Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 06.05.2018 01 Uruchomiony przez Tommy (administrator) TOMMY-KOMPUTER (08-05-2018 11:12:32) Uruchomiony z C:\Users\Tommy\AppData\Local\Temp\scoped_dir6992_18692 Załadowane profile: Tommy (Dostępne profile: Tommy) Platform: Windows 7 Enterprise Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe (Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe (Volkswagen AG) G:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) G:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) G:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) G:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) G:\ElsaWin\bin\LcSvrSaz.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ELSAWINDB\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Realtek) C:\Program Files (x86)\netis\USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\netis\USB Wireless LAN Utility\RtWLan.exe () C:\Windows\runSW.exe (Realtek) C:\Windows\SwUSB.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Volkswagen AG) G:\ElsaWin\bin\LcSvrAuf.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (BitTorrent Inc.) C:\Users\Tommy\AppData\Roaming\uTorrent\uTorrent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (© 2015 Microsoft Corporation) C:\Users\Tommy\AppData\Local\Microsoft\BingSvc\BingSvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe (SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (BitTorrent Inc.) C:\Users\Tommy\AppData\Roaming\uTorrent\updates\3.5.3_44390\utorrentie.exe (BitTorrent Inc.) C:\Users\Tommy\AppData\Roaming\uTorrent\updates\3.5.3_44390\utorrentie.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe () C:\Program Files (x86)\hicloud\update_server\startUp.exe () C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe (Opera Software) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor) HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SPUpDateServerrun] => C:\Program Files (x86)\hicloud\update_server\startUp.exe [15232 2015-06-15] () HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\Run: [uTorrent] => C:\Users\Tommy\AppData\Roaming\uTorrent\uTorrent.exe [2000568 2018-04-08] (BitTorrent Inc.) HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd) HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\Run: [BingSvc] => C:\Users\Tommy\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-04-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694856 2017-01-26] (BlueStack Systems, Inc.) HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\Run: [Napisy24.pl] => C:\Program Files (x86)\Napisy24\Napisy24.exe [6766592 2017-04-12] (Napisy24.pl) HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [50097088 2018-04-09] (Skype Technologies S.A.) HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {2b60b986-48f6-11e7-9c40-ad9e32095ffa} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {5711f080-2dda-11e7-8c1c-8dce5e8811fb} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {5798cfc6-ea9f-11e5-b5da-fcaa1427716d} - H:\autorun.exe HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {58fbca33-ade8-11e7-9083-fcaa1427716d} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {6d0f824e-986c-11e6-80b7-c2c229fb74c3} - I:\stp-fifa18.exe HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {b76fda33-b56d-11e6-aa68-b5166ce54ec1} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {e8c7e2a5-eb84-11e6-acad-9829dec68bf7} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {e8c7e2b0-eb84-11e6-acad-9829dec68bf7} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {f4f3c20a-96d2-11e7-bde4-cb1adecb77fd} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {faad5df8-767e-11e6-966a-c2e60782fcc7} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {fd6db9f8-bf19-11e7-ab3f-fcaa1427716d} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\...\MountPoints2: {fd6dba7f-bf19-11e7-ab3f-fcaa1427716d} - J:\HiSuiteDownLoader.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-04-05] ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS) GroupPolicy: Ograniczenia - Chrome <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== UWAGA (Ograniczenia - ProxySettings) ProxyEnable: [HKLM] => Proxy [funkcja włączona] ProxyEnable: [HKLM-x32] => Proxy [funkcja włączona] ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080 ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080 AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8678966A-1D47-48D9-A7B3-7A8DE71DC40D}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{928F3FE8-58B8-4869-A325-154056853F15}: [DhcpNameServer] 192.168.1.1 ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp HKU\S-1-5-21-3365725317-2727734807-3499024080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190 SearchScopes: HKLM -> DefaultScope - brak wartości SearchScopes: HKLM-x32 -> DefaultScope - brak wartości BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02] () BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Handler-x32: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - G:\ElsaWin\bin\wiprot.dll [2011-12-06] (TODO: ) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.) FF Plugin-x32: shipin7 -> C:\Program Files (x86)\hicloud\PCPlayer\npSP7WebVideoPlugin.dll [2016-05-09] () FF Plugin-x32: shipin7safebox -> C:\Program Files (x86)\hicloud\PCPlayer\npSafePlugin.dll [2016-05-09] () FF Plugin-x32: shipin7update -> C:\Program Files (x86)\hicloud\PCPlayer\npUpdataPlugin.dll [2016-05-09] () Chrome: ======= CHR HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=190 CHR StartupUrls: Default -> "hxxp://www.gazeta.pl/0,0.html?p=190" CHR DefaultSearchKeyword: Default -> q CHR Profile: C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default [2018-05-02] CHR Extension: (Brak nazwy) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2018-05-02] CHR Extension: (Referer Control) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2018-01-29] CHR Extension: (Tind3r.com - web client for Tinder.) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iopleohdgiomebidpblllpaigodfhoia [2017-02-23] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-29] CHR Extension: (Quick Menu) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggihoncmelambjaefiboekididcaffe [2015-10-31] CHR Extension: (Chrome Media Router) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-04] CHR HKLM\...\Chrome\Extension: [oggihoncmelambjaefiboekididcaffe] - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggihoncmelambjaefiboekididcaffe.crx [2015-10-22] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [oggihoncmelambjaefiboekididcaffe] - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggihoncmelambjaefiboekididcaffe.crx [2015-10-22] Opera: ======= OPR Extension: (AdBlock) - C:\Users\Tommy\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-05-20] OPR Extension: (Any Media Downloader) - C:\Users\Tommy\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccbdoklfbpcifppcfahmmpmbkfdjjccm [2018-05-07] OPR Extension: (HD Youtube Downloader) - C:\Users\Tommy\AppData\Roaming\Opera Software\Opera Stable\Extensions\epmeclcefjojilkhkhlegeamnlddnphn [2017-11-12] OPR Extension: (YouTube Downloader) - C:\Users\Tommy\AppData\Roaming\Opera Software\Opera Stable\Extensions\kclijeogghhkmenkommbnjobhnndpfba [2015-10-10] OPR Extension: (Any Media Downloader) - C:\Users\Tommy\AppData\Roaming\Opera Software\Opera Stable\Extensions\keoanijiealjeplfaflkcgijnnflaine [2018-01-26] OPR Extension: (Youtube Downloader) - C:\Users\Tommy\AppData\Roaming\Opera Software\Opera Stable\Extensions\mdpelnicjpejiahnbkdohfjglhmaohcb [2016-04-22] OPR Extension: (Adblock Plus) - C:\Users\Tommy\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-05-02] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2017-01-26] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2017-01-26] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [515608 2017-01-26] (BlueStack Systems, Inc.) R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-12-18] (Digital Wave Ltd.) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] () [Brak podpisu cyfrowego] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-21] (InstallShield®) [Brak podpisu cyfrowego] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-05-09] () [Brak podpisu cyfrowego] R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 LcSvrAdm; G:\ElsaWin\bin\LcSvrAdm.exe [227328 2014-11-24] (Volkswagen AG) [Brak podpisu cyfrowego] R3 LcSvrAuf; G:\ElsaWin\bin\LcSvrAuf.exe [1321472 2011-12-06] (Volkswagen AG) [Brak podpisu cyfrowego] R2 LcSvrDba; G:\ElsaWin\bin\LcSvrDba.exe [381952 2014-11-24] (Volkswagen AG) [Brak podpisu cyfrowego] R2 LcSvrHis; G:\ElsaWin\bin\LcSvrHis.exe [329728 2014-11-24] (Volkswagen AG) [Brak podpisu cyfrowego] R2 LcSvrPAS; G:\ElsaWin\bin\LcSvrPas.exe [470016 2014-11-24] (Volkswagen AG) [Brak podpisu cyfrowego] R2 LcSvrSaz; G:\ElsaWin\bin\LcSvrSaz.exe [375808 2014-11-24] (Volkswagen AG) [Brak podpisu cyfrowego] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 MSSQL$ELSAWINDB; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ELSAWINDB\MSSQL\Binn\sqlservr.exe [62218696 2012-06-29] (Microsoft Corporation) R2 RealtekWlanU; C:\Program Files (x86)\netis\USB Wireless LAN Utility\RtlService.exe [48856 2014-10-09] (Realtek) S2 RTLDHCPService; C:\Program Files (x86)\netis\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-10-09] (Realtek) R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-15] () S4 SQLAgent$ELSAWINDB; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ELSAWINDB\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-29] (Microsoft Corporation) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Brak podpisu cyfrowego] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-06-10] (Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [437392 2016-10-10] (Wondershare) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [116368 2016-10-18] (Wondershare) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2017-01-26] (BlueStack Systems) S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. ) S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-12-15] () S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [49584 2018-05-01] () U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-05-08] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-05-08] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-05-08] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-05-08] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-05-08] (Malwarebytes) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2017-10-08] (Riverbed Technology, Inc.) R2 npf; C:\Windows\SysWOW64\drivers\npf.sys [36600 2016-08-17] (Riverbed Technology, Inc.) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-29] (Microsoft Corporation) R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [5086464 2016-04-05] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2016-10-22] (Duplex Secure Ltd.) R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2016-03-09] (SteelSeries ApS) R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-02-02] (SteelSeries ApS) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-05-07] () S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [137920 2017-01-16] (Oracle Corporation) U3 ai2xcu08; C:\Windows\System32\Drivers\ai2xcu08.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-05-08 11:12 - 2018-05-08 11:12 - 002406912 _____ (Farbar) C:\Users\Tommy\Downloads\FRST64.exe 2018-05-08 04:24 - 2018-05-08 10:51 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-05-08 04:24 - 2018-05-08 04:24 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-05-08 04:24 - 2018-05-08 04:24 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-05-08 04:24 - 2018-05-08 04:24 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-05-08 04:23 - 2018-05-08 04:23 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-05-08 04:15 - 2018-05-08 04:17 - 000000000 ____D C:\Program Files (x86)\RALINK 2018-05-08 03:26 - 2018-05-08 04:22 - 000000000 ___SD C:\Windows\system32\CompatTel 2018-05-07 19:25 - 2016-03-15 13:13 - 000000862 _____ C:\Windows\system32\Drivers\etc\hosts.bak 2018-05-07 19:22 - 2018-05-07 19:22 - 002110347 _____ C:\Users\Tommy\Downloads\ComIntRep_3916_Setup.zip 2018-05-07 19:22 - 2018-05-07 19:22 - 000002161 _____ C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Complete Internet Repair.lnk 2018-05-07 19:22 - 2018-05-07 19:22 - 000000000 ____D C:\Users\Tommy\AppData\Roaming\Rizonesoft 2018-05-07 19:22 - 2018-05-07 19:22 - 000000000 ____D C:\Program Files\Rizonesoft 2018-05-07 19:22 - 2018-05-07 01:43 - 002136979 _____ (Rizonesoft ) C:\Users\Tommy\Desktop\ComIntRep_3916_Setup.exe 2018-05-07 18:43 - 2018-05-07 18:43 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-05-07 18:43 - 2018-05-07 18:43 - 000000000 ____D C:\ProgramData\RogueKiller 2018-05-07 18:41 - 2018-05-07 18:41 - 027038280 _____ (Adlice Software) C:\Users\Tommy\Downloads\RogueKillerX64.exe 2018-05-07 18:41 - 2018-05-07 18:41 - 001694672 _____ (Kebocon ) C:\Users\Tommy\Downloads\RogueKiller-39028-AsystentPobierania_3577741548.exe 2018-05-07 16:54 - 2018-05-07 16:54 - 000186450 _____ C:\Users\Tommy\Downloads\LISTAOSTROWSKIT04.PDF 2018-05-07 16:45 - 2018-05-07 16:45 - 000059392 _____ C:\Users\Tommy\Downloads\4900466244 (1).pdf 2018-05-07 16:45 - 2018-05-07 16:45 - 000059392 _____ C:\Users\Tommy\Downloads\4900466243 (1).pdf 2018-05-07 16:45 - 2018-05-07 16:45 - 000059392 _____ C:\Users\Tommy\Downloads\4900466242 (1).pdf 2018-05-07 16:45 - 2018-05-07 16:45 - 000058368 _____ C:\Users\Tommy\Downloads\2018-1100490393 (1).pdf 2018-05-06 12:30 - 2018-05-06 12:30 - 000322114 _____ C:\Users\Tommy\Downloads\Faktura.pdf 2018-05-05 19:21 - 2018-05-05 19:21 - 000029721 _____ C:\Users\Tommy\Downloads\80037-the-good-fight-s02e08-[English-subtitles.org].zip 2018-05-04 19:09 - 2018-05-04 19:09 - 000122756 _____ C:\Users\Tommy\Downloads\PLR_M97789_0503060537_3103_MR_4339808.pdf 2018-05-02 15:41 - 2018-05-02 15:41 - 000027977 _____ C:\Users\Tommy\Downloads\79276-the-good-fight-s02e07-[English-subtitles.org].zip 2018-05-02 14:38 - 2018-05-02 14:38 - 000154285 _____ C:\Users\Tommy\Downloads\Faktura2018_05_180302_SP_2.pdf 2018-05-02 14:37 - 2018-05-02 14:37 - 000154294 _____ C:\Users\Tommy\Downloads\Faktura2018_05_110252_SP_2.pdf 2018-05-02 14:37 - 2018-05-02 14:37 - 000060096 _____ C:\Users\Tommy\Downloads\Dokument VAT I KAR-TEL - 098701 FTN 2018.pdf 2018-05-01 22:10 - 2018-05-01 22:10 - 000024484 _____ C:\ComboFix.txt 2018-05-01 22:00 - 2018-05-01 22:00 - 000048905 _____ C:\Users\Tommy\Desktop\Addition.txt 2018-05-01 22:00 - 2018-05-01 22:00 - 000043584 _____ C:\Users\Tommy\Desktop\FRST.txt 2018-05-01 21:59 - 2018-05-08 11:12 - 000000000 ____D C:\FRST 2018-05-01 19:53 - 2018-05-01 19:52 - 000002507 ____N C:\Users\Tommy\Desktop\default_HOSTS.zip 2018-05-01 18:17 - 2018-05-02 03:46 - 000000000 ____D C:\Windows\erdnt 2018-05-01 18:17 - 2018-05-01 22:10 - 000000000 ____D C:\Qoobox 2018-05-01 18:16 - 2018-05-01 18:16 - 005659794 ____N (Swearware) C:\Users\Tommy\Downloads\ComboFix.exe 2018-05-01 18:06 - 2018-05-01 18:07 - 000145160 _____ C:\TDSSKiller.2.7.22.0_01.05.2018_18.06.30_log.txt 2018-05-01 18:06 - 2018-05-01 18:06 - 002047211 _____ C:\Users\Tommy\Downloads\tdsskiller.zip 2018-05-01 18:05 - 2018-05-01 19:39 - 000002206 _____ C:\Users\Tommy\Desktop\Rkill.txt 2018-05-01 17:39 - 2018-05-01 17:39 - 000000000 ____D C:\Users\Tommy\AppData\Local\ESET 2018-05-01 17:26 - 2018-05-01 17:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2018-05-01 17:09 - 2018-05-08 04:24 - 000000000 ____D C:\Users\Tommy\AppData\LocalLow\uTorrent 2018-05-01 12:11 - 2018-05-01 12:11 - 000049584 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2018-05-01 09:49 - 2018-05-05 16:06 - 000000468 _____ C:\Windows\Tasks\InstallShield Update Task.job 2018-05-01 09:49 - 2018-05-01 09:49 - 000003218 _____ C:\Windows\System32\Tasks\InstallShield Update Task 2018-05-01 08:48 - 2018-05-01 08:48 - 000119723 _____ C:\Users\Tommy\Downloads\PeriodSalesInvoice (27).pdf 2018-05-01 08:48 - 2018-05-01 08:48 - 000092377 _____ C:\Users\Tommy\Downloads\PeriodSelfBilledInvoice (24).pdf 2018-04-29 16:42 - 2018-04-29 16:42 - 000270047 _____ C:\Users\Tommy\Downloads\UPO.pdf 2018-04-29 14:11 - 2018-04-29 14:11 - 000039488 _____ C:\Users\Tommy\Downloads\73906-the-square-[English-subtitles.org].zip 2018-04-29 14:09 - 2018-04-29 14:09 - 000040724 _____ C:\Users\Tommy\Downloads\71727-the-square-[English-subtitles.org].zip 2018-04-29 14:08 - 2018-04-29 14:08 - 000032763 _____ C:\Users\Tommy\Downloads\78581-the-good-fight-s02e06-[English-subtitles.org].zip 2018-04-29 14:07 - 2018-04-29 14:07 - 000018203 _____ C:\Users\Tommy\Downloads\greyx27s_anatomy_14x21_14x21_n24_pl_108593.zip 2018-04-29 14:06 - 2018-04-29 14:06 - 000008914 _____ C:\Users\Tommy\Downloads\the_handmaid39s_tale_2x02_2x2_n24_pl_108596.zip 2018-04-29 13:31 - 2018-04-29 13:31 - 000071030 _____ C:\Users\Tommy\Downloads\d7be84bc-5408-42d2-8d0d-acf3ea02feba.pdf 2018-04-29 09:22 - 2018-04-29 09:22 - 000018128 _____ C:\Users\Tommy\Downloads\greyx27s_anatomy_14x21_14x21_n24_pl_108586.zip 2018-04-27 20:14 - 2018-04-27 20:14 - 000466909 _____ C:\Users\Tommy\Downloads\PIT-36L(14)_v1-0E KOR.pdf 2018-04-27 20:14 - 2018-04-27 20:14 - 000466576 _____ C:\Users\Tommy\Downloads\PIT-36L(14)_v1-0EOSTROWSKI T (5).pdf 2018-04-26 14:10 - 2018-04-26 14:10 - 000000000 ____D C:\Users\Tommy\Downloads\Piotr Zioła - Revolving Door 2018-04-26 14:09 - 2018-04-26 14:09 - 000000000 ____D C:\Users\Tommy\Downloads\Męskie Granie 2016 2018-04-25 14:27 - 2018-04-25 14:27 - 000077819 _____ C:\Users\Tommy\Downloads\harmonogram-splaty-kredytu.pdf 2018-04-24 19:25 - 2018-04-05 08:45 - 004300288 _____ C:\Users\Tommy\Desktop\TundraSky 1.0.0.3#182m.exe 2018-04-21 18:54 - 2018-04-21 18:54 - 000309483 _____ C:\Users\Tommy\Downloads\I 2018.PDF 2018-04-21 18:54 - 2018-04-21 18:54 - 000308441 _____ C:\Users\Tommy\Downloads\III 2018.PDF 2018-04-21 18:54 - 2018-04-21 18:54 - 000305551 _____ C:\Users\Tommy\Downloads\II 2018.PDF 2018-04-20 16:48 - 2018-04-20 16:48 - 000167381 _____ C:\Users\Tommy\Downloads\ZESTAW03.PDF 2018-04-20 15:33 - 2018-04-20 15:33 - 000466576 _____ C:\Users\Tommy\Downloads\PIT-36L(14)_v1-0EOSTROWSKI T (4).pdf 2018-04-20 15:21 - 2018-04-20 15:21 - 000048514 _____ C:\Users\Tommy\Downloads\transakcja (8).pdf 2018-04-20 15:21 - 2018-04-20 15:21 - 000048202 _____ C:\Users\Tommy\Downloads\transakcja (7).pdf 2018-04-13 13:12 - 2018-04-13 13:12 - 000028728 _____ C:\Users\Tommy\Downloads\FAV_304066_ALA2018_101433.pdf 2018-04-12 13:36 - 2018-04-12 13:36 - 000049011 _____ C:\Users\Tommy\Downloads\transakcja (6).pdf 2018-04-12 13:22 - 2018-04-12 13:22 - 000065656 _____ C:\Users\Tommy\Downloads\FKV_14022_ALA2018_101433.pdf 2018-04-11 13:14 - 2012-05-15 07:58 - 000084480 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrNetSti.dll 2018-04-11 12:42 - 2018-04-11 17:29 - 000000000 ____D C:\Users\Tommy\Documents\Avdshare Video Converter 2018-04-11 12:40 - 2018-04-11 12:40 - 000000000 ____D C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avdshare 2018-04-11 12:40 - 2018-04-11 12:40 - 000000000 ____D C:\Users\Tommy\AppData\Roaming\Avdshare Video Converter 7 2018-04-11 12:40 - 2018-04-11 12:40 - 000000000 ____D C:\Program Files (x86)\Avdshare 2018-04-11 12:39 - 2018-04-11 12:39 - 000000279 _____ C:\Users\Tommy\Downloads\attachment1.2 (1).txt 2018-04-11 12:33 - 2018-04-11 12:33 - 000000000 ____D C:\usr 2018-04-11 12:33 - 2018-04-11 12:33 - 000000000 ____D C:\Users\Tommy\Documents\Apowersoft 2018-04-11 12:33 - 2018-04-11 12:33 - 000000000 ____D C:\Users\Tommy\AppData\Roaming\Apowersoft 2018-04-11 12:33 - 2018-04-11 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft 2018-04-11 12:33 - 2018-04-11 12:33 - 000000000 ____D C:\ProgramData\Apowersoft 2018-04-11 12:33 - 2018-04-11 12:33 - 000000000 ____D C:\Program Files (x86)\Apowersoft 2018-04-11 12:33 - 2017-10-08 00:42 - 000370424 _____ (Riverbed Technology, Inc.) C:\Windows\system32\wpcap.dll 2018-04-11 12:33 - 2017-10-08 00:42 - 000282360 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\wpcap.dll 2018-04-11 12:33 - 2017-10-08 00:42 - 000107768 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Packet.dll 2018-04-11 12:33 - 2017-10-08 00:42 - 000098040 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Packet.dll 2018-04-11 12:33 - 2017-10-08 00:42 - 000053299 _____ C:\Windows\SysWOW64\pthreadVC.dll 2018-04-11 12:33 - 2017-10-08 00:42 - 000036600 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\npf.sys 2018-04-11 12:32 - 2018-04-11 12:32 - 011222020 _____ C:\Users\Tommy\Downloads\1_01_M_180328062521.dav 2018-04-11 12:31 - 2018-04-11 12:50 - 000000000 ____D C:\Users\Tommy\Desktop\nagranie 28.03 2018-04-10 19:35 - 2018-04-10 19:35 - 000042708 _____ C:\Users\Tommy\Downloads\506833330418_rs.pdf 2018-04-10 19:17 - 2018-04-10 19:17 - 000248064 _____ C:\Users\Tommy\Downloads\506833330418.pdf 2018-04-10 13:06 - 2018-04-10 13:06 - 000154306 _____ C:\Users\Tommy\Downloads\Faktura2018_04_003189_SP_1.pdf 2018-04-09 20:16 - 2018-04-09 20:16 - 000012239 _____ C:\Users\Tommy\Downloads\modern_family_9x18_9x18_n24_pl_108192.zip 2018-04-09 13:27 - 2018-04-09 13:27 - 000177435 _____ C:\Users\Tommy\Downloads\EFV000129500000000PLA1803310.pdf 2018-04-09 13:27 - 2018-04-09 13:27 - 000069851 _____ C:\Users\Tommy\Downloads\EFV000129500000000EVO1803310.pdf 2018-04-09 13:27 - 2018-04-09 13:27 - 000063825 _____ C:\Users\Tommy\Downloads\EFV000129500000000OBX1803310.pdf 2018-04-09 13:26 - 2018-04-09 13:26 - 000177376 _____ C:\Users\Tommy\Downloads\KFV003034600000000PLA1803310.pdf 2018-04-09 13:26 - 2018-04-09 13:26 - 000064664 _____ C:\Users\Tommy\Downloads\KFV003034600000000OBX1803310.pdf 2018-04-09 13:26 - 2018-04-09 13:26 - 000064664 _____ C:\Users\Tommy\Downloads\KFV003034600000000OBX1803310 (1).pdf 2018-04-09 13:26 - 2018-04-09 13:26 - 000063974 _____ C:\Users\Tommy\Downloads\KFV003034600000000EVO1803310.pdf 2018-04-09 13:26 - 2018-04-09 13:26 - 000063974 _____ C:\Users\Tommy\Downloads\KFV003034600000000EVO1803310 (1).pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-05-08 11:12 - 2015-10-10 18:01 - 002080175 _____ C:\Users\Tommy\Desktop\wydatki sklep PKS.xlsx 2018-05-08 11:12 - 2015-10-10 17:34 - 000000000 ____D C:\Users\Tommy\AppData\Roaming\uTorrent 2018-05-08 10:51 - 2009-07-14 06:45 - 000019504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-05-08 10:51 - 2009-07-14 06:45 - 000019504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-05-08 10:50 - 2011-04-12 15:07 - 000810986 _____ C:\Windows\system32\perfh015.dat 2018-05-08 10:50 - 2011-04-12 15:07 - 000182548 _____ C:\Windows\system32\perfc015.dat 2018-05-08 10:50 - 2009-07-14 07:13 - 001863636 _____ C:\Windows\system32\PerfStringBackup.INI 2018-05-08 10:50 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-05-08 04:26 - 2015-11-22 16:58 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2018-05-08 04:22 - 2017-03-04 16:21 - 000000000 ___RD C:\Users\Tommy\Virtual Machines 2018-05-08 04:22 - 2016-10-24 13:24 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2018-05-08 04:22 - 2015-10-10 16:52 - 000000000 ____D C:\Users\Tommy 2018-05-08 04:22 - 2011-04-12 15:13 - 000000000 ____D C:\Program Files\Windows Journal 2018-05-08 04:22 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\DVD Maker 2018-05-08 04:22 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-05-08 04:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\Setup 2018-05-08 04:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\migwiz 2018-05-08 04:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\Dism 2018-05-08 04:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\Setup 2018-05-08 04:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\migwiz 2018-05-08 04:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\Dism 2018-05-08 04:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\servicing 2018-05-08 04:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\PolicyDefinitions 2018-05-08 04:22 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2018-05-08 04:21 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration 2018-05-08 04:21 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\AppCompat 2018-05-08 04:14 - 2015-10-10 17:14 - 000000000 ___HD C:\Program Files (x86)\Temp 2018-05-07 19:26 - 2009-07-14 04:34 - 000000514 _____ C:\Windows\win.ini 2018-05-05 20:19 - 2015-10-10 18:50 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-05-03 12:17 - 2015-10-10 18:09 - 000000000 ____D C:\Users\Tommy\AppData\Roaming\GG 2018-05-02 03:57 - 2015-10-11 10:12 - 000002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-05-02 03:57 - 2015-10-11 10:12 - 000002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-05-02 03:48 - 2015-10-10 17:04 - 000000000 ____D C:\Program Files (x86)\Opera 2018-05-02 03:46 - 2018-03-11 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-05-02 03:46 - 2017-12-14 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-05-02 03:46 - 2017-12-14 20:33 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2018-05-02 03:46 - 2017-10-10 20:21 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-05-02 03:46 - 2017-10-10 20:21 - 000000000 ____D C:\Program Files\Malwarebytes 2018-05-02 03:46 - 2016-03-15 13:13 - 000000000 ____D C:\Program Files (x86)\HitmanPro 2018-05-02 03:46 - 2015-11-22 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2018-05-02 03:46 - 2015-11-08 20:17 - 000000000 ____D C:\Program Files (x86)\InstallShield 2018-05-02 03:46 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2018-05-01 20:10 - 2016-10-24 13:28 - 000001505 _____ C:\Users\Tommy\Documents\ax_files.xml 2018-05-01 18:56 - 2015-12-19 14:58 - 000000000 ____D C:\Users\Tommy\AppData\Local\ElevatedDiagnostics 2018-05-01 18:21 - 2009-07-14 04:34 - 085721088 _____ C:\Windows\system32\config\SOFTWARE.bak 2018-05-01 18:21 - 2009-07-14 04:34 - 045350912 _____ C:\Windows\system32\config\components.bak 2018-05-01 18:21 - 2009-07-14 04:34 - 026476544 _____ C:\Windows\system32\config\SYSTEM.bak 2018-05-01 18:21 - 2009-07-14 04:34 - 000262144 _____ C:\Windows\system32\config\SECURITY.bak 2018-05-01 18:21 - 2009-07-14 04:34 - 000262144 _____ C:\Windows\system32\config\SAM.bak 2018-05-01 18:21 - 2009-07-14 04:34 - 000262144 _____ C:\Windows\system32\config\DEFAULT.bak 2018-04-29 17:07 - 2016-10-14 20:39 - 000000000 ____D C:\Users\Tommy\Desktop\kasia 2018-04-29 08:20 - 2017-07-19 14:56 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-04-26 14:07 - 2016-10-22 17:21 - 000000000 ____D C:\Users\Tommy\Downloads\vu+ 2018-04-25 11:28 - 2016-12-24 11:44 - 000000000 ____D C:\Users\Tommy\Desktop\sklepy dokum 2018-04-24 19:24 - 2016-10-05 19:08 - 000000000 ____D C:\Users\Tommy\Downloads\wot 2018-04-16 16:10 - 2017-02-23 17:43 - 000003900 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1444489479 2018-04-11 13:18 - 2015-10-31 08:16 - 000000000 ____D C:\Users\Tommy\AppData\Roaming\ControlCenter4 2018-04-11 13:17 - 2016-09-17 12:00 - 000000000 ____D C:\ProgramData\InstallShield 2018-04-11 13:14 - 2015-10-31 08:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother 2018-04-11 12:15 - 2017-05-30 14:38 - 000004586 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-04-11 12:15 - 2017-05-30 14:38 - 000004424 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-04-11 12:15 - 2015-10-11 10:12 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-04-11 12:15 - 2015-10-11 10:12 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-04-11 12:15 - 2015-10-11 10:12 - 000000000 ____D C:\Windows\system32\Macromed 2018-04-11 04:15 - 2018-03-13 22:15 - 000004574 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-10-23 14:35 - 2015-10-23 14:35 - 000004608 _____ () C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-06-11 10:18 - 2016-06-11 10:18 - 000000600 _____ () C:\Users\Tommy\AppData\Local\PUTTY.RND 2017-02-05 11:05 - 2016-11-23 15:37 - 000000570 _____ () C:\Users\Tommy\AppData\Local\TroubleshooterConfig.json Niektóre pliki w TEMP: ==================== 2018-05-07 18:43 - 2015-06-10 03:41 - 001728960 _____ (Microsoft Corporation) C:\Users\Tommy\AppData\Local\Temp\dllnt_dump.dll 2015-01-24 14:01 - 2015-01-24 14:01 - 051970048 _____ () C:\Users\Tommy\AppData\Local\Temp\Microsoft Toolkit.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-02-05 14:22 ==================== Koniec FRST.txt ============================