Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 24-11-2017 01 Uruchomiony przez Adrian (administrator) ADRIAN-KOMPUTER (25-11-2017 20:57:22) Uruchomiony z C:\Users\Adrian\Desktop Załadowane profile: Adrian (Dostępne profile: Adrian & Administrator) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ======================================================== C:\FRST\FRST.exe => Win32/Suweezy? - pomyślnie przeniesiono ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (COMODO) C:\Program Files\Programy\COMODO\COMODO Internet Security\cmdagent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (COMODO) C:\Program Files\Programy\COMODO\COMODO Internet Security\cavwp.exe (COMODO) C:\Program Files\Programy\COMODO\COMODO Internet Security\cistray.exe (QFX Software Corporation) C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe (COMODO) C:\Program Files\Programy\COMODO\COMODO Internet Security\cis.exe (IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Ubisoft) C:\Program Files\Ubisoft\Ubisoft Game Launcher\upc.exe (Ubisoft) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [KeyScrambler] => C:\Program Files\Programy\KeyScrambler\keyscrambler.exe [509216 2015-10-12] (QFX Software Corporation) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\Programy\COMODO\COMODO Internet Security\cistray.exe [1390784 2017-08-29] (COMODO) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074600 2016-08-28] (The Eraser Project) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-04-09] (Microsoft Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 91.189.136.10 91.189.136.11 192.168.0.1 Tcpip\..\Interfaces\{189AE0A5-EC63-4722-98C5-0F879F334207}: [DhcpNameServer] 91.189.136.10 91.189.136.11 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1195799040-1513517072-2440341013-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1195799040-1513517072-2440341013-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=189 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: vzpkllji.default FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\vzpkllji.default [2017-11-25] FF Extension: (Disable Media WMF NV12 format) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\vzpkllji.default\features\{1002cecc-e7a4-4e63-acd1-c7a839b401be}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-22] [Przestarzałe] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1195799040-1513517072-2440341013-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-11-25] () Chrome: ======= CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default [2017-11-25] CHR Extension: (Prezentacje) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Dokumenty) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Dysk Google) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-12] CHR Extension: (YouTube) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-12] CHR Extension: (Arkusze) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (AdBlock) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-14] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-12] CHR Extension: (Chrome Media Router) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdvancedSystemCareService11; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [1053472 2017-09-16] (IObit) R2 CmdAgent; C:\Program Files\Programy\COMODO\COMODO Internet Security\cmdagent.exe [8150344 2017-08-29] (COMODO) S3 cmdvirth; C:\Program Files\Programy\COMODO\COMODO Internet Security\cmdvirth.exe [2080448 2017-08-29] (COMODO) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-04-17] (Malwarebytes) S3 StarWindServiceAE; C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [27504 2017-08-08] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [658704 2017-08-08] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [53344 2017-08-08] (COMODO) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-04-08] (REALiX(tm)) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [106864 2017-08-08] (COMODO) R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [211536 2015-08-18] (QFX Software Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [220088 2017-11-25] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64288 2017-08-19] (Malwarebytes) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [40384 2016-12-16] (NVIDIA Corporation) R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [308192 2017-05-10] (Realsil Semiconductor Corporation) R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113336 2013-07-22] (Power Software Ltd) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2016-04-09] (Duplex Secure Ltd.) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.) U3 a6tbzr4k; C:\Windows\system32\Drivers\a6tbzr4k.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder) R3 catchme; \??\C:\Users\Adrian\AppData\Local\Temp\catchme.sys [X] U3 mbr; \??\C:\ComboFix\mbr.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-11-25 20:57 - 2017-11-25 20:57 - 000011061 _____ C:\Users\Adrian\Desktop\FRST.txt 2017-11-25 20:53 - 2017-11-25 20:53 - 001789440 _____ (Farbar) C:\Users\Adrian\Desktop\FRST.exe 2017-11-25 20:32 - 2017-11-25 20:32 - 000000000 ____D C:\Users\Adrian\AppData\Local\ElevatedDiagnostics 2017-11-25 20:25 - 2017-11-25 20:25 - 000014970 _____ C:\ComboFix.txt 2017-11-25 20:14 - 2011-06-26 07:45 - 000256000 _____ C:\Windows\PEV.exe 2017-11-25 20:14 - 2010-11-07 18:20 - 000208896 _____ C:\Windows\MBR.exe 2017-11-25 20:14 - 2009-04-20 05:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-11-25 20:14 - 2000-08-31 01:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-11-25 20:14 - 2000-08-31 01:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-11-25 20:14 - 2000-08-31 01:00 - 000098816 _____ C:\Windows\sed.exe 2017-11-25 20:14 - 2000-08-31 01:00 - 000080412 _____ C:\Windows\grep.exe 2017-11-25 20:14 - 2000-08-31 01:00 - 000068096 _____ C:\Windows\zip.exe 2017-11-25 19:37 - 2017-11-25 19:46 - 000002230 _____ C:\Users\Public\Desktop\Advanced SystemCare 11.lnk 2017-11-25 19:37 - 2017-11-25 19:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 2017-11-21 18:37 - 2017-11-21 18:37 - 000000000 ____D C:\Users\Adrian\Documents\KONAMI 2017-11-15 10:12 - 2017-10-18 07:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-11-15 10:12 - 2017-10-18 02:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2017-11-15 10:12 - 2017-10-18 02:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2017-11-15 10:12 - 2017-10-18 02:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2017-11-15 10:12 - 2017-10-18 02:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2017-11-15 10:12 - 2017-10-18 02:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2017-11-15 10:12 - 2017-10-18 02:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2017-11-15 10:12 - 2017-10-18 02:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2017-11-15 10:12 - 2017-10-16 23:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-11-15 10:12 - 2017-10-16 23:25 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-11-15 10:12 - 2017-10-16 22:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll 2017-11-15 10:12 - 2017-10-14 08:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-11-15 10:12 - 2017-10-14 08:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2017-11-15 10:12 - 2017-10-14 08:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2017-11-15 10:12 - 2017-10-14 07:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-11-15 10:12 - 2017-10-14 07:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2017-11-15 10:12 - 2017-10-14 07:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2017-11-15 10:12 - 2017-10-14 07:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2017-11-15 10:12 - 2017-10-14 07:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-11-15 10:12 - 2017-10-14 07:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-11-15 10:12 - 2017-10-14 07:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2017-11-15 10:12 - 2017-10-14 07:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2017-11-15 10:12 - 2017-10-14 07:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2017-11-15 10:12 - 2017-10-14 07:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-11-15 10:12 - 2017-10-14 07:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-11-15 10:12 - 2017-10-14 07:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2017-11-15 10:12 - 2017-10-14 07:45 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2017-11-15 10:12 - 2017-10-14 07:41 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2017-11-15 10:12 - 2017-10-14 07:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2017-11-15 10:12 - 2017-10-14 07:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-11-15 10:12 - 2017-10-14 07:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2017-11-15 10:12 - 2017-10-14 07:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2017-11-15 10:12 - 2017-10-14 07:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-11-15 10:12 - 2017-10-14 07:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2017-11-15 10:12 - 2017-10-14 07:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-11-15 10:12 - 2017-10-14 07:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-11-15 10:12 - 2017-10-14 07:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2017-11-15 10:12 - 2017-10-14 07:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-11-15 10:12 - 2017-10-14 07:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-11-15 10:12 - 2017-10-14 07:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-11-15 10:12 - 2017-10-14 07:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-11-15 10:12 - 2017-10-14 07:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-11-15 10:12 - 2017-10-14 07:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2017-11-15 10:12 - 2017-10-14 07:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-11-15 10:12 - 2017-10-14 07:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-11-15 10:12 - 2017-10-14 07:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-11-15 10:12 - 2017-10-12 01:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2017-11-15 10:12 - 2017-10-12 01:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2017-11-15 10:12 - 2017-10-12 01:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2017-11-15 10:12 - 2017-10-12 01:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-11-15 10:12 - 2017-10-12 01:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2017-11-15 10:12 - 2017-10-12 01:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2017-11-15 10:12 - 2017-10-12 01:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2017-11-15 10:12 - 2017-10-12 01:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2017-11-15 10:12 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2017-11-15 10:12 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2017-11-15 10:12 - 2017-10-12 01:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-11-15 10:12 - 2017-10-12 01:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys 2017-11-15 10:12 - 2017-09-07 14:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-11-15 10:12 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-11-15 10:11 - 2017-10-18 03:16 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2017-11-15 10:11 - 2017-10-18 03:11 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-11-15 10:11 - 2017-10-15 23:04 - 000313184 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2017-11-15 10:11 - 2017-10-04 14:04 - 001918464 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2017-11-15 10:11 - 2017-10-04 14:04 - 001321472 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2017-11-15 10:11 - 2017-10-04 14:04 - 000541696 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2017-11-15 10:11 - 2017-10-04 14:04 - 000509440 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2017-11-15 10:11 - 2017-10-04 14:04 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2017-11-15 10:11 - 2017-10-04 14:04 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2017-11-15 10:11 - 2017-10-04 14:04 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2017-11-05 11:11 - 2017-11-16 00:15 - 000268232 _____ C:\Windows\system32\FNTCACHE.DAT 2017-11-05 00:35 - 2017-11-05 00:35 - 000058400 _____ C:\Users\Adrian\AppData\Local\GDIPFONTCACHEV1.DAT 2017-11-05 00:18 - 2017-11-05 00:18 - 008261584 _____ (Malwarebytes) C:\Users\Adrian\Desktop\adwcleaner_7.0.4.0.exe 2017-11-04 22:34 - 2017-11-25 19:32 - 000000000 ____D C:\Program Files\Common Files\IObit 2017-11-04 22:34 - 2017-11-04 22:34 - 000000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A} 2017-11-04 22:34 - 2017-11-04 22:34 - 000000000 ____D C:\Program Files\IObit 2017-11-04 22:25 - 2017-11-04 22:25 - 000000000 ___SD C:\Program Files\Reg Organizer 2017-11-04 22:25 - 2017-11-04 22:25 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\ChemTable Software 2017-11-04 22:25 - 2017-11-04 22:25 - 000000000 ____D C:\Users\Adrian\AppData\Local\ChemTable Software 2017-11-04 22:25 - 2017-11-04 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Organizer ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-11-25 20:57 - 2017-05-27 08:37 - 000000000 ____D C:\FRST 2017-11-25 20:45 - 2016-04-08 23:45 - 000000000 ____D C:\Program Files\GRY 2017-11-25 20:32 - 2017-04-17 19:06 - 000220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-11-25 20:32 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF 2017-11-25 20:31 - 2016-04-30 17:59 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\Tropico 4 2017-11-25 20:28 - 2016-10-04 19:33 - 000000000 ____D C:\Users\Adrian\AppData\Local\Ubisoft Game Launcher 2017-11-25 20:28 - 2016-04-08 23:18 - 000000000 ____D C:\Program Files\Steam 2017-11-25 20:25 - 2016-12-15 22:24 - 000000000 ____D C:\Qoobox 2017-11-25 20:24 - 2009-07-14 03:04 - 000000215 _____ C:\Windows\system.ini 2017-11-25 20:11 - 2016-04-09 00:10 - 000000000 ___RD C:\Users\Adrian\Desktop\Programy 2017-11-25 20:11 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf 2017-11-25 19:57 - 2016-04-09 10:41 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\uTorrent 2017-11-25 19:46 - 2017-04-19 22:26 - 000000230 _____ C:\Users\Adrian\Documents\ax_files.xml 2017-11-25 19:40 - 2009-07-14 05:34 - 000010336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-25 19:40 - 2009-07-14 05:34 - 000010336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-25 19:37 - 2016-09-10 11:18 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\IObit 2017-11-25 19:37 - 2016-09-10 11:18 - 000000000 ____D C:\ProgramData\IObit 2017-11-25 19:32 - 2016-04-08 23:45 - 000000000 ____D C:\Users\Adrian\AppData\LocalLow\IObit 2017-11-25 19:32 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-25 19:29 - 2017-04-17 19:20 - 000000000 ____D C:\AdwCleaner 2017-11-25 18:42 - 2016-12-15 21:51 - 000000000 ____D C:\Users\Adrian\AppData\LocalLow\Mozilla 2017-11-23 19:10 - 2017-06-15 21:23 - 000000000 ____D C:\KMPlayer 2017-11-21 17:58 - 2016-11-21 15:12 - 000290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe 2017-11-21 03:48 - 2009-07-14 05:53 - 000032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-11-20 03:51 - 2016-04-08 23:45 - 000000000 ____D C:\ProgramData\ProductData 2017-11-17 23:54 - 2016-11-26 17:16 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\Mozilla 2017-11-17 23:54 - 2016-11-26 17:15 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-11-17 02:16 - 2017-05-27 08:26 - 000000000 ____D C:\Users\Adrian\Documents\Bandicam 2017-11-16 00:14 - 2016-04-13 09:13 - 000000000 ____D C:\Windows\system32\appraiser 2017-11-15 00:17 - 2017-09-12 23:11 - 000000000 ____D C:\Windows\system32\Macromed 2017-11-15 00:17 - 2016-11-26 17:20 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-11-15 00:17 - 2016-11-26 17:20 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-11-13 23:28 - 2017-06-12 08:44 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-13 23:28 - 2017-06-12 08:44 - 000002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-12 23:03 - 2016-09-28 12:33 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\Might & Magic Heroes VI 2017-11-04 23:21 - 2016-05-31 12:40 - 000000000 ___RD C:\Users\Adrian\Desktop\GRY 2017-11-04 23:08 - 2016-04-08 23:11 - 000000000 ____D C:\Users\Adrian 2017-11-02 18:26 - 2016-04-08 23:18 - 000000000 ____D C:\Program Files\Common Files\Steam 2017-10-29 13:04 - 2016-04-30 18:08 - 000011928 _____ C:\Windows\system32\Drivers\fvstore.dat 2017-10-29 12:49 - 2016-04-26 11:28 - 000000000 ____D C:\ProgramData\Comodo 2017-10-29 11:46 - 2016-12-09 21:01 - 000000000 ____D C:\Users\Adrian\Tracing ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-05-09 17:55 - 2017-05-09 17:55 - 000025955 _____ () C:\Users\Adrian\AppData\Local\recently-used.xbel 2016-05-26 23:57 - 2017-04-18 11:18 - 000007602 _____ () C:\Users\Adrian\AppData\Local\resmon.resmoncfg 2017-06-09 07:46 - 2017-06-09 07:46 - 000000000 _____ () C:\Users\Adrian\AppData\Local\{A073C58F-E64A-489A-9107-4CA510BD9B40} Niektóre pliki w TEMP: ==================== 2017-11-25 20:29 - 2017-11-25 20:29 - 000250120 _____ (Kalypso Media, Realmforge Studios) C:\Users\Adrian\AppData\Local\Temp\tmp28A6.tmp.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-10-06 04:26 ==================== Koniec FRST.txt ============================