Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20.06.2018 Uruchomiony przez Yama72 (administrator) YAMA (08-07-2018 16:41:13) Uruchomiony z C:\Users\Yama72\Downloads Załadowane profile: Yama72 (Dostępne profile: Yama72) Platform: Windows 8.1 Pro (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe () C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Logixoft) C:\ProgramData\rvlkl\rvlkl.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe () C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2016-10-22] (Realtek Semiconductor) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [WatchDogUserAutostart] => C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe [542480 2017-05-25] () HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [GG] => C:\Users\Yama72\AppData\Local\GG\Application\gghub.exe [4078144 2016-07-04] (GG Network S.A.) HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5230784 2017-12-15] (Disc Soft Ltd) HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\Run: [uTorrent] => C:\Users\Yama72\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-22] (BitTorrent Inc.) HKU\S-1-5-21-585497507-2271305030-2490774745-1001\...\MountPoints2: {07b1a365-9db3-11e6-826e-001583144ef9} - "G:\autorun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk [2018-07-07] ShortcutTarget: rvlkl.lnk -> C:\ProgramData\rvlkl\rvlkl.exe (Logixoft) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{134F99AE-C840-41AC-AA18-AF54A45233C2}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8C01232E-2A53-464A-860E-11B013A31B5A}: [DhcpNameServer] 89.234.211.3 89.234.192.19 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-585497507-2271305030-2490774745-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft) BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft) FireFox: ======== FF DefaultProfile: 3nhh07ui.default FF ProfilePath: C:\Users\Yama72\AppData\Roaming\Mozilla\Firefox\Profiles\3nhh07ui.default [2018-07-08] FF Extension: (Google NoTrack) - C:\Users\Yama72\AppData\Roaming\Mozilla\Firefox\Profiles\3nhh07ui.default\Extensions\googlenotrack@dirtylittlehelpers.com.xpi [2018-07-06] FF Extension: (Adblock Plus) - C:\Users\Yama72\AppData\Roaming\Mozilla\Firefox\Profiles\3nhh07ui.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-18] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-29] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-29] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) Chrome: ======= CHR Profile: C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default [2018-07-08] CHR Extension: (Prezentacje) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Dokumenty) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Dysk Google) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-24] CHR Extension: (MEGA) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-07-05] CHR Extension: (YouTube) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-24] CHR Extension: (Adblock Plus) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-17] CHR Extension: (uBlock Origin) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-05] CHR Extension: (Adblocker for Youtube™) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\dccefhjaifdmpkjcbiojjennojmedchc [2018-07-07] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA CHR Extension: (Arkusze) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Dokumenty Google offline) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-24] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-24] CHR Extension: (Chrome Media Router) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-08] CHR Profile: C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-07-08] CHR Extension: (Brak nazwy) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\dfkbibfnelggjiagnbapfoodmhhnedfa [2018-07-07] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA CHR Profile: C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-08] CHR Extension: (Adblocker for Youtube™) - C:\Users\Yama72\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\dccefhjaifdmpkjcbiojjennojmedchc [2018-07-07] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] R2 ComarchCryptoWatchdog; C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe [542480 2017-05-25] () R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3128000 2017-12-15] (Disc Soft Ltd) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2016-10-22] (Advanced Micro Devices) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-11-04] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-11-04] (Disc Soft Ltd) S1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-16] (ESET) R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142888 2008-03-21] (SafeNet, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2016-10-24] (Basil Projects) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-07-08 16:41 - 2018-07-08 16:41 - 000013794 _____ C:\Users\Yama72\Downloads\FRST.txt 2018-07-08 16:35 - 2018-07-08 16:36 - 000004236 _____ C:\Users\Yama72\Downloads\Fixlog.txt 2018-07-08 16:35 - 2018-07-08 16:35 - 000000002 _____ C:\Users\Yama72\Downloads\louprnmrdzxw.txt 2018-07-08 16:18 - 2018-07-08 16:18 - 000000116 _____ C:\Users\Yama72\Desktop\asdasdas.txt 2018-07-08 16:05 - 2018-07-08 16:05 - 000013473 _____ C:\Users\Yama72\Downloads\ehuavirymcfkez.txt 2018-07-08 14:45 - 2018-07-08 14:45 - 000206300 _____ C:\Users\Yama72\Desktop\Problem z app_loader i Windows - Dział pomocy doraźnej - Fixitpc.pl.html 2018-07-08 14:45 - 2018-07-08 14:45 - 000000000 ____D C:\Users\Yama72\Desktop\Problem z app_loader i Windows - Dział pomocy doraźnej - Fixitpc.pl_files 2018-07-08 14:37 - 2018-07-08 16:41 - 000000000 ____D C:\FRST 2018-07-08 14:37 - 2018-07-08 14:37 - 002412544 _____ (Farbar) C:\Users\Yama72\Downloads\FRST64.exe 2018-07-08 14:16 - 2018-07-08 14:16 - 000001915 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-07-08 14:16 - 2018-07-08 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-07-08 14:16 - 2018-07-08 14:16 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-07-08 14:16 - 2018-07-08 14:16 - 000000000 ____D C:\Program Files\Malwarebytes 2018-07-08 14:16 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-07-08 14:14 - 2018-07-08 14:15 - 073182192 _____ (Malwarebytes ) C:\Users\Yama72\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5807.exe 2018-07-08 13:55 - 2018-07-08 16:02 - 000001242 _____ C:\Users\Yama72\Desktop\Driver Updater.lnk 2018-07-08 13:53 - 2018-07-08 13:53 - 007395536 _____ (Malwarebytes) C:\Users\Yama72\Downloads\AdwCleaner.exe 2018-07-08 13:42 - 2018-07-08 13:43 - 000000000 ____D C:\Windows\pss 2018-07-08 13:31 - 2013-10-16 16:11 - 000000000 ____D C:\Users\Yama72\Desktop\ESET.Fix 2018-07-07 13:31 - 2018-07-07 13:32 - 000000000 ____D C:\ProgramData\rvlkl 2018-07-07 13:30 - 2018-07-07 13:30 - 000114688 _____ C:\Users\Yama72\Downloads\fk.exe 2018-07-07 13:27 - 2018-07-07 13:27 - 001411136 _____ (Logixoft) C:\Users\Yama72\Downloads\rkfree_setup(dobreprogramy.pl).exe 2018-07-07 12:08 - 2018-07-07 12:08 - 000003348 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings 2018-07-07 12:08 - 2018-07-07 12:08 - 000000000 ____D C:\Program Files\Common Files\AV 2018-07-07 09:08 - 2018-06-19 16:31 - 000003922 _____ C:\Program Files\Common Files\AppLoaderHelpers.xml.back 2018-07-07 09:08 - 2018-06-17 02:28 - 000001609 _____ C:\Program Files\Common Files\RestoreRevTask.xml.back 2018-07-06 17:17 - 2018-07-08 13:39 - 000488098 _____ C:\Windows\ntbtlog.txt 2018-07-06 16:55 - 2018-07-06 16:55 - 000000000 ____D C:\Users\Yama72\Desktop\ESET.Smart.Security.v7.0.302.8.Final-mara 2018-07-06 16:54 - 2018-07-06 16:54 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\ESET 2018-07-06 16:54 - 2018-07-06 16:54 - 000000000 ____D C:\Users\Yama72\AppData\Local\ESET 2018-07-06 16:53 - 2018-07-08 13:45 - 000000000 ____D C:\Program Files\ESET 2018-07-06 16:50 - 2018-07-06 17:44 - 000000000 ____D C:\Users\Yama72\Downloads\ESET.Smart.Security.v7.0.302.8.Final-mara 2018-07-06 16:42 - 2018-07-06 16:44 - 153010274 _____ C:\Users\Yama72\Downloads\ESET.Smart.Security.v7.0.302.8.Final-mara.zip 2018-07-06 16:19 - 2018-07-06 16:24 - 000000000 ____D C:\AdwCleaner 2018-07-06 16:17 - 2018-07-06 16:17 - 007402192 _____ (Malwarebytes) C:\Users\Yama72\Downloads\Niepotwierdzony 10614.crdownload 2018-07-06 15:31 - 2018-07-08 16:07 - 000000008 __RSH C:\Users\Yama72\ntuser.pol 2018-07-06 15:28 - 2018-07-06 15:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-07-06 15:11 - 2018-07-08 16:24 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} 2018-07-06 15:09 - 2018-07-08 16:02 - 000001256 _____ C:\Users\Yama72\Desktop\Crossout - MMO action game.lnk 2018-07-05 17:12 - 2018-07-05 17:12 - 016236765 _____ (Oleg N. Scherbakov) C:\Users\Yama72\Downloads\wtw-setup-all.exe 2018-07-05 08:48 - 2018-07-05 08:48 - 000001082 _____ C:\Users\Public\Desktop\VLC media player.lnk 2018-07-05 08:17 - 2018-07-05 08:17 - 000013016 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Opowiesc podrecznej _ The Handmaids Tale (2018) (S02E08) [720p.HULU.WEB-DL.x264-666] [LEKTOR PL].torrent 2018-07-05 08:16 - 2018-07-05 08:16 - 000012599 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Kobiety mafii 2018 (SEZON 1 E06) [720p] [WEBRip] [x264-KiT] [Serial polski] [zibi6248].torrent 2018-06-28 11:50 - 2018-06-28 11:50 - 000019569 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Kobiety mafii S01E05 - Zmiana warty [720p.WEB-DL.H.264.AC3] [PL].torrent 2018-06-28 11:49 - 2018-06-28 11:49 - 000011735 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Kobiety mafii (2018) [S01E05] [720p] [WEBRip] [x264-KiT] [PL].torrent 2018-06-20 17:55 - 2018-06-20 17:55 - 000000874 _____ C:\Users\Yama72\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2018-06-20 17:02 - 2018-06-20 17:02 - 000012039 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Kobiety mafii 2018 (SEZON 1 E04) [720p] [WEBRip] [x264-KiT] [Serial polski] [zibi6248].torrent 2018-06-19 16:31 - 2018-07-07 09:08 - 000003902 _____ C:\Program Files\Common Files\AppLoaderHelpers.xml 2018-06-19 08:21 - 2018-06-19 08:21 - 000327109 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Lagodna _ Krotkaya (2017) [720p] [BRRip] [XviD] [AC3-MR] [Lektor PL].torrent 2018-06-18 16:10 - 2018-06-18 16:10 - 000213192 _____ C:\Users\Yama72\Desktop\Młode pieski Szerzyny • OLX.pl.html 2018-06-18 16:10 - 2018-06-18 16:10 - 000000000 ____D C:\Users\Yama72\Desktop\Młode pieski Szerzyny • OLX.pl_files 2018-06-17 02:28 - 2018-07-07 09:08 - 000001639 _____ C:\Program Files\Common Files\RestoreRevTask.xml 2018-06-15 08:20 - 2018-06-15 08:20 - 000027581 _____ C:\Users\Yama72\Downloads\[EX-TORRENTY.ORG] Fear the Walking Dead [S04E08] [480p] [WebHD] [DD2.0] [XviD-Ralf] [Lektor PL].torrent 2018-06-14 10:26 - 2018-06-18 16:10 - 000000000 ____D C:\Users\Yama72\Downloads\_sonia_ 2018-06-14 10:02 - 2018-06-14 10:02 - 001372910 _____ C:\Users\Yama72\Downloads\skanowanie0008.pdf 2018-06-14 10:02 - 2018-06-14 10:02 - 001102817 _____ C:\Users\Yama72\Downloads\skanowanie0007.pdf 2018-06-14 10:02 - 2018-06-14 10:02 - 000588559 _____ C:\Users\Yama72\Downloads\skanowanie0009.pdf 2018-06-14 10:01 - 2018-06-14 10:01 - 001019148 _____ C:\Users\Yama72\Downloads\skanowanie0005.pdf 2018-06-14 10:01 - 2018-06-14 10:01 - 001013772 _____ C:\Users\Yama72\Downloads\skanowanie0006.pdf 2018-06-14 10:01 - 2018-06-14 10:01 - 000772614 _____ C:\Users\Yama72\Downloads\skanowanie0004.pdf 2018-06-14 08:38 - 2018-06-14 08:38 - 000082595 _____ C:\Users\Yama72\Downloads\GOIK FILIP, 20180613192031 (1).pdf 2018-06-14 08:37 - 2018-06-14 08:37 - 000082595 _____ C:\Users\Yama72\Downloads\GOIK FILIP, 20180613192031.pdf 2018-06-13 07:58 - 2018-05-25 07:10 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-06-13 07:58 - 2018-05-25 06:44 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-06-13 07:58 - 2018-05-25 06:38 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-06-13 07:58 - 2018-05-25 06:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-06-13 07:58 - 2018-05-25 06:32 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-06-13 07:58 - 2018-05-25 06:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-06-13 07:58 - 2018-05-25 06:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2018-06-13 07:58 - 2018-05-25 06:03 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2018-06-13 07:58 - 2018-05-25 05:56 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-06-13 07:58 - 2018-05-25 05:55 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-06-13 07:58 - 2018-05-25 05:55 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-06-13 07:58 - 2018-05-25 05:53 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-06-13 07:58 - 2018-05-25 05:53 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-06-13 07:58 - 2018-05-25 05:44 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2018-06-13 07:58 - 2018-05-25 05:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-06-13 07:58 - 2018-05-25 05:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-06-13 07:58 - 2018-05-25 05:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2018-06-13 07:58 - 2018-05-25 05:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2018-06-13 07:58 - 2018-05-25 05:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2018-06-13 07:58 - 2018-05-25 05:38 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2018-06-13 07:58 - 2018-05-25 05:29 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-06-13 07:58 - 2018-05-25 05:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2018-06-13 07:58 - 2018-05-25 05:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-06-13 07:58 - 2018-05-25 05:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-06-13 07:58 - 2018-05-25 05:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2018-06-13 07:58 - 2018-05-23 07:56 - 007406944 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-06-13 07:58 - 2018-05-23 07:45 - 000027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\uefi.sys 2018-06-13 07:58 - 2018-05-23 07:39 - 001676064 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-06-13 07:58 - 2018-05-23 06:13 - 000251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll 2018-06-13 07:58 - 2018-05-15 07:47 - 002334624 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2018-06-13 07:58 - 2018-05-15 07:47 - 000244304 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2018-06-13 07:58 - 2018-05-15 07:33 - 001308352 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-06-13 07:58 - 2018-05-15 06:57 - 002324752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2018-06-13 07:58 - 2018-05-15 06:17 - 000032640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2018-06-13 07:58 - 2018-05-15 06:04 - 000240128 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll 2018-06-13 07:58 - 2018-05-15 05:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe 2018-06-13 07:58 - 2018-05-15 04:57 - 000672768 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll 2018-06-13 07:58 - 2018-05-15 04:51 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll 2018-06-13 07:58 - 2018-05-12 23:11 - 000532664 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2018-06-13 07:58 - 2018-05-12 23:06 - 000567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2018-06-13 07:58 - 2018-05-12 22:51 - 002014040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2018-06-13 07:58 - 2018-05-12 22:51 - 000923480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys 2018-06-13 07:58 - 2018-05-12 21:08 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2018-06-13 07:58 - 2018-05-11 05:04 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2018-06-13 07:58 - 2018-05-05 21:05 - 001543800 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll 2018-06-13 07:58 - 2018-05-05 20:15 - 001178136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll 2018-06-13 07:58 - 2018-05-05 18:38 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2018-06-13 07:58 - 2018-05-05 18:23 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2018-06-13 07:58 - 2018-04-07 18:48 - 000685568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2018-06-13 07:58 - 2018-04-07 18:47 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2018-06-13 07:58 - 2018-04-07 18:43 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2018-06-13 07:58 - 2018-04-07 18:09 - 000170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2018-06-13 07:58 - 2018-04-07 17:34 - 002255360 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2018-06-13 07:58 - 2018-04-07 17:15 - 001942016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2018-06-13 07:58 - 2018-04-05 19:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc63.sys 2018-06-13 07:58 - 2018-04-05 19:38 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\NetVscCoinstall.dll 2018-06-13 07:58 - 2018-03-29 03:33 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2018-06-13 07:58 - 2018-03-29 03:21 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2018-06-13 07:58 - 2018-03-29 03:06 - 002608640 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2018-06-13 07:58 - 2018-03-29 03:05 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2018-06-13 07:58 - 2018-03-29 02:26 - 002170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2018-06-13 07:58 - 2018-03-29 02:24 - 000236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2018-06-09 11:48 - 2018-06-09 11:48 - 000245151 _____ C:\Users\Yama72\Desktop\502257040618.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-07-08 16:41 - 2014-03-18 11:56 - 001817498 _____ C:\Windows\system32\PerfStringBackup.INI 2018-07-08 16:41 - 2014-03-18 11:28 - 000799780 _____ C:\Windows\system32\perfh015.dat 2018-07-08 16:41 - 2014-03-18 11:28 - 000160522 _____ C:\Windows\system32\perfc015.dat 2018-07-08 16:41 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2018-07-08 16:40 - 2018-01-02 09:10 - 000481280 ___SH C:\Users\Yama72\Downloads\Thumbs.db 2018-07-08 16:38 - 2016-10-24 10:10 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\uTorrent 2018-07-08 16:38 - 2016-10-22 17:51 - 000000000 ____D C:\Users\Yama72\AppData\Local\ClassicShell 2018-07-08 16:37 - 2016-12-16 09:13 - 001212928 ___SH C:\Users\Yama72\Desktop\Thumbs.db 2018-07-08 16:36 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-07-08 16:35 - 2016-10-22 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAPI-PROJEKT 2018-07-08 16:29 - 2016-10-22 17:09 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-585497507-2271305030-2490774745-1001 2018-07-08 16:07 - 2017-12-18 18:05 - 000000008 __RSH C:\ProgramData\ntuser.pol 2018-07-08 16:07 - 2016-10-22 17:03 - 000000000 ____D C:\Users\Yama72 2018-07-08 16:06 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2018-07-08 14:04 - 2016-10-22 17:11 - 000003972 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A6863EFF-0248-430C-8C51-A008CCBF5EE2} 2018-07-08 14:00 - 2016-10-24 11:27 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\GG 2018-07-08 13:45 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\ELAMBKUP 2018-07-07 12:15 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF 2018-07-07 11:19 - 2018-04-18 07:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdvCodeEvo 2018-07-07 11:19 - 2016-10-24 11:29 - 000000000 ____D C:\AdvCodePro 2018-07-07 09:07 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp 2018-07-06 15:49 - 2016-11-21 11:06 - 000000000 ____D C:\Users\Yama72\AppData\LocalLow\Mozilla 2018-07-06 15:11 - 2016-10-22 17:13 - 000000000 ____D C:\ProgramData\AMD 2018-07-06 15:10 - 2017-12-21 10:23 - 000000000 ____D C:\Program Files\DAEMON Tools Lite 2018-07-06 15:05 - 2016-11-04 09:59 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\DAEMON Tools Lite 2018-07-06 12:08 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2018-07-05 11:37 - 2016-10-24 12:35 - 000000000 ____D C:\Users\Yama72\AppData\Roaming\vlc 2018-07-03 09:37 - 2016-10-24 11:27 - 000000000 ____D C:\Users\Yama72\AppData\Local\GG 2018-06-27 09:10 - 2016-10-24 11:22 - 000002250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-06-20 17:55 - 2016-10-24 10:11 - 000000894 _____ C:\Users\Yama72\Desktop\µTorrent.lnk 2018-06-14 08:26 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache 2018-06-13 08:04 - 2014-11-11 23:20 - 000000000 ____D C:\Windows\system32\MRT 2018-06-13 08:03 - 2017-10-11 08:41 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-06-13 08:03 - 2016-10-24 17:50 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-06-19 16:31 - 2018-07-07 09:08 - 000003902 _____ () C:\Program Files\Common Files\AppLoaderHelpers.xml 2018-07-07 09:08 - 2018-06-19 16:31 - 000003922 _____ () C:\Program Files\Common Files\AppLoaderHelpers.xml.back 2018-06-17 02:28 - 2018-07-07 09:08 - 000001639 _____ () C:\Program Files\Common Files\RestoreRevTask.xml 2018-07-07 09:08 - 2018-06-17 02:28 - 000001609 _____ () C:\Program Files\Common Files\RestoreRevTask.xml.back 2018-04-26 13:08 - 2018-04-26 13:08 - 000000845 _____ () C:\Users\Yama72\AppData\Roaming\qnapi.ini ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-07-04 08:53 ==================== Koniec FRST.txt ============================