Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 24.02.2018 Uruchomiony przez Piotrek (administrator) PIOTREKBOOK (27-02-2018 01:06:10) Uruchomiony z C:\Users\Piotrek\Downloads Załadowane profile: Piotrek (Dostępne profile: Piotrek & auto) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe () E:\Programy\Matlab 2016\bin\win64\MATLABStartupAccelerator.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Akamai Technologies, Inc.) C:\Users\Piotrek\AppData\Local\Akamai\netsession_win.exe (f.lux Software LLC) C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe (Akamai Technologies, Inc.) C:\Users\Piotrek\AppData\Local\Akamai\netsession_win.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) E:\Programy\Mozilla\firefox.exe (Mozilla Corporation) E:\Programy\Mozilla\firefox.exe (Mozilla Corporation) E:\Programy\Mozilla\firefox.exe (Mozilla Corporation) E:\Programy\Mozilla\firefox.exe (Mozilla Corporation) E:\Programy\Mozilla\firefox.exe (Mozilla Corporation) E:\Programy\Mozilla\firefox.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-10-29] (Atheros Communications) HKU\S-1-5-21-1036782118-4070208372-3494369121-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Piotrek\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-1036782118-4070208372-3494369121-1000\...\Run: [*LABAL*] => [X] HKU\S-1-5-21-1036782118-4070208372-3494369121-1000\...\Run: [Reflector2] => [X] HKU\S-1-5-21-1036782118-4070208372-3494369121-1000\...\Run: [f.lux] => C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe [1679864 2018-01-10] (f.lux Software LLC) HKU\S-1-5-21-1036782118-4070208372-3494369121-1000\...\Run: [GoogleChromeAutoLaunch_5D6151B50304B88CAD98EE9861BB7FFA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-02-13] (Google Inc.) HKU\S-1-5-21-1036782118-4070208372-3494369121-1000\...\Policies\Explorer: [] HKU\S-1-5-21-1036782118-4070208372-3494369121-1000\...\MountPoints2: {711b9b22-c8c0-11e7-a69b-74e6e215b741} - I:\setup.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.112.2 192.168.160.2 Tcpip\..\Interfaces\{1244B3E7-D261-4F0B-992E-07EEEAA68546}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{2B692D03-A488-41D2-8F66-72113A56DD08}: [DhcpNameServer] 192.168.112.2 192.168.160.2 Tcpip\..\Interfaces\{7896C033-933C-4DB4-A4C7-F062B1BBD2A2}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BEC321E4-3714-4022-AFB5-3CAEA4240CEB}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{F9AF2215-5EC2-4C17-B2DE-2B8338C3D7B7}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1036782118-4070208372-3494369121-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-06] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-27] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-02-06] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-02-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-02-06] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-02-06] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\skkb7c3d.default-1464379590838 [2018-02-27] FF Extension: (Brak nazwy) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [nie znaleziono] FF SearchPlugin: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\skkb7c3d.default-1464379590838\searchplugins\McSiteAdvisor.xml [2018-02-07] FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Przestarzałe] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] () FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-26] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-26] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) StartMenuInternet: FIREFOX.EXE - E:\Programy\Mozilla\firefox.exe Chrome: ======= CHR HomePage: Default -> hxxps://my.baplc.com/group/baplc/home CHR DefaultSearchURL: Default -> hxxps://safesearch.trustnav.com/?src=ext&action=search&q={searchTerms} CHR DefaultSearchKeyword: Default -> trustnav CHR Session Restore: Default -> [funkcja włączona] CHR Profile: C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default [2018-02-27] CHR Extension: (Prezentacje) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Dokumenty) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Dysk Google) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27] CHR Extension: (YouTube) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27] CHR Extension: (OneTab) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-03-08] CHR Extension: (Google Search) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Adobe Acrobat) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-06] CHR Extension: (Arkusze) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Dokumenty Google offline) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Trustnav safe search) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjdbeiflalimgifllheflljdconlbig [2018-02-25] CHR Extension: (Skype) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-04] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25] CHR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2018-02-22] CHR Extension: (Gmail) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-27] CHR Extension: (Chrome Media Router) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-10] CHR HKU\S-1-5-21-1036782118-4070208372-3494369121-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1364904 2017-11-21] (Autodesk Inc.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [317568 2013-10-29] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968424 2018-02-08] (Microsoft Corporation) S3 CoordinatorServiceHost; E:\Solidworks\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [81400 2015-03-06] (Dassault Systèmes SolidWorks Corporation) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4451976 2018-01-09] (SurfRight B.V.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-06] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) S4 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender) R2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.) S4 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-10-04] (SolidWorks) [Brak podpisu cyfrowego] R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2018-02-24] (Bitdefender) R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2018-02-24] (Bitdefender) R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2018-02-24] (Bitdefender) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-10-15] (Atheros) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 atc; C:\Windows\System32\DRIVERS\atc.sys [1177720 2018-02-24] (BitDefender S.R.L. Bucharest, ROMANIA) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1725800 2018-02-24] (BitDefender) R0 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [154888 2018-02-24] (Bitdefender) S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-10-29] (Qualcomm Atheros) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-11-13] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-11-13] (Disc Soft Ltd) S3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [248336 2018-02-24] (BitDefender S.R.L. Bucharest, ROMANIA) R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [191784 2018-02-24] (BitDefender LLC) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-04-24] () R1 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [293560 2018-01-09] (SurfRight B.V.) R3 hmpnet; C:\Windows\system32\drivers\hmpnet.sys [92712 2018-01-09] (SurfRight B.V.) R3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-09] (Malwarebytes) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2015-11-05] (Apple Inc.) [Brak podpisu cyfrowego] S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated) R3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated) R2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [Brak podpisu cyfrowego] U4 nxpcap; Brak ImagePath U4 nxsshd; Brak ImagePath U4 nxusbd; Brak ImagePath U4 nxusbh; Brak ImagePath U4 nxusbs; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-27 01:06 - 2018-02-27 01:08 - 000019808 _____ C:\Users\Piotrek\Downloads\FRST.txt 2018-02-27 01:04 - 2018-02-27 01:06 - 000000000 ____D C:\FRST 2018-02-27 01:04 - 2018-02-27 01:04 - 002403328 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe 2018-02-27 00:55 - 2018-02-27 00:55 - 000000000 ____D C:\Windows\system32\tmp00005c3c 2018-02-27 00:48 - 2018-02-27 00:48 - 000000000 ____D C:\Windows\system32\tmp000039b3 2018-02-26 20:27 - 2018-02-26 20:27 - 000000000 ____D C:\Kaspersky Rescue Disk 10.0 2018-02-26 19:22 - 2018-02-26 19:22 - 000000922 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-02-26 18:19 - 2018-02-26 18:19 - 000000000 ____D C:\Windows\system32\tmp00007b1c 2018-02-26 15:53 - 2018-02-26 18:55 - 000466432 _____ C:\Users\Piotrek\Desktop\Winter School.ppt 2018-02-26 15:26 - 2018-02-26 15:26 - 000003246 _____ C:\Windows\System32\Tasks\{7BE831AA-9B66-4A26-999A-B80DA408ABE9} 2018-02-26 14:54 - 2018-02-26 14:54 - 005461354 _____ C:\Users\Piotrek\Downloads\4.1.10 Sektor energetyczny w Polsce. Profil sektorowy PL.pdf 2018-02-26 14:54 - 2018-02-26 14:54 - 003138832 _____ C:\Users\Piotrek\Downloads\kaliski_in_wegiel_kamienny_17_3.pdf.pdf 2018-02-26 01:53 - 2018-02-26 01:54 - 000001249 _____ C:\Users\Piotrek\Desktop\ksiązki sem 2.1.txt 2018-02-25 23:01 - 2018-02-25 23:01 - 000000000 ____D C:\Windows\system32\tmp00002646 2018-02-25 11:38 - 2018-02-25 11:38 - 000000000 ____D C:\Windows\system32\tmp00001b1d 2018-02-25 01:24 - 2018-02-25 01:34 - 000010187 _____ C:\Users\Piotrek\Desktop\Zaproszenia.xlsx 2018-02-25 01:24 - 2018-02-17 23:15 - 000011820 _____ C:\Users\Piotrek\Desktop\Lista gości Ślub - Kopia.xlsx 2018-02-24 19:42 - 2018-02-24 19:42 - 001177720 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys 2018-02-24 19:42 - 2018-02-24 19:42 - 000191784 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys 2018-02-24 19:42 - 2018-02-24 19:42 - 000154888 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys 2018-02-22 11:26 - 2018-02-22 11:26 - 004583034 _____ C:\Users\Piotrek\Desktop\Polska_Raczkowski.pdf 2018-02-22 11:25 - 2018-02-22 11:25 - 028445515 _____ C:\Users\Piotrek\Desktop\Polska_Raczkowski.pptx 2018-02-21 20:39 - 2018-02-21 20:39 - 000000000 ____D C:\Users\Piotrek\Documents\Niestandardowe szablony pakietu Office 2018-02-20 20:06 - 2018-02-20 20:06 - 000001437 _____ C:\Users\Public\Desktop\Aplikacja na pulpit firmy Autodesk.lnk 2018-02-20 20:04 - 2018-02-20 20:04 - 000002222 _____ C:\Users\Piotrek\Desktop\Zainstaluj teraz dla programu Autodesk® AutoCAD® 2015.lnk 2018-02-20 20:04 - 2018-02-20 20:04 - 000000000 ____D C:\Users\Piotrek\Documents\Autodesk Application Manager 2018-02-20 20:04 - 2018-02-20 20:04 - 000000000 ____D C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk 2018-02-20 20:02 - 2018-02-20 20:02 - 001318887 _____ C:\Users\Piotrek\Downloads\offers_17_07_02_2018_5a7b2e53efa1c164.pdf 2018-02-20 20:00 - 2018-02-20 20:00 - 000001733 _____ C:\Users\Public\Desktop\AutoCAD 2015 — Polski (Polish).lnk 2018-02-20 20:00 - 2018-02-20 20:00 - 000000000 ____D C:\Users\Piotrek\Documents\Inventor Server SDK ACAD 2015 2018-02-20 19:57 - 2018-02-20 19:57 - 000000153 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2018-02-20 19:52 - 2018-02-20 19:52 - 000000000 ____D C:\Program Files\Autodesk 2018-02-20 19:46 - 2018-02-20 20:05 - 000000000 ____D C:\Program Files (x86)\Autodesk 2018-02-20 19:43 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2018-02-20 19:43 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2018-02-20 19:43 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2018-02-20 19:43 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2018-02-20 19:43 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2018-02-20 19:43 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2018-02-20 19:43 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2018-02-20 19:43 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2018-02-20 19:43 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2018-02-20 19:43 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2018-02-20 19:43 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2018-02-20 19:43 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2018-02-20 19:42 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2018-02-20 19:42 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2018-02-20 19:42 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2018-02-20 19:42 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2018-02-20 19:42 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2018-02-20 19:42 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2018-02-20 19:42 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2018-02-20 19:42 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2018-02-20 19:42 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2018-02-20 19:42 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2018-02-20 19:42 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2018-02-20 19:42 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2018-02-20 18:48 - 2018-02-20 18:48 - 000000000 ____D C:\Autodesk 2018-02-13 22:22 - 2018-02-13 22:22 - 000000000 ____D C:\ProgramData\Wondershare 2018-02-13 21:45 - 2018-02-13 21:45 - 000000000 ____D C:\Users\Piotrek\AppData\Local\Wondershare 2018-02-13 21:44 - 2018-02-13 21:44 - 000001076 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk 2018-02-13 21:44 - 2018-02-13 21:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2018-02-13 21:44 - 2017-03-17 11:43 - 001250304 _____ (CineForm Inc.) C:\Windows\system32\CFDecode64.ax 2018-02-13 21:43 - 2018-02-13 21:43 - 000000000 ____D C:\ProgramData\Wondershare Video Editor 2018-02-13 21:43 - 2018-02-13 21:43 - 000000000 ____D C:\Program Files\Wondershare 2018-02-13 21:41 - 2018-02-13 21:45 - 000000000 ____D C:\Users\Public\Documents\Wondershare 2018-02-06 17:36 - 2018-02-06 17:36 - 000000000 ____D C:\ProgramData\bdch 2018-02-04 18:29 - 2018-02-04 18:29 - 000000079 _____ C:\Users\Piotrek\Desktop\WSA_SA_Report-Sun_2018-02-04_18-29-03.html 2018-02-04 18:21 - 2018-02-04 18:23 - 000000000 ____D C:\ProgramData\WRData 2018-02-04 17:58 - 2018-02-08 00:11 - 000000150 _____ C:\Windows\Reimage.ini ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-27 01:06 - 2017-11-14 00:35 - 000000522 _____ C:\Windows\Tasks\MATLAB R2016a Startup Accelerator.job 2018-02-27 01:02 - 2017-11-13 22:45 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free 2018-02-27 01:01 - 2017-11-13 22:44 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2018-02-27 01:01 - 2016-11-18 19:33 - 000000000 ____D C:\Users\Piotrek\AppData\LocalLow\Mozilla 2018-02-27 01:00 - 2015-03-30 09:27 - 000000000 __SHD C:\Users\Piotrek\IntelGraphicsProfiles 2018-02-27 00:55 - 2016-10-30 16:00 - 000000000 ____D C:\ProgramData\HitmanPro.Alert 2018-02-27 00:55 - 2016-08-13 20:47 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2018-02-27 00:55 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-02-27 00:53 - 2009-07-14 05:45 - 000016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-02-27 00:53 - 2009-07-14 05:45 - 000016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-02-27 00:51 - 2016-05-24 21:42 - 000000000 ____D C:\Users\Piotrek\AppData\Local\Akamai 2018-02-26 19:15 - 2011-04-12 14:21 - 000753320 _____ C:\Windows\system32\perfh015.dat 2018-02-26 19:15 - 2011-04-12 14:21 - 000160634 _____ C:\Windows\system32\perfc015.dat 2018-02-26 19:15 - 2009-07-14 06:13 - 001705374 _____ C:\Windows\system32\PerfStringBackup.INI 2018-02-26 19:15 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2018-02-26 14:31 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing 2018-02-24 19:42 - 2017-11-13 22:50 - 001725800 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2018-02-24 19:42 - 2017-11-13 22:50 - 000248336 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys 2018-02-23 18:56 - 2017-05-01 11:29 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-02-22 23:48 - 2015-04-12 14:02 - 000000000 ____D C:\Users\Piotrek\AppData\Local\CrashDumps 2018-02-20 20:30 - 2017-12-27 16:34 - 000000000 ____D C:\ProgramData\McAfee 2018-02-20 20:30 - 2009-07-14 05:45 - 000544752 _____ C:\Windows\system32\FNTCACHE.DAT 2018-02-20 20:07 - 2015-10-04 14:03 - 000000000 ____D C:\Users\Piotrek\AppData\Local\Autodesk 2018-02-20 20:07 - 2015-10-04 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2018-02-20 20:07 - 2015-10-04 13:39 - 000000000 ____D C:\Users\Piotrek\AppData\Roaming\Autodesk 2018-02-20 20:04 - 2015-10-04 16:12 - 000000000 ____D C:\ProgramData\Package Cache 2018-02-20 20:03 - 2015-10-04 14:00 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared 2018-02-20 20:03 - 2015-10-04 13:39 - 000000000 ____D C:\ProgramData\Autodesk 2018-02-20 20:01 - 2015-03-14 13:28 - 000160824 _____ C:\Users\Piotrek\AppData\Local\GDIPFONTCACHEV1.DAT 2018-02-20 19:52 - 2015-10-04 14:01 - 000000000 ____D C:\Users\Public\Documents\Autodesk 2018-02-20 19:38 - 2015-10-04 13:47 - 001686316 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2018-02-20 19:32 - 2016-10-31 15:59 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-02-20 19:28 - 2015-03-14 20:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-02-20 18:35 - 2018-01-10 10:59 - 000000000 ____D C:\Program Files\MySQL 2018-02-20 18:15 - 2015-03-11 14:03 - 000000000 ____D C:\Users\Piotrek 2018-02-20 00:39 - 2016-10-18 16:23 - 000000000 ____D C:\Users\Piotrek\AppData\Roaming\DC++ 2018-02-20 00:38 - 2017-10-16 16:25 - 000000000 ____D C:\Users\Piotrek\AppData\Roaming\ObjectiveIELTSAdvanced 2018-02-17 20:53 - 2017-11-13 22:42 - 000000000 ____D C:\Program Files\Bitdefender Agent 2018-02-14 23:11 - 2017-12-24 04:29 - 001005672 _____ C:\Windows\ntbtlog.txt 2018-02-14 22:30 - 2017-12-24 03:34 - 000000000 ____D C:\Users\Piotrek\AppData\Local\ElevatedDiagnostics 2018-02-14 14:16 - 2015-10-27 21:08 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-14 14:16 - 2015-10-27 21:08 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-02-13 23:45 - 2015-06-25 08:58 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-02-08 00:07 - 2016-10-18 16:23 - 000000000 ____D C:\Users\Piotrek\AppData\Local\DC++ ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-03-16 21:24 - 2018-01-14 03:51 - 000000600 _____ () C:\Users\Piotrek\AppData\Roaming\winscp.rnd 2016-08-10 13:26 - 2016-08-10 13:26 - 000341504 _____ () C:\Users\Piotrek\AppData\Roaming\wsrv_5ca16400.dat 2017-03-16 21:19 - 2018-01-12 15:07 - 000000600 _____ () C:\Users\Piotrek\AppData\Local\PUTTY.RND 2016-08-27 10:48 - 2016-08-27 10:48 - 000002321 _____ () C:\Users\Piotrek\AppData\Local\recently-used.xbel 2017-07-17 00:24 - 2017-10-24 01:25 - 000007608 _____ () C:\Users\Piotrek\AppData\Local\Resmon.ResmonCfg 2016-03-15 14:04 - 2016-03-15 14:10 - 000000000 _____ () C:\Users\Piotrek\AppData\Local\Temptable.xml Niektóre pliki w TEMP: ==================== 2016-05-24 22:04 - 2016-05-24 22:04 - 002016632 _____ (Flexera Software LLC) C:\Users\auto\AppData\Local\Temp\FNP_ACT_InstallerCA.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-02-17 14:40 ==================== Koniec FRST.txt ============================