Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 02-11-2017 Uruchomiony przez Bartek (administrator) BARTEK-KOMPUTER (05-11-2017 17:18:44) Uruchomiony z H:\Downloads Załadowane profile: Bartek (Dostępne profile: Bartek) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (GamersFirst) C:\Users\Bartek\AppData\Local\GamersFirst\LIVE!\Live.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (StarWind Software) H:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe (Copyright (c) 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe () C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe () C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe () C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe () C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe () C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe (OldTimer Tools) H:\Downloads\OTL.exe (Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18384360 2017-06-29] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-08-17] (Copyright (c) 2017 Plays.tv, LLC) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc) HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\Run: [ALLUpdate] => H:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3000680 2013-11-01] (ALLPlayer Group Ltd.) HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\Run: [lollipop_05171539] => "c:\users\bartek\appdata\local\lollipop\lollipop_05171539.exe" lollipop_05171539 HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\Run: [AlcoholAutomount] => H:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\Run: [{EA8630BD-0DCC-4154-B972-AAA6C8989E1A}] => "H:\Downloads\LeagueofLegends_EUNE_Installer_2016_11_10.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{EA8630BD-0DCC-4154-B972-AAA6C8989E1A}" HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation) HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\Run: [uTorrent] => C:\Users\Bartek\AppData\Roaming\uTorrent\uTorrent.exe [1982144 2017-09-28] (BitTorrent Inc.) HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.) HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\MountPoints2: D - D:\EuroTEST_2013.exe HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\MountPoints2: {18d3554f-28ea-11e3-9537-806e6f6e6963} - D:\setup.exe HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\MountPoints2: {3662bc39-42de-11e3-aa11-6c626d725537} - F:\autorun.exe HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\MountPoints2: {7802c2c2-972d-11e3-9e6b-6c626d725537} - G:\windows\Install\Install.exe HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\MountPoints2: {99fe5246-b0e4-11e3-a80b-6c626d725537} - F:\Setup.exe HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\MountPoints2: {fe0ebe40-a4e3-11e7-ab3d-806e6f6e6963} - 0 HKU\S-1-5-21-245540175-2171169522-4110476966-1001\...\MountPoints2: {fe0ebe41-a4e3-11e7-ab3d-806e6f6e6963} - 0 HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-01] (Microsoft Corporation) Startup: C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2017-05-19] ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\Bartek\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.61 62.179.1.63 Tcpip\..\Interfaces\{7F6D4D59-440C-476D-8D00-FBBF380921AC}: [DhcpNameServer] 62.179.1.61 62.179.1.63 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.moneymilioner.pl/startpage.php HKU\S-1-5-21-245540175-2171169522-4110476966-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> DefaultScope - brak wartości BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-29] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-29] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-29] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-29] (Oracle Corporation) BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> H:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll [2013-11-01] (ALLCinema Ltd.) FireFox: ======== FF ProfilePath: C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\ukfzbceo.default [2017-11-05] FF Extension: (Widget context) - C:\Users\Bartek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-04-16] [Brak podpisu cyfrowego] FF Extension: (MEGA) - C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\ukfzbceo.default\Extensions\firefox@mega.co.nz.xpi [2017-11-02] FF Extension: (Iplex to ALLPlayer) - C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\ukfzbceo.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2013-11-10] [Brak podpisu cyfrowego] FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\ukfzbceo.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-13] FF Extension: (Avast Online Security) - C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\ukfzbceo.default\Extensions\wrc@avast.com.xpi [2017-10-07] FF Extension: (Adblock Plus) - C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\ukfzbceo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-29] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-29] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] () FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @MoneyMillionaire/npdf -> C:\ProgramData\Odkrywca Rabatów\FFExtension20140104111649\plugins\npdf.dll [2012-11-15] ( ) FF Plugin-x32: Adobe Reader -> H:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.) ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551824 2013-11-04] (Protection Technology) S2 AxAutoMntSrv; H:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-13] () R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-10] (Hi-Rez Studios) [Brak podpisu cyfrowego] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [Brak podpisu cyfrowego] R2 StarWindServiceAE; H:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Brak podpisu cyfrowego] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [2918512 2013-11-04] (Protection Technology) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-11-24] () [Brak podpisu cyfrowego] R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-21] (Disc Soft Ltd) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-11-24] () [Brak podpisu cyfrowego] R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-09-02] (Duplex Secure Ltd.) U3 a3ik49qa; C:\Windows\System32\Drivers\a3ik49qa.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder) U3 ai8luu1u; C:\Windows\System32\Drivers\ai8luu1u.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder) S3 dump_wmimmc; \??\H:\Program Files (x86)\BnS\bin64\GameGuard\dump_wmimmc.sys [X] S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae64.sys [X] S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X] S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X] S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-11-05 17:18 - 2017-11-05 17:18 - 000000000 ____D C:\FRST 2017-11-05 17:11 - 2017-11-05 17:11 - 000095512 _____ C:\Users\Bartek\Desktop\Extras.Txt 2017-11-05 17:11 - 2017-11-05 17:11 - 000089758 _____ C:\Users\Bartek\Desktop\OTL.Txt 2017-11-01 11:00 - 2017-11-01 11:00 - 000000000 ____D C:\Users\Bartek\.QtWebEngineProcess 2017-11-01 11:00 - 2017-11-01 11:00 - 000000000 ____D C:\Users\Bartek\.Plays.tv 2017-10-31 14:54 - 2017-11-05 17:11 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Skype 2017-10-31 14:54 - 2017-10-31 14:54 - 000002699 _____ C:\Users\Public\Desktop\Skype.lnk 2017-10-31 14:54 - 2017-10-31 14:54 - 000000000 ___RD C:\Program Files (x86)\Skype 2017-10-31 14:54 - 2017-10-31 14:54 - 000000000 ____D C:\Users\Bartek\Tracing 2017-10-31 14:54 - 2017-10-31 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-10-31 14:53 - 2017-10-31 14:54 - 000000000 ____D C:\ProgramData\Skype 2017-10-30 12:53 - 2017-10-30 12:53 - 000001046 _____ C:\Users\Public\Desktop\CpuCoreParking.lnk 2017-10-30 12:53 - 2017-10-30 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CpuCoreParking 2017-10-30 12:53 - 2017-10-30 12:53 - 000000000 ____D C:\Program Files (x86)\CpuCoreParking 2017-10-30 12:51 - 2017-08-28 06:01 - 001900544 _____ C:\Users\Bartek\Desktop\CpuCoreParkingSetup-1.1.1.0.msi ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-11-05 16:56 - 2009-07-14 05:45 - 000023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-05 16:56 - 2009-07-14 05:45 - 000023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-05 16:50 - 2017-09-29 15:10 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\PlaysTV 2017-11-05 16:50 - 2017-09-29 15:09 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Raptr 2017-11-05 16:50 - 2017-01-15 14:18 - 000000000 ____D C:\Program Files (x86)\Steam 2017-11-05 16:48 - 2017-01-02 16:14 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-11-05 16:46 - 2017-01-02 14:25 - 000000000 ____D C:\Users\Bartek\AppData\LocalLow\Mozilla 2017-11-05 16:45 - 2013-09-29 12:35 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\uTorrent 2017-11-05 16:43 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-05 16:40 - 2014-05-18 10:09 - 000000000 ____D C:\AdwCleaner 2017-11-04 11:46 - 2009-07-14 18:55 - 000740196 _____ C:\Windows\system32\perfh015.dat 2017-11-04 11:46 - 2009-07-14 18:55 - 000155770 _____ C:\Windows\system32\perfc015.dat 2017-11-04 11:46 - 2009-07-14 06:13 - 001669606 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-04 11:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2017-11-01 17:56 - 2009-07-14 06:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-11-01 11:00 - 2013-09-29 12:09 - 000000000 ____D C:\Users\Bartek 2017-10-31 15:26 - 2013-12-01 19:29 - 000000000 ____D C:\Users\Bartek\Documents\Guild Wars 2 2017-10-29 13:51 - 2017-04-20 12:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-29 13:51 - 2013-09-29 12:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-25 14:29 - 2013-09-29 12:24 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-25 14:29 - 2013-09-29 12:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-25 14:29 - 2013-09-29 12:24 - 000004412 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-25 14:29 - 2013-09-29 12:24 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-25 14:29 - 2013-09-29 12:24 - 000000000 ____D C:\Windows\system32\Macromed 2017-10-24 20:18 - 2013-12-01 19:30 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Guild Wars 2 2017-10-09 18:08 - 2017-09-05 23:25 - 000000000 ____D C:\Users\Bartek\Documents\Trove ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-01-20 18:12 - 2014-03-29 11:12 - 000000103 _____ () C:\Users\Bartek\AppData\Roaming\WB.CFG 2017-01-03 17:55 - 2017-01-03 17:55 - 000000000 ____H () C:\ProgramData\DP45977C.lfl 2017-02-13 16:11 - 2014-11-05 09:51 - 001654869 _____ (Dynu Systems Inc.) C:\ProgramData\DynuEncrypt.dll 2017-08-13 16:22 - 2017-08-13 16:22 - 000000016 _____ () C:\ProgramData\mntemp Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\DynuEncrypt.dll Niektóre pliki w TEMP: ==================== 2013-11-08 16:50 - 2013-11-08 15:46 - 000274944 _____ (Setup © ) C:\Users\Bartek\AppData\Local\Temp\13617uninstall.exe 2017-07-23 16:26 - 2017-08-17 14:23 - 000000000 _____ () C:\Users\Bartek\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll 2017-01-26 21:41 - 2017-01-26 21:41 - 000000512 _____ () C:\Users\Bartek\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll 2017-07-23 16:27 - 2017-08-17 13:12 - 000000093 _____ () C:\Users\Bartek\AppData\Local\Temp\70fa881a9e071ae2b88c58490c088f80.dll 2013-11-01 12:32 - 2013-11-01 12:32 - 005687379 _____ (Mwxzchnlqiioaf) C:\Users\Bartek\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe 2013-08-06 07:59 - 2013-08-06 07:59 - 000047720 _____ () C:\Users\Bartek\AppData\Local\Temp\AxSFADownloader.exe 2017-01-26 21:42 - 2017-01-27 11:57 - 000000080 _____ () C:\Users\Bartek\AppData\Local\Temp\bdc5df55b7ba7b4d89ad296a19e107d0.dll 2013-11-01 12:34 - 2000-04-06 13:00 - 000263168 ____N () C:\Users\Bartek\AppData\Local\Temp\binkw32.dll 2013-11-01 12:30 - 2014-03-21 12:34 - 000038456 _____ () C:\Users\Bartek\AppData\Local\Temp\bitool.dll 2014-03-21 12:37 - 2013-12-19 23:39 - 000098304 _____ () C:\Users\Bartek\AppData\Local\Temp\cabex.dll 2001-05-18 12:00 - 2001-05-18 12:00 - 000421888 ____N (Blizzard Entertainment) C:\Users\Bartek\AppData\Local\Temp\d2l_Install.exe 2017-06-01 09:32 - 2017-06-01 09:32 - 001282000 _____ ( ) C:\Users\Bartek\AppData\Local\Temp\downloader_for_Alcohol120_FE_2.0.3.9902.exe 2014-03-21 12:45 - 2014-04-29 14:50 - 002030344 _____ () C:\Users\Bartek\AppData\Local\Temp\FixMyRegistry.exe 1996-08-21 13:14 - 1996-08-21 13:14 - 000248832 ____R () C:\Users\Bartek\AppData\Local\Temp\GameCfig.exe 2017-02-09 22:11 - 2017-02-09 22:11 - 019804368 _____ (Rockstar Games.) C:\Users\Bartek\AppData\Local\Temp\GTA_V_Launcher_1_0_975_1.exe 2012-06-15 22:42 - 2013-12-01 19:30 - 023477240 _____ (ArenaNet) C:\Users\Bartek\AppData\Local\Temp\Gw2.exe 2017-02-23 11:36 - 2016-12-09 11:04 - 000037376 _____ (Microsoft) C:\Users\Bartek\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe 2017-02-23 11:36 - 2016-12-09 11:04 - 000020992 _____ (Microsoft) C:\Users\Bartek\AppData\Local\Temp\HiRezLauncherControls.dll 2017-06-01 09:35 - 2017-06-01 09:35 - 001282000 _____ ( ) C:\Users\Bartek\AppData\Local\Temp\ICReinstall_downloader_for_Alcohol120_FE_2.0.3.9902.exe 2016-09-23 20:04 - 2016-09-23 20:04 - 000737856 _____ (Oracle Corporation) C:\Users\Bartek\AppData\Local\Temp\jre-8u111-windows-au.exe 2016-12-31 14:41 - 2017-09-29 15:09 - 116717440 _____ () C:\Users\Bartek\AppData\Local\Temp\playstv_patch.exe 2014-03-02 21:39 - 2014-05-11 20:58 - 000386209 _____ () C:\Users\Bartek\AppData\Local\Temp\Quarantine.exe 2016-12-31 14:40 - 2017-09-29 15:09 - 059621016 _____ () C:\Users\Bartek\AppData\Local\Temp\raptrpatch.exe 2016-12-31 14:40 - 2017-09-29 15:09 - 000221632 _____ () C:\Users\Bartek\AppData\Local\Temp\raptr_stub.exe 2013-11-16 11:09 - 1996-05-28 15:46 - 000066048 ____R () C:\Users\Bartek\AppData\Local\Temp\Smackw32.dll 2017-02-05 19:30 - 2017-02-09 22:13 - 072921872 _____ (Rockstar Games) C:\Users\Bartek\AppData\Local\Temp\Social-Club-v1.2.1.2-Setup.exe 2014-03-07 11:54 - 2014-03-22 21:31 - 002192048 _____ () C:\Users\Bartek\AppData\Local\Temp\SpeedUpMyComputer.exe 2013-11-08 16:50 - 2013-11-08 15:46 - 000599419 _____ () C:\Users\Bartek\AppData\Local\Temp\Sqlite3.dll 1996-08-21 13:12 - 1996-08-21 13:12 - 000183808 ____R () C:\Users\Bartek\AppData\Local\Temp\SwdUI.exe 2014-03-21 12:46 - 2014-04-16 12:09 - 000205920 _____ () C:\Users\Bartek\AppData\Local\Temp\tu17p84.exe 2014-03-21 12:37 - 2013-12-19 23:53 - 000095592 _____ () C:\Users\Bartek\AppData\Local\Temp\unelevate.exe 2017-09-26 14:50 - 2012-02-13 21:41 - 000314784 _____ () C:\Users\Bartek\AppData\Local\Temp\Uninstaller-2292.exe 2017-07-05 11:07 - 2012-02-13 21:41 - 000314784 _____ () C:\Users\Bartek\AppData\Local\Temp\Uninstaller-2556.exe 2017-07-05 11:07 - 2012-02-13 21:41 - 000314784 _____ () C:\Users\Bartek\AppData\Local\Temp\Uninstaller-3192.exe 2017-09-26 14:51 - 2012-02-13 21:41 - 000314784 _____ () C:\Users\Bartek\AppData\Local\Temp\Uninstaller-3440.exe 2017-07-05 11:07 - 2012-02-13 21:41 - 000314784 _____ () C:\Users\Bartek\AppData\Local\Temp\Uninstaller-3636.exe 2017-01-11 18:45 - 2017-01-11 18:45 - 014773216 _____ (Microsoft Corporation) C:\Users\Bartek\AppData\Local\Temp\vcredist_x64.exe 2014-03-21 12:36 - 2014-03-21 12:36 - 000785296 _____ () C:\Users\Bartek\AppData\Local\Temp\ytai_ytareg_setup.exe 2009-11-19 19:21 - 2009-11-19 19:21 - 000456024 ____R (Macrovision Corporation) C:\Users\Bartek\AppData\Local\Temp\_isE10C.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-05-17 18:29 ==================== Koniec FRST.txt ============================