Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 30-11-2017 Uruchomiony przez hj (administrator) AA (02-12-2017 16:04:16) Uruchomiony z D:\#download Załadowane profile: hj (Dostępne profile: hj) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Windows\SysWOW64\srvany.exe () C:\Windows\KMService.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Microvirt Software Technology Co. Ltd.) C:\Program Files\Microvirt\MEmu\MEmuConsole.exe () C:\Program Files\Microvirt\MEmu\adb.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776192 2016-12-02] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-19] (AVAST Software) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-681908984-3436804994-3010444629-1000\...\Policies\Explorer: [] ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{BEEA0E43-B2A9-41BF-87ED-677BF06DE895}: [DhcpNameServer] 62.179.1.62 62.179.1.63 Internet Explorer: ================== BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: DIALux Browser Helper Object -> {F586CB96-7091-42ec-9829-F5D5CE65AFC1} -> C:\Program Files (x86)\DIALux\Dialux.BHO_x86.dll [2013-12-10] (DIAL GmbH) Handler-x32: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files (x86)\DIALux\DLXToolBox.dll [2017-01-23] (DIAL GmbH, Germany) FireFox: ======== FF DefaultProfile: f7mi9fpw.default FF ProfilePath: C:\Users\hj\AppData\Roaming\Mozilla\Firefox\Profiles\f7mi9fpw.default [2017-12-02] FF Homepage: Mozilla\Firefox\Profiles\f7mi9fpw.default -> onet.pl FF Extension: (WebToPDF) - C:\Users\hj\AppData\Roaming\Mozilla\Firefox\Profiles\f7mi9fpw.default\Extensions\manish.p05@gmail.com.xpi [2017-06-23] [Przestarzałe] FF Extension: (uBlock Origin) - C:\Users\hj\AppData\Roaming\Mozilla\Firefox\Profiles\f7mi9fpw.default\Extensions\uBlock0@raymondhill.net.xpi [2017-11-29] FF Extension: (Zoom Page) - C:\Users\hj\AppData\Roaming\Mozilla\Firefox\Profiles\f7mi9fpw.default\Extensions\zoompage@DW-dev.xpi [2017-08-18] [Przestarzałe] FF Extension: (YouTube High Definition) - C:\Users\hj\AppData\Roaming\Mozilla\Firefox\Profiles\f7mi9fpw.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-10-16] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-31] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\hj\AppData\Local\Google\Chrome\User Data\Default [2017-12-02] CHR Extension: (Dokumenty) - C:\Users\hj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19] CHR Extension: (Dysk Google) - C:\Users\hj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-31] CHR Extension: (YouTube) - C:\Users\hj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-31] CHR Extension: (Dokumenty Google offline) - C:\Users\hj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-31] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\hj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27] CHR Extension: (Gmail) - C:\Users\hj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-31] CHR Extension: (Chrome Media Router) - C:\Users\hj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-31] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1222664 2016-01-19] (Autodesk Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-19] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-19] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-14] () S3 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [2183440 2014-12-10] (DIAL GmbH) R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2017-06-07] () [Brak podpisu cyfrowego] S3 MEmusvc; C:\Program Files\Microvirt\MEmu\MemuService.exe [269480 2017-05-26] (Microvirt Software Technology Co. Ltd.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-02] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-02] (Electronic Arts) S4 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51216 2016-08-24] (Advanced Micro Devices, Inc.) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-25] (Microsoft Corporation) S4 wuauserv; C:\Windows\system32\wuaueng.dll [2651136 2017-05-31] (Microsoft Corporation) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 amdhub3; C:\Windows\System32\DRIVERS\amdhub3.sys [160936 2017-02-16] (Advanced Micro Devices, Inc) R3 amdhub31; C:\Windows\System32\DRIVERS\amdhub31.sys [141528 2016-02-27] (Advanced Micro Devices, Inc.) S3 amdkmcsp; C:\Windows\System32\DRIVERS\amdkmcsp.sys [95120 2016-08-24] (Advanced Micro Devices, Inc. ) R1 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [253840 2016-08-24] (Advanced Micro Devices, Inc. ) R2 AMDRyzenMasterDriver1.0.0; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [70312 2017-03-27] (Advanced Micro Devices) R3 amdxhc31; C:\Windows\System32\DRIVERS\amdxhc31.sys [440536 2016-02-27] (Advanced Micro Devices, Inc.) R3 amdxhci; C:\Windows\System32\DRIVERS\amdxhci.sys [346792 2017-02-16] (Advanced Micro Devices, Inc) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-19] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-19] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-19] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-19] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-19] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-19] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-19] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-19] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-19] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-19] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-19] (AVAST Software) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-11-21] (REALiX(tm)) R2 memudrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] () R2 SSGDIO; C:\Windows\SysWOW64\DRIVERS\ssgdio64.sys [14608 2017-11-16] (ATI Technologies Inc.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-12-02 16:03 - 2017-12-02 16:04 - 000000000 ____D C:\FRST 2017-12-02 11:34 - 2017-12-02 11:34 - 000000000 ____D C:\ProgramData\SWCUTemp 2017-12-01 14:56 - 2017-12-01 14:56 - 000416776 _____ C:\Windows\system32\FNTCACHE.DAT 2017-12-01 14:51 - 2017-12-01 14:51 - 000000000 ____D C:\Users\fdbf\AppData\Roaming\AVAST Software 2017-12-01 14:51 - 2017-12-01 14:51 - 000000000 ____D C:\Users\fdbf\AppData\Local\CEF 2017-12-01 14:50 - 2017-12-01 14:50 - 000002291 _____ C:\Users\fdbf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-12-01 14:50 - 2017-12-01 14:50 - 000002261 _____ C:\Users\fdbf\Desktop\Google Chrome.lnk 2017-12-01 14:50 - 2017-12-01 14:50 - 000001381 _____ C:\Users\fdbf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-12-01 14:50 - 2017-12-01 14:50 - 000000020 ___SH C:\Users\fdbf\ntuser.ini 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 _SHDL C:\Users\fdbf\Ustawienia lokalne 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 _SHDL C:\Users\fdbf\Szablony 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 _SHDL C:\Users\fdbf\Moje dokumenty 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 _SHDL C:\Users\fdbf\Menu Start 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 _SHDL C:\Users\fdbf\Documents\Moje wideo 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 _SHDL C:\Users\fdbf\Documents\Moje obrazy 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 _SHDL C:\Users\fdbf\Documents\Moja muzyka 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 _SHDL C:\Users\fdbf\Dane aplikacji 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 _SHDL C:\Users\fdbf\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 _SHDL C:\Users\fdbf\AppData\Local\Historia 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 _SHDL C:\Users\fdbf\AppData\Local\Dane aplikacji 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 ____D C:\Users\fdbf\AppData\Roaming\Adobe 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 ____D C:\Users\fdbf\AppData\Local\Google 2017-12-01 14:50 - 2017-12-01 14:50 - 000000000 ____D C:\Users\fdbf 2017-12-01 14:50 - 2010-11-21 14:03 - 000000000 ____D C:\Users\fdbf\AppData\Roaming\Media Center Programs 2017-11-28 21:11 - 2017-11-28 21:11 - 000000000 ____D C:\Users\hj\AppData\LocalLow\AMD 2017-11-26 18:06 - 2017-11-28 21:12 - 000000000 ____D C:\Windows\Minidump 2017-11-22 14:17 - 2017-11-22 14:17 - 000000202 _____ C:\Users\hj\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server).url 2017-11-22 14:05 - 2017-11-22 14:05 - 000000000 ____D C:\Users\hj\AppData\Roaming\ATI 2017-11-22 14:05 - 2017-11-22 14:05 - 000000000 ____D C:\Users\hj\AppData\Local\ATI 2017-11-22 14:05 - 2017-11-22 14:05 - 000000000 ____D C:\ProgramData\ATI 2017-11-22 14:01 - 2017-11-22 14:16 - 000000000 ____D C:\Users\hj\AppData\Local\AMD 2017-11-22 14:00 - 2017-11-22 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings 2017-11-22 14:00 - 2017-11-22 14:00 - 000000000 ____D C:\Program Files (x86)\AMD 2017-11-22 13:59 - 2017-11-22 13:59 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies 2017-11-22 13:59 - 2017-11-22 13:59 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2017-11-22 13:59 - 2017-01-27 23:05 - 000103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2017-11-22 13:59 - 2017-01-27 23:04 - 000326656 _____ C:\Windows\SysWOW64\vulkan-1.dll 2017-11-22 13:59 - 2017-01-27 23:02 - 000118272 _____ C:\Windows\system32\vulkaninfo.exe 2017-11-22 13:59 - 2017-01-27 23:01 - 000322560 _____ C:\Windows\system32\vulkan-1.dll 2017-11-21 22:24 - 2017-11-21 22:29 - 000003160 _____ C:\Windows\System32\Tasks\StartCN 2017-11-21 16:00 - 2017-11-21 16:00 - 000027552 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS 2017-11-21 15:59 - 2017-11-21 19:07 - 000000816 _____ C:\Users\hj\Desktop\HWiNFO64.lnk 2017-11-21 15:59 - 2017-11-21 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64 2017-11-21 15:59 - 2017-11-21 15:59 - 000000000 ____D C:\Program Files\HWiNFO64 2017-11-21 15:53 - 2017-11-21 15:53 - 000002228 _____ C:\Users\hj\Desktop\AMD Ryzen Master.lnk 2017-11-21 15:53 - 2017-11-21 15:53 - 000000000 ____D C:\Users\hj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD 2017-11-21 15:53 - 2017-11-21 15:53 - 000000000 ____D C:\Users\hj\AppData\Local\Downloaded Installations 2017-11-19 00:25 - 2017-11-19 00:25 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-11-19 00:25 - 2017-11-19 00:25 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2017-11-16 19:05 - 2017-11-16 19:05 - 000000000 ____D C:\Users\hj\Downloads\MEmu Download 2017-11-16 17:44 - 2017-11-16 17:44 - 000001175 _____ C:\Users\hj\Desktop\AIDA64 Extreme.lnk 2017-11-16 17:44 - 2017-11-16 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIDA64 Extreme 2017-11-16 17:44 - 2017-11-16 17:44 - 000000000 ____D C:\Program Files (x86)\FinalWire 2017-11-16 17:32 - 2017-11-16 17:32 - 000014608 _____ (ATI Technologies Inc.) C:\Windows\SysWOW64\Drivers\ssgdio64.sys 2017-11-16 17:29 - 2017-11-16 17:29 - 000000484 _____ C:\Users\hj\Desktop\C.lnk 2017-11-16 17:29 - 2017-11-16 17:29 - 000000478 _____ C:\Users\hj\Desktop\F.lnk 2017-11-16 17:29 - 2017-11-16 17:29 - 000000466 _____ C:\Users\hj\Desktop\E.lnk 2017-11-16 17:29 - 2017-11-16 17:29 - 000000466 _____ C:\Users\hj\Desktop\D.lnk 2017-11-16 17:01 - 2017-11-16 17:04 - 000000000 ____D C:\Users\hj\AppData\Roaming\Easeware 2017-11-15 23:47 - 2017-11-15 23:47 - 000001604 _____ C:\Users\hj\Desktop\WindowsNoEditor.lnk 2017-11-15 23:25 - 2017-11-15 23:27 - 000000000 ____D C:\Users\hj\AppData\Roaming\DisplayCAL 2017-11-09 18:06 - 2017-11-28 21:12 - 000000000 ____D C:\Users\hj\AppData\Roaming\TS3Client 2017-11-09 18:04 - 2017-11-13 16:31 - 000000971 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2017-11-09 18:04 - 2017-11-09 18:04 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk 2017-11-09 18:04 - 2017-11-09 18:04 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client 2017-11-09 00:05 - 2017-12-01 23:23 - 000003004 _____ C:\Windows\System32\Tasks\MSIAfterburner 2017-11-08 17:43 - 2017-11-08 17:43 - 000000000 ____D C:\Users\hj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2017-11-08 17:43 - 2017-11-08 17:43 - 000000000 ____D C:\Program Files (x86)\GPU-Z 2017-11-08 17:38 - 2017-11-16 12:21 - 000000000 ____D C:\Users\hj\Valley 2017-11-08 17:38 - 2017-11-08 17:44 - 000728064 _____ C:\Users\hj\AppData\Local\file__0.localstorage 2017-11-08 15:19 - 2017-11-08 15:19 - 000000000 ____D C:\Users\hj\Documents\Battlefield 1 2017-11-08 15:11 - 2017-11-08 15:11 - 000000000 ____D C:\ProgramData\Electronic Arts 2017-11-08 14:45 - 2017-11-22 14:13 - 000001170 _____ C:\Users\Public\Desktop\Battlefield 1.lnk 2017-11-08 14:45 - 2017-11-08 14:45 - 000000000 ___HD C:\Program Files\Common FilesEAInstaller 2017-11-08 14:45 - 2017-11-08 14:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1 2017-11-08 14:35 - 2017-12-02 12:15 - 000000000 ____D C:\Users\hj\AppData\Roaming\Origin 2017-11-08 14:35 - 2017-11-08 14:36 - 000000000 ____D C:\Program Files (x86)\Origin Games 2017-11-08 14:34 - 2017-12-02 12:15 - 000000000 ____D C:\ProgramData\Origin 2017-11-08 14:34 - 2017-11-17 20:08 - 000000000 ____D C:\Program Files (x86)\Origin 2017-11-08 14:34 - 2017-11-08 14:34 - 000000993 _____ C:\Users\Public\Desktop\Origin.lnk 2017-11-08 14:34 - 2017-11-08 14:34 - 000000000 ____D C:\Users\hj\.QtWebEngineProcess 2017-11-08 14:34 - 2017-11-08 14:34 - 000000000 ____D C:\Users\hj\.Origin 2017-11-08 14:34 - 2017-11-08 14:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2017-11-08 14:33 - 2017-11-08 14:35 - 000000000 ____D C:\Users\hj\AppData\Local\Origin 2017-11-08 14:05 - 2017-12-02 12:15 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner 2017-11-08 14:05 - 2017-11-19 20:14 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2017-11-08 14:05 - 2017-11-18 00:46 - 000000000 ____D C:\Windows\SysWOW64\directx 2017-11-08 14:05 - 2017-11-08 14:05 - 000001086 _____ C:\Users\hj\Desktop\MSI Afterburner.lnk 2017-11-08 14:05 - 2017-11-08 14:05 - 000000000 ___HD C:\Windows\msdownld.tmp 2017-11-08 14:05 - 2017-11-08 14:05 - 000000000 ____D C:\Users\hj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2017-11-08 00:39 - 2017-11-22 14:24 - 000000000 ____D C:\Users\hj\AppData\Local\UnrealEngine 2017-11-08 00:39 - 2017-11-08 00:39 - 000000000 ____D C:\Users\hj\AppData\Local\TslGame 2017-11-08 00:39 - 2017-11-08 00:39 - 000000000 ____D C:\Users\hj\AppData\Local\NVIDIA Corporation 2017-11-08 00:29 - 2017-11-08 00:29 - 000000202 _____ C:\Users\hj\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url 2017-11-08 00:28 - 2017-11-19 19:37 - 000000000 ____D C:\Users\hj\AppData\Local\Steam 2017-11-08 00:27 - 2017-11-29 02:06 - 000000000 ____D C:\Steam 2017-11-08 00:27 - 2017-11-08 00:27 - 000000562 _____ C:\Users\Public\Desktop\Steam.lnk 2017-11-08 00:27 - 2017-11-08 00:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-11-07 22:18 - 2017-11-07 22:18 - 000000164 _____ C:\LaunchURL.txt 2017-11-07 22:16 - 2017-11-22 13:59 - 000000000 ____D C:\Program Files\AMD 2017-11-07 22:11 - 2017-12-02 02:43 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2017-11-07 22:10 - 2017-11-07 22:10 - 000000000 ____D C:\Users\hj\AppData\Local\RadeonInstaller 2017-11-07 22:04 - 2017-11-07 22:04 - 000000000 ____D C:\Users\hj\AppData\Local\AMDDriverProfiles 2017-11-02 20:12 - 2017-11-02 20:12 - 000223112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SET9A62.tmp 2017-11-02 20:12 - 2017-11-02 20:12 - 000194440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\SETA04C.tmp 2017-11-02 20:12 - 2017-11-02 20:12 - 000144776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SETA019.tmp 2017-11-02 20:12 - 2017-11-02 20:12 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\SETA05D.tmp 2017-11-02 20:10 - 2017-11-02 20:10 - 001052040 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\SET9398.tmp 2017-11-02 20:09 - 2017-11-02 20:09 - 001232264 _____ (AMD) C:\Windows\system32\SETA146.tmp 2017-11-02 20:08 - 2017-11-02 20:08 - 028929416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\SET94D5.tmp 2017-11-02 20:07 - 2017-11-02 20:07 - 035220872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\SET8D43.tmp ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-12-02 16:01 - 2017-06-07 21:41 - 000000000 ____D C:\Users\hj\AppData\LocalLow\Mozilla 2017-12-02 15:30 - 2017-06-11 22:20 - 000086016 _____ C:\Users\hj\Desktop\wydatki.xls 2017-12-02 14:18 - 2017-06-01 20:06 - 000000000 ____D C:\Users\hj\.MemuHyperv 2017-12-02 11:42 - 2017-06-07 21:41 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-12-02 11:41 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-12-02 11:41 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-12-02 11:38 - 2010-11-21 13:53 - 000740098 _____ C:\Windows\system32\perfh015.dat 2017-12-02 11:38 - 2010-11-21 13:53 - 000155672 _____ C:\Windows\system32\perfc015.dat 2017-12-02 11:38 - 2009-07-14 06:13 - 001669190 _____ C:\Windows\system32\PerfStringBackup.INI 2017-12-02 11:38 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2017-12-02 11:33 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-12-01 15:01 - 2009-07-14 06:08 - 000032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-12-01 14:55 - 2017-05-31 21:33 - 000003248 _____ C:\Windows\System32\Tasks\SidebarExecute 2017-12-01 14:50 - 2009-07-14 05:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-11-22 21:12 - 2017-06-07 21:39 - 000000000 ____D C:\Users\hj\AppData\Roaming\foobar2000 2017-11-21 15:53 - 2017-05-31 02:54 - 000000000 ____D C:\Users\hj 2017-11-19 13:52 - 2017-06-07 21:36 - 000000000 ____D C:\Users\hj\AppData\Roaming\Tlen.pl 2017-11-19 03:13 - 2017-06-07 21:37 - 000000000 ____D C:\Users\hj\AppData\Roaming\uTorrent 2017-11-19 00:25 - 2017-06-01 19:56 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151104752721204 2017-11-19 00:25 - 2017-06-01 19:56 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-11-19 00:25 - 2017-06-01 19:56 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2017-11-19 00:25 - 2017-06-01 19:56 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-11-19 00:25 - 2017-06-01 19:56 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-11-19 00:25 - 2017-06-01 19:56 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-11-19 00:25 - 2017-06-01 19:56 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-11-19 00:24 - 2017-06-01 19:56 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-11-19 00:24 - 2017-06-01 19:56 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-11-19 00:24 - 2017-06-01 19:56 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-11-19 00:24 - 2017-06-01 19:56 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-11-19 00:24 - 2017-06-01 19:56 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-11-18 19:58 - 2017-06-07 23:03 - 000000000 ____D C:\Users\hj\AppData\LocalLow\uTorrent 2017-11-16 22:20 - 2017-06-11 22:20 - 000101946 _____ C:\Users\hj\Desktop\fitnes.xlsx 2017-11-13 19:56 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\LiveKernelReports 2017-11-13 16:31 - 2017-06-01 20:00 - 000000873 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2017-11-08 00:39 - 2017-05-31 12:33 - 000000000 ____D C:\ProgramData\Package Cache ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-11-08 17:38 - 2017-11-08 17:44 - 000728064 _____ () C:\Users\hj\AppData\Local\file__0.localstorage ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-11-29 22:35 ==================== Koniec FRST.txt ============================