Przypałętało się cholerstwo. System skanowany Avastem, Dr.Web CureIt!, Malwarebytes Anti-Malware http://obrazki.elektroda.pl/6871060200_1487852961_thumb.jpg http://obrazki.elektroda.pl/9418391200_1487852963_thumb.jpg
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 23-02-2017
Uruchomiony przez Mateusz (administrator) LENOVO-PC (23-02-2017 13:29:07)
Uruchomiony z C:\Users\Mateusz\Downloads\FRST
Załadowane profile: UpdatusUser & Mateusz (Dostępne profile: UpdatusUser & Mateusz)
Platform: Windows 10 Home Wersja 1607 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Edge)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesy (filtrowane) =================
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Pokki) C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo) C:\Program Files\lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPNetworkCommunicatorCom.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Users\Mateusz\Downloads\launch.exe
() C:\Users\Mateusz\AppData\Local\Temp\AEC3CA4A-F56E8A08-79DDE088-67E3B7F0\y7N2fJ5yaZOK.exe
() C:\Users\Mateusz\AppData\Local\Temp\AEC3CA4A-F56E8A08-79DDE088-67E3B7F0\OVZdrqxrXPRfX.exe
() C:\Users\Mateusz\AppData\Local\Temp\AEC3CA4A-F56E8A08-79DDE088-67E3B7F0\mSih2nmq.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Rejestr (filtrowane) ====================
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
HKLM\...\Run: [RtsFT] = & gt; C:\WINDOWS\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] = & gt; C:\Program Files\Elantech\ETDCtrl.exe [3805928 2016-08-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IgfxTray] = & gt; C:\WINDOWS\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [Nvtmru] = & gt; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] = & gt; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] = & gt; C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] = & gt; C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] = & gt; C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [OnekeyStudio] = & gt; C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] = & gt; C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-11-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] = & gt; C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-11-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [Malwarebytes TrayApp] = & gt; C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [UpdateP2GShortCut] = & gt; C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-831441598-3580422230-474571488-1001\...\RunOnce: [WAB Migrate] = & gt; C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-831441598-3580422230-474571488-1002\...\Run: [DAEMON Tools Lite Automount] = & gt; C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-831441598-3580422230-474571488-1002\...\Run: [CCleaner Monitoring] = & gt; C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-831441598-3580422230-474571488-1002\...\MountPoints2: {24ef5756-bb0e-11e6-829a-d07e352dada1} - " F:\HiSuiteDownLoader.exe "
HKU\S-1-5-21-831441598-3580422230-474571488-1002\...\MountPoints2: {24ef5767-bb0e-11e6-829a-d07e352dada1} - " F:\HiSuiteDownLoader.exe "
HKU\S-1-5-21-831441598-3580422230-474571488-1002\...\MountPoints2: {b6911a78-f42f-11e6-82a5-d07e352dada1} - " F:\startme.exe "
HKU\S-1-5-21-831441598-3580422230-474571488-1002\...\MountPoints2: {e2a7e828-d92f-11e4-8266-d07e352dada1} - " H:\iLinker.exe "
HKLM\...\Providers\8qj1ollm: C:\Program Files (x86)\Atervuther Launcher\local64spl.dll
ShellExecuteHooks: Brak nazwy - {31A158E4-DE3E-11E6-8239-64006A5CFC23} - - & gt; Brak pliku
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] - & gt; {1E9CED2C-E7B4-4C47-B07A-25416393B67B} = & gt; C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] - & gt; {C1285F4D-918F-4EF2-BC94-CAD5B118C835} = & gt; C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] - & gt; {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} = & gt; C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] - & gt; {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} = & gt; C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] - & gt; {1E9CED2C-E7B4-4C47-B07A-25416393B67B} = & gt; C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] - & gt; {C1285F4D-918F-4EF2-BC94-CAD5B118C835} = & gt; C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] - & gt; {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} = & gt; C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] - & gt; {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} = & gt; C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - .lnk [2017-02-17]
ShortcutTarget: Powiadomienia monitorowania tuszu - .lnk - & gt; C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Officejet Pro 8100 (sieć).lnk [2017-02-23]
ShortcutTarget: Powiadomienia monitorowania tuszu - HP Officejet Pro 8100 (sieć).lnk - & gt; C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (filtrowane) ====================
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8cad3b50-4a6c-4361-8833-1b467def5460}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{abad94bc-467a-4279-897c-08b76ff97ab6}: [DhcpNameServer] 217.30.129.149 217.30.137.200
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp & ts=1486554060 & z=677995bb65fae3ed3fdee34g9z5b3q0w2w4z3e6w3q & from=archer1028 & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds & ts=1486554060 & z=677995bb65fae3ed3fdee34g9z5b3q0w2w4z3e6w3q & from=archer1028 & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM & q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds & ts=1486554060 & z=677995bb65fae3ed3fdee34g9z5b3q0w2w4z3e6w3q & from=archer1028 & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM & q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp & ts=1486554060 & z=677995bb65fae3ed3fdee34g9z5b3q0w2w4z3e6w3q & from=archer1028 & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds & ts=1486554060 & z=677995bb65fae3ed3fdee34g9z5b3q0w2w4z3e6w3q & from=archer1028 & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM & q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds & ts=1486554060 & z=677995bb65fae3ed3fdee34g9z5b3q0w2w4z3e6w3q & from=archer1028 & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM & q={searchTerms}
HKU\S-1-5-21-831441598-3580422230-474571488-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.pl/
HKU\S-1-5-21-831441598-3580422230-474571488-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp & ts=1486554060 & z=677995bb65fae3ed3fdee34g9z5b3q0w2w4z3e6w3q & from=archer1028 & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM
HKU\S-1-5-21-831441598-3580422230-474571488-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM-x32 - & gt; DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds & ts=1486554060 & z=677995bb65fae3ed3fdee34g9z5b3q0w2w4z3e6w3q & from=archer1028 & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM & q={searchTerms}
SearchScopes: HKLM-x32 - & gt; {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds & ts=1486554060 & z=677995bb65fae3ed3fdee34g9z5b3q0w2w4z3e6w3q & from=archer1028 & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM & q={searchTerms}
SearchScopes: HKU\S-1-5-21-831441598-3580422230-474571488-1002 - & gt; {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds & ts=1486554060 & z=677995bb65fae3ed3fdee34g9z5b3q0w2w4z3e6w3q & from=archer1028 & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM & q={searchTerms}
BHO-x32: Content Blocker Plugin - & gt; {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - & gt; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - & gt; {73455575-E40C-433C-9784-C78DC7761455} - & gt; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-03-26] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - & gt; {E33CF602-D945-461A-83F0-819F76A199F8} - & gt; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
FireFox:
========
FF ProfilePath: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\2j4sh7dk.default\Profiles\2j4sh7dk.default [nie znaleziono]
FF ProfilePath: C:\Users\Mateusz\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\2j4sh7dk.default\Profiles\2j4sh7dk.default [nie znaleziono]
FF ProfilePath: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\2j4sh7dk.default [2017-02-23]
FF NewTab: Mozilla\Firefox\Profiles\2j4sh7dk.default - & gt; hxxp://www.youndoo.com/?z=8299795c4c33db25e4c42bcg5z3b1w1z6gdb3cdq5g & from=dam & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM & type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\2j4sh7dk.default - & gt; youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\2j4sh7dk.default - & gt; youndoo
FF Homepage: Mozilla\Firefox\Profiles\2j4sh7dk.default - & gt; hxxp://www.youndoo.com/?z=8299795c4c33db25e4c42bcg5z3b1w1z6gdb3cdq5g & from=dam & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM & type=hp
FF SearchPlugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\2j4sh7dk.default\searchplugins\8qj1ollm.xml [2017-01-26]
FF ProfilePath: C:\Users\Mateusz\AppData\Roaming\Firefox\Firefox\Profiles\2j4sh7dk.default [2017-02-10]
FF NewTab: Firefox\Firefox\Profiles\2j4sh7dk.default - & gt; hxxp://www.youndoo.com/?z=8299795c4c33db25e4c42bcg5z3b1w1z6gdb3cdq5g & from=dam & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM & type=hp
FF DefaultSearchEngine: Firefox\Firefox\Profiles\2j4sh7dk.default - & gt; youndoo
FF SelectedSearchEngine: Firefox\Firefox\Profiles\2j4sh7dk.default - & gt; youndoo
FF Homepage: Firefox\Firefox\Profiles\2j4sh7dk.default - & gt; hxxp://www.searchinme.com/?type=hp & ts=1486659049331 & z=dbf287851767dfc4e3a8ac4g4z9b1q0q1wdt4e3w3b & from=official & uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM
FF Extension: (SimilarWeb) - C:\Users\Mateusz\AppData\Roaming\Firefox\Firefox\Profiles\2j4sh7dk.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-02-10] [Brak podpisu cyfrowego]
FF Extension: (FF Adr) - C:\Users\Mateusz\AppData\Roaming\Firefox\Firefox\Profiles\2j4sh7dk.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-09] [Brak podpisu cyfrowego]
FF SearchPlugin: C:\Users\Mateusz\AppData\Roaming\Firefox\Firefox\Profiles\2j4sh7dk.default\searchplugins\8qj1ollm.xml [2017-01-26]
FF SearchPlugin: C:\Users\Mateusz\AppData\Roaming\Firefox\Firefox\Profiles\2j4sh7dk.default\searchplugins\searchinme.xml [2017-02-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-03-26] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-03-26] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2015-03-26] [Brak podpisu cyfrowego]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker - & gt; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-03-26] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard - & gt; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-03-26] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData - & gt; hxxp://google.pl/
CHR StartupUrls: ChromeDefaultData - & gt; " hxxp://google.pl/ "
CHR Profile: C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-13] & lt; ==== UWAGA
CHR Extension: (Prezentacje Google) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-26]
CHR Extension: (Dokumenty Google) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-27]
CHR Extension: (Dysk Google) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Adblock Plus) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (Google Search) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Arkusze Google) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (AdBlock Pro) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-02-01]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\padekgcemlokbadohgkifijomclgjgif [2017-01-11]
CHR Extension: (Gmail) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27]
==================== Usługi (filtrowane) ====================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2016-12-14] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134888 2016-08-15] (ELAN Microelectronics Corp.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Brak podpisu cyfrowego]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-11-26] (Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
R2 MS_TASK_SVR; C:\ProgramData\Apple\Apple Application Support\ErrorReport.dll [519168 2017-02-09] () [Brak podpisu cyfrowego]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2015-04-10] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5] & lt; ==== UWAGA
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Mateusz\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-02-15] (TODO: & lt; Company name & gt; ) [Brak podpisu cyfrowego]
R2 WinSnare; C:\Users\Mateusz\AppData\Roaming\WinSnare\WinSnare.dll [778752 2017-02-06] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Sterowniki (filtrowane) ======================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-01-26] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-01-26] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2017-01-17] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET)
R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [70960 2017-01-17] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32344 2016-08-15] (ELAN Microelectronic Corp.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2015-04-10] (Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [88752 2016-10-04] ()
S3 huawei_wwanecm; C:\WINDOWS\system32\DRIVERS\ew_juwwanecm.sys [229376 2015-04-10] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda)
S1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-23] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-23] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-23] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-23] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ( " CyberLink)
S1 emqtwlzo; \??\C:\WINDOWS\system32\drivers\emqtwlzo.sys [X]
S1 nvlmloeb; \??\C:\WINDOWS\system32\drivers\nvlmloeb.sys [X]
S1 pultipjg; \??\C:\WINDOWS\system32\drivers\pultipjg.sys [X]
S1 qwdmybik; \??\C:\WINDOWS\system32\drivers\qwdmybik.sys [X]
==================== NetSvcs (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
==================== Jeden miesiąc - utworzone pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2017-02-23 13:25 - 2017-02-23 13:29 - 00000000 ____D C:\Users\Mateusz\Downloads\FRST
2017-02-23 13:20 - 2017-02-23 13:22 - 00000000 ____D C:\Users\Mateusz\AppData\Local\MicrosoftEdge
2017-02-23 13:12 - 2017-02-23 13:13 - 00000000 ____D C:\Users\Mateusz\Desktop\kot na instagrama i facebooka
2017-02-23 13:01 - 2017-02-23 13:01 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-23 13:01 - 2017-02-23 13:01 - 00000000 ____D C:\Users\Mateusz\Doctor Web
2017-02-23 13:00 - 2017-02-23 13:13 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-23 13:00 - 2017-02-23 13:10 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-23 13:00 - 2017-02-23 13:06 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-23 13:00 - 2017-02-23 13:06 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-23 13:00 - 2017-02-23 13:00 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-23 13:00 - 2017-02-23 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-23 13:00 - 2017-02-23 13:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-23 13:00 - 2017-02-23 13:00 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-23 13:00 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-23 12:57 - 2017-02-23 13:01 - 148084256 _____ C:\Users\Mateusz\Downloads\launch.exe
2017-02-23 12:57 - 2017-02-23 12:59 - 55566792 _____ (Malwarebytes ) C:\Users\Mateusz\Downloads\mb3-setup-1878.1878-3.0.6.1469.exe
2017-02-21 09:18 - 2017-02-21 09:18 - 04921476 _____ C:\Users\Mateusz\Desktop\naklejka na drzwi.pdf
2017-02-21 09:17 - 2017-02-21 09:17 - 07409008 _____ C:\Users\Mateusz\Desktop\naklejka na drzwi.cdr
2017-02-21 09:11 - 2017-02-21 09:11 - 05332508 _____ C:\Users\Mateusz\Downloads\naklejka na drzwi.cdr
2017-02-17 09:45 - 2017-02-17 09:56 - 00000000 ____D C:\FRST
2017-02-16 14:34 - 2017-02-23 13:06 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\WinSAPSvc
2017-02-13 09:57 - 2017-02-13 09:57 - 00002862 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-13 09:57 - 2017-02-13 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-13 09:57 - 2017-02-13 09:57 - 00000000 ____D C:\Program Files\CCleaner
2017-02-13 09:51 - 2017-02-13 13:02 - 00000000 ____D C:\Users\Mateusz\AppData\Local\ESET
2017-02-13 09:47 - 2017-02-13 09:47 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-02-13 09:47 - 2017-02-13 09:47 - 00000000 ____D C:\Program Files (x86)\reports
2017-02-13 09:47 - 2017-02-13 09:47 - 00000000 _____ C:\Program Files (x86)\metadata
2017-02-13 09:46 - 2017-02-13 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-02-13 09:46 - 2017-02-13 09:46 - 00000000 ____D C:\ProgramData\ESET
2017-02-13 09:46 - 2017-02-13 09:46 - 00000000 ____D C:\Program Files\ESET
2017-02-10 18:12 - 2017-02-10 18:12 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 18:12 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-10 18:12 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-10 18:12 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-10 18:12 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-10 18:11 - 2016-12-29 14:10 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-09 17:50 - 2017-02-10 18:10 - 00002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-09 17:50 - 2017-02-10 18:03 - 00000000 ____D C:\Users\Mateusz\AppData\LocalLow\Mozilla
2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\WINDOWS\system32\log
2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Firefox
2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Elex-tech
2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Firefox
2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Eggness
2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\ProgramData\Apple
2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Program Files (x86)\Eggness
2017-02-09 17:50 - 2016-05-23 03:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2017-02-09 17:49 - 2017-02-23 13:06 - 00000051 _____ C:\Users\Public\Documents\temp.dat
2017-02-09 17:49 - 2017-02-13 11:30 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-02-09 12:45 - 2017-02-09 12:45 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.0)
2017-02-08 12:41 - 2017-02-08 12:41 - 00000378 _____ C:\WINDOWS\SysWOW64\data.bin
2017-02-07 09:17 - 2017-02-07 09:17 - 00070421 _____ C:\Users\Mateusz\Downloads\GK170207461576.pdf
2017-02-07 09:12 - 2017-02-16 14:34 - 00003654 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-02-07 09:12 - 2017-02-13 09:50 - 00000000 ____D C:\Program Files (x86)\WinArcher
2017-02-07 09:12 - 2017-02-10 18:10 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\WinSnare
2017-02-07 09:12 - 2017-02-09 17:49 - 00000000 ____D C:\Program Files (x86)\MIO
2017-02-07 09:12 - 2017-02-09 12:45 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.0.9)
2017-02-07 09:09 - 2017-02-07 09:09 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-07 09:09 - 2017-02-07 09:09 - 00000000 ____D C:\Program Files (x86)\8qj1ollm
2017-02-07 09:07 - 2017-02-07 09:07 - 00069164 _____ C:\Users\Mateusz\Downloads\GK170207777856.pdf
2017-02-03 20:40 - 2017-02-03 22:00 - 00000000 ____D C:\Users\Mateusz\Downloads\Vikings S01 Complete Season 1 EXTENDED BluRay 720p x265 HEVC [nate_666]
2017-02-03 20:03 - 2017-02-03 20:28 - 00000000 ____D C:\Users\Mateusz\Downloads\Hunt.for.the.Wilderpeople.2016.HDRip.XviD.AC3-EVO
2017-02-03 19:56 - 2017-02-03 20:28 - 00000000 ____D C:\Users\Mateusz\Downloads\Captain Fantastic 2016 1080p BluRay x264 DTS-JYK
2017-02-03 19:47 - 2017-02-03 20:03 - 00000000 ____D C:\Users\Mateusz\Downloads\[ www.torrenting.me ] - Hacksaw.Ridge.2016.DVDScr.XVID.AC3.HQ.Hive-CM8
2017-01-26 09:26 - 2017-01-26 09:26 - 00000000 ____D C:\Users\Mateusz\Documents\Moje palety
2017-01-26 09:20 - 2017-01-26 09:21 - 00003450 _____ C:\WINDOWS\System32\Tasks\CorelUpdateHelperTaskCore
2017-01-26 09:20 - 2017-01-26 09:20 - 00000000 ____D C:\ProgramData\VsTelemetry
2017-01-26 09:20 - 2017-01-26 09:20 - 00000000 ____D C:\Program Files (x86)\gs
2017-01-26 09:19 - 2017-01-26 09:19 - 00000000 ____D C:\Program Files\Common Files\Corel
2017-01-26 09:18 - 2017-01-26 09:18 - 00000000 ____D C:\Users\Public\Documents\Corel
2017-01-26 09:17 - 2017-01-26 09:20 - 00000000 ____D C:\Program Files\Corel
2017-01-26 09:17 - 2017-01-26 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)
2017-01-26 09:13 - 2017-01-26 09:13 - 00003780 _____ C:\WINDOWS\System32\Tasks\Lengegrawoward
2017-01-26 09:13 - 2017-01-26 09:13 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-01-26 09:13 - 2017-01-26 09:13 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Disc_Soft_Ltd
2017-01-26 09:13 - 2017-01-26 09:13 - 00000000 ____D C:\ProgramData\Avira
2017-01-26 09:13 - 2017-01-26 09:13 - 00000000 ____D C:\ProgramData\Avg
2017-01-26 09:13 - 2017-01-26 09:13 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-26 09:12 - 2017-02-13 10:01 - 00000000 ____D C:\Program Files (x86)\Zugowardghaqght
2017-01-26 09:12 - 2017-02-13 09:54 - 00000000 ____D C:\Program Files (x86)\Atervuther Launcher
2017-01-26 09:12 - 2017-02-13 09:53 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Muvitapicult
2017-01-26 09:12 - 2017-01-26 09:13 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Prerzeinganesoght
2017-01-26 09:12 - 2017-01-26 09:12 - 00006174 _____ C:\WINDOWS\System32\Tasks\Atervuther Launcher
2017-01-26 09:11 - 2017-02-13 12:39 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\DAEMON Tools Lite
2017-01-26 09:11 - 2017-01-26 09:13 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-01-26 09:11 - 2017-01-26 09:11 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-01-26 09:11 - 2017-01-26 09:11 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-01-26 09:11 - 2017-01-26 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-01-26 09:10 - 2017-01-26 09:11 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-01-25 12:54 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 12:54 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2017-02-23 13:27 - 2016-11-16 20:48 - 00371200 ___SH C:\Users\Mateusz\Desktop\Thumbs.db
2017-02-23 13:16 - 2016-07-14 08:07 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\MPC-HC
2017-02-23 13:09 - 2016-07-16 23:05 - 01060064 _____ C:\WINDOWS\system32\perfh015.dat
2017-02-23 13:09 - 2016-07-16 23:05 - 00257964 _____ C:\WINDOWS\system32\perfc015.dat
2017-02-23 13:09 - 2015-11-08 15:37 - 02631532 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-23 13:08 - 2016-10-13 10:43 - 00000000 ____D C:\Users\Mateusz
2017-02-23 13:06 - 2016-10-13 11:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-23 13:06 - 2016-10-13 10:39 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-23 13:06 - 2016-10-13 10:38 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-23 13:06 - 2015-11-08 17:00 - 00000000 __SHD C:\Users\Mateusz\IntelGraphicsProfiles
2017-02-23 13:05 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-23 12:27 - 2016-10-13 10:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-23 10:55 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-23 10:55 - 2015-04-01 11:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 10:53 - 2015-04-01 11:43 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 09:41 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-23 09:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-23 09:37 - 2015-03-26 18:47 - 00000000 ____D C:\Users\Mateusz\AppData\Local\SweetLabs App Platform
2017-02-21 09:14 - 2015-03-26 18:48 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Adobe
2017-02-21 09:01 - 2015-03-26 18:48 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Packages
2017-02-19 21:51 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-19 17:50 - 2016-07-07 21:40 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Skype
2017-02-17 20:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-16 19:26 - 2016-11-16 20:53 - 00000000 ____D C:\Users\Mateusz\Desktop\Nowy folder (2)
2017-02-13 12:49 - 2016-10-13 10:39 - 00000000 ____D C:\ProgramData\Conexant
2017-02-13 12:39 - 2016-10-16 19:03 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\uTorrent
2017-02-13 11:33 - 2015-07-23 06:20 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Opera Software
2017-02-13 11:33 - 2015-07-23 06:20 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Opera Software
2017-02-13 11:33 - 2015-07-23 06:19 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-13 11:29 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-13 10:27 - 2015-05-25 07:24 - 00000000 ____D C:\Users\Mateusz\AppData\Local\ElevatedDiagnostics
2017-02-13 09:50 - 2015-03-26 11:57 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-02-13 09:47 - 2016-07-16 12:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-10 18:11 - 2016-10-13 10:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 18:11 - 2014-11-26 23:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-10 18:10 - 2015-04-23 13:39 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2017-02-10 18:10 - 2015-03-26 11:55 - 00002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-08 16:36 - 2016-07-07 21:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-08 16:36 - 2016-07-07 21:40 - 00000000 ____D C:\ProgramData\Skype
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-03 21:11 - 2016-10-22 21:03 - 00000000 ____D C:\Users\Mateusz\AppData\LocalLow\uTorrent
2017-02-03 20:04 - 2016-10-22 21:10 - 00000000 ____D C:\Users\Mateusz\Downloads\FILMY
2017-02-02 11:37 - 2016-10-13 10:43 - 00000000 ____D C:\Users\UpdatusUser
2017-01-27 19:04 - 2016-10-13 10:32 - 00329624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-26 09:25 - 2017-01-18 09:48 - 00000000 ____D C:\Users\Mateusz\Documents\Corel
2017-01-26 09:24 - 2017-01-18 09:47 - 00000000 ____D C:\ProgramData\Corel
2017-01-26 09:20 - 2017-01-18 09:45 - 00000000 ____D C:\Program Files (x86)\Corel
2017-01-26 09:20 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-26 09:20 - 2014-11-26 23:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-26 09:18 - 2017-01-18 09:49 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Corel
2017-01-26 09:13 - 2016-10-13 10:57 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-01-26 09:13 - 2016-07-16 12:47 - 00000000 ____D C:\PerfLogs
2017-01-26 09:13 - 2015-05-14 13:50 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-01-26 09:13 - 2014-11-26 23:49 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-01-26 09:05 - 2016-12-01 19:24 - 00000000 ____D C:\Users\Public\CyberLink
2017-01-26 09:05 - 2016-11-16 13:56 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\CyberLink
==================== Pliki w katalogu głównym wybranych folderów =======
2017-02-13 09:47 - 2017-02-13 09:47 - 0000000 _____ () C:\Program Files (x86)\metadata
2017-02-13 09:47 - 2017-02-13 09:47 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-11-09 11:28 - 2016-11-09 11:28 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-10-13 10:39 - 2016-10-13 10:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-27 10:38 - 2015-03-27 10:38 - 0000117 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Niektóre pliki w TEMP:
====================
2017-02-19 16:49 - 2017-02-19 16:49 - 44048864 _____ (Skype Technologies S.A.) C:\Users\Mateusz\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
C:\WINDOWS\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\explorer.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo
LastRegBack: 2017-02-16 14:07
==================== Koniec FRST.txt ============================