\Desktop\Football Manager 2014.lnk
2014-07-07 20:18 - 2014-07-07 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Football Manager 2014
2014-07-07 20:05 - 2014-07-07 20:05 - 00000000 ____D () C:\Users\user\AppData\Local\Setup Integrity Check
2014-07-07 20:01 - 2014-07-07 20:01 - 00000905 _____ () C:\Users\Public\Desktop\FM Genie Scout 14.lnk
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\Users\Gość\AppData\Local\Chromatic Browser
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-06 01:55 - 2014-07-07 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 14
2014-07-06 01:47 - 2014-07-06 01:47 - 00000000 ____D () C:\Users\user\Documents\Sports Interactive
2014-07-06 01:47 - 2014-07-06 01:47 - 00000000 ____D () C:\Users\user\AppData\Local\Sports Interactive
2014-07-06 01:47 - 2014-07-06 01:47 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-07-02 21:57 - 2014-07-02 21:57 - 00000000 ____D () C:\ProgramData\Caphyon
2014-07-02 21:54 - 2014-07-02 22:05 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-30 13:10 - 2014-06-30 13:10 - 00000573 _____ () C:\Users\user\Desktop\MoorHunt.lnk
2014-06-29 14:24 - 2014-06-29 14:28 - 00000000 ____D () C:\Users\user\AppData\Local\Sniper3
2014-06-28 15:29 - 2014-06-28 15:29 - 00000585 _____ () C:\Users\Public\Desktop\Valiant Hearts The Great War.lnk
2014-06-28 15:29 - 2014-06-28 15:29 - 00000585 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valiant Hearts The Great War.lnk
2014-06-24 18:20 - 2014-06-24 18:20 - 00702504 _____ () C:\Users\user\Downloads\Origin(38298).exe
2014-06-24 17:16 - 2014-07-15 13:20 - 00002227 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-24 17:16 - 2014-06-24 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-24 17:00 - 2014-06-24 17:00 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== One Month Modified Files and Folders =======

2014-07-23 20:01 - 2014-02-09 21:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-07-23 20:00 - 2014-07-23 20:00 - 00017065 _____ () C:\Users\user\Desktop\FRST.txt
2014-07-23 20:00 - 2014-07-23 20:00 - 00000000 ____D () C:\FRST
2014-07-23 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-23 19:59 - 2014-07-23 19:58 - 02091520 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-07-23 19:56 - 2014-07-23 19:56 - 00000000 ____D () C:\Users\user\Desktop\skany wiry
2014-07-23 19:39 - 2014-01-21 23:35 - 00581632 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-07-23 19:38 - 2014-01-11 00:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\ClassicShell
2014-07-23 19:21 - 2014-05-29 23:43 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 19:21 - 2014-02-01 17:08 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-23 19:08 - 2014-07-23 19:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 19:08 - 2014-07-23 19:08 - 00001150 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 19:08 - 2014-07-23 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 19:08 - 2014-07-23 19:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 19:08 - 2014-07-23 19:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 19:04 - 2014-07-23 19:04 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2014-07-23 17:21 - 2014-05-29 23:43 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 16:47 - 2014-01-21 18:54 - 00000000 ____D () C:\ProgramData\MoorHunt
2014-07-23 14:21 - 2014-02-27 11:48 - 01749313 _____ () C:\Windows\WindowsUpdate.log
2014-07-23 13:55 - 2014-01-11 00:50 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2070900500-1894314203-3353238036-1001
2014-07-23 13:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-23 00:01 - 2014-07-23 00:01 - 00279456 _____ () C:\Windows\Minidump\072314-23453-01.dmp
2014-07-23 00:01 - 2014-07-21 20:27 - 360223459 _____ () C:\Windows\MEMORY.DMP
2014-07-23 00:01 - 2014-05-17 23:28 - 00000000 ____D () C:\Windows\Minidump
2014-07-23 00:01 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 22:23 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-22 12:29 - 2014-03-08 13:59 - 00805848 _____ () C:\Windows\PFRO.log
2014-07-22 12:28 - 2014-06-12 14:17 - 00000000 ____D () C:\AdwCleaner
2014-07-22 12:27 - 2014-07-22 12:27 - 01354223 _____ () C:\Users\user\Desktop\adwcleaner_3.216.exe
2014-07-21 20:27 - 2014-07-21 20:27 - 00279456 _____ () C:\Windows\Minidump\072114-19359-01.dmp
2014-07-21 19:07 - 2014-07-21 19:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Steam
2014-07-20 00:02 - 2014-07-20 00:02 - 00000000 ____D () C:\Users\user\Documents\Larian Studios
2014-07-19 13:43 - 2014-07-19 13:43 - 00279456 _____ () C:\Windows\Minidump\071914-16828-01.dmp
2014-07-19 13:21 - 2014-07-19 13:21 - 00279456 _____ () C:\Windows\Minidump\071914-16953-01.dmp
2014-07-18 22:20 - 2014-07-18 22:20 - 00279456 _____ () C:\Windows\Minidump\071814-16312-01.dmp
2014-07-18 18:28 - 2014-07-18 18:28 - 00000000 ____D () C:\Users\user\Documents\Egosoft
2014-07-18 18:28 - 2014-07-18 18:28 - 00000000 ____D () C:\Users\user\AppData\Local\SKIDROW
2014-07-18 16:16 - 2014-07-18 16:16 - 00279456 _____ () C:\Windows\Minidump\071814-33015-01.dmp
2014-07-15 13:20 - 2014-06-24 17:16 - 00002227 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-14 23:08 - 2014-07-14 23:08 - 00279456 _____ () C:\Windows\Minidump\071414-19796-01.dmp
2014-07-14 19:29 - 2014-04-14 19:13 - 00008314 _____ () C:\Windows\setupact.log
2014-07-13 16:38 - 2014-05-07 13:59 - 00000000 ____D () C:\Users\user\AppData\Local\Daedalic Entertainment GmbH
2014-07-13 15:40 - 2014-07-09 01:11 - 00000000 ____D () C:\Program Files (x86)\NeoxtCoup
2014-07-12 14:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-11 13:17 - 2014-07-11 13:17 - 00000690 _____ () C:\Users\Public\Desktop\Dragon's Prophet.lnk
2014-07-11 13:17 - 2014-07-11 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon's Prophet
2014-07-11 13:10 - 2014-07-10 16:04 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-10 21:21 - 2014-07-10 21:21 - 00279456 _____ () C:\Windows\Minidump\071014-24468-01.dmp
2014-07-10 17:43 - 2014-07-10 17:18 - 00000000 ____D () C:\Users\user\Documents\dragoon
2014-07-10 17:17 - 2014-04-30 00:44 - 00248424 _____ () C:\Windows\DirectX.log
2014-07-09 01:28 - 2014-07-09 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-07-09 01:28 - 2014-07-09 01:28 - 00000000 ____D () C:\Program Files\Classic Shell
2014-07-09 01:28 - 2014-01-11 00:53 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-07-09 01:11 - 2014-07-09 01:11 - 01899624 _____ (profiler heart of software The) C:\Windows\SysWOW64\setup.exe
2014-07-09 01:11 - 2014-07-09 01:11 - 00000540 __RSH () C:\ProgramData\ntuser.pol
2014-07-09 01:11 - 2014-07-09 01:11 - 00000000 ____D () C:\ProgramData\NeoxtCoup
2014-07-09 01:11 - 2014-07-08 11:55 - 00000000 ____D () C:\ProgramData\NexttCoupp
2014-07-09 01:11 - 2014-04-20 16:23 - 00000000 ____D () C:\ProgramData\1c2b29fb44c2bbd3
2014-07-09 01:10 - 2014-07-08 11:55 - 00000000 ____D () C:\Program Files (x86)\NexttCoupp
2014-07-08 19:21 - 2014-04-28 19:21 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 19:21 - 2014-02-01 17:08 - 00003818 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 11:55 - 2013-08-22 16:44 - 00489208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-07 20:18 - 2014-07-07 20:18 - 00000803 _____ () C:\Users\Public\Desktop\Football Manager 2014.lnk
2014-07-07 20:18 - 2014-07-07 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Football Manager 2014
2014-07-07 20:05 - 2014-07-07 20:05 - 00000000 ____D () C:\Users\user\AppData\Local\Setup Integrity Check
2014-07-07 20:01 - 2014-07-07 20:01 - 00000905 _____ () C:\Users\Public\Desktop\FM Genie Scout 14.lnk
2014-07-07 20:01 - 2014-07-06 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 14
2014-07-06 11:48 - 2014-02-16 18:08 - 00000000 ____D () C:\Users\user\Documents\My Games
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\Users\Gość\AppData\Local\Chromatic Browser
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-06 11:46 - 2014-01-11 00:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-06 01:47 - 2014-07-06 01:47 - 00000000 ____D () C:\Users\user\Documents\Sports Interactive
2014-07-06 01:47 - 2014-07-06 01:47 - 00000000 ____D () C:\Users\user\AppData\Local\Sports Interactive
2014-07-06 01:47 - 2014-07-06 01:47 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-07-04 20:00 - 2014-01-21 02:49 - 00000000 ____D () C:\Users\user\Desktop\konta P2M
2014-07-02 22:05 - 2014-07-02 21:54 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-07-02 22:05 - 2014-06-21 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland
2014-07-02 21:57 - 2014-07-02 21:57 - 00000000 ____D () C:\ProgramData\Caphyon
2014-06-30 13:10 - 2014-06-30 13:10 - 00000573 _____ () C:\Users\user\Desktop\MoorHunt.lnk
2014-06-30 13:10 - 2014-01-21 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoorHunt v2
2014-06-29 14:28 - 2014-06-29 14:24 - 00000000 ____D () C:\Users\user\AppData\Local\Sniper3
2014-06-28 15:29 - 2014-06-28 15:29 - 00000585 _____ () C:\Users\Public\Desktop\Valiant Hearts The Great War.lnk
2014-06-28 15:29 - 2014-06-28 15:29 - 00000585 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valiant Hearts The Great War.lnk
2014-06-28 15:29 - 2014-01-12 21:00 - 00000000 ____D () C:\ProgramData\Orbit
2014-06-28 10:18 - 2014-06-20 18:15 - 00000000 ____D () C:\Users\user\Documents\EA Games
2014-06-27 20:57 - 2014-06-13 23:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\SpinTires
2014-06-24 18:21 - 2014-05-29 23:20 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-24 18:20 - 2014-06-24 18:20 - 00702504 _____ () C:\Users\user\Downloads\Origin(38298).exe
2014-06-24 17:16 - 2014-06-24 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-24 17:16 - 2014-05-29 23:43 - 00004038 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 17:16 - 2014-05-29 23:43 - 00003802 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 17:00 - 2014-06-24 17:00 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\CH.dll
C:\Users\user\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\user\AppData\Local\Temp\HardwareCheck.exe
C:\Users\user\AppData\Local\Temp\Medal of Honor_uninst.exe
C:\Users\user\AppData\Local\Temp\NGMDll.dll
C:\Users\user\AppData\Local\Temp\NGMResource.dll
C:\Users\user\AppData\Local\Temp\NGMSetup.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\SettlementColossusPl_20109.exe
C:\Users\user\AppData\Local\Temp\SHSetup.exe
C:\Users\user\AppData\Local\Temp\sonarinst.exe
C:\Users\user\AppData\Local\Temp\Tsu503DBE19.dll
C:\Users\user\AppData\Local\Temp\unicows.dll
C:\Users\user\AppData\Local\Temp\Uninstaller-6064.exe
C:\Users\user\AppData\Local\Temp\update5.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe = & gt; File is digitally signed
C:\Windows\System32\wininit.exe = & gt; File is digitally signed
C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe = & gt; File is digitally signed
C:\Windows\System32\svchost.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe = & gt; File is digitally signed
C:\Windows\System32\services.exe = & gt; File is digitally signed
C:\Windows\System32\User32.dll = & gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll = & gt; File is digitally signed
C:\Windows\System32\userinit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe = & gt; File is digitally signed
C:\Windows\System32\rpcss.dll = & gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys = & gt; File is digitally signed


LastRegBack: 2014-07-18 16:48

==================== End Of Log ============================


Download file - link to post