Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 06.06.2018 01 Uruchomiony przez Dorota (administrator) DOROTA-KOMPUTER (07-06-2018 22:32:05) Uruchomiony z C:\Users\Dorota\Desktop Załadowane profile: Dorota (Dostępne profile: Dorota) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (GG Network S.A.) C:\Users\Dorota\AppData\Local\GG\Application\gghub.exe ( ) C:\Program Files (x86)\ChomikBox\chomikbox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (GG Network S.A.) C:\Users\Dorota\AppData\Local\GG\Application\ggapp.exe (GG Network S.A.) C:\Users\Dorota\AppData\Local\GG\Application\ggapp.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Discord Inc.) C:\Users\Dorota\AppData\Local\Discord\app-0.0.301\Discord.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe (Discord Inc.) C:\Users\Dorota\AppData\Local\Discord\app-0.0.301\Discord.exe (Discord Inc.) C:\Users\Dorota\AppData\Local\Discord\app-0.0.301\Discord.exe (Discord Inc.) C:\Users\Dorota\AppData\Local\Discord\app-0.0.301\Discord.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-02-02] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-10-16] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-06-15] (Intel Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-42949464-1441814499-3227973740-1000\...\Run: [GG] => C:\Users\Dorota\AppData\Local\GG\Application\gghub.exe [4078144 2016-01-27] (GG Network S.A.) HKU\S-1-5-21-42949464-1441814499-3227973740-1000\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\chomikbox.exe [3941376 2017-02-26] ( ) HKU\S-1-5-21-42949464-1441814499-3227973740-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\S-1-5-21-42949464-1441814499-3227973740-1000\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.) HKU\S-1-5-21-42949464-1441814499-3227973740-1000\...\Run: [Napisy24Update] => "C:\Program Files (x86)\Napisy24\Napisy24Update.exe" "sleep" HKU\S-1-5-21-42949464-1441814499-3227973740-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [161336 2017-08-02] (BlueStack Systems, Inc.) HKU\S-1-5-21-42949464-1441814499-3227973740-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-42949464-1441814499-3227973740-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-06-01] (Valve Corporation) HKU\S-1-5-21-42949464-1441814499-3227973740-1000\...\Run: [Discord] => C:\Users\Dorota\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.) GroupPolicy: Ograniczenia - Chrome <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4B4FF3A2-B849-4547-944B-BCFA097151CA}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{4B4FF3A2-B849-4547-944B-BCFA097151CA}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-42949464-1441814499-3227973740-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1476269663&z=14be1fda23d942c6904224agbz1mbqaoeq2t7q0w6t&from=che0812&uid=ST1000DM003-1SB10C_Z9A0MQ5AXXXXZ9A0MQ5A HKU\S-1-5-21-42949464-1441814499-3227973740-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp HKU\S-1-5-21-42949464-1441814499-3227973740-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476269663&z=14be1fda23d942c6904224agbz1mbqaoeq2t7q0w6t&from=che0812&uid=ST1000DM003-1SB10C_Z9A0MQ5AXXXXZ9A0MQ5A URLSearchHook: HKU\S-1-5-21-42949464-1441814499-3227973740-1000 - (Brak nazwy) - {D8278076-BC68-4484-9233-6E7F1628B56C} - Brak pliku SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476269663&z=14be1fda23d942c6904224agbz1mbqaoeq2t7q0w6t&from=che0812&uid=ST1000DM003-1SB10C_Z9A0MQ5AXXXXZ9A0MQ5A&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476269663&z=14be1fda23d942c6904224agbz1mbqaoeq2t7q0w6t&from=che0812&uid=ST1000DM003-1SB10C_Z9A0MQ5AXXXXZ9A0MQ5A&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476269663&z=14be1fda23d942c6904224agbz1mbqaoeq2t7q0w6t&from=che0812&uid=ST1000DM003-1SB10C_Z9A0MQ5AXXXXZ9A0MQ5A&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476269663&z=14be1fda23d942c6904224agbz1mbqaoeq2t7q0w6t&from=che0812&uid=ST1000DM003-1SB10C_Z9A0MQ5AXXXXZ9A0MQ5A&q={searchTerms} SearchScopes: HKU\S-1-5-21-42949464-1441814499-3227973740-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476269663&z=14be1fda23d942c6904224agbz1mbqaoeq2t7q0w6t&from=che0812&uid=ST1000DM003-1SB10C_Z9A0MQ5AXXXXZ9A0MQ5A&q={searchTerms} SearchScopes: HKU\S-1-5-21-42949464-1441814499-3227973740-1000 -> {38DB74B5-FA97-4901-A51D-FF645B5E8848} URL = hxxp://www.search.ask.com/web?tpid=REAL9-G&o=APN11676&pf=V7&p2=^BMR^aaa326^CA^PL&gct=sb&itbv=12.38.0.378&apn_uid=BCD5511D-6CB0-4124-9587-07B2A3270520&apn_ptnrs=BMR&apn_dtid=^aaa326^CA^PL&apn_dbr=launcher.exe_0_35.0.2066.68&doi=2016-02-20&trgb=IE&q={searchTerms}&psv=&pt=tb BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-30] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-17] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-05-30] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-10-16] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-05-30] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-16] (Oracle Corporation) Toolbar: HKU\S-1-5-21-42949464-1441814499-3227973740-1000 -> Brak nazwy - {5245414C-392D-4700-76A7-7A786E7484D7} - Brak pliku Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-12-10] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-12-10] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: zbve9zq7.default FF ProfilePath: C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\zbve9zq7.default [2018-06-06] FF Extension: (Avast SafePrice) - C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\zbve9zq7.default\Extensions\sp@avast.com.xpi [2018-05-20] FF Extension: (Avast Online Security) - C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\zbve9zq7.default\Extensions\wrc@avast.com.xpi [2018-04-25] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-16] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-42949464-1441814499-3227973740-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dorota\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.mylucky123.com/?type=hp&ts=1476269663&z=14be1fda23d942c6904224agbz1mbqaoeq2t7q0w6t&from=che0812&uid=ST1000DM003-1SB10C_Z9A0MQ5AXXXXZ9A0MQ5A CHR StartupUrls: Default -> "hxxp://www.mylucky123.com/?type=hp&ts=1476269663&z=14be1fda23d942c6904224agbz1mbqaoeq2t7q0w6t&from=che0812&uid=ST1000DM003-1SB10C_Z9A0MQ5AXXXXZ9A0MQ5A" CHR Profile: C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default [2018-06-06] CHR Extension: (Dokumenty) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29] CHR Extension: (Avast Online Security) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-01] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-01] CHR Extension: (Chrome Media Router) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-01] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Session Restore: -> [funkcja włączona] OPR Extension: (Adblock Plus) - C:\Users\Dorota\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-05-17] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2017-03-31] (Advanced Micro Devices) [Brak podpisu cyfrowego] R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-17] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-08-02] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-02] (BlueStack Systems, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8652976 2018-05-24] (Microsoft Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation) R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2147216 2017-05-02] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3116440 2017-05-02] (Electronic Arts) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X] S2 EvercineDL; "C:\ProgramData\corss\_@aduck00000000.tmp.dat.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2017-03-31] (Advanced Micro Devices) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-17] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-04-25] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-04-25] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-04-25] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-04-25] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [234560 2018-05-17] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-17] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-17] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-17] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-17] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-17] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-17] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-17] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-17] (AVAST Software) R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. ) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2016-02-04] (DT Soft Ltd) R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [55960 2018-05-16] (REALiX(tm)) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation) S3 ALSysIO; \??\C:\Users\Dorota\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-06-07 22:32 - 2018-06-07 22:32 - 000024046 _____ C:\Users\Dorota\Desktop\FRST.txt 2018-06-07 22:26 - 2018-06-07 22:32 - 000000000 ____D C:\FRST 2018-06-07 22:26 - 2018-06-07 22:26 - 002413056 _____ (Farbar) C:\Users\Dorota\Desktop\FRST64.exe 2018-06-06 20:55 - 2018-06-06 20:55 - 000000020 ___SH C:\Users\Dorota\AppData\Roaming\Programs8187ConfigDB.dat 2018-06-06 20:55 - 2018-06-06 20:55 - 000000020 ___SH C:\Users\Dorota\AppData\Roaming\1816CA7466166.ind 2018-06-06 20:54 - 2018-06-07 22:13 - 000000000 ____D C:\Program Files (x86)\jv16 PowerTools 2017 2018-06-06 20:51 - 2018-06-06 20:52 - 018907814 _____ C:\Users\Dorota\Downloads\jv16.Power.Tools.2017.4.1.0.1657.rar 2018-06-06 18:28 - 2018-06-06 18:33 - 000000000 ____D C:\Users\Dorota\Desktop\Smoke.and.Sacrifice-SKIDROW 2018-06-06 18:27 - 2018-06-06 18:27 - 000027937 _____ C:\Users\Dorota\Downloads\Smoke.and.Sacrifice-SKIDROW.torrent 2018-06-06 18:27 - 2018-06-06 18:27 - 000027937 _____ C:\Users\Dorota\Downloads\Smoke.and.Sacrifice-SKIDROW (2).torrent 2018-06-06 18:27 - 2018-06-06 18:27 - 000027937 _____ C:\Users\Dorota\Downloads\Smoke.and.Sacrifice-SKIDROW (1).torrent 2018-06-06 18:26 - 2018-06-06 18:26 - 000027937 _____ C:\Users\Dorota\Downloads\Smoke.and.Sacrifice-SKIDROW-[rarbg.to].torrent 2018-06-03 00:28 - 2018-06-03 00:28 - 000307599 _____ C:\Users\Dorota\Downloads\gr3-zI2 (1).dwg 2018-06-03 00:27 - 2018-06-03 00:28 - 000307599 _____ C:\Users\Dorota\Downloads\gr3-zI2.dwg 2018-06-01 23:52 - 2018-06-01 23:52 - 000095264 _____ C:\Users\Dorota\Desktop\Bez tytułu 1.odt 2018-06-01 22:38 - 2018-06-01 22:48 - 000093616 _____ C:\Users\Dorota\Desktop\Statystyka - sciaga 1.odt 2018-05-31 13:35 - 2015-04-29 20:28 - 004625408 _____ C:\Users\Dorota\Desktop\State Of Decay Year One V1.00 Trainer +11 MrAntiFun.EXE 2018-05-31 13:16 - 2018-05-31 13:16 - 004471587 _____ C:\Users\Dorota\Downloads\State Of Decay Year One V1.00 Trainer +11 MrAntiFun.zip 2018-05-31 11:41 - 2018-05-31 13:36 - 000000000 ____D C:\State of Decay 2018-05-31 11:41 - 2018-05-31 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\State Of Decay Spolszczenie 2018-05-31 11:40 - 2018-05-31 11:40 - 000000915 _____ C:\Users\Dorota\Desktop\State of Decay YOSE - Day One Edition.lnk 2018-05-31 11:40 - 2018-05-31 11:40 - 000000000 ____D C:\Users\Dorota\AppData\Roaming\State of Decay YOSE - Day One Edition 2018-05-31 11:40 - 2018-05-31 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics 2018-05-31 11:17 - 2018-05-31 11:17 - 008706711 _____ C:\Users\Dorota\Downloads\State_of_Decay_BDiP_pl.zip 2018-05-29 23:15 - 2018-06-07 22:31 - 000000000 ____D C:\Users\Dorota\Desktop\Sesje RD 2018-05-27 22:20 - 2018-05-27 22:55 - 001827210 _____ C:\Users\Dorota\Desktop\tort.psd 2018-05-27 22:04 - 2018-05-27 22:04 - 000000000 ____D C:\Users\Dorota\Documents\3DCrafter 9.2 2018-05-27 22:03 - 2018-05-27 22:03 - 000002835 _____ C:\Users\Dorota\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3DCrafter 9.2.lnk 2018-05-27 22:03 - 2018-05-27 22:03 - 000000000 ____D C:\Program Files (x86)\3DCrafter 92 2018-05-27 19:58 - 2018-06-06 18:26 - 000000000 ____D C:\Users\Dorota\AppData\LocalLow\BitTorrent 2018-05-27 19:58 - 2018-05-27 19:58 - 000012182 _____ C:\Users\Dorota\Downloads\[new-rutor.org]State.of.Decay.Year.One.Survival.Edition.Update.4..torrent 2018-05-26 23:48 - 2018-05-26 23:50 - 002278214 _____ C:\Users\Dorota\Desktop\Bez nazwy-4.psd 2018-05-22 09:28 - 2018-05-22 09:31 - 000000000 ____D C:\Users\Dorota\Desktop\The Beautiful Death (Walmart) 2018-05-21 17:09 - 2018-05-21 17:09 - 025672401 _____ C:\Users\Dorota\Downloads\TWDS1_400.zip 2018-05-21 17:03 - 2018-05-21 17:03 - 000002151 _____ C:\Users\Public\Desktop\The Walking Dead.lnk 2018-05-21 17:03 - 2018-05-21 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Walking Dead 2018-05-21 16:57 - 2018-05-21 16:57 - 000000000 ____D C:\Program Files (x86)\Arab-GB 2018-05-21 15:57 - 2018-05-21 17:08 - 000000000 ____D C:\Users\Dorota\Desktop\The Walking Dead + spolszczenie + dodatek 400 Days (dyzio1010) 2018-05-17 16:36 - 2018-05-17 16:35 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-05-16 08:37 - 2018-05-16 08:37 - 000055960 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS 2018-05-16 08:36 - 2018-05-16 08:36 - 008472936 _____ (Martin Malík - REALiX ) C:\Users\Dorota\Desktop\hwi_582.exe 2018-05-16 08:36 - 2018-05-16 08:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64 2018-05-16 08:36 - 2018-05-16 08:36 - 000000000 ____D C:\Program Files\HWiNFO64 2018-05-16 08:24 - 2018-05-26 18:13 - 000000992 _____ C:\Users\Dorota\Desktop\Core Temp.lnk 2018-05-16 08:24 - 2018-05-16 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp 2018-05-16 08:24 - 2018-05-16 08:24 - 000000000 ____D C:\Program Files\Core Temp 2018-05-16 08:21 - 2018-05-16 08:21 - 000330853 _____ C:\Users\Dorota\Downloads\RealTemp_370.zip 2018-05-13 21:14 - 2018-05-09 22:04 - 001384675 _____ C:\Users\Dorota\Desktop\ww - Kopia.psd 2018-05-13 21:14 - 2018-05-09 22:04 - 001384675 _____ C:\Users\Dorota\Desktop\ww - Kopia (2).psd 2018-05-13 20:43 - 2018-05-13 20:43 - 000438501 _____ C:\Users\Dorota\Downloads\dead_trees_brush_39405.zip 2018-05-09 21:51 - 2018-05-09 22:04 - 001384675 _____ C:\Users\Dorota\Desktop\ww.psd ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-06-07 22:14 - 2017-02-23 22:27 - 000000000 ____D C:\Program Files (x86)\Steam 2018-06-07 22:13 - 2017-01-07 20:38 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2018-06-07 22:13 - 2016-02-04 20:36 - 000000000 ____D C:\Users\Dorota\.gstreamer-0.10 2018-06-07 22:13 - 2016-02-04 20:18 - 000000000 ____D C:\Users\Dorota\AppData\Roaming\GG 2018-06-07 22:00 - 2009-07-14 06:45 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-06-07 22:00 - 2009-07-14 06:45 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-06-07 21:45 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-06-07 21:44 - 2016-10-25 22:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-06-07 21:44 - 2016-10-25 22:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-06-06 23:12 - 2016-02-04 21:17 - 000000000 ____D C:\Users\Dorota\AppData\Roaming\BitTorrent 2018-06-06 23:12 - 2016-02-02 10:53 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2018-06-06 21:01 - 2016-02-04 19:16 - 000000000 ____D C:\Users\Dorota 2018-06-06 20:53 - 2016-02-04 20:38 - 000000000 ____D C:\Users\Dorota\Downloads\ChomikBox 2018-06-06 19:31 - 2016-02-06 20:23 - 000000000 ____D C:\Games 2018-06-06 16:01 - 2017-10-25 23:14 - 000000000 ____D C:\Users\Dorota\AppData\LocalLow\Mozilla 2018-06-06 09:59 - 2016-02-04 20:35 - 000000000 ____D C:\Users\Dorota\AppData\Local\ChomikBox 2018-06-06 09:47 - 2016-02-04 20:18 - 000000000 ____D C:\Users\Dorota\AppData\Local\GG 2018-06-05 08:15 - 2016-02-04 21:33 - 000000000 ____D C:\Users\Dorota\AppData\Local\Adobe 2018-06-05 00:08 - 2018-05-05 10:12 - 000019836 _____ C:\Users\Dorota\Desktop\Nowy OpenDocument Dokument tekstowy (3).odt 2018-06-04 11:53 - 2016-02-05 00:07 - 000000000 ____D C:\Program Files (x86)\SpeedFan 2018-06-04 10:12 - 2016-03-14 20:50 - 000000000 ____D C:\Users\Dorota\Desktop\książki 2018-06-03 19:33 - 2017-04-11 20:03 - 000000000 ____D C:\Program Files (x86)\Origin Games 2018-06-03 19:32 - 2017-04-19 13:41 - 000000000 ____D C:\ProgramData\Media Center Programs 2018-06-03 19:32 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2018-05-31 13:35 - 2016-02-20 13:22 - 000000000 ____D C:\Users\Dorota\AppData\Local\SKIDROW 2018-05-31 00:01 - 2016-02-10 22:21 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-05-30 23:58 - 2016-02-10 22:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-05-28 22:14 - 2011-04-12 15:21 - 000739694 _____ C:\Windows\system32\perfh015.dat 2018-05-28 22:14 - 2011-04-12 15:21 - 000155268 _____ C:\Windows\system32\perfc015.dat 2018-05-28 22:14 - 2009-07-14 07:13 - 001668226 _____ C:\Windows\system32\PerfStringBackup.INI 2018-05-28 22:14 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-05-28 21:29 - 2017-09-01 00:26 - 000000000 ____D C:\Users\Dorota\Desktop\NH PBF 2018-05-28 21:26 - 2017-08-01 11:07 - 000000000 ____D C:\Users\Dorota\Desktop\Tyranny 2018-05-27 22:11 - 2017-12-25 12:19 - 000000000 ____D C:\Users\Dorota\AppData\Local\CrashDumps 2018-05-26 18:29 - 2016-07-31 21:13 - 000000132 _____ C:\Users\Dorota\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe 2018-05-26 18:12 - 2018-03-11 01:43 - 000000000 ____D C:\Users\Dorota\Desktop\serwetki 1 2018-05-24 22:22 - 2017-02-25 18:11 - 000003902 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454609433 2018-05-24 22:22 - 2016-02-04 20:10 - 000000000 ____D C:\Program Files (x86)\Opera 2018-05-21 17:12 - 2016-02-05 10:03 - 000000000 ____D C:\ProgramData\Steam 2018-05-21 10:15 - 2018-05-03 09:27 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software 2018-05-21 10:15 - 2018-04-27 23:34 - 000004204 _____ C:\Windows\System32\Tasks\Norton Security Scan for Dorota 2018-05-21 10:15 - 2017-07-22 08:55 - 000002980 _____ C:\Windows\System32\Tasks\{CEB11F00-B7B2-446A-9465-D35A70DFC76C} 2018-05-21 10:15 - 2017-04-10 23:29 - 000003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-05-21 10:15 - 2017-04-10 23:29 - 000003354 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-05-21 10:15 - 2017-04-07 12:42 - 000003158 _____ C:\Windows\System32\Tasks\StartCN 2018-05-21 10:15 - 2016-07-26 19:22 - 000003518 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Dorota-Komputer-Dorota 2018-05-21 10:15 - 2016-04-29 13:07 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-05-21 10:15 - 2016-02-04 21:34 - 000004566 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-05-17 16:36 - 2018-04-25 22:57 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-05-17 16:35 - 2018-04-25 22:57 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-05-17 16:35 - 2018-04-25 22:57 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-05-17 16:35 - 2018-04-25 22:57 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-05-17 16:35 - 2018-04-25 22:57 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-05-17 16:35 - 2018-04-25 22:57 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-05-17 16:35 - 2018-04-25 22:57 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-05-17 16:35 - 2018-04-25 22:57 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-05-17 16:35 - 2018-04-25 22:57 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-05-17 16:35 - 2018-04-25 22:57 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-05-17 16:35 - 2018-04-25 22:57 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-05-16 08:09 - 2016-06-03 23:20 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-06-06 20:55 - 2018-06-06 20:55 - 000000020 ___SH () C:\Users\Dorota\AppData\Roaming\1816CA7466166.ind 2018-05-27 22:04 - 2018-05-27 22:11 - 000001146 _____ () C:\Users\Dorota\AppData\Roaming\ACInitialize.log 2016-07-31 21:13 - 2018-05-26 18:29 - 000000132 _____ () C:\Users\Dorota\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe 2018-06-06 20:55 - 2018-06-06 20:55 - 000000020 ___SH () C:\Users\Dorota\AppData\Roaming\Programs8187ConfigDB.dat 2017-09-16 14:39 - 2017-09-16 14:39 - 000004245 _____ () C:\Users\Dorota\AppData\Local\recently-used.xbel Niektóre pliki w TEMP: ==================== 2016-02-22 17:41 - 2016-02-22 17:41 - 000223744 _____ (Un4seen Developments) C:\Users\Dorota\AppData\Local\Temp\Bass.dll 2016-02-22 17:41 - 2016-02-22 17:41 - 000647168 _____ (radio42) C:\Users\Dorota\AppData\Local\Temp\Bass.Net.dll 2016-03-01 11:49 - 2017-07-28 23:13 - 000003072 _____ () C:\Users\Dorota\AppData\Local\Temp\CH.dll 2017-07-21 11:56 - 2017-07-21 11:56 - 000065536 _____ (Sony DADC Austria AG) C:\Users\Dorota\AppData\Local\Temp\drm_dialogs.dll 2017-07-21 11:56 - 2017-07-21 11:56 - 000212992 _____ (Sony DADC Austria AG) C:\Users\Dorota\AppData\Local\Temp\drm_dyndata_7330017.dll 2016-02-04 23:48 - 2016-02-04 23:48 - 000008739 _____ () C:\Users\Dorota\AppData\Local\Temp\dt_E0C3.tmp.exe 2016-04-22 07:56 - 2016-01-27 17:36 - 000986136 _____ () C:\Users\Dorota\AppData\Local\Temp\ggdrive-menu.exe 2016-04-22 07:56 - 2016-01-27 17:36 - 001228520 _____ () C:\Users\Dorota\AppData\Local\Temp\ggdrive-overlay.exe 2017-12-25 15:24 - 2017-12-25 15:24 - 032965288 _____ (ArenaNet) C:\Users\Dorota\AppData\Local\Temp\Gw2.exe 2016-09-08 21:30 - 2016-09-20 23:22 - 001004888 _____ ( ) C:\Users\Dorota\AppData\Local\Temp\ICReinstall_pivot_v4-2.exe 2016-04-22 07:56 - 2014-02-05 17:07 - 000056856 _____ () C:\Users\Dorota\AppData\Local\Temp\installstats.exe 2017-07-15 20:19 - 2017-07-15 20:19 - 000380928 _____ (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna1164780214436538104.hunspell-win-x86-32.dll 2017-08-06 15:38 - 2017-08-06 15:38 - 000380928 _____ (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna229806582195413297.hunspell-win-x86-32.dll 2017-08-07 14:24 - 2017-08-07 14:24 - 000380928 _____ (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna4566428888847275157.hunspell-win-x86-32.dll 2017-08-03 23:21 - 2017-08-03 23:21 - 000380928 _____ (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna4925054351232026414.hunspell-win-x86-32.dll 2017-08-10 22:47 - 2017-08-10 22:47 - 000380928 ____N (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna6551708241618256486.hunspell-win-x86-32.dll 2017-08-06 15:38 - 2017-08-06 15:38 - 000380928 _____ (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna6585398838775039497.hunspell-win-x86-32.dll 2017-08-07 13:33 - 2017-08-07 13:33 - 000380928 _____ (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna6670671161153725600.hunspell-win-x86-32.dll 2017-07-28 22:55 - 2017-07-28 22:55 - 000380928 _____ (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna6893925979409670096.hunspell-win-x86-32.dll 2017-07-23 22:34 - 2017-07-23 22:34 - 000380928 _____ (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna7594162942360704648.hunspell-win-x86-32.dll 2017-07-25 20:41 - 2017-07-25 20:41 - 000380928 _____ (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna7805536183395960087.hunspell-win-x86-32.dll 2017-08-08 16:07 - 2017-08-08 16:07 - 000380928 _____ (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna8882458633149278471.hunspell-win-x86-32.dll 2017-08-29 16:19 - 2017-08-29 16:19 - 000380928 ____N (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna9127851581119928391.hunspell-win-x86-32.dll 2017-07-30 22:11 - 2017-07-30 22:11 - 000380928 _____ (http://hunspell.sourceforge.net/) C:\Users\Dorota\AppData\Local\Temp\jna9205449628892915440.hunspell-win-x86-32.dll 2016-02-20 21:37 - 2016-02-12 11:11 - 000147712 _____ (RealNetworks, Inc.) C:\Users\Dorota\AppData\Local\Temp\lowproc.exe 2016-02-22 10:14 - 2017-11-28 11:03 - 004141777 _____ (Napisy24.pl ) C:\Users\Dorota\AppData\Local\Temp\Napisy24.exe 2016-03-04 18:50 - 2016-03-04 18:51 - 005495448 _____ (Black Tree Gaming ) C:\Users\Dorota\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe 2017-08-10 12:19 - 2017-02-03 15:20 - 001342792 _____ (Andy OS, inc.) C:\Users\Dorota\AppData\Local\Temp\RemoveTemp.exe 2016-02-05 00:08 - 2018-06-04 11:53 - 000192512 _____ () C:\Users\Dorota\AppData\Local\Temp\sfamcc00001.dll 2016-02-07 11:54 - 2018-05-03 13:59 - 000192512 _____ () C:\Users\Dorota\AppData\Local\Temp\sfamcc00002.dll 2018-05-03 14:43 - 2018-05-03 14:43 - 000192512 _____ () C:\Users\Dorota\AppData\Local\Temp\sfamcc00003.dll 2018-05-03 15:01 - 2018-05-03 16:01 - 000192512 _____ () C:\Users\Dorota\AppData\Local\Temp\sfamcc00004.dll 2010-12-18 13:20 - 2010-12-18 13:20 - 000055296 _____ () C:\Users\Dorota\AppData\Local\Temp\sfextra.dll 2016-02-20 21:37 - 2016-02-12 11:11 - 000096496 _____ (RealNetworks, Inc.) C:\Users\Dorota\AppData\Local\Temp\stubhelper.dll 2017-03-31 13:27 - 2017-03-31 13:27 - 000000168 _____ () C:\Users\Dorota\AppData\Local\Temp\t.dll 2017-12-24 18:25 - 2017-12-24 18:27 - 000104120 _____ () C:\Users\Dorota\AppData\Local\Temp\Uninstall.exe 2017-02-07 19:51 - 2017-02-07 19:51 - 068283880 _____ (Panda Security, S.L.) C:\Users\Dorota\AppData\Local\Temp\{1C7AF807-C2AB-4107-9ADB-4211079A95C1}.exe 2016-10-20 11:07 - 2016-10-20 11:07 - 044295032 _____ (Google Inc.) C:\Users\Dorota\AppData\Local\Temp\{237A712A-B9EC-4FB3-BF0C-7C555DAC217D}-54.0.2840.71_chrome_installer.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-05-31 16:04 ==================== Koniec FRST.txt ============================