Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 02.01.2018 Uruchomiony przez admin (administrator) MAMA (06-01-2018 19:11:44) Uruchomiony z C:\Users\Marian Żak\Downloads Załadowane profile: Marian Żak & admin (Dostępne profile: Marian Żak & admin & Administrator & Gość) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\PLAY ONLINE\AssistantServices.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11369576 2010-08-11] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2586504 2010-08-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe [324216 2017-10-26] (ESET) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3906805819-1324049368-2853143880-1000\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3155712 2017-01-30] (Unified Intents AB) HKU\S-1-5-21-3906805819-1324049368-2853143880-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd) HKU\S-1-5-21-3906805819-1324049368-2853143880-1000\...\MountPoints2: {95e24dfe-beff-11e2-8ebf-001bb162e2d4} - F:\Startme.exe HKU\S-1-5-21-3906805819-1324049368-2853143880-1000\...\MountPoints2: {9a329884-0528-11e0-8324-001bb162e2d4} - F:\Install.exe HKU\S-1-5-21-3906805819-1324049368-2853143880-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-12-11] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Marian Żak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 3070 B611 series.lnk [2018-01-06] ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 3070 B611 series.lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 127.0.0.1 Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{19ECA739-DE10-49BC-8335-8A55159D92D8}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{84ED32E6-1DB2-4029-B818-3367F2DC59A1}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3906805819-1324049368-2853143880-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.pl/ HKU\S-1-5-21-3906805819-1324049368-2853143880-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com HKU\S-1-5-21-3906805819-1324049368-2853143880-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3906805819-1324049368-2853143880-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3906805819-1324049368-2853143880-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3906805819-1324049368-2853143880-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-14] (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-22] (Microsoft Corporation) BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23] () BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-14] (Oracle Corporation) Toolbar: HKU\S-1-5-21-3906805819-1324049368-2853143880-1000 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\6un3ztlq.default-1462528829502 [2017-06-15] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3906805819-1324049368-2853143880-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marian Żak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-02-06] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3906805819-1324049368-2853143880-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2017-11-21] CHR Extension: (Dokumenty Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29] CHR Extension: (Dysk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31] CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19] CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31] CHR Extension: (Dokumenty Google offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-06] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-30] CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29] CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-15] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2648184 2017-10-26] (ESET) S4 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Brak podpisu cyfrowego] S4 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [Brak podpisu cyfrowego] R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Brak podpisu cyfrowego] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [Brak podpisu cyfrowego] R2 UI Assistant Service; C:\Program Files (x86)\PLAY ONLINE\AssistantServices.exe [260976 2011-05-31] () S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132848 2017-10-26] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-10-26] (ESET) R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [77736 2017-10-26] (ESET) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-10-18] (Windows (R) 2003 DDK 3790 provider) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203320 2012-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project) S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [27064 2017-01-30] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-01-06 19:11 - 2018-01-06 19:12 - 000015094 _____ C:\Users\Marian Żak\Downloads\FRST.txt 2018-01-06 19:09 - 2018-01-06 19:10 - 002393088 _____ (Farbar) C:\Users\Marian Żak\Downloads\FRST64.exe 2018-01-06 11:07 - 2018-01-06 11:07 - 000000830 _____ C:\Users\Marian Żak\Downloads\d3sk1ng (1).rar 2018-01-06 09:39 - 2018-01-06 09:39 - 000000830 _____ C:\Users\Marian Żak\Downloads\d3sk1ng.rar 2018-01-05 18:42 - 2018-01-05 18:42 - 000221662 _____ C:\Users\Marian Żak\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab 2018-01-05 18:27 - 2018-01-05 18:29 - 002750507 _____ C:\Users\Marian Żak\Downloads\D3SK1NG_Install_Guide_PL.zip 2018-01-05 13:42 - 2018-01-05 13:42 - 000060928 _____ () C:\Users\Marian Żak\Downloads\D3SK1NG INJECTOR 1.4 (1).exe 2018-01-02 17:56 - 2018-01-02 17:56 - 000060928 _____ () C:\Users\Marian Żak\Downloads\D3SK1NG INJECTOR 1.4.exe 2018-01-01 17:11 - 2018-01-01 17:11 - 000000000 ____D C:\ProgramData\Battle.net 2018-01-01 17:10 - 2018-01-01 17:10 - 004215792 _____ (Blizzard Entertainment) C:\Users\Marian Żak\Downloads\StarCraft-II-Setup.exe 2018-01-01 16:02 - 2018-01-01 16:02 - 001960207 _____ C:\Users\Marian Żak\Downloads\video-1514599392.mp4 2017-12-28 18:19 - 2017-12-28 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-12-28 18:05 - 2018-01-02 19:47 - 000000000 ____D C:\Users\Marian Żak\AppData\Roaming\TS3Client 2017-12-28 18:01 - 2017-12-28 18:01 - 000003288 ____N C:\bootsqm.dat 2017-12-28 17:50 - 2015-07-18 14:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-12-28 17:50 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-12-28 17:47 - 2017-12-28 17:47 - 000001222 _____ C:\Users\Marian Żak\Desktop\TeamSpeak 3 Client.lnk 2017-12-28 17:47 - 2017-12-28 17:47 - 000001180 _____ C:\Users\Marian Żak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk 2017-12-28 17:46 - 2017-12-28 17:47 - 000000000 ____D C:\Users\Marian Żak\AppData\Local\TeamSpeak 3 Client 2017-12-28 17:40 - 2017-12-28 17:45 - 078077208 _____ (TeamSpeak Systems GmbH) C:\Users\Marian Żak\Downloads\TeamSpeak3-Client-win64-3.1.7.exe 2017-12-26 14:27 - 2017-12-26 14:27 - 000055808 _____ () C:\Users\Marian Żak\Downloads\D3SK1NG INJECTOR 1.3 (1).exe 2017-12-26 14:26 - 2017-12-26 14:26 - 000055808 _____ () C:\Users\Marian Żak\Downloads\D3SK1NG INJECTOR 1.3.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-01-06 19:11 - 2017-04-08 11:03 - 000000000 ____D C:\FRST 2018-01-06 18:49 - 2009-07-14 05:45 - 000014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-01-06 18:49 - 2009-07-14 05:45 - 000014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-01-06 18:40 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-01-06 09:40 - 2017-09-30 19:51 - 000000000 ____D C:\New Folder 2018-01-05 21:10 - 2017-01-26 10:13 - 000000000 ____D C:\ProgramData\Unified Remote 2018-01-05 18:44 - 2015-05-27 14:24 - 000000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics 2018-01-05 07:26 - 2013-04-26 20:11 - 000002161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-01-05 07:26 - 2013-04-26 20:11 - 000002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-01-04 18:56 - 2017-01-08 13:45 - 000000000 ____D C:\Users\Marian Żak\AppData\LocalLow\Mozilla 2017-12-28 18:24 - 2013-04-23 15:20 - 000000000 ____D C:\Users\Marian Żak\AppData\Roaming\Skype 2017-12-28 18:24 - 2012-01-07 18:22 - 000000000 ____D C:\Users\Marian Żak\AppData\Local\CrashDumps 2017-12-28 18:19 - 2010-12-11 14:18 - 000000000 ____D C:\ProgramData\Skype 2017-12-28 18:18 - 2015-07-13 07:31 - 000000000 ___RD C:\Program Files (x86)\Skype 2017-12-28 18:17 - 2013-04-26 20:04 - 000000000 ____D C:\Users\admin 2017-12-28 17:51 - 2017-01-26 10:14 - 000000000 ____D C:\ProgramData\Package Cache 2017-12-21 15:49 - 2017-06-30 15:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-12-21 15:49 - 2013-04-30 15:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-12-19 15:58 - 2015-03-02 17:27 - 000000000 ____D C:\Users\Marian Żak\Desktop\Kuba 2017-12-12 18:18 - 2017-04-30 11:01 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-12-12 18:18 - 2017-04-30 11:01 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-12-12 18:18 - 2017-04-30 11:01 - 000004576 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-12-12 18:18 - 2017-04-30 11:01 - 000004424 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-12-12 18:18 - 2013-04-23 14:27 - 000000000 ____D C:\Windows\system32\Macromed 2017-12-12 18:18 - 2010-08-28 02:43 - 000000000 ____D C:\Windows\SysWOW64\Macromed ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo UWAGA: ==> Nie można uzyskać dostępu do BCD. LastRegBack: 2017-12-15 22:00 ==================== Koniec FRST.txt ============================