Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 03.06.2018 Uruchomiony przez NergTHRONE (administrator) NERGTHRONE-V (06-06-2018 19:21:51) Uruchomiony z C:\Users\NergTHRONE\Desktop Załadowane profile: NergTHRONE (Dostępne profile: NergTHRONE) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (f.lux Software LLC) C:\Users\NergTHRONE\AppData\Local\FluxSoftware\Flux\flux.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe (Valve Corporation) D:\STEAM\Steam.exe (Valve Corporation) D:\STEAM\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) D:\STEAM\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) D:\STEAM\bin\cef\cef.win7\steamwebhelper.exe (PreSonus) C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () D:\STEAM\steamapps\common\Cryptic Studios\Neverwinter.exe (Valve Corporation) D:\STEAM\bin\cef\cef.win7\steamwebhelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299520 2017-05-11] (Intel Corporation) HKU\S-1-5-21-1476387061-426778352-2266923776-1000\...\Run: [f.lux] => C:\Users\NergTHRONE\AppData\Local\FluxSoftware\Flux\flux.exe [1682936 2018-01-18] (f.lux Software LLC) HKU\S-1-5-21-1476387061-426778352-2266923776-1000\...\Run: [Universal Control] => C:\Program Files\PreSonus\Universal Control\Universal Control.exe [14089216 2018-05-09] (PreSonus) Startup: C:\Users\NergTHRONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2018-05-19] ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe () BootExecute: autocheck autochk * autopart.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{08303C44-E247-4049-A378-D30A082B45C2}: [DhcpNameServer] 62.179.1.63 62.179.1.62 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1476387061-426778352-2266923776-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch FireFox: ======== FF DefaultProfile: y8w4jqil.default FF ProfilePath: C:\Users\NergTHRONE\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4jqil.default [2018-06-06] FF Homepage: Mozilla\Firefox\Profiles\y8w4jqil.default -> hxxps://www.google.pl/?gfe_rd=cr&dcr=0&ei=5ou2WqPPJ8_X8geblpTQBA FF Session Restore: Mozilla\Firefox\Profiles\y8w4jqil.default -> [funkcja włączona] FF HomepageOverride: Mozilla\Firefox\Profiles\y8w4jqil.default -> Enabled: homepage@mail.ru FF NewTabOverride: Mozilla\Firefox\Profiles\y8w4jqil.default -> Disabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} FF Extension: (Bloker reklam AdGuard) - C:\Users\NergTHRONE\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4jqil.default\Extensions\adguardadblocker@adguard.com.xpi [2018-01-27] FF Extension: (Ghostery) - C:\Users\NergTHRONE\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4jqil.default\Extensions\firefox@ghostery.com.xpi [2018-01-27] FF Extension: (S3.Translator) - C:\Users\NergTHRONE\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4jqil.default\Extensions\s3google@translator.xpi [2018-01-27] FF Extension: (Google Translator for Firefox) - C:\Users\NergTHRONE\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4jqil.default\Extensions\translator@zoli.bod.xpi [2018-01-29] FF Extension: (uMatrix) - C:\Users\NergTHRONE\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4jqil.default\Extensions\uMatrix@raymondhill.net.xpi [2018-01-27] FF Extension: (Screengrab!) - C:\Users\NergTHRONE\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4jqil.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-01-12] FF Extension: (NoScript) - C:\Users\NergTHRONE\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4jqil.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-01-27] FF Extension: (Coinhive Blocker) - C:\Users\NergTHRONE\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4jqil.default\Extensions\{b8540c43-c0dc-4573-82bf-da6f419d6f97}.xpi [2018-01-27] FF Extension: (Video DownloadHelper) - C:\Users\NergTHRONE\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4jqil.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-01-27] FF SearchPlugin: C:\Users\NergTHRONE\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4jqil.default\searchplugins\dodatki-dla-firefox.xml [2016-04-03] Opera: ======= OPR Extension: (Translator) - C:\Users\NergTHRONE\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2018-04-25] OPR Extension: (Video Downloader GetThemAll) - C:\Users\NergTHRONE\AppData\Roaming\Opera Software\Opera Stable\Extensions\ipjignndhlpeimkmgpfnappdcohjealh [2018-05-03] OPR Extension: (Adblock Plus) - C:\Users\NergTHRONE\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-05-16] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8448944 2011-11-23] (DisplayLink Corp.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [7599568 2018-03-27] (INCA Internet Co., Ltd.) R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] () R2 PreSonus Hardware Access Service; C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe [375296 2018-05-09] (PreSonus) [Brak podpisu cyfrowego] R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-08-20] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== UWAGA ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [501216 2018-04-25] (Intel Corporation) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.) R3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio.sys [355568 2018-03-22] () R3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks.sys [53488 2018-03-22] () S3 RDID1115; C:\Windows\System32\Drivers\rdwm1115.sys [81920 2010-09-17] (Roland Corporation) R3 teVirtualMIDI64; C:\Windows\System32\DRIVERS\teVirtualMIDI64.sys [41016 2016-08-31] (Tobias Erichsen) S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Western Digital Technologies) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-06-06 19:21 - 2018-06-06 19:22 - 000010632 _____ C:\Users\NergTHRONE\Desktop\FRST.txt 2018-06-06 19:19 - 2018-06-06 19:21 - 000000000 ____D C:\FRST 2018-06-06 14:19 - 2018-06-06 14:19 - 000001071 _____ C:\Users\NergTHRONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Universal Control.lnk 2018-06-06 14:19 - 2018-06-06 14:19 - 000001041 _____ C:\Users\NergTHRONE\Desktop\Universal Control.lnk 2018-06-06 14:19 - 2018-06-06 14:19 - 000000000 ____D C:\Program Files\Tobias Erichsen 2018-06-06 14:18 - 2018-06-06 14:18 - 129074648 _____ (PreSonus) C:\Users\NergTHRONE\Downloads\PreSonus_Universal_Control_Installer-47644.exe 2018-06-06 14:18 - 2018-06-06 14:18 - 000000000 ____D C:\Program Files\PreSonus 2018-06-04 17:42 - 2018-06-04 17:42 - 002413056 _____ (Farbar) C:\Users\NergTHRONE\Desktop\FRST64.exe 2018-06-04 10:39 - 2018-06-04 10:39 - 007271632 _____ (Malwarebytes) C:\Users\NergTHRONE\Desktop\adwcleaner_7.1.1.exe 2018-06-03 22:55 - 2018-06-03 22:55 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2018-06-03 22:47 - 2018-06-03 22:56 - 000000000 ____D C:\ProgramData\HitmanPro 2018-06-03 22:47 - 2018-06-03 22:47 - 000000000 ____D C:\Program Files\HitmanPro 2018-06-03 22:44 - 2018-06-03 22:44 - 000021423 _____ C:\ComboFix.txt 2018-06-03 22:36 - 2018-06-03 22:43 - 000000000 ____D C:\Windows\erdnt 2018-06-03 22:16 - 2018-06-03 22:17 - 000000000 ____D C:\AdwCleaner 2018-06-03 22:15 - 2018-06-03 22:15 - 011609024 _____ (SurfRight B.V.) C:\Users\NergTHRONE\Desktop\HitmanPro_x64.exe 2018-06-02 23:06 - 2018-06-02 23:06 - 000143407 _____ C:\Users\NergTHRONE\Downloads\428M.rar 2018-06-02 22:59 - 2018-06-02 22:59 - 000281701 _____ C:\Users\NergTHRONE\Downloads\MMP-4.zip 2018-06-02 22:54 - 2018-06-02 23:02 - 239804678 _____ C:\Users\NergTHRONE\Downloads\piano-loops-vol1_3605.zip 2018-06-02 22:52 - 2018-06-02 23:01 - 266832769 _____ C:\Users\NergTHRONE\Downloads\piano-loops-vol2_3704.zip 2018-06-02 22:46 - 2018-06-02 22:52 - 038118848 _____ C:\Users\NergTHRONE\Downloads\143884.rar 2018-05-27 18:17 - 2018-05-27 18:17 - 000000000 ____D C:\Users\NergTHRONE\Documents\Native Instruments 2018-05-27 18:17 - 2018-05-27 18:17 - 000000000 ____D C:\Users\NergTHRONE\AppData\Local\Native Instruments 2018-05-27 18:10 - 2018-05-27 18:19 - 000000000 ____D C:\Program Files\Common Files\Native Instruments 2018-05-27 18:10 - 2018-05-27 18:10 - 000000000 ____D C:\ProgramData\Native Instruments 2018-05-27 18:10 - 2018-05-27 18:10 - 000000000 ____D C:\Program Files\Native Instruments 2018-05-27 16:45 - 2018-04-16 11:08 - 414933157 ____R C:\Users\NergTHRONE\Desktop\Kontakt5.7.3Portable.exe 2018-05-27 16:13 - 2018-05-27 16:28 - 456388242 _____ C:\Users\NergTHRONE\Downloads\58ContactPort.rar 2018-05-27 00:11 - 2018-05-27 00:11 - 000000061 _____ C:\Windows\bassmidi.sflist 2018-05-27 00:01 - 2018-05-27 00:01 - 000000000 ____D C:\Windows\SysWOW64\bassmididrv 2018-05-27 00:01 - 2018-05-27 00:01 - 000000000 ____D C:\Windows\system32\bassmididrv 2018-05-27 00:01 - 2018-05-27 00:01 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BASSMIDI System Synth 2018-05-26 23:56 - 2018-05-27 00:04 - 000000000 ____D C:\Program Files (x86)\AIMP 2018-05-26 23:56 - 2018-05-26 23:56 - 000000905 _____ C:\Users\Public\Desktop\AIMP.lnk 2018-05-26 23:53 - 2018-05-26 23:53 - 010689976 _____ (AIMP DevTeam) C:\Users\NergTHRONE\Downloads\aimp_4.51.2077.exe 2018-05-26 23:46 - 2018-05-26 23:46 - 001001638 _____ C:\Users\NergTHRONE\Downloads\bassmididrv.exe 2018-05-26 23:04 - 2018-05-26 23:04 - 000266990 _____ C:\Users\NergTHRONE\Downloads\bassmidi24.zip 2018-05-26 22:57 - 2018-05-26 22:57 - 000000000 ____D C:\Users\NergTHRONE\AppData\Local\DOSBox 2018-05-26 22:56 - 2018-05-26 22:56 - 001448809 _____ (DOSBox Team) C:\Users\NergTHRONE\Downloads\DOSBox0.74-win32-installer.exe 2018-05-26 22:17 - 2018-05-26 22:20 - 180875794 _____ C:\Users\NergTHRONE\Downloads\SGM-V2.01.7z 2018-05-26 22:06 - 2018-06-04 14:06 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\AIMP 2018-05-26 20:42 - 2018-05-26 20:42 - 000002108 _____ C:\Users\NergTHRONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk 2018-05-26 20:42 - 2018-05-26 20:42 - 000000000 ____D C:\Users\NergTHRONE\AppData\Local\FluxSoftware 2018-05-26 20:41 - 2018-05-26 20:41 - 000770384 _____ C:\Users\NergTHRONE\Downloads\flux-setup.exe 2018-05-24 21:28 - 2018-05-24 21:28 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\MPC-HC 2018-05-24 21:13 - 2018-05-24 21:13 - 000419665 _____ C:\Users\NergTHRONE\Downloads\black_family.zip 2018-05-23 14:41 - 2018-05-23 14:41 - 000000000 ____D C:\Program Files\Common Files\Kontakt 5 2018-05-23 13:02 - 2018-05-23 13:02 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zero-G Phaedra 2018-05-23 13:02 - 2018-05-23 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zero-G Phaedra 2018-05-23 13:01 - 2018-05-23 13:01 - 000000000 ____D C:\Program Files (x86)\Native Instruments 2018-05-23 13:01 - 2007-06-25 09:28 - 000393216 _____ (Native Instruments Software GmbH) C:\Windows\SysWOW64\NI_IRC_1_2.dll 2018-05-23 13:01 - 2007-06-25 09:28 - 000061440 _____ (Native Instruments Software GmbH) C:\Windows\SysWOW64\NI_DFD_1_5.dll 2018-05-22 15:19 - 2018-05-22 15:19 - 621283886 _____ C:\Users\NergTHRONE\Downloads\Hirens.BootCD.15.2.zip 2018-05-22 15:11 - 2018-05-22 15:11 - 000000000 ____D C:\Program Files\DisplayLink Graphics 2018-05-22 15:10 - 2018-05-22 15:10 - 000000000 ____D C:\Users\NergTHRONE\Desktop\STERY DO Kabli 2018-05-22 15:10 - 2018-05-22 15:10 - 000000000 ____D C:\Program Files\DisplayLink Core Software 2018-05-22 15:10 - 2018-05-22 15:10 - 000000000 _____ C:\Windows\system32\dlumd9.dll 2018-05-22 15:10 - 2018-05-22 15:10 - 000000000 _____ C:\Windows\system32\dlumd11.dll 2018-05-22 15:10 - 2018-05-22 15:10 - 000000000 _____ C:\Windows\system32\dlumd10.dll 2018-05-21 20:48 - 2018-05-21 20:48 - 000000933 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk 2018-05-21 20:47 - 2018-05-21 20:47 - 078087592 _____ (TeamSpeak Systems GmbH) C:\Users\NergTHRONE\Downloads\TeamSpeak3-Client-win64-3.1.9.exe 2018-05-21 20:42 - 2018-05-21 20:42 - 000000000 ____D C:\Users\NergTHRONE\Documents\Moje palety 2018-05-21 20:41 - 2018-05-21 20:41 - 000000000 ____D C:\Users\NergTHRONE\Documents\Corel 2018-05-21 20:32 - 2018-05-21 20:32 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\Corel 2018-05-21 20:32 - 2018-05-21 20:32 - 000000000 ____D C:\ProgramData\Protexis64 2018-05-21 20:32 - 2018-05-21 20:32 - 000000000 ____D C:\Program Files (x86)\gs 2018-05-21 20:32 - 2018-05-21 20:28 - 000003063 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk 2018-05-21 20:32 - 2018-05-21 20:28 - 000003015 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk 2018-05-21 20:29 - 2018-05-21 20:29 - 000000000 ____D C:\Program Files\Common Files\Protexis 2018-05-21 20:29 - 2018-05-21 20:29 - 000000000 ____D C:\Program Files\Common Files\Corel 2018-05-21 20:28 - 2018-05-21 20:41 - 000000000 ____D C:\ProgramData\Corel 2018-05-21 20:28 - 2018-05-21 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit) 2018-05-21 20:28 - 2018-05-21 20:28 - 000000000 ____D C:\Users\Public\Documents\Corel 2018-05-21 20:28 - 2018-05-21 20:28 - 000000000 ____D C:\Program Files\Corel 2018-05-21 20:24 - 2018-05-21 20:32 - 000000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64 2018-05-21 20:07 - 2018-05-21 20:07 - 005048095 _____ C:\Users\NergTHRONE\Downloads\Nebula%20Installer%20-%20PC%20FULL%20VERSION%201.0.2(1).zip 2018-05-21 20:03 - 2018-05-21 20:03 - 005048095 _____ C:\Users\NergTHRONE\Downloads\Nebula%20Installer%20-%20PC%20FULL%20VERSION%201.0.2.zip 2018-05-21 00:14 - 2018-05-24 21:03 - 000001456 _____ C:\Users\NergTHRONE\AppData\Local\Adobe Save for Web 12.0 Prefs 2018-05-20 18:19 - 2018-05-20 18:19 - 000000000 ____D C:\Users\NergTHRONE\Documents\Addictive Keys 2018-05-20 17:50 - 2018-05-20 17:50 - 000000000 ____D C:\Program Files (x86)\IK Multimedia 2018-05-20 17:47 - 2018-05-25 19:29 - 000000016 _____ C:\Windows\system32\w3data.vss 2018-05-20 17:47 - 2018-05-25 19:29 - 000000016 _____ C:\Windows\system32\msvcsv60.dll 2018-05-20 17:47 - 2018-05-25 19:29 - 000000016 _____ C:\Windows\msocreg32.dat 2018-05-20 17:47 - 2018-05-25 19:29 - 000000016 _____ C:\ProgramData\autobk.inc 2018-05-20 17:47 - 2018-05-20 17:51 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\IK Multimedia 2018-05-20 17:44 - 2018-05-20 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia 2018-05-20 17:44 - 2012-08-29 12:23 - 012708016 _____ (Intel Corporation) C:\Windows\system32\mkl_def.dll 2018-05-20 17:44 - 2012-08-29 12:23 - 012474544 _____ (Intel Corporation) C:\Windows\system32\mkl_core.dll 2018-05-20 17:44 - 2012-08-29 12:23 - 009917616 _____ (Intel Corporation) C:\Windows\system32\mkl_intel_thread.dll 2018-05-20 17:44 - 2012-08-29 12:23 - 000529072 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll 2018-05-20 17:44 - 2009-08-28 10:54 - 003462320 _____ (Intel Corporation) C:\Windows\system32\mkl_sequential.dll 2018-05-20 17:40 - 2018-05-20 17:50 - 000000000 ____D C:\Users\NergTHRONE\Documents\IK Multimedia 2018-05-20 13:10 - 2018-05-20 13:10 - 000000000 ____D C:\Users\NergTHRONE\AppData\Local\PaceAP 2018-05-20 04:02 - 2018-05-20 04:02 - 008207168 _____ (Auslogics) C:\Users\NergTHRONE\Desktop\ausdiskdefragportable.exe 2018-05-20 01:32 - 2018-05-20 01:34 - 000000000 ____D C:\Windows\Acronis 2018-05-20 01:32 - 2018-05-20 01:32 - 000004589 _____ C:\Windows\system32\autopart.cfg 2018-05-20 01:32 - 2018-05-20 01:32 - 000000161 _____ C:\Windows\system32\autopart.opt 2018-05-20 01:32 - 2010-10-22 12:34 - 013090656 _____ (Acronis) C:\Windows\system32\autopart.exe 2018-05-18 13:57 - 2018-05-19 11:27 - 000000000 ____D C:\Program Files\Remo Recover 2018-05-18 13:57 - 2018-05-18 23:36 - 000000898 _____ C:\Users\NergTHRONE\Desktop\Remo Recover.lnk 2018-05-18 13:57 - 2018-05-18 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Recover 2018-05-18 13:57 - 2009-02-12 15:11 - 000026024 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rsdrvx64.sys 2018-05-18 08:00 - 2018-05-18 08:00 - 004213500 _____ C:\Users\NergTHRONE\Documents\SKAN DMDE 2018-05-17 20:20 - 2018-05-17 20:20 - 000754832 _____ (Hiroshi Inagaki ) C:\Users\NergTHRONE\Downloads\VarieDrop1210_32.exe 2018-05-17 20:09 - 2018-05-17 20:10 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\JPEGsnoop 2018-05-17 20:09 - 2018-05-17 20:09 - 001496452 _____ C:\Users\NergTHRONE\Downloads\JPEGsnoop_v1_8_0.zip 2018-05-17 16:18 - 2014-04-30 23:43 - 002408597 _____ C:\Users\NergTHRONE\Desktop\GetDataBack for FAT v4.0.0.1 Portable.exe 2018-05-17 16:08 - 2018-06-03 22:55 - 000000000 ____D C:\Users\NergTHRONE\Desktop\GUI win64 2018-05-17 12:52 - 2018-05-17 12:52 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\R-TT 2018-05-17 12:34 - 2018-05-20 13:07 - 000000000 ____D C:\Program Files (x86)\R-Studio 2018-05-17 12:34 - 2018-05-17 12:52 - 000000000 ____D C:\Users\NergTHRONE\Documents\R-TT 2018-05-16 23:57 - 2018-05-19 18:06 - 000001024 ____H C:\AMTAG.BIN 2018-05-16 23:30 - 2018-05-22 15:14 - 000000000 ____D C:\ProgramData\TEMP 2018-05-16 23:23 - 2018-05-20 13:08 - 000000000 ____D C:\Program Files (x86)\Disk Doctors Windows Data Recovery 2018-05-16 23:12 - 2018-05-16 23:12 - 000000000 ____D C:\ProgramData\SysDev Laboratories 2018-05-16 23:11 - 2018-05-20 13:08 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\SysDev Laboratories 2018-05-16 22:56 - 2018-05-20 13:08 - 000000000 ____D C:\Program Files (x86)\Wondershare 2018-05-16 22:56 - 2018-05-20 13:08 - 000000000 ____D C:\Program Files (x86)\Temp 2018-05-16 22:56 - 2018-05-16 22:56 - 000000000 ____D C:\Users\NergTHRONE\AppData\Local\Wondershare 2018-05-16 20:16 - 2014-04-30 23:43 - 002390167 _____ C:\Users\NergTHRONE\Desktop\GetDataBack for NTFS v4.0.0.1 Portable.exe 2018-05-16 15:11 - 2018-06-06 13:46 - 000000165 _____ C:\Users\NergTHRONE\Documents\AddictiveDrumsLog.txt 2018-05-16 13:14 - 2018-05-16 13:14 - 000000000 ____D C:\Users\NergTHRONE\Documents\Addictive Keys Logs 2018-05-16 13:11 - 2018-05-16 13:11 - 000000000 ____D C:\Program Files\XLN Audio 2018-05-14 14:58 - 2018-05-14 14:58 - 000135423 _____ C:\Users\NergTHRONE\Downloads\bitter.zip 2018-05-14 14:54 - 2018-05-14 14:54 - 000567632 _____ C:\Users\NergTHRONE\Downloads\andada.zip 2018-05-13 17:55 - 2018-05-13 17:57 - 000000000 ____D C:\Users\NergTHRONE\AppData\Local\TechSmith 2018-05-13 17:55 - 2018-05-13 17:55 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\TechSmith 2018-05-13 17:54 - 2018-06-06 15:13 - 000000000 ____D C:\Users\NergTHRONE\Documents\Camtasia Studio 2018-05-13 17:49 - 2018-05-13 17:49 - 000001081 _____ C:\Users\Public\Desktop\Camtasia 9.lnk 2018-05-13 17:49 - 2018-05-13 17:49 - 000000000 ____D C:\ProgramData\TechSmith 2018-05-13 17:49 - 2018-05-13 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2018-05-13 17:49 - 2018-05-13 17:49 - 000000000 ____D C:\Program Files\TechSmith 2018-05-12 20:17 - 2018-05-12 20:17 - 000000000 ____D C:\Users\NergTHRONE\Documents\Naughty Seal Audio 2018-05-12 20:16 - 2018-05-12 20:19 - 000000000 ____D C:\Program Files\Naughty Seal Audio 2018-05-12 20:16 - 2018-05-12 20:16 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\Naughty Seal Audio 2018-05-12 20:16 - 2018-05-12 20:16 - 000000000 ____D C:\ProgramData\Naughty Seal Audio 2018-05-12 20:16 - 2018-05-12 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naughty Seal Audio 2018-05-12 20:16 - 2018-05-12 20:16 - 000000000 ____D C:\Program Files\Common Files\VST3 2018-05-12 20:15 - 2018-05-12 20:15 - 059420013 _____ C:\Users\NergTHRONE\Downloads\Perfect_Drums_Player_WIN.zip 2018-05-09 13:53 - 2018-05-24 19:06 - 000000000 ____D C:\Users\NergTHRONE\Documents\My Games 2018-05-08 22:35 - 2018-05-20 15:25 - 000000000 ____D C:\Users\NergTHRONE\AppData\Local\ElevatedDiagnostics ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-06-06 19:16 - 2018-05-06 18:11 - 000000202 _____ C:\Users\NergTHRONE\Desktop\Path of Exile.url 2018-06-06 18:58 - 2018-04-25 15:02 - 000000000 ____D C:\Users\NergTHRONE\AppData\LocalLow\Mozilla 2018-06-06 18:57 - 2018-04-26 21:45 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\TS3Client 2018-06-06 15:45 - 2018-04-25 16:25 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\tixati 2018-06-06 15:44 - 2018-04-26 00:55 - 000000000 ____D C:\Program Files (x86)\The KMPlayer 2018-06-06 14:19 - 2018-04-25 15:14 - 000000000 ____D C:\ProgramData\PreSonus 2018-06-06 12:34 - 2018-04-25 15:02 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-06-06 12:32 - 2009-07-14 06:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-06-06 12:32 - 2009-07-14 06:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-06-06 12:31 - 2011-04-12 15:21 - 000739786 _____ C:\Windows\system32\perfh015.dat 2018-06-06 12:31 - 2011-04-12 15:21 - 000155360 _____ C:\Windows\system32\perfc015.dat 2018-06-06 12:31 - 2009-07-14 07:13 - 001668226 _____ C:\Windows\system32\PerfStringBackup.INI 2018-06-06 12:31 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-06-06 12:24 - 2018-04-29 20:25 - 000000000 ____D C:\Program Files (x86)\SpeedFan 2018-06-06 12:24 - 2018-04-26 20:24 - 000000000 ____D C:\ProgramData\PACE 2018-06-06 12:24 - 2018-04-25 15:40 - 000000000 ____D C:\ProgramData\NVIDIA 2018-06-06 12:24 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-06-04 17:27 - 2018-05-03 20:04 - 000000132 _____ C:\Users\NergTHRONE\AppData\Roaming\Adobe PNG Format CS5 Prefs 2018-06-04 10:31 - 2018-04-25 17:18 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\PreSonus 2018-06-03 22:43 - 2009-07-14 04:34 - 000000215 _____ C:\Windows\system.ini 2018-06-03 10:31 - 2018-04-27 23:49 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-06-01 19:01 - 2018-04-26 21:32 - 000000000 ____D C:\Users\NergTHRONE\AppData\Local\CrashDumps 2018-06-01 10:29 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2018-05-31 10:29 - 2018-04-25 17:31 - 000000000 ____D C:\Program Files\Opera 2018-05-27 18:24 - 2018-04-25 20:05 - 000000870 _____ C:\Users\Public\Desktop\Kontakt 5 PORTABLE - Library Manager.lnk 2018-05-27 18:24 - 2018-04-25 20:05 - 000000803 _____ C:\Users\Public\Desktop\Kontakt 5 PORTABLE.lnk 2018-05-27 18:24 - 2018-04-25 20:05 - 000000000 ____D C:\ProgramData\{8C14C049-8207-4015-BC26-02FEB0BEE9C7} 2018-05-26 23:56 - 2018-04-28 01:11 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\AIMP3 2018-05-25 10:43 - 2009-07-14 06:45 - 004931112 _____ C:\Windows\system32\FNTCACHE.DAT 2018-05-24 21:15 - 2018-04-25 15:42 - 000088784 _____ C:\Users\NergTHRONE\AppData\Local\GDIPFONTCACHEV1.DAT 2018-05-24 17:32 - 2018-04-25 17:31 - 000003884 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1524670308 2018-05-23 14:48 - 2018-04-26 20:08 - 000000000 ____D C:\Program Files (x86)\AIR Music Technology 2018-05-21 20:48 - 2018-04-25 21:45 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client 2018-05-21 20:31 - 2018-04-25 15:14 - 000000000 ____D C:\ProgramData\Package Cache 2018-05-21 20:31 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2018-05-21 00:13 - 2018-04-25 14:45 - 000000000 ____D C:\Users\NergTHRONE\AppData\Roaming\Adobe 2018-05-20 14:36 - 2018-04-25 19:13 - 000000202 _____ C:\Users\NergTHRONE\Desktop\Neverwinter.url 2018-05-18 12:43 - 2018-04-29 19:49 - 000000935 _____ C:\Users\Public\Desktop\GIMP 2.lnk 2018-05-17 20:38 - 2018-05-05 01:55 - 000000000 ____D C:\Users\NergTHRONE\AppData\Local\babl-0.1 2018-05-17 20:38 - 2018-04-29 19:49 - 000000000 ____D C:\Program Files\GIMP 2 2018-05-17 14:15 - 2018-04-29 21:14 - 000007639 _____ C:\Users\NergTHRONE\AppData\Local\Resmon.ResmonCfg 2018-05-17 13:56 - 2018-04-25 14:44 - 000000000 ____D C:\Users\NergTHRONE 2018-05-16 13:11 - 2018-05-05 23:07 - 000000000 ____D C:\ProgramData\XLN Audio 2018-05-16 13:11 - 2018-05-05 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XLN Audio 2018-05-15 16:37 - 2018-05-02 13:28 - 000000298 _____ C:\Users\NergTHRONE\Desktop\Nowe maile.txt 2018-05-13 13:30 - 2018-04-25 16:25 - 000000832 _____ C:\Users\NergTHRONE\Desktop\Tixati.lnk 2018-05-13 12:44 - 2018-04-28 00:58 - 000000000 ____D C:\Users\NergTHRONE\AppData\Local\Adobe 2018-05-13 12:44 - 2018-04-27 23:49 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-05-13 12:44 - 2018-04-27 23:49 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-05-13 12:44 - 2018-04-27 23:49 - 000004592 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-05-13 12:43 - 2018-04-27 23:49 - 000000000 ____D C:\Windows\system32\Macromed 2018-05-10 12:46 - 2018-04-26 16:35 - 000000009 _____ C:\Users\NergTHRONE\Desktop\Hasło do grupy domowej.txt ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-05-03 23:28 - 2018-05-03 23:28 - 000000132 _____ () C:\Users\NergTHRONE\AppData\Roaming\Adobe GIF Format CS5 Prefs 2018-05-03 20:04 - 2018-06-04 17:27 - 000000132 _____ () C:\Users\NergTHRONE\AppData\Roaming\Adobe PNG Format CS5 Prefs 2018-05-21 00:14 - 2018-05-24 21:03 - 000001456 _____ () C:\Users\NergTHRONE\AppData\Local\Adobe Save for Web 12.0 Prefs 2018-04-29 21:14 - 2018-05-17 14:15 - 000007639 _____ () C:\Users\NergTHRONE\AppData\Local\Resmon.ResmonCfg Niektóre pliki w TEMP: ==================== 2018-06-04 09:14 - 2018-06-06 12:24 - 000192512 _____ () C:\Users\NergTHRONE\AppData\Local\Temp\sfamcc00001.dll Niektóre zerobajtowe pliki/foldery: ========================== C:\Windows\System32\dlumd10.dll C:\Windows\System32\dlumd11.dll C:\Windows\System32\dlumd9.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-05-29 11:14 ==================== Koniec FRST.txt ============================