Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20.06.2018 Uruchomiony przez Yama72 (administrator) YAMA (08-07-2018 14:39:22) Uruchomiony z C:\Users\Yama72\Downloads Załadowane profile: Yama72 (Dostępne profile: Yama72) Platform: Windows 8.1 Pro (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Logixoft) C:\ProgramData\rvlkl\rvlkl.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe () C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe () C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe () C:\Windows\Temp\mxa64.exe (Microsoft Corporation) C:\Windows\System32\attrib.exe (GG Network S.A.) C:\Users\Yama72\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) C:\Users\Yama72\AppData\Local\GG\Application\ggapp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2016-10-22] (Realtek Semiconductor) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft) HKLM\...\Run: [rundll32] => C:\Windows\system32\rundll32.exe "C:\Program Files\Fundoli Fission XBP3100 Series\Fundoli Fission XBP3100 Series.dll",ytjqwIL HKLM\...\Run: [JServicesManager] => C:\Program Files\SystemaRev\RevServicesX\App_loader.ex HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [WatchDogUserAutostart] => C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe [542480 2017-05-25] () HKLM-x32\...\Run: [JServicesManager] => C:\Program Files\SystemaRev\RevServicesX\App_loader.ex HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [GG] => C:\Users\Yama72\AppData\Local\GG\Application\gghub.exe [4078144 2016-07-04] (GG Network S.A.) HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5230784 2017-12-15] (Disc Soft Ltd) HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [uTorrent] => C:\Users\Yama72\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-22] (BitTorrent Inc.) HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [k6nL4Dy3c2.exe] => C:\Program Files\DAEMON Tools Lite\8LX7TQ6F61J\k6nL4Dy3c2.exe HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [5247568] => "C:\Users\Yama72\AppData\Roaming\orsfv2vsqxv\hunwb0wspn3.exe" /VERYSILENT HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [2989931] => "C:\Users\Yama72\AppData\Roaming\cxyp1qtbrjp\0fkwxykz5zo.exe" /VERYSILENT HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [4427524] => "C:\Users\Yama72\AppData\Roaming\hqxff2hgs4j\4muhfad3udg.exe" /VERYSILENT HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [5567072] => "C:\Users\Yama72\AppData\Roaming\n02thuwrske\v5wcw3jpq2r.exe" /VERYSILENT HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [9575678] => "C:\Users\Yama72\AppData\Roaming\e1nt14a0u15\bbro2gkbcmc.exe" /VERYSILENT HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [799133] => "C:\Users\Yama72\AppData\Roaming\mukipk3patl\00oyndjh2g1.exe" /VERYSILENT HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\MountPoints2: {07b1a365-9db3-11e6-826e-001583144ef9} - "G:\autorun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk [2018-07-07] ShortcutTarget: rvlkl.lnk -> C:\ProgramData\rvlkl\rvlkl.exe (Logixoft) GroupPolicy: Ograniczenia - Chrome <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: Nie znaleziono pliku Hosts w domyślnym katalogu Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{134F99AE-C840-41AC-AA18-AF54A45233C2}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8C01232E-2A53-464A-860E-11B013A31B5A}: [DhcpNameServer] 89.234.211.3 89.234.192.19 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-585497507-2271305030-2490774745-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft) BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft) FireFox: ======== FF DefaultProfile: 3nhh07ui.default FF ProfilePath: C:\Users\Yama72\AppData\Roaming\Mozilla\Firefox\Profiles\3nhh07ui.default [2018-07-06] FF user.js: detected! => C:\Users\Yama72\AppData\Roaming\Mozilla\Firefox\Profiles\3nhh07ui.default\user.js [2016-10-25] FF Extension: (Google NoTrack) - C:\Users\Yama72\AppData\Roaming\Mozilla\Firefox\Profiles\3nhh07ui.default\Extensions\googlenotrack@dirtylittlehelpers.com.xpi [2018-07-06] FF Extension: (Adblock Plus) - C:\Users\Yama72\AppData\Roaming\Mozilla\Firefox\Profiles\3nhh07ui.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-18] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-29] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-29] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) Chrome: ======= CHR Profile: C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default [2018-07-08] CHR Extension: (Prezentacje) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Dokumenty) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Dysk Google) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-24] CHR Extension: (MEGA) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-07-05] CHR Extension: (YouTube) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-24] CHR Extension: (Adblock Plus) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-17] CHR Extension: (uBlock Origin) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-05] CHR Extension: (Adblocker for Youtube™) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\dccefhjaifdmpkjcbiojjennojmedchc [2018-07-07] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA CHR Extension: (Arkusze) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Dokumenty Google offline) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-24] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-24] CHR Extension: (Chrome Media Router) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-08] CHR Profile: C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-07-07] CHR Extension: (Brak nazwy) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\dfkbibfnelggjiagnbapfoodmhhnedfa [2018-07-07] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA CHR Profile: C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-07] CHR Extension: (Adblocker for Youtube™) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\dccefhjaifdmpkjcbiojjennojmedchc [2018-07-07] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] R2 ComarchCryptoWatchdog; C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe [542480 2017-05-25] () R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3128000 2017-12-15] (Disc Soft Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) S3 SystemUpdate64; C:\Program Files\SystemaRev\RevServicesX\SystemUpdate64x.exe [593920 2018-07-02] (SystemaRev) [Brak podpisu cyfrowego] <==== UWAGA S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) R2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [10415104 2018-07-05] (Microsoft Corporation) [Brak podpisu cyfrowego] <==== UWAGA S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2016-10-22] (Advanced Micro Devices) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-11-04] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-11-04] (Disc Soft Ltd) S1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-16] (ESET) R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142888 2008-03-21] (SafeNet, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2016-10-24] (Basil Projects) S1 prisafe; \SystemRoot\System32\drivers\prisafe.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-07-08 14:39 - 2018-07-08 14:39 - 000021990 _____ C:\Users\Yama72\Downloads\FRST.txt 2018-07-08 14:37 - 2018-07-08 14:39 - 000000000 ____D C:\FRST 2018-07-08 14:37 - 2018-07-08 14:37 - 002412544 _____ (Farbar) C:\Users\Yama72\Downloads\FRST64.exe 2018-07-08 14:16 - 2018-07-08 14:16 - 000001915 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-07-08 14:16 - 2018-07-08 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-07-08 14:16 - 2018-07-08 14:16 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-07-08 14:16 - 2018-07-08 14:16 - 000000000 ____D C:\Program Files\Malwarebytes 2018-07-08 14:16 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-07-08 14:14 - 2018-07-08 14:15 - 073182192 _____ (Malwarebytes ) C:\Users\Yama72\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5807.exe 2018-07-08 13:57 - 2018-07-08 13:57 - 000000000 ____D C:\Program Files\SystemaRev 2018-07-08 13:55 - 2018-07-08 13:55 - 000001242 _____ C:\Users\Yama72\Desktop\Driver Updater.lnk 2018-07-08 13:53 - 2018-07-08 13:53 - 007395536 _____ (Malwarebytes) C:\Users\Yama72\Downloads\AdwCleaner.exe 2018-07-08 13:42 - 2018-07-08 13:43 - 000000000 ____D C:\Windows\pss 2018-07-08 13:31 - 2013-10-16 16:11 - 000000000 ____D C:\Users\Yama72\Desktop\ESET.Fix 2018-07-07 13:31 - 2018-07-07 13:32 - 000000000 ____D C:\ProgramData\rvlkl 2018-07-07 13:30 - 2018-07-07 13:30 - 000114688 _____ C:\Users\Yama72\Downloads\fk.exe 2018-07-07 13:27 - 2018-07-07 13:27 - 001411136 _____ (Logixoft) C:\Users\Yama72\Downloads\rkfree_setup(dobreprogramy.pl).exe 2018-07-07 12:08 - 2018-07-07 12:08 - 000003348 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings 2018-07-07 12:08 - 2018-07-07 12:08 - 000000000 ____D C:\Program Files\Common Files\AV 2018-07-07 12:00 - 2018-07-07 12:00 - 000001502 _____ C:\Windows\Tasks\Bid-i-War.job 2018-07-07 10:33 - 2018-07-07 12:00 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\wiqpntdu4p3 2018-07-07 10:33 - 2018-07-07 12:00 - 000000000 ____D C:\Program Files\I95KF1FMK2 2018-07-07 10:26 - 2018-07-07 10:26 - 000000000 ____D C:\Users\Yama72\AppData\LocalLow\cnOgaNtVaNULS 2018-07-07 09:49 - 2018-07-07 12:03 - 000000000 ____D C:\Program Files (x86)\yaolwXGxxrAU2 2018-07-07 09:49 - 2018-07-07 12:03 - 000000000 ____D C:\Program Files (x86)\szukwmZlgIE 2018-07-07 09:49 - 2018-07-07 12:01 - 000000000 ____D C:\ProgramData\qddGHEDCBPKSMPVB 2018-07-07 09:49 - 2018-07-07 12:01 - 000000000 ____D C:\Program Files (x86)\zfLNassuzpDxC 2018-07-07 09:49 - 2018-07-07 12:01 - 000000000 ____D C:\Program Files (x86)\ggyoEsstymMAtvJtmyR 2018-07-07 09:49 - 2018-07-07 12:01 - 000000000 ____D C:\Program Files (x86)\CJkSCRmZU 2018-07-07 09:49 - 2018-07-07 11:22 - 000000000 ____D C:\Program Files (x86)\tkJZqDYhWuUn 2018-07-07 09:49 - 2018-07-07 09:49 - 000016774 _____ C:\Windows\System32\Tasks\Fundoli Fission XBP3100 Series 2018-07-07 09:49 - 2018-07-07 09:49 - 000016698 _____ C:\Windows\System32\Tasks\Bid-i-War-dll 2018-07-07 09:49 - 2018-07-07 09:49 - 000003058 _____ C:\Windows\System32\Tasks\heCowIfQqSuzYJ 2018-07-07 09:49 - 2018-07-07 09:49 - 000002890 _____ C:\Windows\System32\Tasks\EqpFSOLlowVuQ2 2018-07-07 09:49 - 2018-07-07 09:49 - 000002872 _____ C:\Windows\System32\Tasks\dqUvxAMLDajqkAKky2 2018-07-07 09:49 - 2018-07-07 09:49 - 000002860 _____ C:\Windows\System32\Tasks\MgpeKOGXlCeKqpkYxSV2 2018-07-07 09:49 - 2018-07-07 09:49 - 000002850 _____ C:\Windows\System32\Tasks\PPejCupzujabRKM2 2018-07-07 09:48 - 2018-07-07 12:02 - 000000000 ____D C:\Program Files\YA3Y70BVMP 2018-07-07 09:48 - 2018-07-07 11:35 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\mukipk3patl 2018-07-07 09:08 - 2018-07-08 13:57 - 000003788 _____ C:\Windows\System32\Tasks\Update_5.0.6 2018-07-07 09:08 - 2018-07-08 13:57 - 000003784 _____ C:\Windows\System32\Tasks\AppLoaderPM 2018-07-07 09:08 - 2018-07-07 09:08 - 000016698 _____ C:\Windows\System32\Tasks\Bid-i-War 2018-07-07 09:08 - 2018-07-07 09:08 - 000003996 _____ C:\Windows\System32\Tasks\AppLoaderHelpers 2018-07-07 09:08 - 2018-07-07 09:08 - 000003374 _____ C:\Windows\System32\Tasks\RestoreRevTask 2018-07-07 09:08 - 2018-06-19 16:31 - 000003922 _____ C:\Program Files\Common Files\AppLoaderHelpers.xml.back 2018-07-07 09:08 - 2018-06-17 02:28 - 000001609 _____ C:\Program Files\Common Files\RestoreRevTask.xml.back 2018-07-07 09:07 - 2018-07-07 12:00 - 000000000 ____D C:\Program Files\S74MZQXZWG 2018-07-07 09:07 - 2018-07-07 11:35 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\bmjswq4utmf 2018-07-06 17:17 - 2018-07-08 13:39 - 000488098 _____ C:\Windows\ntbtlog.txt 2018-07-06 17:16 - 2018-07-07 12:00 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\zgycmuhyyxi 2018-07-06 17:14 - 2018-07-07 12:00 - 000000000 ____D C:\Program Files\4JMORKMC0X 2018-07-06 16:55 - 2018-07-06 16:55 - 000000000 ____D C:\Users\Yama72\Desktop\ESET.Smart.Security.v7.0.302.8.Final-mara 2018-07-06 16:54 - 2018-07-06 16:54 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\ESET 2018-07-06 16:54 - 2018-07-06 16:54 - 000000000 ____D C:\Users\Yama72\AppData\Local\ESET 2018-07-06 16:53 - 2018-07-08 13:45 - 000000000 ____D C:\Program Files\ESET 2018-07-06 16:50 - 2018-07-06 17:44 - 000000000 ____D C:\Users\Yama72\Downloads\ESET.Smart.Security.v7.0.302.8.Final-mara 2018-07-06 16:49 - 2018-07-06 16:49 - 000003110 _____ C:\Windows\System32\Tasks\{A7274E71-EEF0-4A45-8FC8-E4CE1B4067A8} 2018-07-06 16:42 - 2018-07-06 16:44 - 153010274 _____ C:\Users\Yama72\Downloads\ESET.Smart.Security.v7.0.302.8.Final-mara.zip 2018-07-06 16:26 - 2018-07-07 12:03 - 000000000 ____D C:\ProgramData\dec5f87f-7c1a-45d2-bbb0-52d9d01ae1ab 2018-07-06 16:26 - 2018-07-07 12:00 - 000000000 ____D C:\Program Files\L16BTVLRMM 2018-07-06 16:26 - 2018-07-07 11:35 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\e1nt14a0u15 2018-07-06 16:26 - 2018-07-06 16:26 - 000000000 ____D C:\ProgramData\cdf5afe3-52c4-4927-897b-86969a4c8d48 2018-07-06 16:19 - 2018-07-06 16:24 - 000000000 ____D C:\AdwCleaner 2018-07-06 16:17 - 2018-07-06 16:17 - 007402192 _____ (Malwarebytes) C:\Users\Yama72\Downloads\Niepotwierdzony 10614.crdownload 2018-07-06 15:58 - 2018-07-07 11:35 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\n02thuwrske 2018-07-06 15:58 - 2018-07-06 16:03 - 000000000 ____D C:\Program Files\DUFG3LEOS5 2018-07-06 15:51 - 2018-07-07 12:00 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\x31pl2054vf 2018-07-06 15:51 - 2018-07-07 12:00 - 000000000 ____D C:\Program Files\ANJZQWKKFH 2018-07-06 15:45 - 2018-07-07 12:02 - 000000000 ____D C:\Program Files\ZF9QEFIAL7 2018-07-06 15:45 - 2018-07-07 11:35 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\hqxff2hgs4j 2018-07-06 15:40 - 2018-07-07 12:00 - 000000000 ____D C:\Program Files\2G9OZGSPRK 2018-07-06 15:40 - 2018-07-07 11:35 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\cxyp1qtbrjp 2018-07-06 15:31 - 2018-07-07 12:02 - 000000000 ____D C:\Program Files\X6D26B9R7J 2018-07-06 15:31 - 2018-07-07 11:35 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\orsfv2vsqxv 2018-07-06 15:31 - 2018-07-06 15:31 - 000000266 __RSH C:\Users\Yama72\ntuser.pol 2018-07-06 15:28 - 2018-07-06 15:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-07-06 15:11 - 2018-07-08 13:55 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} 2018-07-06 15:10 - 2018-07-07 12:00 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\xtwaiyeh2y4 2018-07-06 15:10 - 2018-07-07 12:00 - 000000000 ____D C:\Program Files\0IIQKBM8CU 2018-07-06 15:10 - 2018-07-07 11:35 - 000000000 ____D C:\Program Files (x86)\Kbira 2018-07-06 15:10 - 2018-07-06 15:41 - 000000000 ____D C:\Program Files (x86)\Multitimer 2018-07-06 15:10 - 2018-07-06 15:33 - 000000000 ____D C:\Program Files (x86)\foldershare 2018-07-06 15:09 - 2018-07-08 13:55 - 000001256 _____ C:\Users\Yama72\Desktop\Crossout - MMO action game.lnk 2018-07-06 15:09 - 2018-07-06 15:09 - 000003216 _____ C:\Windows\System32\Tasks\kxand 2018-07-06 15:09 - 2018-07-06 15:09 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\yqltg 2018-07-06 15:09 - 2018-07-06 15:09 - 000000000 ____D C:\Users\Public\Documents\XMUpdate 2018-07-06 15:08 - 2018-07-07 10:33 - 000929792 _____ C:\Users\Yama72\AppData\Local\sham.db 2018-07-06 15:08 - 2018-07-06 15:08 - 000140800 _____ C:\Users\Yama72\AppData\Local\installer.dat 2018-07-05 17:12 - 2018-07-05 17:12 - 016236765 _____ (Oleg N. Scherbakov) C:\Users\Yama72\Downloads\wtw-setup-all.exe 2018-07-05 08:48 - 2018-07-05 08:48 - 000001082 _____ C:\Users\Public\Desktop\VLC media player.lnk 2018-07-05 08:17 - 2018-07-05 08:17 - 000013016 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Opowiesc podrecznej _ The Handmaids Tale (2018) (S02E08) [720p.HULU.WEB-DL.x264-666] [LEKTOR PL].torrent 2018-07-05 08:16 - 2018-07-05 08:16 - 000012599 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Kobiety mafii 2018 (SEZON 1 E06) [720p] [WEBRip] [x264-KiT] [Serial polski] [zibi6248].torrent 2018-06-28 11:50 - 2018-06-28 11:50 - 000019569 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Kobiety mafii S01E05 - Zmiana warty [720p.WEB-DL.H.264.AC3] [PL].torrent 2018-06-28 11:49 - 2018-06-28 11:49 - 000011735 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Kobiety mafii (2018) [S01E05] [720p] [WEBRip] [x264-KiT] [PL].torrent 2018-06-24 15:07 - 2018-06-24 15:07 - 000000168 ____H C:\Program Files\Common Files\restore_rev.bat 2018-06-20 17:55 - 2018-06-20 17:55 - 000000874 _____ C:\Users\Yama72\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2018-06-20 17:02 - 2018-06-20 17:02 - 000012039 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Kobiety mafii 2018 (SEZON 1 E04) [720p] [WEBRip] [x264-KiT] [Serial polski] [zibi6248].torrent 2018-06-19 16:31 - 2018-07-07 09:08 - 000003902 _____ C:\Program Files\Common Files\AppLoaderHelpers.xml 2018-06-19 08:21 - 2018-06-19 08:21 - 000327109 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Lagodna _ Krotkaya (2017) [720p] [BRRip] [XviD] [AC3-MR] [Lektor PL].torrent 2018-06-18 16:10 - 2018-06-18 16:10 - 000213192 _____ C:\Users\Yama72\Desktop\Młode pieski Szerzyny • OLX.pl.html 2018-06-18 16:10 - 2018-06-18 16:10 - 000000000 ____D C:\Users\Yama72\Desktop\Młode pieski Szerzyny • OLX.pl_files 2018-06-17 02:28 - 2018-07-07 09:08 - 000001639 _____ C:\Program Files\Common Files\RestoreRevTask.xml 2018-06-15 08:20 - 2018-06-15 08:20 - 000027581 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Fear the Walking Dead [S04E08] [480p] [WebHD] [DD2.0] [XviD-Ralf] [Lektor PL].torrent 2018-06-14 10:26 - 2018-06-18 16:10 - 000000000 ____D C:\Users\Yama72\Downloads\_sonia_ 2018-06-14 10:02 - 2018-06-14 10:02 - 001372910 _____ C:\Users\Yama72\Downloads\skanowanie0008.pdf 2018-06-14 10:02 - 2018-06-14 10:02 - 001102817 _____ C:\Users\Yama72\Downloads\skanowanie0007.pdf 2018-06-14 10:02 - 2018-06-14 10:02 - 000588559 _____ C:\Users\Yama72\Downloads\skanowanie0009.pdf 2018-06-14 10:01 - 2018-06-14 10:01 - 001019148 _____ C:\Users\Yama72\Downloads\skanowanie0005.pdf 2018-06-14 10:01 - 2018-06-14 10:01 - 001013772 _____ C:\Users\Yama72\Downloads\skanowanie0006.pdf 2018-06-14 10:01 - 2018-06-14 10:01 - 000772614 _____ C:\Users\Yama72\Downloads\skanowanie0004.pdf 2018-06-14 08:38 - 2018-06-14 08:38 - 000082595 _____ C:\Users\Yama72\Downloads\GOIK FILIP, 20180613192031 (1).pdf 2018-06-14 08:37 - 2018-06-14 08:37 - 000082595 _____ C:\Users\Yama72\Downloads\GOIK FILIP, 20180613192031.pdf 2018-06-13 07:58 - 2018-05-25 07:10 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-06-13 07:58 - 2018-05-25 06:44 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-06-13 07:58 - 2018-05-25 06:38 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-06-13 07:58 - 2018-05-25 06:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-06-13 07:58 - 2018-05-25 06:32 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-06-13 07:58 - 2018-05-25 06:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-06-13 07:58 - 2018-05-25 06:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2018-06-13 07:58 - 2018-05-25 06:03 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2018-06-13 07:58 - 2018-05-25 05:56 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-06-13 07:58 - 2018-05-25 05:55 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-06-13 07:58 - 2018-05-25 05:55 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-06-13 07:58 - 2018-05-25 05:53 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-06-13 07:58 - 2018-05-25 05:53 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-06-13 07:58 - 2018-05-25 05:44 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2018-06-13 07:58 - 2018-05-25 05:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-06-13 07:58 - 2018-05-25 05:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-06-13 07:58 - 2018-05-25 05:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2018-06-13 07:58 - 2018-05-25 05:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2018-06-13 07:58 - 2018-05-25 05:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2018-06-13 07:58 - 2018-05-25 05:38 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2018-06-13 07:58 - 2018-05-25 05:29 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-06-13 07:58 - 2018-05-25 05:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2018-06-13 07:58 - 2018-05-25 05:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-06-13 07:58 - 2018-05-25 05:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-06-13 07:58 - 2018-05-25 05:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2018-06-13 07:58 - 2018-05-23 07:56 - 007406944 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-06-13 07:58 - 2018-05-23 07:45 - 000027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\uefi.sys 2018-06-13 07:58 - 2018-05-23 07:39 - 001676064 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-06-13 07:58 - 2018-05-23 06:13 - 000251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll 2018-06-13 07:58 - 2018-05-15 07:47 - 002334624 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2018-06-13 07:58 - 2018-05-15 07:47 - 000244304 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2018-06-13 07:58 - 2018-05-15 07:33 - 001308352 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-06-13 07:58 - 2018-05-15 06:57 - 002324752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2018-06-13 07:58 - 2018-05-15 06:17 - 000032640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2018-06-13 07:58 - 2018-05-15 06:04 - 000240128 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll 2018-06-13 07:58 - 2018-05-15 05:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe 2018-06-13 07:58 - 2018-05-15 04:57 - 000672768 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll 2018-06-13 07:58 - 2018-05-15 04:51 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll 2018-06-13 07:58 - 2018-05-12 23:11 - 000532664 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2018-06-13 07:58 - 2018-05-12 23:06 - 000567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2018-06-13 07:58 - 2018-05-12 22:51 - 002014040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2018-06-13 07:58 - 2018-05-12 22:51 - 000923480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys 2018-06-13 07:58 - 2018-05-12 21:08 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2018-06-13 07:58 - 2018-05-11 05:04 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2018-06-13 07:58 - 2018-05-05 21:05 - 001543800 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll 2018-06-13 07:58 - 2018-05-05 20:15 - 001178136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll 2018-06-13 07:58 - 2018-05-05 18:38 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2018-06-13 07:58 - 2018-05-05 18:23 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2018-06-13 07:58 - 2018-04-07 18:48 - 000685568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2018-06-13 07:58 - 2018-04-07 18:47 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2018-06-13 07:58 - 2018-04-07 18:43 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2018-06-13 07:58 - 2018-04-07 18:09 - 000170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2018-06-13 07:58 - 2018-04-07 17:34 - 002255360 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2018-06-13 07:58 - 2018-04-07 17:15 - 001942016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2018-06-13 07:58 - 2018-04-05 19:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc63.sys 2018-06-13 07:58 - 2018-04-05 19:38 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\NetVscCoinstall.dll 2018-06-13 07:58 - 2018-03-29 03:33 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2018-06-13 07:58 - 2018-03-29 03:21 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2018-06-13 07:58 - 2018-03-29 03:06 - 002608640 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2018-06-13 07:58 - 2018-03-29 03:05 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2018-06-13 07:58 - 2018-03-29 02:26 - 002170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2018-06-13 07:58 - 2018-03-29 02:24 - 000236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2018-06-09 11:48 - 2018-06-09 11:48 - 000245151 _____ C:\Users\Yama72\Desktop\502257040618.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-07-08 14:38 - 2016-12-16 09:13 - 001200128 ___SH C:\Users\Yama72\Desktop\Thumbs.db 2018-07-08 14:37 - 2016-10-22 17:51 - 000000000 ____D C:\Users\Yama72\AppData\Local\ClassicShell 2018-07-08 14:17 - 2016-10-24 10:10 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\uTorrent 2018-07-08 14:04 - 2016-10-22 17:11 - 000003972 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A6863EFF-0248-430C-8C51-A008CCBF5EE2} 2018-07-08 14:00 - 2016-10-24 11:27 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\GG 2018-07-08 14:00 - 2016-10-22 17:09 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-585497507-2271305030-2490774745-1001 2018-07-08 14:00 - 2014-03-18 11:56 - 001817498 _____ C:\Windows\system32\PerfStringBackup.INI 2018-07-08 14:00 - 2014-03-18 11:28 - 000799780 _____ C:\Windows\system32\perfh015.dat 2018-07-08 14:00 - 2014-03-18 11:28 - 000160522 _____ C:\Windows\system32\perfc015.dat 2018-07-08 14:00 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2018-07-08 13:55 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-07-08 13:45 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\ELAMBKUP 2018-07-07 12:15 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF 2018-07-07 12:00 - 2013-08-22 15:36 - 000000000 ____D C:\Program Files\Bid-i-War 2018-07-07 11:35 - 2017-12-18 18:05 - 000004080 __RSH C:\ProgramData\ntuser.pol 2018-07-07 11:35 - 2013-08-22 15:36 - 000000000 ____D C:\Program Files\Fundoli Fission XBP3100 Series 2018-07-07 11:19 - 2018-04-18 07:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdvCodeEvo 2018-07-07 11:19 - 2016-10-24 11:29 - 000000000 ____D C:\AdvCodePro 2018-07-07 09:07 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp 2018-07-06 15:49 - 2016-11-21 11:06 - 000000000 ____D C:\Users\Yama72\AppData\LocalLow\Mozilla 2018-07-06 15:31 - 2016-10-22 17:03 - 000000000 ____D C:\Users\Yama72 2018-07-06 15:11 - 2016-10-22 17:13 - 000000000 ____D C:\ProgramData\AMD 2018-07-06 15:10 - 2017-12-21 10:23 - 000000000 ____D C:\Program Files\DAEMON Tools Lite 2018-07-06 15:10 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2018-07-06 15:05 - 2016-11-04 09:59 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\DAEMON Tools Lite 2018-07-06 12:08 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2018-07-05 11:37 - 2016-10-24 12:35 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\vlc 2018-07-03 09:37 - 2016-10-24 11:27 - 000000000 ____D C:\Users\Yama72\AppData\Local\GG 2018-06-27 09:10 - 2016-10-24 11:22 - 000002250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-06-20 17:55 - 2016-10-24 10:11 - 000000894 _____ C:\Users\Yama72\Desktop\µTorrent.lnk 2018-06-14 10:02 - 2018-01-02 09:10 - 000481280 ___SH C:\Users\Yama72\Downloads\Thumbs.db 2018-06-14 08:26 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache 2018-06-13 08:04 - 2014-11-11 23:20 - 000000000 ____D C:\Windows\system32\MRT 2018-06-13 08:03 - 2017-10-11 08:41 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-06-13 08:03 - 2016-10-24 17:50 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-06-19 16:31 - 2018-07-07 09:08 - 000003902 _____ () C:\Program Files\Common Files\AppLoaderHelpers.xml 2018-07-07 09:08 - 2018-06-19 16:31 - 000003922 _____ () C:\Program Files\Common Files\AppLoaderHelpers.xml.back 2018-06-17 02:28 - 2018-07-07 09:08 - 000001639 _____ () C:\Program Files\Common Files\RestoreRevTask.xml 2018-07-07 09:08 - 2018-06-17 02:28 - 000001609 _____ () C:\Program Files\Common Files\RestoreRevTask.xml.back 2018-06-24 15:07 - 2018-06-24 15:07 - 000000168 ____H () C:\Program Files\Common Files\restore_rev.bat 2018-04-26 13:08 - 2018-04-26 13:08 - 000000845 _____ () C:\Users\Yama72\AppData\Roaming\qnapi.ini 2018-07-06 15:08 - 2018-07-06 15:08 - 000140800 _____ () C:\Users\Yama72\AppData\Local\installer.dat 2018-07-06 15:08 - 2018-07-07 10:33 - 000929792 _____ () C:\Users\Yama72\AppData\Local\sham.db Niektóre pliki w TEMP: ==================== 2018-07-06 15:09 - 2018-07-06 15:09 - 001537832 _____ (BANANA SUMMER LIMITED) C:\Users\Yama72\AppData\Local\Temp\1530882572tmp.exe 2018-07-06 15:08 - 2018-07-06 15:08 - 000092672 _____ () C:\Users\Yama72\AppData\Local\Temp\AZOREG_30062018_541.exe 2018-07-06 15:10 - 2018-07-06 15:10 - 000375522 _____ ( ) C:\Users\Yama72\AppData\Local\Temp\uc5j0wrrxpy.exe 2018-07-05 08:46 - 2018-07-05 08:47 - 040184976 _____ () C:\Users\Yama72\AppData\Local\Temp\vlc-3.0.3-win32.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-07-04 08:53 ==================== Koniec FRST.txt ============================