Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 10.02.2018 02 Uruchomiony przez dudimek (administrator) DESKTOP-M3ETC00 (11-02-2018 11:38:00) Uruchomiony z C:\Users\dudimek\Desktop Załadowane profile: dudimek (Dostępne profile: dudimek) Platform: Windows 10 Home Wersja 1709 16299.192 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.11.2.7\NIS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.11.2.7\NIS.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Wargaming.net) D:\Gry\World of Tanks\WargamingGameUpdater.exe (GG Network S.A.) C:\Users\dudimek\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) C:\Users\dudimek\AppData\Local\GG\Application\ggapp.exe (MY.COM B.V.) C:\Users\dudimek\AppData\Local\MyComGames\MyComGames.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegister.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.188_none_16c3dcde323064d9\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-30] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [1258960 2017-03-03] (Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2018-01-06] () HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2018-01-06] () HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\...\Run: [World of Tanks] => D:\Gry\World of Tanks\WargamingGameUpdater.exe [3139872 2018-01-05] (Wargaming.net) HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\...\Run: [GG] => C:\Users\dudimek\AppData\Local\GG\Application\gghub.exe [4078144 2016-07-04] (GG Network S.A.) HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\...\Run: [World of Warships] => D:\Gry\World of Warships\WargamingGameUpdater.exe [3140384 2018-01-25] (Wargaming.net) HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\...\Run: [MyComGames] => C:\Users\dudimek\AppData\Local\MyComGames\MyComGames.exe [6090552 2018-01-23] (MY.COM B.V.) HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3100456 2018-01-20] (Electronic Arts) HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5230784 2017-12-15] (Disc Soft Ltd) HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\...\MountPoints2: {5d428ad2-ed6c-11e7-87e0-309c230f0505} - "G:\setup.exe" HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\...\MountPoints2: {bd42c1fb-89bf-11e7-87ba-806e6f6e6963} - "E:\start.exe" ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) AutoConfigURL: [S-1-5-21-1406169887-4253107244-1405716791-1002] => hxxp://unstop-web.biz/wpad.dat?f5b4e3da31b0fdc5fe7dbd8441da7bde38085914 Tcpip\Parameters: [DhcpNameServer] 192.168.7.1 8.8.8.8 Tcpip\..\Interfaces\{36bba572-544e-45e5-ae3b-c063581aca74}: [DhcpNameServer] 192.168.7.1 8.8.8.8 ManualProxies: 0hxxp://unstop-web.biz/wpad.dat?f5b4e3da31b0fdc5fe7dbd8441da7bde38085914 Internet Explorer: ================== BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation) BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine32\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-04] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-04] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine32\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation) FireFox: ======== FF DefaultProfile: z9hjrokz.default FF ProfilePath: C:\Users\dudimek\AppData\Roaming\Mozilla\Firefox\Profiles\z9hjrokz.default [2018-02-10] FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-04] (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1406169887-4253107244-1405716791-1002: @my.com/Games -> C:\Users\dudimek\AppData\Local\MyComGames\NPMyComDetector.dll [Brak pliku] Chrome: ======= CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.11.2.7\Exts\Chrome.crx CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.11.2.7\Exts\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3759752 2016-05-18] (Intel Corporation) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3128000 2017-12-15] (Disc Soft Ltd) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-12-05] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [196200 2017-02-19] (Intel Corporation) R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [132048 2017-02-21] (Micro-Star INT'L CO., LTD.) R2 NIS; C:\Program Files\Norton Internet Security\Engine\22.11.2.7\NIS.exe [326144 2017-11-11] (Symantec Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2154816 2018-01-20] (Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3024712 2018-01-20] (Electronic Arts) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-09] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-09] (Microsoft Corporation) R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin" ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 BHDrvx64; C:\Program Files\Norton Internet Security\NortonData\22.11.2.7\Definitions\BASHDefs\20180208.003\BHDrvx64.sys [1880144 2018-02-01] (Symantec Corporation) R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NISx64\160B020.007\ccSetx64.sys [187544 2017-11-11] (Symantec Corporation) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-12-30] (Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-12-30] (Disc Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-01-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-01-04] (Symantec Corporation) R1 IDSVia64; C:\Program Files\Norton Internet Security\NortonData\22.11.2.7\Definitions\IPSDefs\20180209.001\IDSvia64.sys [1056920 2017-12-29] (Symantec Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-18] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek ) R3 SRTSP; C:\WINDOWS\system32\drivers\NISx64\160B020.007\SRTSP64.SYS [812696 2017-11-11] (Symantec Corporation) R1 SRTSPX; C:\WINDOWS\system32\drivers\NISx64\160B020.007\SRTSPX64.SYS [49304 2017-11-11] (Symantec Corporation) R0 SymEFASI; C:\WINDOWS\System32\drivers\NISx64\160B020.007\SYMEFASI64.SYS [1938584 2017-11-11] (Symantec Corporation) S0 SymELAM; C:\WINDOWS\System32\drivers\NISx64\160B020.007\SymELAM.sys [24608 2017-11-11] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102600 2018-01-01] (Symantec Corporation) R1 SymIRON; C:\WINDOWS\system32\drivers\NISx64\160B020.007\Ironx64.SYS [309984 2017-11-11] (Symantec Corporation) R1 SymNetS; C:\WINDOWS\system32\drivers\NISx64\160B020.007\SYMNETS.SYS [566936 2017-11-11] (Symantec Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2017-12-09] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2017-12-09] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-09] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-11 11:35 - 2018-02-11 11:38 - 000015067 _____ C:\Users\dudimek\Desktop\FRST.txt 2018-02-11 11:29 - 2018-02-11 11:30 - 000000000 ____D C:\AdwCleaner 2018-02-11 11:29 - 2018-02-11 11:29 - 008222496 _____ (Malwarebytes) C:\Users\dudimek\Desktop\adwcleaner_7.0.8.0.exe 2018-02-09 18:21 - 2018-02-09 18:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2018-02-07 17:06 - 2018-02-07 17:06 - 000000000 ____D C:\Users\dudimek\Documents\ROBLOX 2018-02-06 21:35 - 2018-02-10 15:37 - 000000000 ____D C:\Users\dudimek\AppData\LocalLow\Mozilla 2018-02-06 21:35 - 2018-02-06 21:40 - 000000000 ____D C:\Users\dudimek\AppData\Local\Mozilla 2018-02-06 21:35 - 2018-02-06 21:35 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-02-06 21:35 - 2018-02-06 21:35 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk 2018-02-06 21:35 - 2018-02-06 21:35 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-02-06 21:35 - 2018-02-06 21:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-02-06 20:44 - 2018-02-06 20:44 - 000043007 _____ C:\Users\dudimek\Downloads\3362943.perl 2018-02-06 20:32 - 2018-02-06 20:32 - 000000000 ____D C:\Users\dudimek\Desktop\Nowy folder 2018-02-06 20:29 - 2018-02-11 11:38 - 000000000 ____D C:\FRST 2018-02-06 20:29 - 2018-02-11 11:34 - 002404864 _____ (Farbar) C:\Users\dudimek\Desktop\FRST64.exe 2018-02-06 20:17 - 2018-02-06 20:17 - 000004006 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1517944633 2018-02-06 20:17 - 2018-02-06 20:17 - 000001208 _____ C:\Users\Public\Desktop\Przeglądarka Opera.lnk 2018-02-06 20:17 - 2018-02-06 20:17 - 000001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk 2018-02-06 20:17 - 2018-02-06 20:17 - 000000000 ____D C:\Users\dudimek\AppData\Roaming\Opera Software 2018-02-06 20:17 - 2018-02-06 20:17 - 000000000 ____D C:\Users\dudimek\AppData\Local\Opera Software 2018-02-06 20:17 - 2018-02-06 20:17 - 000000000 ____D C:\Program Files (x86)\Opera 2018-02-06 20:13 - 2018-02-06 20:16 - 039766536 _____ (Opera Software) C:\Users\dudimek\Downloads\Opera_50.0.2762.67_Setup.exe 2018-02-04 20:54 - 2018-02-04 20:54 - 000002020 _____ C:\Users\dudimek\Desktop\DaVinci Resolve Project Server.lnk 2018-02-04 20:54 - 2018-02-04 20:54 - 000002000 _____ C:\Users\dudimek\Desktop\Resolve.lnk 2018-02-04 20:53 - 2018-02-04 20:54 - 000000000 ____D C:\Users\dudimek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design 2018-02-04 20:53 - 2018-02-04 20:53 - 000000000 ____D C:\ProgramData\Blackmagic Design 2018-02-04 20:53 - 2018-02-04 20:53 - 000000000 ____D C:\Program Files\Blackmagic Design 2018-02-04 20:52 - 2018-02-04 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design 2018-02-04 20:52 - 2018-02-04 20:52 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design 2018-02-04 20:51 - 2018-02-04 20:51 - 000000000 ____D C:\Users\dudimek\Desktop\DaVinci_Resolve_14.3_Windows 2018-02-04 20:34 - 2018-02-04 20:51 - 673664985 _____ C:\Users\dudimek\Desktop\DaVinci_Resolve_14.3_Windows.zip 2018-02-04 20:01 - 2018-02-04 20:01 - 000001061 _____ C:\Users\dudimek\Desktop\Bandicut.lnk 2018-02-04 20:01 - 2018-02-04 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicut 2018-02-04 20:01 - 2018-02-04 20:01 - 000000000 ____D C:\Program Files (x86)\Bandicut 2018-02-04 19:56 - 2018-02-04 20:00 - 000000000 ____D C:\Users\dudimek\Desktop\Bandicut v.1.2.2.65 pl 2018-02-04 19:52 - 2018-02-04 19:55 - 037688250 _____ C:\Users\dudimek\Desktop\Bandicut v.1.2.2.65 pl.rar 2018-02-04 17:23 - 2018-02-04 17:23 - 000000000 ____D C:\Users\dudimek\AppData\Roaming\BANDISOFT 2018-02-04 17:22 - 2018-02-04 20:08 - 000000000 ____D C:\Users\dudimek\Documents\Bandicut 2018-02-04 17:22 - 2018-02-04 17:22 - 000000000 ____D C:\ProgramData\BANDISOFT 2018-02-04 17:21 - 2018-02-04 17:22 - 013262896 _____ (Bandicam Company) C:\Users\dudimek\Desktop\bandicut-setup.exe 2018-02-04 15:05 - 2018-02-04 15:05 - 000001061 _____ C:\Users\Public\Desktop\Bandicam.lnk 2018-02-04 15:05 - 2018-02-04 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam 2018-02-04 15:05 - 2018-02-04 15:05 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1 2018-02-04 15:05 - 2018-02-04 15:05 - 000000000 ____D C:\Program Files (x86)\Bandicam 2018-02-04 15:00 - 2018-02-04 15:00 - 017517077 _____ C:\Users\dudimek\Desktop\Bandicam 4.0.0.1331 FULL.zip 2018-02-04 14:26 - 2018-02-04 17:42 - 000000000 ____D C:\Users\dudimek\Documents\Bandicam 2018-02-04 14:26 - 2018-02-04 14:26 - 000000000 ____D C:\Users\dudimek\AppData\Roaming\Bandicam Company 2018-02-01 20:35 - 2018-02-01 20:35 - 000068661 _____ C:\Users\dudimek\Documents\moje zainteresowania.odp 2018-02-01 20:35 - 2018-02-01 20:35 - 000000831 _____ C:\Users\dudimek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nowy folder skompresowany (zip).lnk 2018-02-01 20:10 - 2018-02-01 20:10 - 000000000 ____D C:\Users\dudimek\AppData\Roaming\LibreOffice 2018-02-01 20:00 - 2018-02-01 20:00 - 000001209 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk 2018-02-01 20:00 - 2018-02-01 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0 2018-02-01 20:00 - 2018-02-01 20:00 - 000000000 ____D C:\Program Files (x86)\LibreOffice 2018-02-01 19:25 - 2018-02-01 19:51 - 251998208 _____ C:\Users\dudimek\Desktop\LibreOffice_6.0.0_Win_x86.msi 2018-01-25 11:22 - 2018-01-25 11:22 - 000440120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll 2018-01-25 11:22 - 2018-01-25 11:22 - 000267592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll 2018-01-25 11:22 - 2018-01-25 11:22 - 000244032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll 2018-01-25 11:22 - 2018-01-25 11:22 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll 2018-01-16 18:04 - 2018-02-09 12:09 - 000001435 _____ C:\Users\dudimek\Desktop\Roblox Player.lnk 2018-01-16 18:02 - 2018-02-09 12:09 - 000001250 _____ C:\Users\dudimek\Desktop\Roblox Studio.lnk 2018-01-16 18:02 - 2018-02-09 12:09 - 000000000 ____D C:\Users\dudimek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2018-01-16 18:02 - 2018-02-07 17:04 - 000000000 ____D C:\Users\dudimek\AppData\Local\Roblox 2018-01-16 18:02 - 2018-02-07 17:03 - 000000252 _____ C:\Users\dudimek\AppData\LocalLow\rbxcsettings.rbx ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-11 11:37 - 2018-01-01 18:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security 2018-02-11 11:35 - 2017-10-14 12:30 - 000000000 ____D C:\Users\dudimek\AppData\Local\MyComGames 2018-02-11 11:35 - 2017-08-28 19:57 - 000000000 ____D C:\ProgramData\NVIDIA 2018-02-11 11:34 - 2017-11-09 15:18 - 000000000 ____D C:\ProgramData\Origin 2018-02-11 11:32 - 2017-12-26 13:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-02-11 11:32 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-02-11 11:32 - 2017-09-29 09:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2018-02-11 11:25 - 2017-12-26 13:57 - 000004230 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{14B240D4-AB41-4974-B853-066C70403E74} 2018-02-11 11:22 - 2017-09-03 10:58 - 000000000 ____D C:\Users\dudimek\AppData\Roaming\GG 2018-02-09 20:10 - 2017-12-26 13:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-02-09 12:15 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-02-08 09:16 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-02-08 09:16 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-02-08 09:16 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-02-06 21:35 - 2017-09-03 10:58 - 000000000 ____D C:\Users\dudimek\AppData\Roaming\Mozilla 2018-02-06 19:34 - 2017-12-26 13:57 - 000004704 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-02-06 19:34 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-02-06 19:33 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-02-06 03:49 - 2017-09-29 14:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-02-06 03:49 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-02-04 22:37 - 2017-11-09 15:23 - 000000000 ____D C:\Program Files (x86)\Origin 2018-02-04 20:54 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF 2018-02-04 20:25 - 2017-10-11 20:48 - 000000000 ____D C:\Users\dudimek\.openshot_qt 2018-02-04 15:18 - 2017-10-07 18:10 - 000000000 ____D C:\Users\dudimek\AppData\Local\Captura 2018-02-04 15:18 - 2017-09-09 18:29 - 000000000 ____D C:\Users\dudimek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mathew Sachin 2018-02-04 14:01 - 2017-09-09 18:29 - 000000000 ____D C:\Users\dudimek\Documents\Captura 2018-02-04 14:00 - 2017-09-01 18:38 - 000000000 ____D C:\ProgramData\Oracle 2018-02-04 14:00 - 2017-09-01 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-02-04 14:00 - 2017-09-01 18:38 - 000000000 ____D C:\Program Files (x86)\Java 2018-02-04 13:59 - 2017-09-01 18:38 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2018-02-03 22:09 - 2017-12-26 13:48 - 000000000 ____D C:\Users\dudimek 2018-02-03 17:03 - 2017-09-18 16:27 - 000000000 ____D C:\Users\dudimek\AppData\Local\CrashDumps 2018-02-02 21:49 - 2017-12-26 13:45 - 000395728 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-02-01 20:10 - 2017-09-01 18:53 - 000000000 ____D C:\Users\dudimek\AppData\Roaming\NVIDIA 2018-01-26 14:57 - 2017-12-26 13:57 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1406169887-4253107244-1405716791-1002 2018-01-26 14:57 - 2017-08-28 16:50 - 000002417 _____ C:\Users\dudimek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-01-26 14:57 - 2017-08-28 16:50 - 000000000 ___RD C:\Users\dudimek\OneDrive 2018-01-20 16:12 - 2017-12-26 14:01 - 001989174 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-01-20 16:12 - 2017-09-30 15:29 - 000889054 _____ C:\WINDOWS\system32\perfh015.dat 2018-01-20 16:12 - 2017-09-30 15:29 - 000179336 _____ C:\WINDOWS\system32\perfc015.dat 2018-01-13 19:59 - 2017-08-29 18:14 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-01-13 19:58 - 2017-10-10 19:12 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-01-13 19:58 - 2017-08-29 18:14 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-01-13 16:12 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache 2018-01-12 21:26 - 2017-12-26 13:57 - 000004522 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-09-03 10:24 - 2017-09-03 10:24 - 000000218 _____ () C:\Users\dudimek\AppData\Local\recently-used.xbel Niektóre pliki w TEMP: ==================== 2017-01-26 08:26 - 2017-01-26 08:26 - 004297200 _____ (Bandicam Company) C:\Users\dudimek\AppData\Local\Temp\bdfilters.dll 2018-02-04 13:56 - 2018-02-04 13:56 - 001864256 _____ (Oracle Corporation) C:\Users\dudimek\AppData\Local\Temp\jre-8u161-windows-au.exe 2017-12-26 22:13 - 2009-07-16 08:36 - 000456024 ____R (Macrovision Corporation) C:\Users\dudimek\AppData\Local\Temp\_is2684.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-02-01 20:41 ==================== Koniec FRST.txt ============================