FRST_txt.txt

FRST - Cryptolocker po otworzeniu maila od poczty polskiej..

Wirus Cryptolocker polokował wszystkie JPG-i. Wydaje mi się że go usunąłem ale proszę o sprawdzenie logów bardziej doświadczonych osób. Zdjęcia zapewne już do wywalenia.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015
Ran by start (administrator) on START-KOMPUTER on 14-05-2015 11:01:55
Running from C:\Users\start\Desktop
Loaded Profiles: start (Available profiles: start)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] = & gt; C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] = & gt; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [NvBackend] = & gt; C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] = & gt; C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] = & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] = & gt; C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] = & gt; C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2771146442-3684013614-596228640-1000\...\Run: [CCleaner Monitoring] = & gt; C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2771146442-3684013614-596228640-1000\...\MountPoints2: {02a7a2e4-310c-11e3-b1dd-bc5ff4be90f3} - G:\AutoRun.exe
HKU\S-1-5-21-2771146442-3684013614-596228640-1000\...\MountPoints2: {02a7a2f3-310c-11e3-b1dd-bc5ff4be90f3} - G:\AutoRun.exe
HKU\S-1-5-21-2771146442-3684013614-596228640-1000\...\MountPoints2: {02a7a310-310c-11e3-b1dd-001e101f3315} - G:\AutoRun.exe
HKU\S-1-5-21-2771146442-3684013614-596228640-1000\...\MountPoints2: {6d73ba62-5089-11e4-9b73-bc5ff4be90f3} - G:\AutoRun.exe
HKU\S-1-5-21-2771146442-3684013614-596228640-1000\...\MountPoints2: {6d73ba81-5089-11e4-9b73-bc5ff4be90f3} - G:\AutoRun.exe
HKU\S-1-5-21-2771146442-3684013614-596228640-1000\...\MountPoints2: {bdfefe4d-3a5f-11e3-b5e1-bc5ff4be90f3} - G:\AutoRun.exe
HKU\S-1-5-21-2771146442-3684013614-596228640-1000\...\MountPoints2: {e1dbec5d-3109-11e3-a995-bc5ff4be90f3} - G:\AutoRun.exe
HKU\S-1-5-21-2771146442-3684013614-596228640-1000\...\MountPoints2: {e1dbec73-3109-11e3-a995-bc5ff4be90f3} - G:\AutoRun.exe
HKU\S-1-5-21-2771146442-3684013614-596228640-1000\...\MountPoints2: {e1dbec87-3109-11e3-a995-bc5ff4be90f3} - G:\AutoRun.exe
HKU\S-1-5-21-2771146442-3684013614-596228640-1000\...\MountPoints2: {e1dbeca2-3109-11e3-a995-bc5ff4be90f3} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-10-08]
ShortcutTarget: iSCTsysTray.lnk - & gt; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2771146442-3684013614-596228640-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=154
BHO-x32: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2771146442-3684013614-596228640-1000 - & gt; No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.100
Tcpip\..\Interfaces\{A86573D9-380F-4A13-BDB4-AFD8A5D7BB45}: [NameServer] 89.108.202.20 89.108.195.20

FireFox:
========
FF ProfilePath: C:\Users\start\AppData\Roaming\Mozilla\Firefox\Profiles\12u1cm50.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - & gt; C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - & gt; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - & gt; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-2771146442-3684013614-596228640-1000: @g2.com/iggweb3dupdater - & gt; C:\Users\start\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2771146442-3684013614-596228640-1000: @g2.com/joyconnectshell - & gt; C:\Users\start\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2771146442-3684013614-596228640-1000: @unity3d.com/UnityPlayer,version=1.0 - & gt; C:\Users\start\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2771146442-3684013614-596228640-1000: ubisoft.com/uplaypc - & gt; C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-03-10] ()
FF user.js: detected! = & gt; C:\Users\start\AppData\Roaming\Mozilla\Firefox\Profiles\12u1cm50.default\user.js [2013-10-10]

Chrome:
=======
CHR HomePage: Default - & gt; hxxp://www.gazeta.pl/0,0.html?p=154
CHR StartupUrls: Default - & gt; " https://www.google.com/ "
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: ( " name " : " " ,) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: ( " name " : " " ,) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Profile: C:\Users\start\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\start\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09]
CHR Extension: (Google Search) - C:\Users\start\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09]
CHR Extension: (Bookmark Manager) - C:\Users\start\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-03]
CHR Extension: (Google Wallet) - C:\Users\start\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]
CHR Extension: (Gmail) - C:\Users\start\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09]

Opera:
=======
OPR StartupUrls: " hxxp://www.gazeta.pl/0,0.html?p=154 "

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Gry\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-02-18] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-05-14] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 11:01 - 2015-05-14 11:02 - 00017670 _____ () C:\Users\start\Desktop\FRST.txt.txt
2015-05-14 10:55 - 2015-05-14 10:55 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-05-14 10:55 - 2015-05-14 10:55 - 00000550 _____ () C:\Windows\PFRO.log
2015-05-14 10:55 - 2015-05-14 10:55 - 00000168 _____ () C:\Windows\setupact.log
2015-05-14 10:55 - 2015-05-14 10:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-14 10:46 - 2015-05-14 10:46 - 00000000 _____ () C:\Users\start\Downloads\FRST.txt
2015-05-14 10:44 - 2015-05-14 10:47 - 00030898 _____ () C:\Users\start\Downloads\Addition.txt
2015-05-14 10:43 - 2015-05-14 11:01 - 00000000 ____D () C:\FRST
2015-05-14 10:43 - 2015-05-14 10:48 - 00027776 _____ () C:\Users\start\Downloads\FRST.txt.txt
2015-05-14 10:43 - 2015-05-14 10:43 - 02104832 _____ (Farbar) C:\Users\start\Desktop\FRST64.exe
2015-05-13 15:14 - 2015-05-14 09:08 - 00087523 _____ () C:\Users\start\Downloads\Play Faktura Maj 2015.pdf.encrypted
2015-05-13 15:12 - 2015-05-14 09:08 - 00000000 ____D () C:\Users\start\Downloads\Play
2015-05-12 14:01 - 2015-05-14 09:03 - 00074003 _____ () C:\Users\start\Documents\Konto iPKO.pdf.encrypted
2015-05-12 13:58 - 2015-05-14 09:03 - 00015898 _____ () C:\Users\start\Documents\Konto iPKO.odt.encrypted
2015-05-02 12:55 - 2015-05-02 12:55 - 00000000 ____D () C:\Users\start\AppData\Local\Risen2
2015-04-23 14:46 - 2015-04-30 15:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-19 13:29 - 2015-05-14 11:02 - 01139403 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 10:55 - 2013-10-08 21:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-14 10:55 - 2013-10-08 20:44 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-05-14 10:55 - 2013-10-08 20:43 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-14 10:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 10:53 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-14 10:48 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 10:48 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 10:39 - 2013-10-08 20:43 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 10:30 - 2013-10-10 10:58 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-14 10:21 - 2013-10-15 07:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-14 10:21 - 2013-10-10 15:56 - 00000000 ____D () C:\Users\start\AppData\Local\CrashDumps
2015-05-14 10:19 - 2014-01-23 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-14 10:19 - 2014-01-23 20:23 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-14 10:14 - 2013-10-08 20:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-14 10:14 - 2010-11-21 14:53 - 00751070 _____ () C:\Windows\system32\perfh015.dat
2015-05-14 10:14 - 2010-11-21 14:53 - 00162046 _____ () C:\Windows\system32\perfc015.dat
2015-05-14 10:14 - 2009-07-14 07:13 - 01702640 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 10:11 - 2014-07-24 20:05 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 10:11 - 2014-07-24 20:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-14 10:11 - 2014-03-21 11:25 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-14 10:09 - 2013-10-09 21:38 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-14 09:18 - 2014-10-21 09:12 - 00000000 ____D () C:\ProgramData\AVG2015
2015-05-14 09:12 - 2014-03-08 06:49 - 00000000 ____D () C:\Users\start\AppData\Local\Skyrim
2015-05-14 09:08 - 2015-04-13 09:28 - 00000000 ____D () C:\Users\start\Downloads\Mass Effect & Skyrim
2015-05-14 09:08 - 2015-04-13 09:20 - 00000000 ____D () C:\Users\start\Downloads\Dragon Age Pliki
2015-05-14 09:08 - 2015-04-13 09:16 - 00000000 ____D () C:\Users\start\Downloads\Książki
2015-05-14 09:08 - 2015-04-03 13:49 - 250640636 _____ () C:\Users\start\Downloads\VTMBup86.rar.encrypted
2015-05-14 09:08 - 2015-03-12 21:27 - 01409398 _____ () C:\Users\start\Downloads\SkyUI_4_1-3863-4-1.7z.encrypted
2015-05-14 09:08 - 2014-12-15 10:10 - 00171910 _____ () C:\Users\start\Downloads\Faktura Grudzień 2014.pdf.encrypted
2015-05-14 09:08 - 2014-10-07 05:48 - 00011262 _____ () C:\Users\start\Documents\Łowczyni.odt.encrypted
2015-05-14 09:08 - 2014-04-11 16:37 - 00049556 _____ () C:\Users\start\Downloads\upc_formularz_cesji_umowy_abonenckiej.pdf.encrypted
2015-05-14 09:06 - 2015-02-04 11:44 - 00000000 ____D () C:\Users\start\Documents\Thief
2015-05-14 09:05 - 2015-03-10 14:41 - 00000000 ____D () C:\Users\start\Documents\Settlers7
2015-05-14 09:05 - 2015-02-24 14:29 - 00010917 _____ () C:\Users\start\Documents\TESO Support.odt.encrypted
2015-05-14 09:04 - 2014-10-17 08:28 - 00024131 _____ () C:\Users\start\Documents\Podstawowe akordy.odt.encrypted
2015-05-14 09:04 - 2014-10-17 08:27 - 00086514 _____ () C:\Users\start\Documents\Podstawowe chwyty.pdf.encrypted
2015-05-14 09:04 - 2014-09-29 07:36 - 00055099 _____ () C:\Users\start\Documents\PS4.pdf.encrypted
2015-05-14 09:03 - 2014-01-23 20:25 - 00044598 _____ () C:\Users\start\Documents\cc_20140123_192456.reg.encrypted
2015-05-14 09:03 - 2013-12-20 18:02 - 00026680 _____ () C:\Users\start\Documents\Cynthia Almare.odt.encrypted
2015-05-14 09:03 - 2013-10-13 17:21 - 00000000 ____D () C:\Users\start\Documents\MOJE SZPARGAŁY
2015-05-14 08:54 - 2014-09-06 05:08 - 00000000 ____D () C:\Users\start\Documents\ArcheAge
2015-05-14 08:54 - 2014-08-13 14:51 - 00018214 _____ () C:\Users\start\Documents\Amo - Pytania z mostu.odt.encrypted
2015-05-14 08:54 - 2014-01-04 08:47 - 00000000 ____D () C:\Users\start\.android
2015-05-14 08:54 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-11 18:09 - 2013-10-15 14:54 - 00010003 _____ () C:\Users\start\Documents\TombRaider.log
2015-05-10 20:49 - 2013-11-12 14:22 - 00000000 ____D () C:\ProgramData\Origin
2015-05-02 17:30 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-30 20:40 - 2013-10-08 20:43 - 00002149 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-26 00:18 - 2014-10-21 09:13 - 00000955 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-26 00:18 - 2014-03-31 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-25 20:03 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-23 19:50 - 2013-10-09 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 18:02 - 2013-10-08 20:28 - 00000000 ____D () C:\Users\start
2015-04-21 14:32 - 2014-09-17 11:33 - 00000000 ____D () C:\Users\start\AppData\Local\Battle.net
2015-04-15 15:09 - 2013-10-09 21:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 15:09 - 2013-10-09 21:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 15:09 - 2013-10-09 21:38 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 09:37 - 2014-07-24 20:05 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-07-24 20:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-03-21 11:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2014-02-27 14:12 - 2014-02-27 14:12 - 0000093 _____ () C:\Users\start\AppData\Local\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe = & gt; File is digitally signed
C:\Windows\System32\wininit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\wininit.exe = & gt; File is digitally signed
C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe = & gt; File is digitally signed
C:\Windows\System32\svchost.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe = & gt; File is digitally signed
C:\Windows\System32\services.exe = & gt; File is digitally signed
C:\Windows\System32\User32.dll = & gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll = & gt; File is digitally signed
C:\Windows\System32\userinit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe = & gt; File is digitally signed
C:\Windows\System32\rpcss.dll = & gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys = & gt; File is digitally signed


LastRegBack: 2015-02-25 20:29

==================== End Of Log ============================


Download file - link to post
 Search on offer
Close 
Search 200 000 TME products