Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 02.08.2018 Uruchomiony przez MarciNasty (administrator) DESKTOP-H416317 (18-08-2018 02:53:58) Uruchomiony z C:\Users\MarciNasty\Downloads Załadowane profile: MarciNasty (Dostępne profile: MarciNasty) Platform: Windows 10 Home Wersja 1709 16299.431 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (The Firebird Project) C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (M-Audio) C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (The Firebird Project) C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Canon INC.) C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Users\MarciNasty\AppData\Roaming\bgtools\bgtools.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.428_none_1704c21831ffb4a8\TiWorker.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169744 2015-09-12] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-2992951554-1837063396-3875956677-1001\...\Run: [Steam] => D:\Steam\steam.exe [3200800 2018-05-19] (Valve Corporation) HKU\S-1-5-21-2992951554-1837063396-3875956677-1001\...\Run: [uTorrent] => C:\Users\MarciNasty\AppData\Roaming\uTorrent\uTorrent.exe [1983672 2018-05-06] (BitTorrent Inc.) HKU\S-1-5-21-2992951554-1837063396-3875956677-1001\...\Run: [2mJ+4J-#j-.exe] => C:\Program Files\Common Files\ODNZQC6V\2mJ+4J-#j-.exe HKU\S-1-5-21-2992951554-1837063396-3875956677-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated) HKU\S-1-5-21-2992951554-1837063396-3875956677-1001\...\MountPoints2: {2c67383b-6e74-11e8-b1e6-a0b3cc8679f5} - "F:\LaunchU3.exe" -a HKU\S-1-5-21-2992951554-1837063396-3875956677-1001\...\MountPoints2: {3a8e6e86-f9b1-11e7-b1bf-a0b3cc8679f5} - "G:\setup.exe" ShellExecuteHooks: Brak nazwy - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - -> Brak pliku Startup: C:\Users\MarciNasty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-08-01] ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.) GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== UWAGA (Ograniczenia - ProxySettings) ProxyEnable: [HKLM] => Proxy [funkcja włączona] ProxyEnable: [HKLM-x32] => Proxy [funkcja włączona] ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080 ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080 AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080 ProxyEnable: [S-1-5-21-2992951554-1837063396-3875956677-1001] => Proxy [funkcja włączona] Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{05564529-ee9a-4a60-9b26-f1a07888bfc0}: [NameServer] 1.1.1.1 Tcpip\..\Interfaces\{05564529-ee9a-4a60-9b26-f1a07888bfc0}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{4e9df604-12bb-4231-9750-b6f47dccdaa1}: [DhcpNameServer] 8.8.8.8 8.8.4.4 ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: dkjildpe.default FF ProfilePath: C:\Users\MarciNasty\AppData\Roaming\Mozilla\Firefox\Profiles\dkjildpe.default [2018-08-18] FF NetworkProxy: Mozilla\Firefox\Profiles\dkjildpe.default -> type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-14] () FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-14] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> D:\Programy\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> D:\Programy\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09] Chrome: ======= CHR Profile: C:\Users\MarciNasty\AppData\Local\Google\Chrome\User Data\Default [2018-08-18] CHR Extension: (Prezentacje) - C:\Users\MarciNasty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-14] CHR Extension: (Dokumenty) - C:\Users\MarciNasty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-14] CHR Extension: (Dysk Google) - C:\Users\MarciNasty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-14] CHR Extension: (YouTube) - C:\Users\MarciNasty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-14] CHR Extension: (Arkusze) - C:\Users\MarciNasty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-14] CHR Extension: (Dokumenty Google offline) - C:\Users\MarciNasty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-14] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\MarciNasty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-10] CHR Extension: (Office Online Editing) - C:\Users\MarciNasty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolgbnbldiaimikbineaocghkfhghdkp [2018-05-24] CHR Extension: (Gmail) - C:\Users\MarciNasty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-14] CHR Extension: (Chrome Media Router) - C:\Users\MarciNasty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-14] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-20] () R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe [65536 2004-12-13] (The Firebird Project) [Brak podpisu cyfrowego] R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe [1527893 2004-12-13] (The Firebird Project) [Brak podpisu cyfrowego] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2017-05-18] (Intel Corporation) R2 MobilePreIIAudioDevMon; C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe [1975056 2013-05-23] (M-Audio) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-28] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-28] (Microsoft Corporation) S2 luminati_net_updater_win_hola_org; C:/Program Files/Hola/app/net_updater64.exe --updater win_hola.org [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [33448 2016-12-07] () R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30320 2017-11-23] (Windows (R) Codename Longhorn DDK provider) S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] () [Brak podpisu cyfrowego] R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-01-14] (REALiX(tm)) R3 MAUSBMOBILEPREII; C:\Windows\system32\DRIVERS\MAudioMobilePreII.sys [464144 2013-05-23] (M-Audio) R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated) R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-04-28] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [313888 2018-04-28] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-28] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-08-18 02:53 - 2018-08-18 02:54 - 000016106 _____ C:\Users\MarciNasty\Downloads\FRST.txt 2018-08-18 02:53 - 2018-08-18 02:53 - 002412544 _____ (Farbar) C:\Users\MarciNasty\Downloads\FRST64.exe 2018-08-18 02:53 - 2018-08-18 02:53 - 000000000 ____D C:\FRST 2018-08-18 02:27 - 2018-08-18 02:28 - 000000000 ____D C:\AdwCleaner 2018-08-18 02:27 - 2018-08-18 02:27 - 007407312 _____ (Malwarebytes) C:\Users\MarciNasty\Downloads\AdwCleaner.exe 2018-08-18 00:41 - 2018-08-18 00:41 - 000000587 _____ C:\Users\Public\Desktop\Snaz.lnk 2018-08-18 00:41 - 2018-08-18 00:41 - 000000000 ____D C:\Users\MarciNasty\AppData\Local\JimsApps 2018-08-18 00:41 - 2018-08-18 00:41 - 000000000 ____D C:\Snaz 2018-08-18 00:41 - 2018-08-18 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snaz 2018-08-18 00:31 - 2018-08-18 00:45 - 1467099412 _____ (The FlightGear Team ) C:\Users\MarciNasty\Downloads\FlightGear-2017.1.2.exe 2018-08-18 00:13 - 2018-08-18 00:13 - 001805350 _____ (JimsApps ) C:\Users\MarciNasty\Downloads\SnazSetup.exe 2018-08-17 17:34 - 2018-08-17 17:35 - 068750284 _____ () C:\Users\MarciNasty\Downloads\digiCamControlsetup_2.1.0.0(1).exe 2018-08-17 17:28 - 2018-08-17 17:28 - 000000000 ____D C:\Users\MarciNasty\AppData\Local\ImageMagick 2018-08-17 17:27 - 2018-08-17 17:41 - 000000000 ____D C:\ProgramData\digiCamControl 2018-08-17 17:27 - 2018-08-17 17:27 - 000001073 _____ C:\Users\Public\Desktop\digiCamControl.lnk 2018-08-17 17:27 - 2018-08-17 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\digiCamControl 2018-08-17 17:27 - 2018-08-17 17:27 - 000000000 ____D C:\Program Files (x86)\digiCamControl 2018-08-17 17:26 - 2018-08-17 17:26 - 068750284 _____ () C:\Users\MarciNasty\Downloads\digiCamControlsetup_2.1.0.0.exe 2018-08-15 21:37 - 2018-08-15 21:37 - 000000000 ____D C:\Windows\System32\Tasks\S-1-5-21-2992951554-1837063396-3875956677-1001 2018-08-15 20:43 - 2018-08-15 21:00 - 000000000 ____D C:\Users\MarciNasty\Desktop\export 2018-08-14 12:11 - 2018-08-14 12:11 - 000534763 _____ C:\Users\MarciNasty\Desktop\Marcin Misiewicz CV.pdf 2018-08-09 15:28 - 2018-08-09 15:29 - 117875831 _____ C:\Users\MarciNasty\Desktop\videoplayback.mp4 2018-08-09 15:18 - 2018-08-09 15:19 - 031778049 _____ C:\Users\MarciNasty\Downloads\500L KAKAO W BASENIE! W LUURE.mp4 2018-08-02 13:43 - 2018-08-02 13:43 - 000001436 _____ C:\Users\MarciNasty\Desktop\CopyTrans Control Center.lnk 2018-08-02 13:43 - 2018-08-02 13:43 - 000000000 ____D C:\Users\MarciNasty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center 2018-08-02 13:42 - 2018-08-02 13:53 - 000000000 ____D C:\ProgramData\WindSolutions 2018-08-02 13:42 - 2018-08-02 13:44 - 000000000 ____D C:\Users\MarciNasty\AppData\Roaming\WindSolutions 2018-08-02 13:42 - 2018-08-02 13:42 - 008046792 _____ (WindSolutions) C:\Users\MarciNasty\Downloads\Install_CopyTransControlCenter.exe 2018-08-02 13:30 - 2018-08-02 13:30 - 000001822 _____ C:\Users\Public\Desktop\iTunes.lnk 2018-08-02 13:30 - 2018-08-02 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2018-08-02 13:30 - 2018-08-02 13:30 - 000000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2018-08-02 13:30 - 2018-08-02 13:30 - 000000000 ____D C:\Program Files\iTunes 2018-08-02 13:30 - 2018-08-02 13:30 - 000000000 ____D C:\Program Files\iPod 2018-08-02 13:30 - 2018-08-02 13:30 - 000000000 ____D C:\Program Files (x86)\iTunes 2018-08-02 13:21 - 2018-08-02 13:23 - 000000000 ____D C:\Users\MarciNasty\AppData\Roaming\Apple Computer 2018-08-02 13:21 - 2018-08-02 13:21 - 000000000 ____D C:\Users\MarciNasty\AppData\Local\Apple Computer 2018-08-02 13:21 - 2012-10-03 16:14 - 000033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2018-08-02 13:20 - 2018-08-02 13:27 - 000000000 ____D C:\Program Files\Common Files\Apple 2018-08-02 13:20 - 2018-08-02 13:20 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2018-08-02 13:20 - 2018-08-02 13:20 - 000000000 ____D C:\Users\MarciNasty\AppData\Local\Apple 2018-08-02 13:20 - 2018-08-02 13:20 - 000000000 ____D C:\ProgramData\Apple Computer 2018-08-02 13:20 - 2018-08-02 13:20 - 000000000 ____D C:\ProgramData\Apple 2018-08-02 13:20 - 2018-08-02 13:20 - 000000000 ____D C:\Program Files\Bonjour 2018-08-02 13:20 - 2018-08-02 13:20 - 000000000 ____D C:\Program Files (x86)\Bonjour 2018-08-02 13:20 - 2018-08-02 13:20 - 000000000 ____D C:\Program Files (x86)\Apple Software Update 2018-08-02 13:17 - 2018-08-02 13:19 - 152447768 _____ (Apple Inc.) C:\Users\MarciNasty\Downloads\iTunes6464Setup.exe 2018-08-01 23:27 - 2018-08-01 23:28 - 010533085 _____ C:\Users\MarciNasty\Downloads\LUTs Pack by Kamran Brown (Subscribe).zip 2018-08-01 21:19 - 2015-05-02 03:10 - 022041407 _____ C:\Users\MarciNasty\Desktop\IMG_7014.CR2 2018-08-01 21:19 - 2015-05-02 03:02 - 020916252 _____ C:\Users\MarciNasty\Desktop\IMG_7008.CR2 2018-08-01 21:07 - 2015-05-02 03:15 - 128817188 _____ C:\Users\MarciNasty\Desktop\MVI_7018.MOV 2018-08-01 20:26 - 2018-08-01 20:26 - 000000000 ____D C:\Users\MarciNasty\Downloads\v115-t5i-700d-x7i-win 2018-08-01 20:25 - 2018-08-01 20:26 - 019172060 _____ C:\Users\MarciNasty\Downloads\v115-t5i-700d-x7i-win.zip 2018-08-01 19:41 - 2018-08-01 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2018-08-01 19:41 - 2018-08-01 19:42 - 000000000 ____D C:\Program Files (x86)\Canon 2018-08-01 19:41 - 2018-08-01 19:41 - 000000000 ____D C:\Users\MarciNasty\Downloads\euw2.14.20a-updater 2018-08-01 19:41 - 2018-08-01 19:41 - 000000000 ____D C:\Users\MarciNasty\AppData\Roaming\canon 2018-08-01 19:41 - 2018-08-01 19:41 - 000000000 ____D C:\ProgramData\Canon_Inc_IC 2018-08-01 19:39 - 2018-08-01 19:40 - 099814828 _____ C:\Users\MarciNasty\Downloads\euw2.14.20a-updater.zip 2018-08-01 19:35 - 2018-08-01 19:35 - 000000000 ____D C:\Users\MarciNasty\Downloads\technicolor_cinestyle_v1.0 2018-08-01 19:35 - 2018-08-01 19:35 - 000000000 ____D C:\Users\MarciNasty\Downloads\magiclantern-Nightly.2018Jul03.700D115 2018-08-01 19:34 - 2018-08-05 01:40 - 000000000 ____D C:\Users\MarciNasty\AppData\Local\CANON_INC 2018-08-01 19:34 - 2018-08-01 19:41 - 000001144 _____ C:\Users\Public\Desktop\EOS Utility.lnk 2018-08-01 19:32 - 2018-08-01 19:32 - 000000000 ____D C:\Users\MarciNasty\Downloads\CanonEOS241W 2018-08-01 19:30 - 2018-08-01 19:30 - 002695992 _____ C:\Users\MarciNasty\Downloads\technicolor_cinestyle_v1.0.zip 2018-08-01 19:13 - 2018-08-01 19:27 - 407146496 _____ C:\Users\MarciNasty\Downloads\CanonEOS241W.iso 2018-08-01 17:29 - 2018-08-01 17:29 - 001859062 _____ C:\Users\MarciNasty\Downloads\magiclantern-Nightly.2018Jul03.700D115.zip 2018-08-01 16:44 - 2018-08-18 02:43 - 000000000 ____D C:\Users\MarciNasty\AppData\Roaming\bgtools 2018-07-30 13:49 - 2018-07-31 17:55 - 000000000 ____D C:\Users\MarciNasty\AppData\Roaming\grdsvc 2018-07-27 13:59 - 2018-07-27 14:00 - 310164542 _____ C:\Users\MarciNasty\Downloads\Wizard - Spójrz 2013.wmv ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-08-18 02:49 - 2018-01-14 05:59 - 000000000 ____D C:\Program Files\KMSpico 2018-08-18 02:49 - 2018-01-14 05:38 - 004347606 _____ C:\Windows\system32\PerfStringBackup.INI 2018-08-18 02:49 - 2017-09-30 16:29 - 002110572 _____ C:\Windows\system32\perfh015.dat 2018-08-18 02:49 - 2017-09-30 16:29 - 000541510 _____ C:\Windows\system32\perfc015.dat 2018-08-18 02:43 - 2018-02-07 00:26 - 000000000 ____D C:\Users\MarciNasty\AppData\LocalLow\Mozilla 2018-08-18 02:42 - 2018-01-14 23:41 - 000000000 __SHD C:\Users\MarciNasty\IntelGraphicsProfiles 2018-08-18 02:42 - 2018-01-14 05:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-08-18 02:42 - 2017-09-29 10:45 - 000524288 _____ C:\Windows\system32\config\BBI 2018-08-18 02:41 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF 2018-08-18 02:28 - 2018-01-14 06:17 - 000000000 ____D C:\Users\MarciNasty\AppData\Roaming\IObit 2018-08-18 02:14 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\NDF 2018-08-18 01:55 - 2017-09-29 15:46 - 000000000 ___HD C:\Windows\ELAMBKUP 2018-08-18 01:37 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization 2018-08-18 01:32 - 2018-01-15 00:14 - 000000000 ____D C:\Users\MarciNasty\AppData\Roaming\obs-studio 2018-08-17 23:01 - 2018-01-14 05:32 - 000000000 ____D C:\Windows\system32\SleepStudy 2018-08-17 17:27 - 2018-01-14 23:44 - 000000000 ____D C:\ProgramData\Package Cache 2018-08-15 20:18 - 2018-01-14 05:34 - 000000000 ____D C:\Users\MarciNasty 2018-08-15 10:58 - 2018-02-07 00:26 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-08-15 10:58 - 2018-02-07 00:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-08-14 21:52 - 2018-04-18 11:26 - 000004698 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-08-14 21:52 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\Macromed 2018-08-14 21:51 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-08-08 21:01 - 2018-02-07 00:26 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-08-08 20:07 - 2018-01-14 06:13 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-08 20:07 - 2018-01-14 06:13 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-06 13:11 - 2018-06-26 22:47 - 000000000 ____D C:\Users\MarciNasty\Desktop\Nowy folder 2018-08-05 19:49 - 2018-02-10 01:20 - 000000770 _____ C:\Users\MarciNasty\Desktop\pppppp.txt 2018-08-05 19:35 - 2018-07-11 07:57 - 000537579 _____ C:\Users\MarciNasty\Desktop\Marcin Misiewicz CV.pdf 2018-08-02 13:39 - 2018-01-14 06:27 - 000000000 ____D C:\Users\MarciNasty\AppData\Local\PlaceholderTileLogoFolder 2018-08-01 21:12 - 2018-01-14 05:35 - 000000000 ____D C:\Users\MarciNasty\AppData\Roaming\Adobe 2018-08-01 19:42 - 2018-01-14 05:35 - 000000000 ____D C:\Users\MarciNasty\AppData\Local\VirtualStore 2018-07-31 17:48 - 2018-02-08 21:21 - 000001096 ____H C:\Windows\EPMBatch.ept 2018-07-31 17:47 - 2018-02-08 21:16 - 000000000 _____ C:\Windows\BcdLog.txt 2018-07-20 11:44 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\LiveKernelReports ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-05-20 20:32 - 2018-05-20 20:32 - 000140800 _____ () C:\Users\MarciNasty\AppData\Local\installer.dat 2018-05-20 20:32 - 2018-05-20 20:35 - 000929792 _____ () C:\Users\MarciNasty\AppData\Local\sham.db Niektóre pliki w TEMP: ==================== 2018-07-18 17:49 - 2018-07-18 17:49 - 007257000 _____ (Hola Networks Ltd.) C:\Users\MarciNasty\AppData\Local\Temp\Hola-Setup-x64-1.101.793.exe 2017-10-26 10:07 - 2017-10-26 10:07 - 000488960 _____ () C:\Users\MarciNasty\AppData\Local\Temp\sqlite3.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-02-25 07:35 ==================== Koniec FRST.txt ============================