Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 02.08.2018 Uruchomiony przez Kamil (administrator) DESKTOP-0DPTCNE (15-08-2018 17:17:31) Uruchomiony z C:\Users\Kamil\Downloads Załadowane profile: Kamil (Dostępne profile: defaultuser0 & Kamil & iwona) Platform: Windows 10 Home Wersja 1709 16299.431 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe (The Within Network, LLC) C:\Windows\unsignedthemes.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Secure VPN\VpnSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe () C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (ESET) C:\Program Files\ESET\ESET Security\egui.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178504 2018-07-20] (ESET) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2018-05-30] (LogMeIn Inc.) HKU\S-1-5-21-1357859409-3981079408-4033691241-1001\...\Run: [PC-NVR.exe] => C:\Program Files (x86)\Smart Professional Surveillance System\PC-NVR\PC-NVR.exe [774144 2014-05-15] () HKU\S-1-5-21-1357859409-3981079408-4033691241-1001\...\Run: [uTorrent] => C:\Users\Kamil\AppData\Roaming\uTorrent\uTorrent.exe [1983672 2018-05-04] (BitTorrent Inc.) HKU\S-1-5-21-1357859409-3981079408-4033691241-1001\...\Run: [SIMDashboardServer] => C:\Program Files (x86)\SIMDashboardServer\SIMDashboardServer.exe [5663744 2018-04-14] (stryder-it) HKU\S-1-5-21-1357859409-3981079408-4033691241-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [9942704 2018-06-28] (Windscribe Limited) HKU\S-1-5-21-1357859409-3981079408-4033691241-1001\...\Run: [Discord] => C:\Users\Kamil\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.) HKU\S-1-5-21-1357859409-3981079408-4033691241-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5966800 2018-07-25] (NordVPN) HKU\S-1-5-21-1357859409-3981079408-4033691241-1001\...\MountPoints2: {cca25965-d451-11e7-aa26-704d7bc527db} - "E:\setup.exe" HKU\S-1-5-21-1357859409-3981079408-4033691241-1001\...\MountPoints2: {d6ad8ca7-da8f-11e7-aa2a-704d7bc527db} - "E:\AutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG Secure VPN.lnk [2018-07-30] ShortcutTarget: AVG Secure VPN.lnk -> C:\Program Files (x86)\AVG\Secure VPN\Vpn.exe (AVG Technologies CZ, s.r.o.) Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-04-16] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Kamil\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook) Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-06-23] ShortcutTarget: MEGAsync.lnk -> C:\Users\Kamil\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) GroupPolicy: Ograniczenia ? <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{81201010-11f7-4509-b6c2-5319b1c8c64c}: [NameServer] 77.234.40.79 Tcpip\..\Interfaces\{8398ef85-888b-47f0-a6a8-2303564b9a48}: [NameServer] 185.89.185.2 89.108.202.21 Tcpip\..\Interfaces\{be31d3d1-4e52-4031-8e33-2f0a4f1dc166}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{c13b936b-e58d-4959-89af-1e50a65464af}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e5d30c71-1c92-4a03-a8b0-6751625ee901}: [NameServer] 89.108.195.21 185.89.185.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1357859409-3981079408-4033691241-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1357859409-3981079408-4033691241-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE SearchScopes: HKU\S-1-5-21-1357859409-3981079408-4033691241-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1357859409-3981079408-4033691241-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-05] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-05] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-05] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-05] (Oracle Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: bw3keo1n.default FF DefaultProfile: u1us19ct.default-1531476220487 FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla3\Firefox\Profiles\bw3keo1n.default [2018-07-21] FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\u1us19ct.default-1531476220487 [2018-08-15] FF Homepage: Mozilla\Firefox\Profiles\u1us19ct.default-1531476220487 -> about:home FF Extension: (Simple YouTube to MP3/MP4 Converter) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\u1us19ct.default-1531476220487\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi [2018-07-13] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-15] () FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-05] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-06-30] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-15] () FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-05] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems) Chrome: ======= CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default [2018-08-13] CHR Extension: (Prezentacje) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-06] CHR Extension: (Dokumenty) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-06] CHR Extension: (Dysk Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-06] CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-06] CHR Extension: (Arkusze) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-06] CHR Extension: (Dokumenty Google offline) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-06] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06] CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-06] CHR Extension: (Chrome Media Router) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-06] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-06-06] () S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] S3 cfbackd; C:\Program Files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe [211520 2015-09-25] (CleverFiles) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2330224 2018-07-20] (ESET) R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-07-13] (Intel Corporation) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3346856 2018-05-30] (LogMeIn Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] () S2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [Brak podpisu cyfrowego] R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [Brak podpisu cyfrowego] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-05-25] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] () S2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [435664 2018-07-25] () R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation) R2 osrss; C:\WINDOWS\system32\osrss.dll [130808 2018-06-08] (Microsoft Corporation) S2 PLAY INTERNET. RunOuc; C:\Program Files (x86)\PLAYNET\UpdateDog\ouc.exe [651856 2013-10-26] () S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [49704 2016-03-14] (ASUSTeK COMPUTER INC.) R2 SAService; C:\Windows\system32\SAsrv.exe [427224 2015-04-17] (Conexant Systems, Inc.) R2 SecureVpn; C:\Program Files (x86)\AVG\Secure VPN\VpnSvc.exe [5514360 2018-07-26] (AVG Technologies CZ, s.r.o.) R2 sedsvc; C:\Program Files\rempl\sedsvc.exe [294912 2018-08-03] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644144 2018-07-23] (TeamViewer GmbH) R2 UnsignedThemes; C:\Windows\unsignedthemes.exe [22184 2015-03-01] (The Within Network, LLC) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [490672 2018-06-28] (Windscribe Limited) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation) S2 CG6Service; "C:\Program Files (x86)\CyberGhost\CyberGhost.Service.exe" [X] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [141304 2015-12-18] (ASUS Corporation) S3 avgTap; C:\WINDOWS\System32\drivers\avgTap.sys [54888 2018-03-16] (The OpenVPN Project) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [47096 2015-07-13] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-07-13] (Intel Corporation) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143624 2018-07-20] (ESET) R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [109920 2018-07-20] (ESET) S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-02-23] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [196112 2018-07-20] (ESET) R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [110376 2018-07-20] (ESET) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-07-13] (Intel Corporation) S3 FairplayKD; C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [70928 2018-08-12] (Multi Theft Auto) R1 gfdriver; C:\WINDOWS\System32\drivers\gfdriver.sys [51904 2015-01-14] (Titan ARC Corp.) S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2018-05-30] (LogMeIn Inc.) S3 hwusb_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.) S3 hwusb_wwanecm; C:\WINDOWS\System32\drivers\ew_wwanecm.sys [380672 2014-09-30] (Huawei Technologies Co., Ltd.) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation) R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-15] (Malwarebytes) R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_33462f669491c2ff\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-14] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek ) R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation) R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (The OpenVPN Project) R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-02-01] (The OpenVPN Project) R2 uxstyle; C:\Windows\system32\Drivers\elytsxu.sys [32424 2015-03-01] (The Within Network, LLC) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-08-15 17:17 - 2018-08-15 17:18 - 000027690 _____ C:\Users\Kamil\Downloads\FRST.txt 2018-08-15 17:16 - 2018-08-15 17:17 - 000000000 ____D C:\FRST 2018-08-15 17:15 - 2018-08-15 17:16 - 002412544 _____ (Farbar) C:\Users\Kamil\Downloads\FRST64.exe 2018-08-15 17:09 - 2018-08-15 17:09 - 000000000 ____D C:\WINDOWS\UpdateAssistant 2018-08-15 08:05 - 2018-08-15 08:05 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2018-08-15 08:04 - 2018-08-15 08:16 - 000471484 _____ C:\WINDOWS\ntbtlog.txt 2018-08-15 07:47 - 2018-08-15 07:48 - 000000000 ____D C:\Users\Kamil\Desktop\dys 2018-08-15 07:41 - 2018-08-15 07:41 - 000000000 ____D C:\Users\Kamil\Desktop\testdisk-7.1-WIP 2018-08-15 07:39 - 2018-08-15 07:40 - 021263868 _____ C:\Users\Kamil\Downloads\testdisk-7.1-WIP.win64.zip 2018-08-14 20:16 - 2018-08-15 08:17 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-08-14 20:04 - 2018-08-14 20:04 - 000000000 ____D C:\Users\Kamil\Downloads\rufus_files 2018-08-14 20:03 - 2018-08-14 20:03 - 001018424 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Kamil\Downloads\rufus-3.1.exe 2018-08-14 19:42 - 2018-08-14 19:58 - 1953349632 ____R C:\Users\Kamil\Downloads\ubuntu-18.04.1-desktop-amd64.iso 2018-08-14 19:31 - 2018-08-14 19:31 - 000000000 ____D C:\Users\Kamil\Desktop\ubuntu 2018-08-14 19:28 - 2018-08-14 19:28 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator 2018-08-14 19:28 - 2018-08-14 19:28 - 000000000 ____D C:\Program Files (x86)\LinuxLive USB Creator 2018-08-14 19:26 - 2018-08-14 19:27 - 006160320 _____ (LinuxLive USB Creator) C:\Users\Kamil\Downloads\LinuxLive USB Creator 2.9.4.exe 2018-08-14 18:28 - 2018-08-15 08:16 - 000000000 ____D C:\Users\Kamil\AppData\Local\DiskDrill 2018-08-14 18:28 - 2018-08-14 18:28 - 000003085 _____ C:\Users\Kamil\Desktop\Disk Drill.lnk 2018-08-14 18:28 - 2018-08-14 18:28 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cleverfiles Disk Drill 2018-08-14 18:28 - 2018-08-14 18:28 - 000000000 ____D C:\Users\Kamil\AppData\Local\CrashRpt 2018-08-14 18:28 - 2018-08-14 18:28 - 000000000 ____D C:\Program Files (x86)\CleverFiles 2018-08-14 18:19 - 2018-08-14 18:20 - 007772160 _____ C:\Users\Kamil\Downloads\pandora-disk-drill.msi 2018-08-14 07:27 - 2018-08-14 07:27 - 000000000 ____D C:\Users\Kamil\AppData\LocalLow\Unity 2018-08-10 09:20 - 2018-06-29 10:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2018-08-10 09:20 - 2018-06-29 09:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2018-08-10 09:20 - 2018-06-13 23:14 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2018-08-10 09:20 - 2018-06-13 23:02 - 002786304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2018-08-10 09:20 - 2018-06-08 08:07 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-08-10 09:20 - 2018-06-08 08:02 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2018-08-10 09:20 - 2018-06-08 07:57 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2018-08-10 09:20 - 2018-05-11 23:54 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-08-10 06:21 - 2018-08-10 06:21 - 005493552 _____ (eVenture Limited ) C:\Users\Kamil\Downloads\Hide.me-Setup-1.4.2.exe 2018-08-10 06:17 - 2018-08-10 06:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN 2018-08-10 06:17 - 2018-08-10 06:17 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP 2018-08-10 06:17 - 2018-08-10 06:17 - 000000000 ____D C:\Program Files (x86)\NordVPN 2018-08-10 06:16 - 2018-08-10 06:16 - 015418280 _____ (NordVPN) C:\Users\Kamil\Downloads\NordVPNSetup.exe 2018-08-10 06:13 - 2018-08-10 06:13 - 026805760 _____ (ExpressVPN) C:\Users\Kamil\Downloads\expressvpn_6.6.0.4121.exe 2018-08-10 05:59 - 2018-08-10 05:59 - 006349299 _____ C:\Users\Kamil\Downloads\ShiginimaSE_v4100.zip 2018-08-10 05:59 - 2018-07-25 10:15 - 003637040 _____ (Shiginima) C:\Users\Kamil\Desktop\Shiginima Launcher SE v4.100.exe 2018-08-08 15:58 - 2018-08-08 15:58 - 000000302 _____ C:\Users\Kamil\Desktop\kas.txt 2018-08-07 20:40 - 2016-11-15 17:44 - 003867334 _____ C:\Users\Kamil\Desktop\HydroV1.jar 2018-08-07 20:39 - 2018-08-07 20:40 - 000626608 _____ C:\Users\Kamil\Downloads\FileUpload_net_Hydro.rar.part 2018-08-07 20:39 - 2018-08-07 20:39 - 000000000 _____ C:\Users\Kamil\Downloads\FileUpload_net_Hydro.rar 2018-08-07 20:38 - 2015-04-16 16:56 - 000000344 _____ C:\Users\Kamil\Desktop\PROXIES.txt 2018-08-07 20:36 - 2018-08-07 20:36 - 003523352 _____ C:\Users\Kamil\Downloads\Hydro.rar 2018-08-05 15:38 - 2018-08-05 15:38 - 013489218 _____ C:\Users\Kamil\Downloads\mmc-stable-win32.zip 2018-08-05 15:13 - 2018-08-05 15:13 - 000386723 _____ C:\Users\Kamil\Downloads\mod-worlddownloader-baseedit-4.0.2.0-mc1.12.1.zip 2018-08-05 10:15 - 2018-08-05 10:17 - 000000000 ____D C:\Users\Kamil\.junique 2018-08-05 09:50 - 2018-08-14 07:22 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\.minecraft 2018-08-04 15:08 - 2018-08-04 17:50 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\discord 2018-08-04 15:08 - 2018-08-04 15:08 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2018-08-04 15:07 - 2018-08-04 15:08 - 000000000 ____D C:\Users\Kamil\AppData\Local\SquirrelTemp 2018-08-04 15:07 - 2018-08-04 15:08 - 000000000 ____D C:\Users\Kamil\AppData\Local\Discord 2018-07-30 12:28 - 2018-08-15 07:23 - 000004260 _____ C:\WINDOWS\System32\Tasks\AVG Secure VPN Update 2018-07-30 12:28 - 2018-07-30 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2018-07-30 12:28 - 2018-07-30 12:28 - 000000000 ____D C:\ProgramData\AVG 2018-07-30 12:28 - 2018-07-30 12:28 - 000000000 ____D C:\Program Files (x86)\AVG 2018-07-30 12:28 - 2018-03-16 16:31 - 000054888 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\avgTap.sys 2018-07-30 12:19 - 2018-07-30 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe 2018-07-29 19:14 - 2018-08-05 09:48 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\mc 2018-07-29 17:37 - 2018-07-29 17:37 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2018-07-29 17:36 - 2018-07-29 17:36 - 000002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-07-29 17:36 - 2018-07-29 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2018-07-24 15:50 - 2018-07-24 15:50 - 000044896 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapnordvpn.sys 2018-07-18 11:17 - 2018-07-18 11:17 - 000000000 ____D C:\Users\Kamil\AppData\Local\BusSimulator18 2018-07-17 16:24 - 2018-07-18 15:09 - 000000000 ____D C:\Users\Kamil\Documents\ProfileCache 2018-07-17 16:24 - 2018-07-18 15:04 - 000000000 ____D C:\Users\Kamil\Documents\The Crew ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-08-15 17:11 - 2018-02-08 17:04 - 000004226 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{56DCD8AC-7B9E-49AC-BDDE-20CACC1D2D91} 2018-08-15 17:11 - 2017-08-04 12:40 - 000000000 ____D C:\ProgramData\NVIDIA 2018-08-15 17:09 - 2018-01-14 21:28 - 000000000 ____D C:\Users\Kamil\AppData\LocalLow\Mozilla 2018-08-15 17:08 - 2018-02-08 16:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-08-15 17:08 - 2017-08-09 18:08 - 000000184 _____ C:\Users\Kamil\AppData\Roaming\sp_data.sys 2018-08-15 08:28 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-08-15 08:26 - 2017-08-10 11:54 - 000000000 ____D C:\Program Files (x86)\Steam 2018-08-15 08:19 - 2016-11-14 04:29 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-08-15 08:18 - 2017-08-09 18:08 - 000000000 __SHD C:\Users\Kamil\IntelGraphicsProfiles 2018-08-15 08:17 - 2018-02-08 17:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-08-15 08:17 - 2017-09-29 10:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2018-08-15 07:40 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-08-15 07:40 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-08-15 07:18 - 2017-08-11 09:27 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-08-14 20:53 - 2018-02-08 16:41 - 000000000 ____D C:\Users\Kamil 2018-08-14 20:50 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-08-14 20:50 - 2017-08-11 09:27 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-08-14 20:49 - 2016-07-16 13:47 - 000000167 _____ C:\WINDOWS\win.ini 2018-08-14 20:15 - 2018-02-08 16:35 - 000449280 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-08-14 20:14 - 2018-04-02 10:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-08-14 20:14 - 2018-04-02 10:47 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-08-14 20:14 - 2017-09-30 16:29 - 000000000 ____D C:\WINDOWS\OCR 2018-08-14 20:09 - 2018-01-27 11:12 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\uTorrent 2018-08-14 20:08 - 2018-05-01 09:08 - 000000266 __RSH C:\ProgramData\ntuser.pol 2018-08-14 19:42 - 2018-05-28 16:23 - 000000000 ____D C:\Users\Kamil\AppData\LocalLow\uTorrent 2018-08-14 18:41 - 2017-08-31 14:43 - 000000600 _____ C:\Users\Kamil\AppData\Roaming\winscp.rnd 2018-08-14 07:27 - 2017-09-01 09:35 - 000000000 ____D C:\Users\Kamil\AppData\Local\CrashDumps 2018-08-14 06:58 - 2018-06-20 17:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2018-08-13 09:03 - 2018-02-08 17:04 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1357859409-3981079408-4033691241-1001 2018-08-13 09:03 - 2017-08-09 18:15 - 000002413 _____ C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-08-13 09:03 - 2017-08-09 18:15 - 000000000 ___RD C:\Users\Kamil\OneDrive 2018-08-10 16:56 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-08-10 16:34 - 2017-07-27 15:50 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\TS3Client 2018-08-10 09:17 - 2017-08-11 06:20 - 000000000 ____D C:\Program Files\rempl 2018-08-10 06:19 - 2018-03-04 16:09 - 000000000 ____D C:\Users\Kamil\AppData\Local\NordVPN 2018-08-10 06:18 - 2018-03-04 16:06 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\NordVPN 2018-08-10 06:17 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF 2018-08-09 07:31 - 2018-04-02 10:48 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-08-09 07:17 - 2018-01-07 10:13 - 000002309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-06 17:31 - 2018-04-15 10:22 - 000836480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-08-06 17:31 - 2018-04-15 10:22 - 000181120 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-08-06 15:40 - 2017-08-10 12:08 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2018-08-05 14:38 - 2018-02-08 18:51 - 000000000 ___RD C:\Users\Kamil\3D Objects 2018-08-05 10:16 - 2018-01-11 17:19 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\Crystal-Launcher 2018-08-01 04:59 - 2018-06-23 18:08 - 000000000 ____D C:\Program Files (x86)\Windscribe 2018-07-31 15:42 - 2018-02-08 17:04 - 000004000 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1502295465 2018-07-31 15:42 - 2017-08-09 18:17 - 000001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk 2018-07-31 15:42 - 2017-08-09 18:17 - 000000000 ____D C:\Program Files\Opera 2018-07-31 15:14 - 2018-05-19 19:32 - 000001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk 2018-07-29 17:37 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-07-29 17:37 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-07-29 17:36 - 2017-08-04 13:16 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-07-29 17:36 - 2017-08-04 13:16 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-07-29 17:36 - 2017-08-04 13:16 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-07-29 17:36 - 2017-08-04 13:16 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-07-29 17:36 - 2017-08-04 13:16 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-07-29 17:36 - 2017-08-04 13:16 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-07-29 17:35 - 2017-08-04 13:12 - 000000000 ____D C:\Program Files\Microsoft Office 2018-07-28 09:15 - 2018-05-07 17:51 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\FileZilla 2018-07-27 08:18 - 2017-08-11 08:18 - 000000000 ____D C:\Program Files (x86)\Minecraft 2018-07-21 12:21 - 2017-12-19 16:27 - 000000000 ___DC C:\WINDOWS\Panther 2018-07-20 16:30 - 2017-11-07 10:19 - 000196112 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys 2018-07-20 16:30 - 2017-11-07 10:19 - 000143624 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys 2018-07-20 16:30 - 2017-11-07 10:19 - 000110376 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys 2018-07-20 16:30 - 2017-11-07 10:19 - 000109920 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys 2018-07-19 21:22 - 2017-10-17 16:59 - 000007887 _____ C:\WINDOWS\BRRBCOM.INI 2018-07-18 15:44 - 2017-08-14 12:28 - 000000000 ____D C:\Users\Kamil\Documents\Euro Truck Simulator 2 2018-07-18 15:16 - 2017-11-06 17:57 - 000000000 ____D C:\ProgramData\TruckersMP 2018-07-18 15:11 - 2018-07-14 12:53 - 000000000 ____D C:\Users\Kamil\AppData\Local\Ubisoft Game Launcher ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-05-26 17:35 - 2018-05-26 17:35 - 000001517 _____ () C:\Users\Kamil\AppData\Roaming\Bez tytułu.png 2018-05-02 09:53 - 2018-05-02 09:53 - 000132933 _____ () C:\Users\Kamil\AppData\Roaming\IPBOdp.png 2017-11-05 12:28 - 2018-04-26 12:27 - 000000739 _____ () C:\Users\Kamil\AppData\Roaming\jd-gui.cfg 2017-09-16 19:07 - 2017-09-16 19:07 - 000023682 _____ () C:\Users\Kamil\AppData\Roaming\oplaty.png 2017-08-09 18:08 - 2018-08-15 17:08 - 000000184 _____ () C:\Users\Kamil\AppData\Roaming\sp_data.sys 2017-09-29 16:27 - 2018-03-08 18:33 - 000000043 _____ () C:\Users\Kamil\AppData\Roaming\steam.txt 2017-08-31 14:43 - 2018-08-14 18:41 - 000000600 _____ () C:\Users\Kamil\AppData\Roaming\winscp.rnd 2018-01-17 20:12 - 2018-01-17 20:12 - 000000000 ___SH () C:\Users\Kamil\AppData\Local\LumaEmu 2017-12-09 13:25 - 2018-05-27 18:14 - 000000600 _____ () C:\Users\Kamil\AppData\Local\PUTTY.RND 2018-02-11 15:18 - 2018-02-11 15:18 - 000007776 _____ () C:\Users\Kamil\AppData\Local\recently-used.xbel 2017-11-11 15:38 - 2018-05-17 16:20 - 000007602 _____ () C:\Users\Kamil\AppData\Local\Resmon.ResmonCfg Niektóre pliki w TEMP: ==================== 2018-08-08 16:30 - 2018-08-08 16:30 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-1049018410099600548.dll 2018-08-11 16:15 - 2018-08-11 16:15 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-105219066210313605.dll 2018-08-11 08:00 - 2018-08-11 08:00 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-1338757204510628000.dll 2018-08-11 06:38 - 2018-08-11 06:38 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-1498626337512403940.dll 2018-08-12 07:32 - 2018-08-12 07:32 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-2121199912365622139.dll 2018-08-13 13:22 - 2018-08-13 13:22 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-2350331630557926269.dll 2018-08-11 07:15 - 2018-08-11 07:15 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-2947475318366435930.dll 2018-08-12 13:04 - 2018-08-12 13:04 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3412451092051398236.dll 2018-08-07 20:05 - 2018-08-07 20:05 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3597150832407102022.dll 2018-08-11 16:10 - 2018-08-11 16:10 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-3673586095718366408.dll 2018-08-12 10:36 - 2018-08-12 10:36 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-4683130486810178878.dll 2018-08-08 08:27 - 2018-08-08 08:27 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-4750683584086167039.dll 2018-08-08 16:32 - 2018-08-08 16:32 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-4893048992737400666.dll 2018-08-12 14:29 - 2018-08-12 14:29 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-5139349364790734880.dll 2018-08-12 13:51 - 2018-08-12 13:51 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-561675293382343939.dll 2018-08-10 14:21 - 2018-08-10 14:21 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-5710207459308200338.dll 2018-08-13 07:23 - 2018-08-13 07:23 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-6944394875809805540.dll 2018-08-09 16:26 - 2018-08-09 16:26 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-7139676664960231193.dll 2018-08-11 18:09 - 2018-08-11 18:09 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-7370307317192625406.dll 2018-08-09 07:14 - 2018-08-09 07:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-7968380594111858691.dll 2018-08-12 13:01 - 2018-08-12 13:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-8149543441190790538.dll 2018-08-10 18:04 - 2018-08-10 18:04 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Kamil\AppData\Local\Temp\jansi-64-902158958511995893.dll Niektóre zerobajtowe pliki/foldery: ========================== C:\Windows\SysWOW64\lastpass_1337.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-08-05 09:57 ==================== Koniec FRST.txt ============================