Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 29-01-2017 Uruchomiony przez Admin (administrator) ASUSP8Z68VLX (30-01-2017 17:24:01) Uruchomiony z C:\Users\Admin\Downloads Załadowane profile: Admin (Dostępne profile: Admin) Platform: Windows 7 Enterprise Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka nie została wykryta!) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Users\Admin\AppData\Roaming\Micorsoft\NetProfiler\zabsdll.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-05] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-2953119984-1137956692-2323332510-1000\...\Run: [zabsdll.exe] => C:\Users\Admin\AppData\Roaming\Micorsoft\NetProfiler\zabsdll.exe [994816 2015-08-16] () HKU\S-1-5-21-2953119984-1137956692-2323332510-1000\...\MountPoints2: {ec52d79c-a81a-11e2-917d-c8600069c87c} - E:\NokiaPCIA_Autorun.exe Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk [2014-11-20] ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\..\Interfaces\{7349778E-8954-41F6-9B57-37C4FEF42861}: [NameServer] 8.8.8.8 8.8.4.4 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2953119984-1137956692-2323332510-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll () CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-01-30] CHR Extension: (Dysk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-29] () R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [Brak podpisu cyfrowego] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [389392 2016-11-02] (EasyAntiCheat Ltd) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Brak podpisu cyfrowego] S4 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-03-31] () [Brak podpisu cyfrowego] R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-09-24] (Electronic Arts) S2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-09-24] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-09-03] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [Brak podpisu cyfrowego] R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2012-03-29] (ASUSTeK Computer Inc.) S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-04-22] (EnTech Taiwan) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] () R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-01-30] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-01-30] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-30] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-01-30] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-30] (Malwarebytes) S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation) R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-30 17:23 - 2017-01-30 17:23 - 00003432 _____ C:\Users\Admin\Downloads\Malwarebytes.txt 2017-01-30 17:13 - 2017-01-30 17:13 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-30 17:13 - 2017-01-30 17:13 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-01-30 17:13 - 2017-01-30 17:13 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-01-30 17:13 - 2017-01-30 17:13 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-01-30 17:13 - 2017-01-30 17:13 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-01-30 17:13 - 2017-01-30 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-01-30 17:13 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-01-30 17:11 - 2017-01-30 17:12 - 55566792 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.0.6.1469.exe 2017-01-30 16:58 - 2017-01-30 16:58 - 00167101 _____ C:\Users\Admin\Desktop\prośba cda.pdf 2017-01-30 16:51 - 2017-01-30 16:51 - 00081986 _____ C:\Users\Admin\Downloads\FS 11748_MAG_2016 (2).pdf 2017-01-30 16:50 - 2017-01-30 16:50 - 00083799 _____ C:\Users\Admin\Downloads\KFS 871_MAG_2016 (1).pdf 2017-01-30 16:49 - 2017-01-30 16:49 - 00084678 _____ C:\Users\Admin\Downloads\KFS 870_MAG_2016 (2).pdf 2017-01-30 16:48 - 2017-01-30 16:48 - 00081986 _____ C:\Users\Admin\Downloads\FS 11748_MAG_2016 (1).pdf 2017-01-30 16:37 - 2017-01-30 16:37 - 00155421 _____ C:\Users\Admin\Downloads\SO4_TORINO_karty_techniczne (3).pdf 2017-01-30 16:20 - 2017-01-30 16:20 - 00166807 _____ C:\Users\Admin\Downloads\EB03_karta_techniczna_SIENA.pdf 2017-01-30 08:15 - 2017-01-30 08:15 - 00155421 _____ C:\Users\Admin\Downloads\SO4_TORINO_karty_techniczne (2).pdf 2017-01-29 19:42 - 2017-01-29 19:42 - 00000000 ____D C:\Users\Admin\Downloads\FRST-OlderVersion 2017-01-29 19:37 - 2017-01-29 19:37 - 04015056 _____ C:\Users\Admin\Downloads\adwcleaner_6.043.exe 2017-01-29 19:36 - 2017-01-29 20:37 - 00000000 ____D C:\AdwCleaner 2017-01-29 19:09 - 2017-01-30 17:08 - 00003187 _____ C:\Users\Admin\Downloads\Fixlog.txt 2017-01-29 13:50 - 2017-01-29 13:50 - 00004382 _____ C:\Users\Admin\Downloads\GMER.txt 2017-01-29 13:22 - 2017-01-29 13:22 - 00380928 _____ C:\Users\Admin\Downloads\igw3o3le.exe 2017-01-29 13:21 - 2017-01-29 21:05 - 00076832 _____ C:\Users\Admin\Downloads\Shortcut.txt 2017-01-29 13:20 - 2017-01-30 17:24 - 00013065 _____ C:\Users\Admin\Downloads\FRST.txt 2017-01-29 13:20 - 2017-01-29 21:05 - 00040315 _____ C:\Users\Admin\Downloads\Addition.txt 2017-01-29 13:19 - 2017-01-30 17:24 - 00000000 ____D C:\FRST 2017-01-29 13:18 - 2017-01-29 19:42 - 02420736 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2017-01-29 12:45 - 2017-01-29 12:45 - 00000000 ____D C:\ProgramData\TEMP 2017-01-29 12:39 - 2017-01-29 20:35 - 00000000 ____D C:\Users\Admin\AppData\Local\AdvinstAnalytics 2017-01-29 12:36 - 2017-01-29 12:43 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2017-01-29 12:35 - 2017-01-29 12:35 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-01-29 12:35 - 2017-01-29 12:35 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-01-27 12:35 - 2017-01-27 12:35 - 00099031 _____ C:\Users\Admin\Downloads\ZK 15995_2016 (2).pdf 2017-01-27 12:32 - 2017-01-27 12:32 - 00098468 _____ C:\Users\Admin\Downloads\ZK 1514_2017 (1).pdf 2017-01-27 12:30 - 2017-01-27 12:30 - 00098468 _____ C:\Users\Admin\Downloads\ZK 1514_2017.pdf 2017-01-24 21:06 - 2017-01-24 21:06 - 00013223 _____ C:\Users\Admin\Desktop\matowe elementy na szkle wersja 1 (1).pdf 2017-01-24 21:05 - 2017-01-24 21:05 - 00014545 _____ C:\Users\Admin\Downloads\matowe elementy na szkle wersja 2.pdf 2017-01-24 21:05 - 2017-01-24 21:05 - 00013223 _____ C:\Users\Admin\Downloads\matowe elementy na szkle wersja 1 (1).pdf 2017-01-24 21:01 - 2017-01-24 21:01 - 00161762 _____ C:\Users\Admin\Desktop\bernard.pdf 2017-01-19 19:41 - 2017-01-23 22:22 - 00000814 _____ C:\Users\Public\Desktop\ChallengeMe.GG Client.lnk 2017-01-19 19:41 - 2017-01-23 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChallengeMe.GG Client 2017-01-17 18:04 - 2017-01-17 18:04 - 00000000 ____D C:\Users\Admin\AppData\Local\TeamSpeak 3 2017-01-17 18:04 - 2017-01-17 18:04 - 00000000 ____D C:\Users\Admin\.TeamSpeak 3 2017-01-17 18:03 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-01-16 18:43 - 2017-01-16 18:43 - 00142092 _____ C:\Users\Admin\Desktop\tymka akademia.pdf 2017-01-15 13:46 - 2016-11-02 20:22 - 00389392 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2017-01-14 11:59 - 2017-01-14 11:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia 2017-01-11 10:33 - 2017-01-11 10:33 - 00526345 _____ C:\Users\Admin\Downloads\ModlinBus.pl_bilety_2460427.pdf 2017-01-11 10:33 - 2017-01-11 10:33 - 00526345 _____ C:\Users\Admin\Downloads\ModlinBus.pl_bilety_2460427 (1).pdf 2017-01-10 20:05 - 2017-01-10 20:05 - 00132603 _____ C:\Users\Admin\Downloads\ADT BALLISTIC 30-20 KLEJ UV ŚREDNIEJ LEPKOŚCI.pdf 2017-01-10 19:42 - 2017-01-10 19:42 - 00000835 _____ C:\Users\Admin\Downloads\winmail.dat 2017-01-02 18:06 - 2017-01-02 18:06 - 00002214 _____ C:\Users\Public\Desktop\Xperia Companion.lnk 2017-01-02 18:06 - 2017-01-02 18:06 - 00000000 ____D C:\Users\Admin\Documents\Sony 2017-01-02 18:06 - 2017-01-02 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2017-01-02 18:06 - 2017-01-02 18:06 - 00000000 ____D C:\Program Files\Sony 2017-01-02 18:06 - 2017-01-02 18:06 - 00000000 ____D C:\Program Files (x86)\Sony 2017-01-02 18:05 - 2017-01-02 18:05 - 49290112 _____ (Sony) C:\Users\Admin\AppData\Local\pcc.exe 2016-12-31 12:47 - 2016-12-31 12:47 - 00017174 _____ C:\Users\Admin\Downloads\bariery.docx ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-30 17:15 - 2009-07-14 13:43 - 00743786 _____ C:\Windows\system32\perfh015.dat 2017-01-30 17:15 - 2009-07-14 13:43 - 00157268 _____ C:\Windows\system32\perfc015.dat 2017-01-30 17:15 - 2009-07-14 06:13 - 01679338 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-30 17:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-01-30 17:12 - 2012-04-04 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-30 17:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-30 14:31 - 2012-03-29 20:38 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{82628F1C-6264-4803-A1A2-3A7A04150B0B} 2017-01-30 00:14 - 2012-12-05 18:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TS3Client 2017-01-29 20:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2017-01-29 19:10 - 2014-09-12 07:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2017-01-29 19:10 - 2012-11-28 18:22 - 00002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-29 19:10 - 2012-11-28 18:22 - 00002213 _____ C:\Users\Admin\Desktop\Google Chrome.lnk 2017-01-29 19:10 - 2012-04-03 17:17 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Temp 2017-01-29 19:10 - 2012-03-29 20:05 - 00001207 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-01-29 19:10 - 2012-03-29 20:05 - 00001177 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2017-01-29 13:13 - 2016-10-08 18:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2017-01-29 13:13 - 2016-10-08 18:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Discord 2017-01-29 12:37 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-01-29 01:58 - 2016-04-16 16:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Battle.net 2017-01-28 21:58 - 2016-04-16 16:46 - 00000000 ____D C:\Program Files (x86)\Battle.net 2017-01-28 10:31 - 2009-07-14 05:45 - 00444528 _____ C:\Windows\system32\FNTCACHE.DAT 2017-01-27 21:12 - 2012-03-29 20:23 - 00113872 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2017-01-27 16:27 - 2016-10-25 18:32 - 00000000 ____D C:\Users\Admin\Desktop\zz 2017-01-22 17:11 - 2016-09-03 17:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Curse Client 2017-01-21 12:30 - 2015-10-31 18:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-19 19:13 - 2015-05-27 18:41 - 00000000 ____D C:\Users\Admin\AppData\Local\Arma 3 Launcher 2017-01-18 18:20 - 2012-04-03 16:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer 2017-01-17 18:04 - 2012-03-29 20:04 - 00000000 ____D C:\Users\Admin 2017-01-17 18:03 - 2014-10-22 15:20 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-16 13:20 - 2012-06-05 19:52 - 00000151 _____ C:\Windows\PhotoSnapViewer.INI 2017-01-15 00:04 - 2016-10-08 18:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\discord 2017-01-11 18:52 - 2015-10-31 18:37 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Pliki w katalogu głównym wybranych folderów ======= 2012-11-01 13:06 - 2013-03-27 20:33 - 0000000 _____ () C:\Users\Admin\AppData\Roaming\adu.xml 2015-11-28 16:18 - 2015-11-28 16:17 - 5920256 _____ () C:\Users\Admin\AppData\Roaming\setup.msi 2013-06-08 11:28 - 2013-06-08 11:28 - 0043008 ___SH () C:\Users\Admin\AppData\Roaming\Thumbs.db 2017-01-02 18:05 - 2017-01-02 18:05 - 49290112 _____ (Sony) C:\Users\Admin\AppData\Local\pcc.exe 2012-03-30 19:36 - 2012-03-31 20:57 - 0007604 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2015-11-29 20:53 - 2015-11-29 20:53 - 0000000 _____ () C:\ProgramData\4euF3LPU 2015-11-28 16:18 - 2015-11-28 16:18 - 0675856 _____ () C:\ProgramData\MKiWf5 2015-11-28 16:18 - 2015-11-28 16:18 - 0078496 _____ () C:\ProgramData\MKiWf5.au3 2015-11-29 20:53 - 2015-11-28 16:18 - 7715745 _____ (Microsoft Corporation) C:\ProgramData\MKiWf5.backup 2015-11-29 20:53 - 2015-11-29 20:53 - 0000046 _____ () C:\ProgramData\MKiWf5.folder 2015-11-29 20:53 - 2015-11-29 20:53 - 0000056 _____ () C:\ProgramData\MKiWf5.path 2014-06-13 16:03 - 2014-06-13 16:03 - 0000000 _____ () C:\ProgramData\spds90.txt ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll [2012-03-30 18:34] - [2012-07-08 17:28] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2012-03-30 19:33] - [2012-07-08 17:28] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-01-23 15:48 ==================== Koniec FRST.txt ============================