Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20.01.2019 Uruchomiony przez cAst0r (administrator) XXX (21-01-2019 00:09:53) Uruchomiony z D:\ Załadowane profile: cAst0r (Dostępne profile: cAst0r) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Giulio Sosio) C:\XonarSwitch.exe (KoshyJohn.com) C:\Users\cAst0r\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\MEmu\MEmu\adb.exe (Valve Corporation) C:\Steam\Steam.exe (Valve Corporation) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Valve Corporation) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-21] (AVAST Software) HKU\S-1-5-21-1063044307-3804589971-3643545715-1000\...\Run: [Memory Cleaner] => C:\Users\cAst0r\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe [1035912 2017-09-18] (KoshyJohn.com) HKU\S-1-5-21-1063044307-3804589971-3643545715-1000\...\Policies\Explorer: [] HKU\S-1-5-21-1063044307-3804589971-3643545715-1000\...\MountPoints2: I - I:\autorun.EXE HKU\S-1-5-21-1063044307-3804589971-3643545715-1000\...\MountPoints2: {cd18fcad-576b-11e8-a83f-002522be650d} - H:\SISetup.exe HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 0.0.0.0 keystone.mwbsys.com Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{73B83889-B6F4-49EE-9D11-67CA798DCFAC}: [DhcpNameServer] 62.179.1.62 62.179.1.63 Internet Explorer: ================== Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\rw675bmu.default-1447369464461 [2019-01-21] FF Homepage: Mozilla\Firefox\Profiles\rw675bmu.default-1447369464461 -> onet.pl FF NetworkProxy: Mozilla\Firefox\Profiles\rw675bmu.default-1447369464461 -> ftp", "151.80.197.192" FF Extension: (Enhancer for YouTube™) - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\rw675bmu.default-1447369464461\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2019-01-16] FF Extension: (Polska Ciasteczkowa Zgoda) - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\rw675bmu.default-1447369464461\Extensions\PolishCookieConsentExt@polishannoyancefilters.netlify.com.xpi [2019-01-18] FF Extension: (uBlock Origin) - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\rw675bmu.default-1447369464461\Extensions\uBlock0@raymondhill.net.xpi [2018-12-03] FF Extension: (Powiększenie) - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\rw675bmu.default-1447369464461\Extensions\zoom@stefanvd.net.xpi [2018-11-30] FF Extension: (TwitchAdBlock) - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\rw675bmu.default-1447369464461\Extensions\{4d46a1d2-01cd-41a5-abd1-961ab9802d8d}.xpi [2018-04-18] FF Extension: (Nano Defender) - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\rw675bmu.default-1447369464461\Extensions\{f9cacf2e-cafc-4f0f-b6ad-8e1a01b4b4d0}.xpi [2019-01-18] FF HKU\S-1-5-21-1063044307-3804589971-3643545715-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\cAst0r\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi FF Extension: (Ace Script) - C:\Users\cAst0r\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-01-24] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-16] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-16] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [Brak pliku] FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [Brak pliku] FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [Brak pliku] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1063044307-3804589971-3643545715-1000: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\cAst0r\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies) Chrome: ======= CHR HKU\S-1-5-21-1063044307-3804589971-3643545715-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.) S4 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1222664 2016-01-19] (Autodesk Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-21] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2018-12-19] () S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2018-06-22] (EasyAntiCheat Ltd) S3 MEmusvc; C:\MEmu\MEmu\MemuService.exe [85296 2018-06-22] () S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2155328 2018-01-25] (Electronic Arts) S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3025224 2018-01-25] (Electronic Arts) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37304 2019-01-21] (AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-21] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-21] (AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-21] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166792 2019-01-21] (AVAST Software) S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-21] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-21] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-21] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-21] (AVAST Software) R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc) S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-10-25] (Devguru Co., Ltd) S3 EasyAntiCheatSys; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys [842952 2018-06-13] (EasyAntiCheat Oy) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2014-07-14] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2014-07-14] (FNet Co., Ltd.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-30] (REALiX(tm)) R2 memudrv; C:\MEmu\MEmuHyperv\MEmuDrv.sys [319304 2018-03-30] (Maiwei Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation) S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [238096 2012-05-21] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-12-29] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek) S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.) R2 SSGDIO; C:\Windows\SysWOW64\DRIVERS\ssgdio64.sys [14608 2017-11-16] (ATI Technologies Inc.) S3 ESEADriver2; \??\D:\Temp\Temp\ESEADriver2.sys [X] S3 MSICDSetup; \??\G:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\G:\NTIOLib_X64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-01-21 00:08 - 2019-01-21 00:09 - 000000000 ____D C:\FRST 2019-01-21 00:05 - 2019-01-21 00:05 - 001034056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2019-01-21 00:05 - 2019-01-21 00:05 - 000474648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2019-01-21 00:05 - 2019-01-21 00:05 - 000380144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2019-01-21 00:05 - 2019-01-21 00:05 - 000361352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2019-01-21 00:05 - 2019-01-21 00:05 - 000203488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2019-01-21 00:05 - 2019-01-21 00:05 - 000166792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2019-01-21 00:05 - 2019-01-21 00:05 - 000088144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2019-01-21 00:05 - 2019-01-21 00:05 - 000046584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2019-01-21 00:05 - 2019-01-21 00:05 - 000042488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2019-01-21 00:05 - 2019-01-21 00:05 - 000037304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys 2019-01-21 00:05 - 2019-01-21 00:05 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2019-01-21 00:05 - 2019-01-21 00:05 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2019-01-21 00:05 - 2019-01-21 00:05 - 000000000 ____D C:\Users\cAst0r\AppData\Roaming\AVAST Software 2019-01-21 00:05 - 2019-01-21 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2019-01-21 00:05 - 2019-01-21 00:05 - 000000000 ____D C:\Program Files\AVAST Software 2019-01-19 12:34 - 2019-01-19 12:34 - 000511048 _____ C:\Windows\system32\FNTCACHE.DAT 2019-01-17 02:29 - 2019-01-17 02:29 - 000000000 ____D C:\Users\cAst0r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2019-01-16 21:15 - 2019-01-16 21:15 - 000000000 ____D C:\Windows\System32\Tasks\XonarSwitch 2019-01-16 21:15 - 2015-09-09 18:16 - 001449984 _____ (Giulio Sosio) C:\XonarSwitch.exe 2019-01-16 21:13 - 2019-01-16 21:13 - 000045505 _____ C:\Windows\Cmicnfgp.ini.cfl 2019-01-16 21:13 - 2019-01-16 21:13 - 000000654 _____ C:\Windows\system\Cmicnfgp.ini 2019-01-16 21:13 - 2019-01-16 21:13 - 000000140 _____ C:\Windows\system\Dlap.pfx 2019-01-16 21:13 - 2019-01-16 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UNi Xonar Audio 2019-01-16 21:13 - 2019-01-16 21:13 - 000000000 ____D C:\Program Files\UNi Xonar Audio 2019-01-16 21:13 - 2015-09-28 01:21 - 000007756 ____N C:\Windows\cmudaxp_STXII.ini 2019-01-16 21:13 - 2015-09-28 01:21 - 000007756 ____N C:\Windows\cmudaxp.ini 2019-01-16 21:13 - 2015-08-25 09:36 - 000835072 ____N C:\Windows\system32\Cmeauoxy.exe 2019-01-16 21:13 - 2015-08-11 09:04 - 008048640 ____N (C-Media Corporation) C:\Windows\SysWOW64\CmiCnfgp.dll 2019-01-16 21:13 - 2015-06-02 12:23 - 002735616 _____ (C-Media Inc) C:\Windows\system32\Drivers\cmudaxp.sys 2019-01-16 21:13 - 2015-06-02 12:23 - 000315392 _____ (C-Media Electronics Inc.) C:\Windows\system\CmiFltr.dll 2019-01-16 21:13 - 2015-06-02 12:23 - 000032768 _____ (C-Media Electronics Inc.) C:\Windows\system32\cmudaxp.dll 2019-01-16 21:13 - 2013-10-16 11:55 - 000143360 ____N C:\Windows\SysWOW64\VmixP8.dll 2019-01-16 21:13 - 2012-10-05 10:37 - 000465408 ____N (C-Media Electronics Inc.) C:\Windows\system32\cmasiopx.dll 2019-01-16 21:13 - 2012-10-05 10:37 - 000303104 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\cmasiop.dll 2019-01-16 21:13 - 2012-09-16 23:23 - 000293376 ____N C:\Windows\system32\CmiCnfgP.cpl 2019-01-16 21:13 - 2012-01-06 10:30 - 000212992 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\HsSrv2.dll 2019-01-16 21:13 - 2012-01-06 10:30 - 000122880 ____N (C-Media Electronics Inc.) C:\Windows\system\HsSrv642.dll 2019-01-16 21:13 - 2012-01-06 10:30 - 000122880 ____N (C-Media Electronics Inc.) C:\Windows\system\HsSrv64.dll 2019-01-16 21:13 - 2010-07-15 17:12 - 000000062 ____N C:\Windows\system32\cmasiopx.ini 2019-01-16 21:13 - 2010-07-15 17:12 - 000000057 ____N C:\Windows\SysWOW64\cmasiop.ini 2019-01-16 21:13 - 2008-07-11 16:04 - 000200704 ____N C:\Windows\SysWOW64\HsMgr.exe 2019-01-16 21:13 - 2008-07-11 16:03 - 000282112 ____N C:\Windows\system\HsMgr64.exe 2019-01-16 21:13 - 2007-12-13 18:12 - 000122880 ____N (CMedia Electronics Inc.) C:\Windows\SysWOW64\Cm_Oal.dll 2019-01-16 21:13 - 2007-12-13 18:12 - 000122880 ____N (CMedia Electronics Inc.) C:\Windows\system32\Cm_Oal.dll 2019-01-16 21:13 - 2006-09-13 11:21 - 000200704 ____N (C-Media) C:\Windows\SysWOW64\Cmpaoxy.dll 2019-01-07 15:26 - 2019-01-07 15:26 - 000000000 ____D C:\Users\cAst0r\AppData\Roaming\KoshyJohn.com 2019-01-07 15:26 - 2019-01-07 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com 2019-01-04 00:50 - 2019-01-04 00:50 - 000000000 ____D C:\Program Files\qBittorrent ==================== Jeden miesiąc (zmodyfikowane) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-01-21 00:04 - 2017-02-20 19:54 - 000000000 ____D C:\ProgramData\AVAST Software 2019-01-20 23:46 - 2010-11-21 13:53 - 000739976 _____ C:\Windows\system32\perfh015.dat 2019-01-20 23:46 - 2010-11-21 13:53 - 000155550 _____ C:\Windows\system32\perfc015.dat 2019-01-20 23:46 - 2009-07-14 06:13 - 001668690 _____ C:\Windows\system32\PerfStringBackup.INI 2019-01-20 23:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2019-01-20 23:41 - 2017-12-12 17:24 - 000000000 ____D C:\Users\cAst0r\.MemuHyperv 2019-01-20 23:41 - 2014-07-14 22:30 - 000000000 ____D C:\Users\cAst0r\AppData\Roaming\TS3Client 2019-01-20 23:39 - 2016-11-23 19:59 - 000000000 ____D C:\Users\cAst0r\AppData\LocalLow\Mozilla 2019-01-20 21:03 - 2014-07-14 21:10 - 000000000 ____D C:\Steam 2019-01-20 20:58 - 2018-05-11 18:56 - 000000000 ____D C:\Users\cAst0r\AppData\Roaming\qBittorrent 2019-01-20 18:35 - 2014-07-15 17:01 - 000000000 ____D C:\Users\cAst0r\AppData\Roaming\foobar2000 2019-01-20 14:11 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-01-20 14:11 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-01-20 14:06 - 2018-02-27 23:17 - 000003758 _____ C:\Windows\System32\Tasks\AutoKMS 2019-01-20 14:06 - 2017-11-13 18:25 - 000003014 _____ C:\Windows\System32\Tasks\MSIAfterburner 2019-01-20 14:05 - 2016-05-11 13:55 - 000000000 ____D C:\ProgramData\NVIDIA 2019-01-20 14:05 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-01-17 20:10 - 2014-07-15 01:03 - 000000000 ____D C:\Users\cAst0r\AppData\Roaming\Tlen.pl 2019-01-17 18:11 - 2017-06-13 18:06 - 000000000 ____D C:\Users\cAst0r\AppData\Roaming\discord 2019-01-16 21:13 - 2014-07-14 21:44 - 000466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2019-01-16 21:13 - 2014-07-14 21:44 - 000445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2019-01-16 21:13 - 2014-07-14 21:44 - 000123480 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2019-01-16 21:13 - 2014-07-14 21:44 - 000109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2019-01-16 21:13 - 2014-07-14 21:44 - 000000000 ____D C:\Program Files\ASUS Xonar D1 Audio 2019-01-16 21:13 - 2014-07-14 21:43 - 000000715 _____ C:\Windows\Cmicnfgp.ini.imi 2019-01-16 21:13 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system 2019-01-16 03:03 - 2014-07-14 22:02 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-01-16 03:03 - 2014-07-14 22:02 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-01-16 03:03 - 2014-07-14 22:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-01-16 03:03 - 2014-07-14 22:02 - 000000000 ____D C:\Windows\system32\Macromed 2019-01-15 13:05 - 2009-07-14 06:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2019-01-13 19:26 - 2016-06-12 20:14 - 000000000 ____D C:\Users\cAst0r\AppData\Roaming\.ACEStream 2019-01-13 02:16 - 2018-11-12 18:43 - 000003872 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1461707425 2019-01-13 00:08 - 2016-03-29 15:05 - 000000000 ____D C:\Program Files (x86)\Opera 2019-01-12 11:19 - 2018-11-30 16:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-01-12 00:15 - 2016-11-23 19:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2019-01-07 19:38 - 2016-05-14 18:17 - 000000000 ____D C:\Program Files (x86)\Napisy24 2019-01-03 14:28 - 2017-11-27 00:20 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-06-21 16:51 - 2016-06-21 16:51 - 000000863 _____ () C:\Users\cAst0r\AppData\Roaming\qnapi.ini 2014-07-16 01:53 - 2019-01-07 15:29 - 000007633 _____ () C:\Users\cAst0r\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\dllhost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\dllhost.exe => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2019-01-19 19:34 ==================== Koniec FRST.txt ============================