Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 14-08-2021 Uruchomiony przez Administrator (administrator) WS2012R2F (FUJITSU PRIMERGY TX1310 M3) (19-08-2021 20:07:01) Uruchomiony z C:\Users\Administrator\Desktop\FRST - WS2012R2F Załadowane profile: Administrator Platform: Windows Server 2012 R2 Foundation (Update) (X64) Język: Angielski (Stany Zjednoczone) -> Polski (Polska) Domyślna przeglądarka: FF Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET File Security\egui.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET File Security\x86\ekrn.exe (Fujitsu Limited -> FUJITSU) C:\Program Files (x86)\Fujitsu\ServerView Suite\Remote Connector\SVRemCon.exe (Fujitsu Limited -> FUJITSU) C:\Program Files\Fujitsu\ServerView Suite\Agents\Server Control\SrvCtrl.exe (FUJITSU LIMITED) [Brak podpisu cyfrowego] C:\Program Files (x86)\Fujitsu\ServerView Suite\Agents\UpdateAgent\gf_agent.exe (Fujitsu Limited) [Brak podpisu cyfrowego] C:\Program Files\Fujitsu\ServerView Suite\RAID Manager\amService.exe (Intel(R) INTELND1617S2 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.INSERTGT\MSSQL\Binn\sqlservr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\silsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7> ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Policies\Explorer: [ShowSuperHidden] 1 HKU\S-1-5-21-2728209939-661244823-36512035-500\...\MountPoints2: {35736731-21a3-11e8-80b3-806e6f6e6963} - "D:\Setup.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2014-10-31] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2014-10-31] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE Lsa: [Notification Packages] rassfm scecli BootExecute: autocheck autochk /q /v * GroupPolicy: Ograniczenia ? <==== UWAGA Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {035CF869-238B-4F72-AD31-4DB89FDB000C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Administrator\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-08-19] (ESET, spol. s r.o. -> ESET) Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2) Task: {23AC4771-5F94-42E5-8E66-804680F5E235} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-16] (Mozilla Corporation -> Mozilla Foundation) Task: {4BEAD4F8-740A-474A-B31E-546B82DC2133} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [235520 2013-08-22] (Microsoft Windows -> Microsoft Corporation) Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)" Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [94208 2013-08-22] (Microsoft Windows -> Microsoft Corporation) Task: {B87B8E18-B4E9-4161-B796-A86DFF26AEA4} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Administrator\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-08-19] (ESET, spol. s r.o. -> ESET) Task: {C6ECE607-34B4-4643-AF2F-24E921982EB0} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.77.1 Tcpip\..\Interfaces\{FA070690-6927-43E8-99D5-312D9A04E6FE}: [DhcpNameServer] 192.168.77.1 FireFox: ======== FF DefaultProfile: aomhl8bm.default FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\aomhl8bm.default [2021-08-19] FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\55qx0g26.default-release [2021-08-19] FF Extension: (Add-ons Search Detection) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\55qx0g26.default-release\features\{48bd7865-e186-4275-9af4-3fbc8a5548a3}\addons-search-detection@mozilla.com.xpi [2021-08-19] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) "silsvc" => serwis nie został odblokowany. <==== UWAGA HKLM\SYSTEM\ControlSet001\Services\silsvc => <==== UWAGA (Rootkit!/Zablokowana usługa) R2 amService; C:\Program Files\Fujitsu\ServerView Suite\RAID Manager\amService.exe [88576 2017-08-08] (Fujitsu Limited) [Brak podpisu cyfrowego] S3 EHttpSrv; C:\Program Files\ESET\ESET File Security\ehttpsrv.exe [52856 2017-12-05] (ESET, spol. s r.o. -> ESET) R2 ekrn; C:\Program Files\ESET\ESET File Security\x86\ekrn.exe [1995184 2017-12-05] (ESET, spol. s r.o. -> ESET) S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Windows -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-19] (Malwarebytes Inc -> Malwarebytes) R2 MSSQL$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL12.INSERTGT\MSSQL\Binn\sqlservr.exe [372416 2016-06-18] (Microsoft Corporation -> Microsoft Corporation) R2 RemoteConnector; C:\Program Files (x86)\Fujitsu\ServerView Suite\Remote Connector\SVRemCon.exe [658096 2017-06-29] (Fujitsu Limited -> FUJITSU) S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [88064 2020-08-10] (Microsoft Windows -> Microsoft Corporation) S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [77312 2020-08-10] (Microsoft Windows -> Microsoft Corporation) S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Windows -> Microsoft Corporation) R2 ServerView Update Agent; C:\Program Files (x86)\Fujitsu\ServerView Suite\Agents\UpdateAgent\gf_agent.exe [399360 2017-07-10] (FUJITSU LIMITED) [Brak podpisu cyfrowego] S4 SQLAgent$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL12.INSERTGT\MSSQL\Binn\SQLAGENT.EXE [613056 2016-06-18] (Microsoft Corporation -> Microsoft Corporation) R2 SrvCtrl; C:\Program Files\Fujitsu\ServerView Suite\Agents\Server Control\SrvCtrl.exe [536752 2017-10-10] (Fujitsu Limited -> FUJITSU) S3 TestHandler; C:\Program Files\Fujitsu\ServerView Suite\Agents\OnlineDiagnostic\TestManager\HaDTMan.exe [385888 2013-11-20] (Fujitsu Technology Solutions GmbH -> Fujitsu Technology Solutions) R2 UALSVC; C:\Windows\System32\ualsvc.dll [249344 2014-09-05] (Microsoft Windows -> Microsoft Corporation) ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.) S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.) S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Microsoft Windows -> Broadcom Corporation) S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Microsoft Windows -> Broadcom Corporation) S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio.com(Test) -> Chelsio Communications) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [272544 2017-12-05] (ESET, spol. s r.o. -> ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [202928 2017-12-05] (ESET, spol. s r.o. -> ESET) S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Microsoft Windows -> Emulex) R1 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [77168 2017-12-05] (ESET, spol. s r.o. -> ESET) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [199128 2021-08-19] (Malwarebytes Inc -> Malwarebytes) R3 GabiAcpi; C:\Windows\System32\drivers\GabiAcpi.sys [34696 2017-04-26] (Fujitsu Technology Solutions GmbH -> Fujitsu Technology Solutions) S3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [22016 2013-08-22] (Microsoft Corporation) [Brak podpisu cyfrowego] R3 iusb3adp; C:\Windows\System32\drivers\iusb3adp.sys [37672 2015-07-28] (Intel Corporation - Client Components Group -> Intel) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-08-19] (Malwarebytes Inc -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198888 2021-08-19] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69016 2021-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-08-19] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [156880 2021-08-19] (Malwarebytes Inc -> Malwarebytes) R0 megasr1; C:\Windows\System32\drivers\megasr1.sys [921592 2017-02-14] (Avago Technologies U.S. Inc. -> LSI Corporation, Inc.) S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [117760 2016-07-09] (Microsoft Windows -> Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) [Brak podpisu cyfrowego] S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (Microsoft Windows -> QLogic Corporation) S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (Microsoft Windows -> QLogic Corporation) S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (Microsoft Windows -> QLogic Corporation) R1 RsFx0320; C:\Windows\System32\DRIVERS\RsFx0320.sys [250048 2016-06-18] (Microsoft Corporation -> Microsoft Corporation) S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Windows -> Microsoft Corporation) R3 ScSBB2; C:\Windows\System32\drivers\ScSBB2.sys [97064 2012-08-20] (Fujitsu Technology Solutions GmbH -> Fujitsu) S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Windows -> Microsoft Corporation) R5 silsvc; <==== UWAGA: Zablokowana usługa ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation) ==================== Jeden miesiąc (utworzone) (Wszystkie) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2021-08-19 19:42 - 2021-08-19 19:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam 2021-08-19 19:41 - 2021-08-19 19:41 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2021-08-19 19:41 - 2021-08-19 19:41 - 000220752 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2021-08-19 19:41 - 2021-08-19 19:41 - 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2021-08-19 19:41 - 2021-08-19 19:41 - 000198888 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2021-08-19 19:41 - 2021-08-19 19:41 - 000156880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2021-08-19 19:41 - 2021-08-19 19:41 - 000069016 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2021-08-19 19:41 - 2021-08-19 19:41 - 000001982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-08-19 19:41 - 2021-08-19 19:41 - 000001970 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-08-19 19:41 - 2021-08-19 19:41 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-08-19 19:40 - 2021-08-19 19:40 - 000000000 ____D C:\Program Files\Malwarebytes 2021-08-19 19:37 - 2021-08-19 19:37 - 002120496 _____ (Malwarebytes) C:\Users\Administrator\Downloads\MBSetup.exe 2021-08-19 19:32 - 2021-08-19 20:07 - 000000000 ____D C:\Users\Administrator\Desktop\FRST - WS2012R2F 2021-08-19 19:27 - 2021-08-19 20:07 - 000000000 ____D C:\FRST 2021-08-19 19:25 - 2021-08-19 19:33 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla 2021-08-19 19:25 - 2021-08-19 19:25 - 057524336 _____ (Mozilla) C:\Users\Administrator\Downloads\Firefox Setup 91.0.1.exe 2021-08-19 19:25 - 2021-08-19 19:25 - 000000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-08-19 19:25 - 2021-08-19 19:25 - 000000942 _____ C:\Users\Public\Desktop\Firefox.lnk 2021-08-19 19:25 - 2021-08-19 19:25 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2021-08-19 19:25 - 2021-08-19 19:25 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla 2021-08-19 19:25 - 2021-08-19 19:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla 2021-08-19 19:25 - 2021-08-19 19:25 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-08-19 19:25 - 2021-08-19 19:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-08-19 19:02 - 2021-08-19 19:02 - 000000299 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ten komputer.lnk 2021-08-19 18:59 - 2021-08-19 18:59 - 000000020 ___SH C:\Users\Administrator\ntuser.ini 2021-08-19 18:46 - 2021-08-19 18:46 - 000003796 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn 2021-08-19 18:46 - 2021-08-19 18:46 - 000003356 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime 2021-08-19 17:04 - 2021-08-19 17:04 - 011697056 _____ (ESET) C:\Users\Administrator\Downloads\esetonlinescanner.exe 2021-08-19 17:04 - 2021-08-19 17:04 - 000001258 _____ C:\Users\Administrator\Desktop\ESET Online Scanner.lnk 2021-08-19 17:04 - 2021-08-19 17:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET 2021-08-11 01:43 - 2021-07-31 22:17 - 001377888 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2021-08-11 01:43 - 2021-07-31 22:10 - 002448136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2021-08-11 01:43 - 2021-07-31 20:58 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2021-08-11 01:43 - 2021-07-31 20:54 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\efslsaext.dll 2021-08-11 01:43 - 2021-07-31 19:45 - 000347136 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2021-08-11 01:43 - 2021-07-31 19:42 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2021-08-11 01:43 - 2021-07-31 19:42 - 000827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2021-08-11 01:43 - 2021-07-31 19:40 - 000867840 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2021-08-11 01:43 - 2021-07-31 19:30 - 000307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2021-08-11 01:43 - 2021-07-27 07:53 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2021-08-11 01:43 - 2021-07-27 07:26 - 000324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2021-08-11 01:43 - 2021-07-15 05:47 - 001728512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2021-08-11 01:43 - 2021-07-15 05:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2021-08-11 01:43 - 2021-07-13 08:34 - 000376072 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2021-08-11 01:43 - 2021-07-13 08:23 - 000317176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2021-08-11 01:43 - 2021-07-13 07:22 - 025757696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2021-08-11 01:43 - 2021-07-13 07:01 - 005507584 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2021-08-11 01:43 - 2021-07-13 06:39 - 000580608 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2021-08-11 01:43 - 2021-07-13 06:35 - 020293632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2021-08-11 01:43 - 2021-07-13 06:29 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2021-08-11 01:43 - 2021-07-13 06:26 - 015507456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2021-08-11 01:43 - 2021-07-13 06:12 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2021-08-11 01:43 - 2021-07-13 06:07 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2021-08-11 01:43 - 2021-07-13 06:06 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2021-08-11 01:43 - 2021-07-13 06:04 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2021-08-11 01:43 - 2021-07-13 06:01 - 001383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2021-08-11 01:43 - 2021-07-13 05:58 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2021-08-11 01:43 - 2021-07-13 05:58 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2021-08-11 01:43 - 2021-07-13 05:48 - 001562624 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2021-08-11 01:43 - 2021-07-13 05:46 - 004119040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2021-08-11 01:43 - 2021-07-13 05:43 - 013882368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2021-08-11 01:43 - 2021-07-13 05:41 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2021-08-11 01:43 - 2021-07-13 05:41 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2021-08-11 01:43 - 2021-07-13 05:37 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2021-08-11 01:43 - 2021-07-13 05:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2021-08-11 01:43 - 2021-07-13 05:26 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2021-08-11 01:43 - 2021-07-13 05:21 - 001342976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2021-08-11 01:43 - 2021-07-13 05:18 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2021-08-11 01:43 - 2021-07-10 08:03 - 007353624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2021-08-11 01:43 - 2021-07-10 08:01 - 002174936 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2021-08-11 01:43 - 2021-07-10 08:00 - 001738016 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2021-08-11 01:43 - 2021-07-10 06:24 - 001561832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll 2021-08-11 01:43 - 2021-07-10 06:24 - 001501408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2021-08-11 01:43 - 2021-07-10 04:53 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll 2021-08-11 01:43 - 2021-07-10 04:47 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2021-08-11 01:43 - 2021-07-10 04:40 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll 2021-08-11 01:43 - 2021-07-10 04:22 - 007042560 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2021-08-11 01:43 - 2021-07-10 04:20 - 006222336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2021-08-11 01:43 - 2021-07-08 04:55 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll 2021-08-11 01:43 - 2021-07-08 04:32 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll 2021-08-05 12:29 - 2021-08-05 12:29 - 000529958 _____ C:\Users\Administrator\Downloads\AutoDetect_FF.exe.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:29 - 2021-08-05 12:29 - 000313854 _____ C:\Users\Administrator\Downloads\Firefox Installer.exe.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:27 - 2021-08-05 12:27 - 000001710 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:27 - 2021-08-05 12:27 - 000000384 _____ C:\Users\Administrator\AppData\Roaming\ServerView Configuration Manager.frame.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:27 - 2021-08-05 12:27 - 000000276 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000088252 ____H C:\Users\Administrator\AppData\Local\IconCache.db.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000000650 ___SH C:\Users\Administrator\Documents\desktop.ini.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000000570 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000000522 ___SH C:\Users\Public\Documents\desktop.ini.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000000522 ___SH C:\Users\Administrator\Downloads\desktop.ini.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000000522 ___SH C:\Users\Administrator\Desktop\desktop.ini.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000000410 ___SH C:\Users\Public\Downloads\desktop.ini.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000000410 ___SH C:\Users\Public\Desktop\desktop.ini.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000000410 ___SH C:\Users\Public\desktop.ini.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000000410 ___SH C:\Users\desktop.ini.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000000410 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2021-08-05 12:21 - 000000264 ___SH C:\Users\Administrator\ntuser.ini.id-AE71A290.[clean@onionmail.org].CLEAN ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2021-08-19 19:50 - 2018-03-06 18:52 - 000003590 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2728209939-661244823-36512035-500 2021-08-19 19:41 - 2018-03-07 17:13 - 000875384 _____ C:\Windows\system32\perfh015.dat 2021-08-19 19:41 - 2018-03-07 17:13 - 000190408 _____ C:\Windows\system32\perfc015.dat 2021-08-19 19:41 - 2013-10-10 19:48 - 003096788 _____ C:\Windows\system32\PerfStringBackup.INI 2021-08-19 19:41 - 2013-09-02 12:51 - 000871592 _____ C:\Windows\system32\perfh00C.dat 2021-08-19 19:41 - 2013-09-02 12:51 - 000186050 _____ C:\Windows\system32\perfc00C.dat 2021-08-19 19:41 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2021-08-19 19:34 - 2020-05-19 15:24 - 000000000 ____D C:\ProgramData\Mozilla 2021-08-19 18:59 - 2018-03-06 18:15 - 000000000 ____D C:\Users\Administrator 2021-08-19 18:57 - 2013-08-22 16:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-08-19 18:56 - 2013-08-22 16:47 - 000357336 _____ C:\Windows\system32\FNTCACHE.DAT 2021-08-19 18:48 - 2013-08-22 17:39 - 000000000 ___RD C:\Windows\ToastData 2021-08-11 04:32 - 2018-03-06 19:35 - 000000000 ____D C:\Windows\system32\MRT 2021-08-11 04:30 - 2018-03-06 19:34 - 133215968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-08-11 04:29 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp 2021-08-05 12:29 - 2021-07-07 12:54 - 667014776 _____ C:\Users\Administrator\Downloads\SSMS-Setup-ENU.exe.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:29 - 2019-02-13 15:23 - 000000000 ____D C:\Users\Administrator\Documents\InsERT GT 2021-08-05 12:29 - 2013-08-22 17:39 - 000000000 __RHD C:\Users\Public\Libraries 2021-08-05 12:27 - 2018-05-17 16:17 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\InsERT GT 2021-08-05 12:21 - 2018-03-07 22:40 - 004510081 _____ C:\Users\Administrator\Downloads\WMD20131209-Pilot3_W2K12ONLY.WHQL.zip.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2018-03-06 23:58 - 005842570 _____ C:\Users\Administrator\Downloads\Win_Chipset_10.1.17479.8054.zip.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2018-03-06 23:17 - 004112006 _____ C:\Users\Administrator\Downloads\FTS_Intel[R]ChipsetDeviceSoftwareProductionVersion_101285_1180084.zip.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:21 - 2018-03-06 23:17 - 000000000 ____D C:\Users\Administrator\Downloads\FTS_Intel[R]ChipsetDeviceSoftwareProductionVersion_101285_1180084 2021-08-05 12:21 - 2018-03-06 18:14 - 000000000 __RHD C:\Users\Public\AccountPictures ==================== Pliki w katalogu głównym wybranych folderów ======== 2021-08-05 12:27 - 2021-08-05 12:27 - 000000384 _____ () C:\Users\Administrator\AppData\Roaming\ServerView Configuration Manager.frame.id-AE71A290.[clean@onionmail.org].CLEAN 2021-08-05 12:27 - 2021-08-05 12:27 - 000000276 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg.id-AE71A290.[clean@onionmail.org].CLEAN ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2021-08-19 04:15 ==================== Koniec FRST.txt ========================