Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 02.01.2018 Uruchomiony przez Ja (administrator) KOMPUTER (06-01-2018 18:55:23) Uruchomiony z C:\Users\Ja\Downloads Załadowane profile: Ja (Dostępne profile: Ja) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: "C:\Program Files\Eastness\Application\chrome.exe" "%1") Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Electronic Arts) C:\Program Files\Origin\OriginWebHelperService.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe (AVAST Software) C:\Users\Ja\AppData\Local\background_fault\aswRD.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKU\S-1-5-21-1393165460-243477947-2800629209-1000\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [2432520 2014-01-16] (Hewlett-Packard Co.) HKU\S-1-5-21-1393165460-243477947-2800629209-1000\...\Run: [background_fault] => C:\Users\Ja\AppData\Local\background_fault\aswRD.exe [1419576 2017-04-06] (AVAST Software) <==== UWAGA HKU\S-1-5-21-1393165460-243477947-2800629209-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation) HKLM\...\Providers\81bd26iq: C:\Program Files\Terbaent Center\local32spl.dll [275968 2017-02-02] () <==== UWAGA ShellExecuteHooks: Brak nazwy - {1215881A-DE48-11E6-9639-64006A5CFC23} - -> Brak pliku ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 0.0.0.0 csgob0t.online Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178 Tcpip\..\Interfaces\{540141CF-F963-4441-B940-153980A9A908}: [NameServer] 82.163.143.176 82.163.142.178 Tcpip\..\Interfaces\{540141CF-F963-4441-B940-153980A9A908}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{FE2BF0A8-F82C-402F-A770-18A102BAD618}: [NameServer] 82.163.143.176 82.163.142.178 Tcpip\..\Interfaces\{FE2BF0A8-F82C-402F-A770-18A102BAD618}: [DhcpNameServer] 82.163.143.176 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131513323013306175&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1393165460-243477947-2800629209-1000\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-1393165460-243477947-2800629209-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-1393165460-243477947-2800629209-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1486390482&z=ce8d94c3d21d39fbe6fc238gazfbeq7c0t1ebz4b4g&from=che0812&uid=ST9160411ASG_5TG1CE4CXXXX5TG1CE4C&q={searchTerms} SearchScopes: HKU\S-1-5-21-1393165460-243477947-2800629209-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1486390482&z=ce8d94c3d21d39fbe6fc238gazfbeq7c0t1ebz4b4g&from=che0812&uid=ST9160411ASG_5TG1CE4CXXXX5TG1CE4C&q={searchTerms} FireFox: ======== FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) Chrome: ======= CHR DefaultProfile: ChromeDefaultData2 CHR HomePage: ChromeDefaultData2 -> hxxps://www.google.pl/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8 CHR StartupUrls: ChromeDefaultData2 -> "hxxps://www.google.pl/" CHR Profile: C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2018-01-06] <==== UWAGA CHR Extension: (Prezentacje) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18] CHR Extension: (Dokumenty) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18] CHR Extension: (Dysk Google) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-27] CHR Extension: (YouTube) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-27] CHR Extension: (Adblocker for Youtube™) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2017-01-28] CHR Extension: (Arkusze) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18] CHR Extension: (Word Online) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-01-27] CHR Extension: (Dokumenty Google offline) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-27] CHR Extension: (Excel Online) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2017-01-27] CHR Extension: (PowerPoint Online) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2017-01-27] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-08] CHR Extension: (Gmail) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-27] CHR Extension: (Chrome Media Router) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 DVDMakerArofeingbanitain; C:\Program Files\Arofeingbanitain\DVDMakerArofeingbanitain.dll [225792 2017-02-02] () [Brak podpisu cyfrowego] S3 EasyAntiCheat; C:\Program Files\EasyAntiCheat\EasyAntiCheat.exe [529056 2017-12-08] (EasyAntiCheat Ltd) R2 MS_CHECK_SVC; C:\ProgramData\Microsoft\DeviceSync\LocalBackup.dll [487424 2017-02-08] () [Brak podpisu cyfrowego] <==== UWAGA S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2155328 2017-12-19] (Electronic Arts) R2 Origin Web Helper Service; C:\Program Files\Origin\OriginWebHelperService.exe [3025224 2017-12-19] (Electronic Arts) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2016-08-23] (Microsoft Corporation) S2 ed2kidle; "C:\Program Files\amuleCe\ed2k.exe" -downloadwhenidle [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [165376 2017-12-24] () [Brak podpisu cyfrowego] R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-13] (Atheros Communications, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2017-12-24] () [Brak podpisu cyfrowego] R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100) U0 aswVmm; Brak ImagePath S1 iSafeKrnl; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [X] <==== UWAGA S1 iSafeKrnlKit; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [X] <==== UWAGA S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== UWAGA S1 iSafeKrnlR3; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [X] <==== UWAGA ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-01-06 18:55 - 2018-01-06 18:55 - 000010358 _____ C:\Users\Ja\Downloads\FRST.txt 2018-01-06 18:55 - 2018-01-06 18:55 - 000000000 ____D C:\ProgramData\67427deb-2283-0 2018-01-06 18:55 - 2018-01-06 18:55 - 000000000 ____D C:\ProgramData\67427deb-1aa1-0 2018-01-06 18:54 - 2018-01-06 18:55 - 000000000 ____D C:\ProgramData\67427deb-0573-0 2018-01-06 18:53 - 2018-01-06 18:54 - 000000000 ____D C:\ProgramData\67427deb-03b3-0 2018-01-06 18:52 - 2018-01-06 18:53 - 000000000 ____D C:\ProgramData\67427deb-3997-0 2018-01-06 18:44 - 2018-01-06 18:52 - 000000000 ____D C:\ProgramData\67427deb-3df3-0 2018-01-06 18:43 - 2018-01-06 18:44 - 000000000 ____D C:\ProgramData\67427deb-15b1-0 2018-01-06 18:42 - 2018-01-06 18:43 - 000000000 ____D C:\ProgramData\67427deb-5771-0 2018-01-06 18:42 - 2018-01-06 18:42 - 000000000 ____D C:\ProgramData\67427deb-4b91-0 2018-01-06 18:41 - 2018-01-06 18:42 - 000000000 ____D C:\ProgramData\67427deb-3fe3-0 2018-01-06 18:40 - 2018-01-06 18:41 - 000000000 ____D C:\ProgramData\67427deb-3af1-0 2018-01-06 18:39 - 2018-01-06 18:40 - 000000000 ____D C:\ProgramData\67427deb-48e5-0 2018-01-06 18:39 - 2018-01-06 18:40 - 000000000 ____D C:\ProgramData\67427deb-13d7-0 2018-01-06 18:38 - 2018-01-06 18:39 - 000000000 ____D C:\ProgramData\67427deb-1a25-0 2018-01-06 18:37 - 2018-01-06 18:38 - 000000000 ____D C:\ProgramData\67427deb-5ef1-0 2018-01-06 18:37 - 2018-01-06 18:37 - 000000000 ____D C:\ProgramData\67427deb-6937-0 2018-01-06 18:36 - 2018-01-06 18:37 - 000000000 ____D C:\ProgramData\67427deb-4957-0 2018-01-06 18:35 - 2018-01-06 18:36 - 000000000 ____D C:\ProgramData\67427deb-00a5-0 2018-01-06 18:35 - 2018-01-06 18:35 - 000000000 ____D C:\ProgramData\67427deb-7e93-0 2018-01-06 18:34 - 2018-01-06 18:35 - 000000000 ____D C:\ProgramData\67427deb-2bd7-0 2018-01-06 18:33 - 2018-01-06 18:34 - 000000000 ____D C:\ProgramData\67427deb-4617-0 2018-01-06 18:32 - 2018-01-06 18:33 - 000000000 ____D C:\ProgramData\67427deb-4611-0 2018-01-06 18:32 - 2018-01-06 18:32 - 000000000 ____D C:\ProgramData\67427deb-1ab3-0 2018-01-06 18:31 - 2018-01-06 18:32 - 000000000 ____D C:\ProgramData\67427deb-1fe1-0 2018-01-06 18:27 - 2018-01-06 18:28 - 000000017 _____ C:\Users\Public\Documents\temp.dat 2018-01-06 18:26 - 2018-01-06 18:26 - 000000000 ____D C:\ProgramData\67427deb-59b5-0 2018-01-06 18:25 - 2018-01-06 18:26 - 000000000 ____D C:\ProgramData\67427deb-2907-0 2018-01-06 18:20 - 2018-01-06 18:20 - 000000000 ____D C:\ProgramData\67427deb-2715-0 2018-01-06 18:20 - 2018-01-06 18:20 - 000000000 ____D C:\ProgramData\67427deb-2137-0 2018-01-06 18:19 - 2018-01-06 18:20 - 000000000 ____D C:\ProgramData\67427deb-4805-0 2018-01-06 18:18 - 2018-01-06 18:19 - 000000000 ____D C:\ProgramData\67427deb-5333-0 2018-01-06 18:17 - 2018-01-06 18:26 - 000000000 ____D C:\AdwCleaner 2018-01-06 18:17 - 2018-01-06 18:17 - 008198432 _____ (Malwarebytes) C:\Users\Ja\Downloads\Adwcleaner_7.0.6.0_www.INSTALKI.pl.exe 2018-01-05 19:43 - 2018-01-06 18:54 - 000000000 ____D C:\FRST 2018-01-05 19:43 - 2018-01-05 19:43 - 001753600 _____ (Farbar) C:\Users\Ja\Downloads\FRST.exe 2017-12-24 11:12 - 2017-12-24 11:12 - 000165376 _____ C:\Windows\system32\Drivers\atksgt.sys 2017-12-24 11:12 - 2017-12-24 11:12 - 000018048 _____ C:\Windows\system32\Drivers\lirsgt.sys 2017-12-22 17:04 - 2017-12-22 17:04 - 000000000 ____D C:\Users\Ja\AppData\Local\Nox 2017-12-21 19:02 - 2018-01-06 18:55 - 000000000 ____D C:\Users\Ja\AppData\Local\2ACBAEEE-CB1C-7688-2F23-59CF45778753 2017-12-13 15:24 - 2017-12-13 15:24 - 000000000 ____D C:\Program Files\Origin Games 2017-12-13 15:22 - 2017-12-13 18:07 - 000000000 ____D C:\Users\Ja\AppData\Roaming\Origin 2017-12-13 15:21 - 2017-12-21 06:31 - 000000000 ____D C:\Program Files\Origin 2017-12-13 15:17 - 2017-12-13 18:07 - 000000000 ____D C:\ProgramData\Origin 2017-12-13 15:17 - 2017-12-13 15:24 - 000000000 ____D C:\Users\Ja\AppData\Local\Origin 2017-12-13 15:17 - 2017-12-13 15:17 - 000000000 ____D C:\Users\Ja\.QtWebEngineProcess 2017-12-13 15:17 - 2017-12-13 15:17 - 000000000 ____D C:\Users\Ja\.Origin 2017-12-13 07:42 - 2017-11-17 05:15 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-12-13 07:42 - 2017-11-15 01:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-12-13 07:42 - 2017-11-14 02:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-12-13 07:42 - 2017-11-14 02:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2017-12-13 07:42 - 2017-11-14 02:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-12-13 07:42 - 2017-11-14 02:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-12-13 07:42 - 2017-11-14 02:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-12-13 07:42 - 2017-11-14 01:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-12-13 07:42 - 2017-11-14 01:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-12-13 07:42 - 2017-11-07 21:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2017-12-13 07:42 - 2017-11-07 21:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2017-12-13 07:42 - 2017-11-07 21:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2017-12-13 07:42 - 2017-11-07 21:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2017-12-13 07:42 - 2017-11-07 21:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2017-12-13 07:42 - 2017-11-07 21:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-12-13 07:42 - 2017-11-07 21:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2017-12-13 07:42 - 2017-11-07 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2017-12-13 07:42 - 2017-11-07 21:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2017-12-13 07:42 - 2017-11-07 21:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-12-13 07:42 - 2017-11-07 21:39 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2017-12-13 07:42 - 2017-11-07 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-12-13 07:42 - 2017-11-07 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2017-12-13 07:42 - 2017-11-07 21:35 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2017-12-13 07:42 - 2017-11-07 21:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2017-12-13 07:42 - 2017-11-07 21:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2017-12-13 07:42 - 2017-11-07 21:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-12-13 07:42 - 2017-11-07 21:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-12-13 07:42 - 2017-11-07 21:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2017-12-13 07:42 - 2017-11-07 21:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2017-12-13 07:42 - 2017-11-07 21:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-12-13 07:42 - 2017-11-07 21:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-12-13 07:42 - 2017-11-07 21:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-12-13 07:42 - 2017-11-07 21:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-12-13 07:42 - 2017-11-07 21:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2017-12-13 07:42 - 2017-11-07 21:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-12-13 07:42 - 2017-11-07 21:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-12-13 07:42 - 2017-11-07 20:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-12-13 07:42 - 2017-11-07 17:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2017-12-13 07:42 - 2017-11-04 16:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll 2017-12-13 07:42 - 2017-11-04 16:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll 2017-12-13 07:42 - 2017-11-02 16:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll 2017-12-13 07:42 - 2017-11-02 16:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll 2017-12-13 07:42 - 2017-11-02 16:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll 2017-12-13 07:42 - 2017-11-02 15:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll 2017-12-13 07:42 - 2017-10-16 23:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2017-12-13 07:42 - 2017-10-12 01:14 - 000247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys 2017-12-12 21:04 - 2017-12-12 21:04 - 000000000 ____D C:\Users\Ja\AppData\Roaming\.mono 2017-12-12 21:04 - 2017-12-12 21:04 - 000000000 ____D C:\Users\Ja\AppData\LocalLow\Blizzard Entertainment 2017-12-12 21:04 - 2017-12-12 21:04 - 000000000 ____D C:\ProgramData\.mono 2017-12-12 20:51 - 2017-12-12 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone 2017-12-12 18:07 - 2017-12-12 20:53 - 000000000 ____D C:\Program Files\Hearthstone 2017-12-12 18:06 - 2017-12-12 18:06 - 000000000 ____D C:\ProgramData\Blizzard Entertainment 2017-12-12 18:02 - 2017-12-14 21:59 - 000000000 ____D C:\Users\Ja\AppData\Local\Battle.net 2017-12-12 18:02 - 2017-12-12 18:06 - 000000000 ____D C:\Users\Ja\AppData\Roaming\Battle.net 2017-12-12 18:02 - 2017-12-12 18:02 - 000000000 ____D C:\Users\Ja\AppData\Local\Blizzard Entertainment 2017-12-12 17:58 - 2017-12-14 21:16 - 000000000 ____D C:\Program Files\Battle.net 2017-12-12 17:57 - 2017-12-12 21:04 - 000000000 ____D C:\Users\Ja\AppData\Local\Blizzard 2017-12-12 17:56 - 2017-12-12 17:56 - 000000000 ____D C:\ProgramData\Battle.net 2017-12-09 11:20 - 2017-12-09 11:20 - 000000000 ____D C:\Users\Ja\AppData\Roaming\EasyAntiCheat 2017-12-09 11:16 - 2017-12-09 11:20 - 000000000 ____D C:\Program Files\EasyAntiCheat 2017-12-08 21:31 - 2018-01-04 22:04 - 000000000 ____D C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-12-08 21:26 - 2017-12-08 21:27 - 000000000 ____D C:\Users\Ja\AppData\Local\Steam 2017-12-08 21:20 - 2018-01-06 18:27 - 000000000 ____D C:\Program Files\Steam 2017-12-08 21:20 - 2018-01-04 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-12-08 21:20 - 2018-01-04 22:04 - 000000000 ____D C:\Program Files\Common Files\Steam 2017-12-08 21:20 - 2017-12-08 21:20 - 000000921 _____ C:\Users\Public\Desktop\Steam.lnk 2017-12-08 21:19 - 2017-12-08 21:19 - 001446792 _____ C:\Users\Ja\Downloads\SteamSetup.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-01-06 18:55 - 2017-02-22 16:14 - 000000000 ____D C:\ProgramData\57612869 2018-01-06 18:35 - 2009-07-14 05:34 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-01-06 18:35 - 2009-07-14 05:34 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-01-06 18:27 - 2017-05-25 14:10 - 000000000 ____D C:\Users\Ja\AppData\Local\background_fault 2018-01-06 18:27 - 2009-07-14 05:53 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-01-06 18:27 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-01-06 18:25 - 2017-10-01 12:51 - 000001000 _____ C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2018-01-06 18:25 - 2017-01-29 08:28 - 000002123 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-01-06 18:25 - 2017-01-29 08:28 - 000002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-01-05 19:47 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf 2018-01-04 22:05 - 2017-01-04 07:25 - 000000000 ____D C:\Users\Ja 2018-01-04 22:04 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\registration 2018-01-01 12:22 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache 2018-01-01 00:21 - 2017-11-27 15:47 - 000000000 ____D C:\Users\Ja\AppData\Roaming\TS3Client 2017-12-15 17:56 - 2017-11-27 15:15 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client 2017-12-13 15:08 - 2009-07-14 05:33 - 000267480 _____ C:\Windows\system32\FNTCACHE.DAT 2017-12-13 15:07 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\Setup 2017-12-13 08:09 - 2016-12-22 15:11 - 000000000 ____D C:\Windows\system32\MRT 2017-12-13 08:05 - 2017-10-11 06:09 - 130448288 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2017-12-13 08:05 - 2016-12-22 15:11 - 130448288 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-12-09 11:18 - 2017-11-27 15:16 - 000000000 ____D C:\ProgramData\Package Cache ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-02-22 16:22 - 2017-02-22 16:22 - 000000000 _____ () C:\Program Files\metadata 2017-01-28 14:55 - 2017-01-28 14:55 - 001908024 _____ () C:\Users\Ja\AppData\Roaming\Freeflex.tst 2017-01-28 13:57 - 2017-01-28 13:57 - 000278518 _____ () C:\Users\Ja\AppData\Roaming\Homeozestock.bin 2017-01-28 14:55 - 2017-01-28 14:55 - 001938537 _____ () C:\Users\Ja\AppData\Roaming\Random.bin 2017-01-28 13:15 - 2016-11-23 14:37 - 000000570 _____ () C:\Users\Ja\AppData\Local\TroubleshooterConfig.json Pliki do przeniesienia lub usunięcia: ==================== C:\Users\Ja\AppData\Local\background_fault\aswRD.exe Niektóre pliki w TEMP: ==================== 2017-04-14 07:40 - 2017-04-14 07:40 - 001707008 _____ () C:\Users\Ja\AppData\Local\Temp\114059387.t.exe 2017-04-14 07:40 - 2017-04-14 07:40 - 001707008 _____ () C:\Users\Ja\AppData\Local\Temp\132682668.t.exe 2017-04-14 09:19 - 2017-04-14 09:19 - 001707008 _____ () C:\Users\Ja\AppData\Local\Temp\14398584.t.exe 2017-05-04 05:53 - 2017-05-04 05:53 - 001135616 _____ () C:\Users\Ja\AppData\Local\Temp\17114626.t.exe 2017-05-04 05:53 - 2017-05-04 05:53 - 001135616 _____ () C:\Users\Ja\AppData\Local\Temp\61691685.t.exe 2017-04-14 07:40 - 2017-04-14 07:40 - 001707008 _____ () C:\Users\Ja\AppData\Local\Temp\65738346.t.exe 2017-04-14 07:40 - 2017-04-14 07:40 - 001707008 _____ () C:\Users\Ja\AppData\Local\Temp\68144959.t.exe 2017-01-29 21:40 - 2017-01-29 21:40 - 001284376 _____ (Bafen ) C:\Users\Ja\AppData\Local\Temp\ICReinstall_fifa-manager-13-full-version.exe 2017-02-11 13:52 - 2017-02-11 13:52 - 001290096 _____ (AdworldInternet) C:\Users\Ja\AppData\Local\Temp\ICReinstall_FIFA_Manager_12_Free_Full_Version_Game.exe 2017-02-06 20:26 - 2017-02-06 20:26 - 001271544 _____ (Fiho ) C:\Users\Ja\AppData\Local\Temp\ICReinstall_Free-Audio-Editor-40399-dp.exe 2017-02-06 19:33 - 2017-02-06 19:33 - 001270415 _____ ( ) C:\Users\Ja\AppData\Local\Temp\ICReinstall_microsoft-powerpoint-2010_0695201596.exe 2017-05-27 11:15 - 2017-05-27 11:15 - 001273672 _____ ( ) C:\Users\Ja\AppData\Local\Temp\ICReinstall_Plague Inc Evolved.exe 2017-02-13 14:09 - 2017-02-13 14:09 - 026964688 _____ () C:\Users\Ja\AppData\Local\Temp\inst12.exe 2017-01-29 21:53 - 2017-01-29 21:53 - 000548352 _____ () C:\Users\Ja\AppData\Local\Temp\is-3QBOK.tmpFIFA_Manager_14_Free_Download_Full_Version_PC_Game.exe 2017-02-02 17:37 - 2017-02-02 17:37 - 000418456 _____ () C:\Users\Ja\AppData\Local\Temp\Trotux.exe 2017-02-08 19:18 - 2017-02-08 19:18 - 000046924 _____ () C:\Users\Ja\AppData\Local\Temp\tu17p84.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-01-01 12:14 ==================== Koniec FRST.txt ============================