Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 07-12-2016 Uruchomiony przez Windows98 (administrator) WINDOWS (14-12-2016 20:53:14) Uruchomiony z C:\Users\Windows98\Downloads Załadowane profile: Windows98 (Dostępne profile: Windows98) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\ProgramData\Cyfrowy Polsat E3276\OnlineUpdate\ouc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe () C:\Users\Windows98\AppData\Local\Freenet\FreenetTray.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Flux Software LLC) C:\Users\Windows98\AppData\Local\FluxSoftware\Flux\flux.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Windows98\Downloads\21wskeui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776192 2016-12-02] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-19] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKU\S-1-5-21-3230873653-752981126-2148569692-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] () HKU\S-1-5-21-3230873653-752981126-2148569692-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-04-06] (AMD) HKU\S-1-5-21-3230873653-752981126-2148569692-1000\...\Run: [Freenet] => C:\Users\Windows98\AppData\Local\Freenet\FreenetTray.exe [443096 2015-08-16] () HKU\S-1-5-21-3230873653-752981126-2148569692-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.) HKU\S-1-5-21-3230873653-752981126-2148569692-1000\...\Run: [f.lux] => C:\Users\Windows98\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-3230873653-752981126-2148569692-1000\...\MountPoints2: E - E:\autorun_DATADISK.exe HKU\S-1-5-21-3230873653-752981126-2148569692-1000\...\MountPoints2: {1d6c1d25-bdea-11e6-a52a-c0d962382821} - G:\autorun.exe HKU\S-1-5-21-3230873653-752981126-2148569692-1000\...\MountPoints2: {5fb7e6f3-e868-11e4-b657-806e6f6e6963} - D:\twojkomputer.exe HKU\S-1-5-21-3230873653-752981126-2148569692-1000\...\MountPoints2: {789f04e5-ca4d-11e5-9674-7054d2c38625} - G:\AutoRun.exe HKU\S-1-5-21-3230873653-752981126-2148569692-1000\...\MountPoints2: {789f04ef-ca4d-11e5-9674-7054d2c38625} - G:\AutoRun.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-06-15] (Microsoft Corporation) ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => Brak pliku Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-08] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe (McAfee, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 217.173.176.6 217.173.176.50 Tcpip\..\Interfaces\{4DB6DBA5-0736-48E4-A9FF-711D27763FE1}: [DhcpNameServer] 217.173.176.6 217.173.176.50 Tcpip\..\Interfaces\{BFA560F4-A25D-4D10-BBDE-8B55F26532FC}: [DhcpNameServer] 212.2.96.53 212.2.96.54 Tcpip\..\Interfaces\{C30CD035-BF31-42D1-AE06-4CE3E0DDC2E2}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-3230873653-752981126-2148569692-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3230873653-752981126-2148569692-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Windows98\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3230873653-752981126-2148569692-1000: jpl.nasa.gov/NASAEyes -> C:\Users\Windows98\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2016-06-15] (Jet Propulsion Laboratory) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default [2016-12-14] CHR Extension: (Prezentacje Google) - C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-21] CHR Extension: (Dokumenty Google) - C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-21] CHR Extension: (Dysk Google) - C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Google Search) - C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Arkusze Google) - C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-21] CHR Extension: (Dokumenty Google offline) - C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-21] CHR Extension: (Chrome Media Router) - C:\Users\Windows98\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-21] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] S2 Cyfrowy Polsat E3276. RunOuc; C:\Program Files (x86)\Cyfrowy Polsat E3276\UpdateDog\ouc.exe [246112 2012-09-20] () R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.469\McCHSvc.exe [329480 2016-12-02] (McAfee, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2016-12-02] (Realtek Semiconductor) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-12-09] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-12-09] (Disc Soft Ltd) U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-09-20] (Huawei Technologies Co., Ltd.) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-13] (Malwarebytes) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3401944 2015-04-21] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-11-10] (Duplex Secure Ltd.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U3 fgtdqpob; \??\C:\Users\WINDOW~1\AppData\Local\Temp\fgtdqpob.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-14 20:53 - 2016-12-14 20:59 - 00015924 _____ C:\Users\Windows98\Downloads\FRST.txt 2016-12-14 20:49 - 2016-12-14 20:53 - 00000000 ____D C:\FRST 2016-12-14 17:00 - 2016-12-14 17:02 - 00380928 _____ C:\Users\Windows98\Downloads\21wskeui.exe 2016-12-14 16:59 - 2016-12-14 17:02 - 02420224 _____ (Farbar) C:\Users\Windows98\Downloads\FRST64.exe 2016-12-14 16:14 - 2016-12-14 16:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2016-12-14 16:13 - 2016-12-14 16:13 - 00000000 ____D C:\Program Files\Synaptics 2016-12-14 15:07 - 2016-12-14 15:07 - 00000000 ____D C:\Users\Windows98\AppData\Local\DriverToolkit 2016-12-14 15:06 - 2016-12-14 15:07 - 00000000 ____D C:\Program Files (x86)\DriverToolkit 2016-12-14 15:06 - 2016-12-14 15:06 - 00001082 _____ C:\Users\Public\Desktop\DriverToolkit.lnk 2016-12-14 15:06 - 2016-12-14 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit 2016-12-13 20:27 - 2016-12-13 20:27 - 00000000 ____D C:\Users\Windows98\AppData\Local\ESET 2016-12-13 14:59 - 2016-12-13 15:02 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2016-12-13 14:59 - 2016-12-13 14:59 - 00000000 ____D C:\Windows\system32\SRSLabs 2016-12-13 14:59 - 2016-12-13 14:59 - 00000000 ____D C:\Program Files\Realtek 2016-12-13 14:57 - 2016-12-02 09:29 - 07704619 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT 2016-12-13 14:57 - 2016-12-02 09:29 - 05523456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2016-12-13 14:57 - 2016-12-02 09:29 - 03503048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 03295064 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 03204096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 03201376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 03014144 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2016-12-13 14:57 - 2016-12-02 09:29 - 02995000 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 02706856 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 02201088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 01615656 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 01529136 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 01382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 01360512 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00873456 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00689872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll 2016-12-13 14:57 - 2016-12-02 09:29 - 00023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll 2016-12-13 14:55 - 2016-12-13 15:03 - 00000000 ___HD C:\Program Files (x86)\Temp 2016-12-13 14:55 - 2016-09-22 14:55 - 02839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll 2016-12-13 14:47 - 2016-12-13 14:47 - 00000000 ____D C:\Windows\pss 2016-12-09 15:35 - 2016-12-09 15:35 - 00001099 _____ C:\Users\Windows98\Desktop\Half-Life 2.lnk 2016-12-09 15:35 - 2016-12-09 15:35 - 00000000 ____D C:\Users\Windows98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life 2 2016-12-09 15:35 - 2016-12-09 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Half-Life 2 2016-12-09 15:18 - 2016-12-09 15:35 - 00000000 ____D C:\Program Files (x86)\Half-Life 2 2016-12-09 11:54 - 2016-12-09 11:54 - 00001196 _____ C:\Users\Windows98\Desktop\Indiana Jack.lnk 2016-12-09 11:54 - 2016-12-09 11:54 - 00000000 ____D C:\Users\Windows98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Big City Games 2016-12-09 11:54 - 2016-12-09 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Big City Games 2016-12-09 11:52 - 2016-12-09 11:52 - 00000000 ____D C:\Program Files (x86)\Big City Games 2016-12-09 11:50 - 2016-12-09 11:50 - 00000000 ____D C:\Users\Windows98\AppData\Local\Disc_Soft_Ltd 2016-12-09 11:49 - 2016-12-09 11:49 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images 2016-12-09 11:46 - 2016-12-09 11:46 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys 2016-12-09 11:45 - 2016-12-09 11:45 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2016-12-08 22:51 - 2016-12-08 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-12-08 14:38 - 2016-12-08 14:38 - 00002322 _____ C:\Users\Public\Desktop\Desperados Wanted Dead or Alive.lnk 2016-12-08 12:28 - 2016-12-08 12:41 - 00000000 ____D C:\Users\Windows98\AppData\Local\Ubisoft Game Launcher 2016-12-08 12:28 - 2016-12-08 12:28 - 00001216 _____ C:\Users\Windows98\Desktop\Uplay.lnk 2016-12-08 12:28 - 2016-12-08 12:28 - 00000000 ____D C:\Users\Windows98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2016-12-08 12:28 - 2016-12-08 12:28 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2016-12-02 09:16 - 2016-12-02 09:16 - 00163995 _____ C:\Users\Windows98\Desktop\Pages from Finkelstein_An Introduction To Book History.pdf 2016-11-28 16:16 - 2016-11-28 16:27 - 00116520 _____ C:\Users\Windows98\Desktop\lol.veg.sfk 2016-11-28 16:16 - 2016-11-28 16:16 - 29812400 _____ C:\Users\Windows98\Desktop\lol.veg.sfap0 2016-11-28 16:15 - 2016-11-28 16:15 - 00012248 _____ C:\Users\Windows98\Desktop\lol.veg 2016-11-28 15:32 - 2016-11-28 15:32 - 00000232 _____ C:\Users\Windows98\Documents\Untitled.mpg.sfl 2016-11-27 19:21 - 2016-11-27 19:21 - 00002604 _____ C:\Users\Windows98\Documents\Register Vegas Pro.htm 2016-11-27 19:21 - 2016-11-27 19:21 - 00000000 ____D C:\Users\Windows98\AppData\Roaming\Publish Providers 2016-11-27 19:14 - 2016-11-27 19:19 - 00000000 ____D C:\Users\Windows98\AppData\Local\Sony 2016-11-27 19:14 - 2016-11-27 19:14 - 00000000 ____D C:\ProgramData\Sony 2016-11-27 19:14 - 2016-11-27 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2016-11-27 19:14 - 2016-11-27 19:14 - 00000000 ____D C:\Program Files\Sony 2016-11-27 19:14 - 2016-11-27 19:14 - 00000000 ____D C:\Program Files (x86)\Sony 2016-11-27 19:13 - 2016-11-28 14:44 - 00000000 ____D C:\Users\Windows98\AppData\Roaming\Sony 2016-11-21 18:58 - 2016-11-21 19:00 - 46065664 _____ C:\Users\Windows98\Desktop\1.2.13_23L.bin 2016-11-17 18:28 - 2016-11-17 18:32 - 00169514 _____ C:\Users\Windows98\Desktop\nazi-army.jpeg 2016-11-14 20:21 - 2016-11-14 20:25 - 00000000 ____D C:\AdwCleaner 2016-11-14 20:18 - 2016-12-13 19:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-11-14 20:16 - 2016-11-14 20:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-11-14 20:16 - 2016-11-14 20:16 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-11-14 20:16 - 2016-11-14 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-11-14 20:16 - 2016-11-14 20:16 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-11-14 20:16 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-11-14 20:16 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-11-14 20:16 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-14 20:56 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-14 20:56 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-14 20:50 - 2015-06-29 19:29 - 00000000 ____D C:\Users\Windows98\AppData\Roaming\Skype 2016-12-14 20:48 - 2015-04-21 22:11 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-12-14 20:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-14 20:11 - 2015-04-21 22:11 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-12-14 16:53 - 2015-07-27 18:11 - 00000000 ____D C:\Users\Windows98\Downloads\u-sths90 2016-12-14 16:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-12-14 16:08 - 2016-10-29 12:10 - 00000000 ____D C:\Users\Windows98\Desktop\Audio 2016-12-14 16:07 - 2015-07-19 17:32 - 00000000 ____D C:\Users\Windows98\Desktop\Cubase Projects 2016-12-13 15:02 - 2015-10-04 21:31 - 00000000 ____D C:\Users\Windows98\AppData\Local\ElevatedDiagnostics 2016-12-13 14:57 - 2015-04-21 22:08 - 00000000 ____D C:\Program Files (x86)\Realtek 2016-12-13 14:56 - 2015-04-21 22:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-12-09 17:01 - 2015-04-22 12:49 - 00000000 ____D C:\Users\Windows98\AppData\Roaming\uTorrent 2016-12-09 16:10 - 2016-10-20 17:54 - 00000000 ____D C:\Program Files (x86)\GOG.com 2016-12-09 11:54 - 2016-01-24 09:29 - 00000000 ____D C:\Users\Windows98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-12-09 11:51 - 2015-05-20 14:21 - 00000000 ____D C:\Users\Windows98\AppData\Roaming\DAEMON Tools Lite 2016-12-08 22:51 - 2016-06-30 21:25 - 00001979 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2016-12-08 22:51 - 2015-11-19 23:54 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-12-08 14:38 - 2015-10-06 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2016-12-07 08:42 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-06 15:46 - 2015-07-27 18:12 - 00000000 ____D C:\Users\Windows98\AppData\Roaming\Synthesia 2016-12-05 09:04 - 2009-07-14 18:55 - 00740348 _____ C:\Windows\system32\perfh015.dat 2016-12-05 09:04 - 2009-07-14 18:55 - 00155890 _____ C:\Windows\system32\perfc015.dat 2016-12-05 09:04 - 2009-07-14 06:13 - 01669190 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-02 21:18 - 2016-10-20 17:57 - 00000000 ____D C:\Users\Windows98\Documents\Legacy of Kain - Defiance 2016-11-27 18:37 - 2015-04-29 18:22 - 00000000 ____D C:\Games 2016-11-25 09:17 - 2015-04-23 22:22 - 00003886 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429824137 2016-11-25 09:17 - 2015-04-23 22:21 - 00000000 ____D C:\Program Files (x86)\Opera 2016-11-21 19:06 - 2015-09-28 04:53 - 00000000 ____D C:\Users\Windows98\AppData\Local\Freenet 2016-11-15 09:12 - 2015-04-21 22:13 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-04-21 21:30 - 2015-04-21 21:30 - 0003584 _____ () C:\Users\Windows98\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-10-27 20:12 - 2016-10-27 20:12 - 0007975 _____ () C:\Users\Windows98\AppData\Local\recently-used.xbel Pliki do przeniesienia lub usunięcia: ==================== C:\Users\Windows98\lua5.1.dll C:\Users\Windows98\uninstall.exe Niektóre pliki w TEMP: ==================== C:\Users\Windows98\AppData\Local\Temp\drm_dialogs.dll C:\Users\Windows98\AppData\Local\Temp\EyesLauncher.exe C:\Users\Windows98\AppData\Local\Temp\FINALISE.exe C:\Users\Windows98\AppData\Local\Temp\SIntf16.dll C:\Users\Windows98\AppData\Local\Temp\SIntf32.dll C:\Users\Windows98\AppData\Local\Temp\SIntfNT.dll C:\Users\Windows98\AppData\Local\Temp\temp-installer.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-11-16 21:57 ==================== Koniec FRST.txt ============================