Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 15-03-2017 Uruchomiony przez admin (administrator) DESKTOP-04BH4US (08-04-2017 19:17:12) Uruchomiony z C:\Users\admin\Downloads Załadowane profile: admin (Dostępne profile: admin) Platform: Windows 10 Home Wersja 1607 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () D:\Program Files (x86)\Gameplay Time Tracker\GameplayTimeTracker.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (mik61) D:\Program Files (x86)\Gameplay Time Tracker\Support64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3942568 2000-01-01] (Synaptics Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [GameplayTimeTracker] => D:\Program Files (x86)\Gameplay Time Tracker\GameplayTimeTracker.exe [855552 2016-09-07] () ShellExecuteHooks: Brak nazwy - {E7869040-ECD1-11E6-AD72-64006A5CFC23} - -> Brak pliku ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] () ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] () ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] () ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] () ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] () ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-02-24] ShortcutTarget: MEGAsync.lnk -> C:\Users\admin\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{cd1adf02-f2a6-403f-915a-057f6574a92d}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{f93ce941-8b8a-4107-80f8-420770dbe319}: [DhcpNameServer] 192.168.40.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-320741745-3816550499-1170541307-1001\Software\Microsoft\Internet Explorer\Main,Start Page = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-320741745-3816550499-1170541307-1001 -> hxxp://www.google.com FireFox: ======== FF DefaultProfile: dwt48jmq.default FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\dwt48jmq.default [2017-04-08] FF Homepage: Mozilla\Firefox\Profiles\dwt48jmq.default -> www.google.pl FF Extension: (uBlock Origin) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\dwt48jmq.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-13] FF Extension: (Disable Prefetch) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\dwt48jmq.default\features\{384971d5-50b4-4628-94a4-5b264f2c967b}\disable-prefetch@mozilla.org.xpi [2017-04-05] FF HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - => nie znaleziono FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-15] () FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-15] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-11] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-320741745-3816550499-1170541307-1001: @my.com/Games -> [Brak pliku] StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-02] <==== UWAGA CHR Extension: (Prezentacje Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-25] CHR Extension: (Dokumenty Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-25] CHR Extension: (Dysk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-25] CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-25] CHR Extension: (Arkusze Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-25] CHR Extension: (Dokumenty Google offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-02] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-25] CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-25] CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-25] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-22] () S3 Disc Soft Lite Bus Service; D:\Program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd) S4 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-04] (Intel Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359856 2015-07-30] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Brak podpisu cyfrowego] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Brak podpisu cyfrowego] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation) S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7801944 2016-10-20] (INCA Internet Co., Ltd.) S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S2 Coatoly; C:\Program Files (x86)\Pluteward\ChrCommunity.dll [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-09-05] (The OpenVPN Project) R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2017-03-03] () R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-04] (Intel Corporation) R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-04] (Intel Corporation) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-07-17] (Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-07-17] (Disc Soft Ltd) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-04] (Intel Corporation) R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-02-11] (REALiX(tm)) R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation) R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2017-03-03] () S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2000-01-01] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2000-01-01] (Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2000-01-01] (Synaptics Incorporated) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-11-18] (Wellbia.com Co., Ltd.) U3 axedypow; C:\Users\admin\AppData\Local\Temp\axedypow.sys [56584 2017-04-08] (GMER) [Brak podpisu cyfrowego] <==== UWAGA ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-04-08 19:17 - 2017-04-08 19:17 - 00017663 _____ C:\Users\admin\Downloads\FRST.txt 2017-04-08 19:17 - 2017-04-08 19:17 - 00000000 ____D C:\FRST 2017-04-08 19:12 - 2017-04-08 19:17 - 02424832 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe 2017-04-08 19:11 - 2017-04-08 19:11 - 00380928 _____ C:\Users\admin\Downloads\9uduvikr.exe 2017-04-08 16:07 - 2017-04-08 16:10 - 00000000 ____D C:\Users\admin\Downloads\metek 2017-04-08 15:08 - 2017-04-08 15:08 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-04-07 22:49 - 2017-04-07 22:49 - 00000993 _____ C:\Users\admin\Desktop\Baria — skrót.lnk 2017-04-02 19:23 - 2017-04-02 19:23 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-04-02 19:23 - 2017-04-02 19:23 - 00002409 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-03-27 10:06 - 2017-03-27 10:06 - 00341552 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-03-26 19:51 - 2017-03-26 19:51 - 00000846 _____ C:\Users\Public\Desktop\Defraggler.lnk 2017-03-26 19:51 - 2017-03-26 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler 2017-03-26 18:58 - 2017-03-26 18:58 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2017-03-26 18:58 - 2017-03-26 18:58 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-03-26 18:58 - 2017-03-26 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-03-26 18:58 - 2017-03-26 18:58 - 00000000 ____D C:\Program Files\CCleaner 2017-03-25 19:57 - 2017-03-25 19:58 - 00001435 _____ C:\Users\admin\Desktop\DAOrigins — skrót .lnk 2017-03-23 09:01 - 2017-03-23 09:01 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2017-03-23 08:58 - 2017-03-23 08:58 - 00000943 _____ C:\Users\Public\Desktop\Dragon Age Origins.lnk 2017-03-23 08:58 - 2017-03-23 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Origins - Ultimate Edition [GOG.com] 2017-03-22 18:32 - 2017-03-22 18:32 - 00000000 ____D C:\Users\admin\AppData\LocalLow\uTorrent 2017-03-22 16:16 - 2017-03-22 16:16 - 00000000 ____D C:\Users\admin\Documents\NBGI 2017-03-22 16:16 - 2017-03-22 16:16 - 00000000 ____D C:\Users\admin\AppData\Local\NBGI 2017-03-19 11:04 - 2017-03-19 11:05 - 04031440 _____ C:\Users\admin\Desktop\adwcleaner_6.044.exe 2017-03-17 16:38 - 2017-03-17 16:38 - 00000000 ____D C:\Users\admin\Documents\My Games 2017-03-17 16:38 - 2017-03-17 16:38 - 00000000 ____D C:\ProgramData\RELOADED 2017-03-14 18:16 - 2017-03-14 18:16 - 00000000 ____D C:\Users\admin\Documents\DyingLight 2017-03-14 16:36 - 2017-03-14 16:36 - 00000922 _____ C:\Users\Public\Desktop\Dying Light.lnk 2017-03-14 16:36 - 2017-03-14 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-04-08 15:45 - 2016-12-09 18:16 - 00000165 _____ C:\Users\admin\AppData\Roaming\sp_data.sys 2017-04-08 15:27 - 2017-03-08 01:31 - 00000000 ____D C:\AdwCleaner 2017-04-08 15:15 - 2016-07-17 00:05 - 04113198 _____ C:\WINDOWS\system32\perfh015.dat 2017-04-08 15:15 - 2016-07-17 00:05 - 01658354 _____ C:\WINDOWS\system32\perfc015.dat 2017-04-08 15:15 - 2015-08-15 07:21 - 05030084 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-04-08 15:14 - 2016-11-19 08:56 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla 2017-04-08 15:13 - 2016-10-12 11:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-04-08 15:08 - 2016-10-12 12:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-04-08 15:08 - 2015-09-19 05:38 - 00000000 __SHD C:\Users\admin\IntelGraphicsProfiles 2017-04-08 01:48 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-04-05 18:53 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-04-02 23:52 - 2016-10-12 12:03 - 00000000 ____D C:\Users\admin 2017-04-02 20:04 - 2016-11-07 14:44 - 00000000 ____D C:\Users\admin\Documents\MEGAsync Downloads 2017-04-02 19:23 - 2015-09-19 05:42 - 00000000 ___RD C:\Users\admin\OneDrive 2017-04-02 11:36 - 2016-10-06 09:07 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore 2017-03-31 23:22 - 2016-10-09 20:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-03-31 13:02 - 2017-03-04 19:49 - 00000000 ____D C:\Users\admin\Documents\BioWare 2017-03-28 13:22 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF 2017-03-26 19:07 - 2017-02-09 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live 2017-03-26 19:07 - 2017-02-01 17:45 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games 2017-03-26 19:07 - 2016-10-06 13:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent 2017-03-26 19:07 - 2016-10-06 12:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\DAEMON Tools Lite 2017-03-26 18:58 - 2017-02-11 14:26 - 00000000 ____D C:\Users\admin\AppData\Local\JDownloader v2.0 2017-03-22 16:20 - 2016-12-03 20:44 - 00000000 ____D C:\ProgramData\IObit 2017-03-14 18:16 - 2017-02-24 20:04 - 00000000 ____D C:\ProgramData\Steam ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-12-09 18:16 - 2017-04-08 15:45 - 0000165 _____ () C:\Users\admin\AppData\Roaming\sp_data.sys 2016-11-13 19:41 - 2016-11-13 19:41 - 0000017 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg 2016-10-12 12:00 - 2016-10-12 12:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Niektóre pliki w TEMP: ==================== 2017-04-02 11:43 - 2017-04-02 11:46 - 0098872 _____ () C:\Users\admin\AppData\Local\Temp\bass.dll 2017-03-26 18:58 - 2017-03-26 18:58 - 0040448 ____N () C:\Users\admin\AppData\Local\Temp\proxy_vole368904621302715436.dll 2017-03-26 18:58 - 2017-03-26 18:58 - 0040448 ____N () C:\Users\admin\AppData\Local\Temp\proxy_vole4282533706157418602.dll 2017-03-26 18:58 - 2017-03-26 18:58 - 0040448 ____N () C:\Users\admin\AppData\Local\Temp\proxy_vole5877865803488263497.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-03-30 12:37 ==================== Koniec FRST.txt ============================