ADVERTISEMENT

FRST.txt

Analiza logów po infekcji wirusem dll28stny.com u znajomego – prośba o sprawdzenie

Proszę bardzo, oto nowe logi FRST


Download file - link to post

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01
Ran by Mateusz (administrator) on MATEUSZCH on 09-10-2014 21:45:31
Running from C:\Users\Mateusz\Desktop
Loaded Profiles: Mateusz & UpdatusUser (Available profiles: Mateusz & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Zapp\WBrokerDirect.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\System32\PnkBstrA.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LogMeIn Inc.) D:\boI\hamachi-2.exe
(LogMeIn, Inc.) D:\boI\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\boI\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\boI\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Perfect World Entertainment) C:\Program Files\Perfect World Entertainment\Arc\ArcLauncher.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Electronic Arts) D:\Origin\Origin.exe
(BitTorrent Inc.) C:\Users\Mateusz\AppData\Roaming\uTorrent\uTorrent.exe
(Dropbox, Inc.) C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Take-Two Interactive Software, Inc.) D:\Rockstar Games Social Club\1_0_0_0\RGSC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] = & gt; C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-05] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] = & gt; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SoundMAXPnP] = & gt; C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [Nvtmru] = & gt; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] = & gt; C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Arc] = & gt; C:\Program Files\Perfect World Entertainment\Arc\ArcLauncher.exe [145744 2014-08-21] (Perfect World Entertainment)
HKLM\...\Run: [LogMeIn Hamachi Ui] = & gt; D:\boI\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-4254151560-1315666669-2390539270-1000\...\Run: [Skype] = & gt; C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4254151560-1315666669-2390539270-1000\...\Run: [EADM] = & gt; D:\Origin\Origin.exe [3600216 2014-09-18] (Electronic Arts)
HKU\S-1-5-21-4254151560-1315666669-2390539270-1000\...\Run: [uTorrent] = & gt; C:\Users\Mateusz\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-09-26] (BitTorrent Inc.)
HKU\S-1-5-21-4254151560-1315666669-2390539270-1000\...\Run: [DAEMON Tools Lite] = & gt; C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4254151560-1315666669-2390539270-1000\...\Run: [RGSC] = & gt; D:\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-4254151560-1315666669-2390539270-1000\...\MountPoints2: {e5872e99-10ff-11e4-9fb4-001e0b37288f} - G:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] = & gt; C:\Windows\System32\SPReview\SPReview.exe [280576 2014-06-06] (Microsoft Corporation)
Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk - & gt; C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] - & gt; {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] - & gt; {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] - & gt; {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected & lt; ======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb & gct=ds & appid=128 & systemid=488 & v=a13277-396 & apn_uid=3545885558034274 & apn_dtid=TCH001 & o=APN11459 & apn_ptnrs=AG1 & q={searchTerms}
SearchScopes: HKCU - {4726483D-F832-468D-9925-AEA21D37F1CE} URL = http://www.search.ask.com/web?tpid=ORJ-ST-SPE & o=APN11467 & pf=V7 & p2=^BED^OSJ000^YY^PL & gct= & itbv=12.15.1.21 & apn_uid=B7D2C065-985F-482E-962B-F9BBAB5B22BE & apn_ptnrs=BED & apn_dtid=^OSJ000^YY^PL & apn_dbr=cr_35.0.1916.153 & doi=2014-07-27 & trgb=CR & q={searchTerms} & psv= & pt=tb
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb & gct=ds & appid=128 & systemid=488 & v=a13277-396 & apn_uid=3545885558034274 & apn_dtid=TCH001 & o=APN11459 & apn_ptnrs=AG1 & q={searchTerms}
BHO: Shopping App by Ask - & gt; {4F524A2D-5354-2D53-5045-7A786E7484D7} - & gt; " C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll " No File
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ArcPluginIEBHO Class - & gt; {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - & gt; C:\Program Files\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer - & gt; {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - & gt; C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Zapp - & gt; {e6eeb20c-cf4a-4789-becf-64f78340708f} - & gt; C:\Program Files\Zapp\IE\Zapp.dll No File
Toolbar: HKLM - Zapp - {e6eeb20c-cf4a-4789-becf-64f78340708f} - C:\Program Files\Zapp\IE\Zapp.dll No File
Toolbar: HKLM - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - " C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll " No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - & gt; C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @esn/npbattlelog,version=2.4.0 - & gt; C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.67.2 - & gt; C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 - & gt; C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - & gt; disabled No File
FF Plugin: @nvidia.com/3DVision - & gt; C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - & gt; C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - & gt; C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - & gt; C:\Users\Mateusz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-04]

Chrome:
=======
CHR HomePage: Default - & gt;
CHR DefaultSuggestURL: Default - & gt; {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient} & gs_ri={google:suggestRid} & xssi=t & q={searchTerms} & {google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-09]
CHR Extension: (Dysk Google) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-09]
CHR Extension: (YouTube) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-09]
CHR Extension: (Szukaj w Google) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-09]
CHR Extension: (Gmail) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction & lt; ======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-21] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-05] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Hamachi2Svc; D:\boI\hamachi-2.exe [1890128 2014-09-04] (LogMeIn Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14652704 2013-11-14] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-05] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1805624 2014-03-22] (AVG)
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S2 gupdate; " C:\Program Files\Google\Update\GoogleUpdate.exe " /svc [X]
S3 gupdatem; " C:\Program Files\Google\Update\GoogleUpdate.exe " /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-07-22] (Disc Soft Ltd)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-11-14] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2014-02-10] (TuneUp Software)
S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
R3 wod0205; C:\Windows\System32\DRIVERS\wod0205.sys [28936 2011-04-23] (WeOnlyDo Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-07-29 03:17 - 2621-07-29 03:17 - 00000578 _____ () C:\Users\Public\Desktop\Metin2 Ravia.eu - Uruchom.lnk
2099-07-29 03:17 - 2621-07-29 03:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2 Ravia.eu
2099-07-29 03:11 - 2014-10-05 00:26 - 531329493 _____ () C:\Users\Mateusz\Desktop\Ravia_GameClient_2014-09-19.exe
2014-10-09 21:45 - 2014-10-09 21:47 - 00015572 _____ () C:\Users\Mateusz\Desktop\FRST.txt
2014-10-09 21:43 - 2014-10-09 21:43 - 00006870 _____ () C:\Windows\PFRO.log
2014-10-09 21:41 - 2014-10-09 21:41 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-09 21:41 - 2014-10-09 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-10-09 21:41 - 2014-10-09 21:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 21:41 - 2014-10-09 21:41 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-09 21:41 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-09 21:37 - 2014-10-09 21:37 - 00002171 _____ () C:\Users\Mateusz\Desktop\Google Chrome.lnk
2014-10-09 21:37 - 2014-10-09 21:37 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-09 21:29 - 2014-10-09 21:29 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-09 21:27 - 2014-10-09 21:28 - 00000000 ____D () C:\Users\Mateusz\Desktop\Komunikat
2014-10-09 17:48 - 2014-10-09 16:05 - 1113329994 _____ () C:\Users\Mateusz\Desktop\Metek2__pl.rar
2014-10-09 11:24 - 2014-10-09 11:25 - 00000000 ____D () C:\Users\Mateusz\Desktop\Kerunis.pl
2014-10-09 10:32 - 2014-10-09 10:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-09 10:17 - 2014-10-09 21:43 - 00000444 ____H () C:\Windows\Tasks\Norton Security Scan for Mateusz.job
2014-10-09 10:17 - 2014-10-09 10:17 - 00001375 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-10-09 10:17 - 2014-10-09 10:17 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
2014-10-09 10:17 - 2014-10-09 10:17 - 00000000 ____D () C:\ProgramData\Symantec
2014-10-09 10:17 - 2014-10-09 10:17 - 00000000 ____D () C:\ProgramData\Norton
2014-10-09 10:17 - 2014-10-09 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-10-09 10:17 - 2014-10-09 10:17 - 00000000 ____D () C:\Program Files\Norton Security Scan
2014-10-09 10:11 - 2014-10-09 15:01 - 00001356 _____ () C:\Users\Mateusz\Desktop\Wyczyść rejestr za darmo!.lnk
2014-10-08 18:12 - 2014-10-09 21:45 - 00000000 ____D () C:\FRST
2014-10-08 18:12 - 2014-10-08 18:12 - 01101312 _____ (Farbar) C:\Users\Mateusz\Desktop\FRST.exe
2014-10-07 16:12 - 2014-10-07 16:09 - 02209792 _____ () C:\Users\Mateusz\Desktop\AdBlock_dla_Chrome_Sciagnij.pl (1).exe
2014-10-04 14:16 - 2014-10-09 21:44 - 00001344 _____ () C:\Windows\setupact.log
2014-10-04 14:16 - 2014-10-04 14:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-02 20:51 - 2014-10-02 20:51 - 00000008 _____ () C:\Users\Mateusz\Desktop\Nowy dokument tekstowy.txt
2014-09-30 13:56 - 2014-09-30 13:56 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-30 13:24 - 2014-09-30 13:24 - 00001059 _____ () C:\Users\Mateusz\Desktop\TERA-Launcher — skrót.lnk
2014-09-28 12:27 - 2014-09-28 12:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2014-09-26 22:59 - 2014-09-26 22:59 - 00000000 ____D () C:\Windows\system32\Adobe
2014-09-26 22:16 - 2014-09-26 22:22 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\.minecraftzyczu
2014-09-26 22:11 - 2014-09-26 22:51 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\.minecraft
2014-09-26 16:59 - 2014-09-26 16:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-09-25 17:28 - 2014-09-25 17:28 - 00000810 _____ () C:\Users\Mateusz\Desktop\Spider-Man - Shattered Dimensions.lnk
2014-09-25 17:28 - 2014-09-25 17:28 - 00000000 ____D () C:\Users\Mateusz\Documents\Activision
2014-09-25 17:28 - 2014-09-25 17:28 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Spider-Man - Shattered Dimensions
2014-09-25 17:28 - 2014-09-25 17:28 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\Activision
2014-09-25 17:28 - 2014-09-25 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-09-24 19:54 - 2014-09-24 19:54 - 00000512 _____ () C:\Users\Mateusz\Desktop\Glyph.lnk
2014-09-24 19:54 - 2014-09-24 19:54 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\Glyph
2014-09-24 19:54 - 2014-09-24 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-09-24 19:54 - 2014-09-24 19:54 - 00000000 ____D () C:\ProgramData\Glyph
2014-09-24 14:55 - 2014-09-24 14:55 - 00001415 _____ () C:\Users\Mateusz\Desktop\BatmanAC — skrót.lnk
2014-09-23 18:38 - 2014-09-23 18:38 - 00000000 ____D () C:\Users\Mateusz\Documents\WB Games
2014-09-23 17:54 - 2014-09-23 17:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-22 15:58 - 2014-09-22 15:58 - 00001043 _____ () C:\Users\Mateusz\Desktop\TheForest.lnk
2014-09-22 15:50 - 2014-09-22 15:50 - 00000653 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-09-22 15:50 - 2014-09-22 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-09-19 19:32 - 2014-09-19 19:32 - 00000000 ____D () C:\Users\Mateusz\Documents\7 Days To Die
2014-09-19 19:11 - 2014-10-09 21:44 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\LogMeIn Hamachi
2014-09-19 19:11 - 2014-09-19 19:11 - 00000511 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-09-19 19:11 - 2014-09-19 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-15 21:36 - 2014-09-15 21:36 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\EdgeOfReality
2014-09-15 19:16 - 2014-09-15 19:16 - 00000204 _____ () C:\Users\Mateusz\Desktop\Loadout.url
2014-09-15 19:11 - 2009-03-18 18:35 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 21:47 - 2014-09-06 16:53 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Dropbox
2014-10-09 21:47 - 2014-07-02 22:51 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\uTorrent
2014-10-09 21:46 - 2014-09-06 16:54 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\DropboxMaster
2014-10-09 21:43 - 2014-06-06 14:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-09 21:43 - 2014-06-04 19:21 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-09 21:43 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 21:42 - 2014-06-04 10:02 - 01219235 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 21:41 - 2014-07-06 16:22 - 00000000 ____D () C:\AdwCleaner
2014-10-09 21:36 - 2014-06-04 19:21 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\Google
2014-10-09 21:33 - 2014-06-04 10:18 - 00001425 _____ () C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-09 21:29 - 2014-06-04 10:20 - 01670518 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 21:29 - 2009-07-14 10:07 - 00740422 _____ () C:\Windows\system32\perfh015.dat
2014-10-09 21:29 - 2009-07-14 10:07 - 00155996 _____ () C:\Windows\system32\perfc015.dat
2014-10-09 21:26 - 2014-06-04 19:21 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-09 11:26 - 2014-06-05 16:12 - 00000000 ____D () C:\ProgramData\Origin
2014-10-09 10:26 - 2014-06-05 23:01 - 00000000 ____D () C:\Program Files\Zapp
2014-10-09 10:19 - 2009-07-14 06:34 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 10:19 - 2009-07-14 06:34 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 21:37 - 2014-06-21 17:34 - 00000000 ____D () C:\ProgramData\798ace41656c2ba
2014-10-04 18:08 - 2014-06-04 20:15 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Skype
2014-10-04 11:57 - 2014-07-22 00:48 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\DAEMON Tools Lite
2014-10-03 20:49 - 2014-07-20 19:05 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-03 15:09 - 2014-06-05 23:01 - 00034368 _____ () C:\Windows\Launcher.exe
2014-09-30 13:56 - 2014-07-27 13:33 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-30 13:56 - 2014-07-27 13:33 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-30 13:56 - 2014-07-27 13:33 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-30 13:56 - 2014-07-27 13:33 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-30 13:56 - 2014-06-21 11:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-30 13:53 - 2014-08-06 22:30 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\GameRanger
2014-09-30 13:52 - 2014-06-04 19:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-30 13:52 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-30 13:51 - 2014-07-22 01:00 - 00000000 ____D () C:\Users\Mateusz\Documents\Electronic Arts
2014-09-30 13:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-09-30 13:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-23 18:38 - 2014-06-21 12:05 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\NVIDIA
2014-09-23 17:41 - 2014-06-05 16:17 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Origin
2014-09-16 19:55 - 2014-06-08 17:03 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-09-15 19:16 - 2014-07-20 18:23 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-15 09:06 - 2014-06-04 19:35 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Mateusz\AppData\Local\Temp\AdBlock_instalator_sciagnij.exe
C:\Users\Mateusz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdckmqe.dll
C:\Users\Mateusz\AppData\Local\Temp\nszD97.exe
C:\Users\Mateusz\AppData\Local\Temp\Quarantine.exe
C:\Users\Mateusz\AppData\Local\Temp\tbuA6B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\system32\winlogon.exe = & gt; File is digitally signed
C:\Windows\system32\wininit.exe = & gt; File is digitally signed
C:\Windows\system32\svchost.exe = & gt; File is digitally signed
C:\Windows\system32\services.exe = & gt; File is digitally signed
C:\Windows\system32\User32.dll = & gt; File is digitally signed
C:\Windows\system32\userinit.exe = & gt; File is digitally signed
C:\Windows\system32\rpcss.dll = & gt; File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys = & gt; File is digitally signed


LastRegBack: 2014-10-09 19:33

==================== End Of Log ============================