Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 16-09-2016 Uruchomiony przez Michi (administrator) MICHIPC (16-09-2016 03:49:07) Uruchomiony z D:\ Załadowane profile: Michi (Dostępne profile: Michi) Platform: Windows 10 Pro Wersja 1511 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Safe Mode (with Networking) Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1075344 2014-12-08] (Highresolution Enterprises) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Zoolz Tray] => "C:\Program Files\Genie9\Zoolz2\ZoolzLauncher.exe" "C:\Program Files\Genie9\Zoolz2\Zoolz.exe" "-Delay" HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-07-10] (COMODO) HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-06-27] (Power Software Ltd) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-11-20] (Raptr, Inc) HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2012-07-24] (Creative Technology Ltd) HKLM-x32\...\Run: [FastAccess Web Alert] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe [2033648 2011-07-11] (Microsoft) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2015-05-12] (Microsoft Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe" /regrun HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2016-04-14] (VMware, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-09-13] (LogMeIn Inc.) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [screenSHU] => C:\Program Files (x86)\screenSHU\screenSHU.exe [2112000 2013-09-04] () HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [MK LOL] => C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe [1095704 2015-09-18] (MKGame) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [GG Tools] => C:\Program Files (x86)\Krzysztof Mortka\GG Tools\GGT.exe [3145728 2010-09-23] (Krzysztof Mortka) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2015-01-24] (ALLPlayer Group Ltd.) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [2790344 2015-06-17] (Napisy24.pl) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [5182896 2014-07-23] (ALLPlayer Group Ltd.) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2015-05-12] (Microsoft Corporation) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [Napisy24.pl] => C:\Program Files (x86)\Napisy24\Napisy24.exe [4739528 2015-06-17] (Napisy24.pl) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [GoogleChromeAutoLaunch_C32EEA6B70666B8F2109701687D7D44D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\ChomikBox.exe [3939840 2015-12-10] ( ) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1367280 2016-02-05] (Bogdan Sharkov) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [IVONA Reader] => "C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe.exe" -t -nosplash HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [IROElauncher] => C:\Program Files (x86)\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe [94720 2008-09-26] (Nektra S.A.) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [974360 2016-07-21] (BlueStack Systems, Inc.) HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe" HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\RunOnce: [Uninstall C:\Users\Michi\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michi\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64" HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\...\Policies\Explorer: [] HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\lol.scr [3721216 2016-03-30] () ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Brak pliku Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2016-09-13] ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Brak pliku) Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2014-10-17] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () GroupPolicyScripts: Ograniczenia <======= UWAGA GroupPolicyScripts\User: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: -> Catalog9 - Uszkodzony dostęp do internetu z powodu brakującego wejścia. <===== UWAGA Winsock: -> Catalog9-x64 - Uszkodzony dostęp do internetu z powodu brakującego wejścia. <===== UWAGA Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\..\Interfaces\{e8a305a8-2ee1-4596-aac3-25a600578475}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3638238946-2676091398-2447339669-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE13&ocid=UE13DHP BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-22] (Oracle Corporation) BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> Brak pliku BHO: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll [2009-10-14] (IVO Software Sp. z o.o.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-22] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO-x32: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll [2009-10-14] (IVO Software Sp. z o.o.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) Toolbar: HKLM - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll [2009-10-14] (IVO Software Sp. z o.o.) Toolbar: HKLM-x32 - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll [2009-10-14] (IVO Software Sp. z o.o.) FireFox: ======== FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\ku8bbosf.default FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Brak pliku] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-06-21] () FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll [2015-07-15] ( ) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin HKU\S-1-5-21-3638238946-2676091398-2447339669-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-20] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2015-07-15] ( ) FF Extension: (Greasemonkey) - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\ku8bbosf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-12-15] FF Extension: (Execute JS) - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\ku8bbosf.default\extensions\{7067a92c-1db4-4e5e-869c-25f841287f8b}.xpi [2015-12-15] Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => Brak pliku CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04] CHR Extension: (Dokumenty Google) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Dysk Google) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Kaspersky Protection) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-06] CHR Extension: (Arkusze Google) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04] CHR Extension: (Pulpit zdalny Chrome) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-02-17] CHR Extension: (Wurstify) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgjhjfmpmeejklbaibomojpbekdbpcp [2015-06-04] CHR Extension: (Dokumenty Google offline) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17] CHR Extension: (AdBlock) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-11] CHR Extension: (Mustache) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcbbohadnpdchjjfpklnbbeppakknoid [2015-06-04] CHR Extension: (Kappa Everywhere - Global Twitch Emotes) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jafkphjeboadjffjfcigcdfdilpcacod [2016-03-10] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26] CHR Extension: (Gmail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Prezentacje Google) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-17] CHR Extension: (Dokumenty Google) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-17] CHR Extension: (Dysk Google) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11] CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11] CHR Extension: (Adblock Plus) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24] CHR Extension: (Google Search) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-11] CHR Extension: (Arkusze Google) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-17] CHR Extension: (Dokumenty Google offline) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17] CHR Extension: (Chrome Media Router) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-31] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-11-29] () [Brak podpisu cyfrowego] S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.) S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-07-21] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-07-21] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-07-21] (BlueStack Systems, Inc.) S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.) S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-07-10] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-07-10] (COMODO) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2621448 2016-09-13] (LogMeIn Inc.) S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4812944 2016-09-15] (SurfRight B.V.) S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-08-31] (LogMeIn, Inc.) S2 LolScreenSaverService; C:\Riot Games\LolScreenSaver\service\service.exe [707072 2016-03-30] () [Brak podpisu cyfrowego] S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation) S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Brak podpisu cyfrowego] S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH) S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-07-30] (VIA Technologies, Inc.) S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12471368 2016-04-14] () S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation) S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [X] S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe" [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2015-05-08] (Advanced Micro Devices, Inc.) S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices) S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-07-21] (BlueStack Systems) S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-07-21] (Bluestack System Inc. ) S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO) S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO) S3 EvolveVirtualAdapter; C:\Windows\System32\drivers\evolve.sys [21656 2014-10-18] (Echobit, LLC) R3 Hamachi; C:\Windows\System32\drivers\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-09-15] () S3 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [256728 2016-09-15] (SurfRight B.V.) S3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [87592 2016-09-15] (SurfRight B.V.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-07-10] (COMODO) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-15] (Malwarebytes) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] () S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation) S3 V0770Vid; C:\Windows\system32\DRIVERS\V0770Vid.sys [390136 2015-08-20] (Creative Technology Ltd.) R1 VBoxNetAdp; C:\Windows\System32\drivers\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation) S3 VMfilt; C:\Windows\system32\drivers\VMfilt64.sys [42192 2015-06-22] (Creative Technology Ltd.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.) S2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [37416 2015-08-20] (Wellbia.com Co., Ltd.) R3 ykinw8; C:\Windows\System32\drivers\ykinx64.sys [288768 2015-10-30] (Marvell) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-16 04:43 - 2016-09-16 04:43 - 00000000 __SHD C:\found.000 2016-09-16 04:10 - 2016-09-16 04:10 - 00000000 ___HD C:\$Windows.~BT 2016-09-16 04:09 - 2016-09-16 04:19 - 00000000 ___HD C:\$SysReset 2016-09-16 03:47 - 2016-09-16 03:49 - 00000000 ____D C:\FRST 2016-09-16 02:50 - 2016-09-16 03:14 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2016-09-16 00:34 - 2016-09-16 04:19 - 00000000 _____ C:\Recovery.txt 2016-09-15 21:01 - 2016-09-15 21:01 - 06515220 _____ C:\Users\Michi\Downloads\Raport_CERT_OPL_2015.pdf 2016-09-15 20:38 - 2016-09-15 20:39 - 03861056 _____ C:\Users\Michi\Downloads\adwcleaner_6.020.exe 2016-09-15 20:07 - 2016-09-15 20:07 - 01592010 _____ C:\Users\Michi\Downloads\9c9dc844b292cb57adec8dabe327ccd29109feb0.pdf 2016-09-15 19:17 - 2016-09-15 19:17 - 00002644 _____ C:\WINDOWS\system32\.crusader 2016-09-15 19:03 - 2016-09-16 03:44 - 00000000 ____D C:\WINDOWS\CryptoGuard 2016-09-15 19:03 - 2016-09-15 23:58 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2016-09-15 19:03 - 2016-09-15 21:48 - 00000000 ____D C:\ProgramData\HitmanPro.Alert 2016-09-15 19:03 - 2016-09-15 19:18 - 00000000 ____D C:\ProgramData\HitmanPro 2016-09-15 19:03 - 2016-09-15 19:03 - 00866960 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll 2016-09-15 19:03 - 2016-09-15 19:03 - 00790672 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll 2016-09-15 19:03 - 2016-09-15 19:03 - 00256728 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys 2016-09-15 19:03 - 2016-09-15 19:03 - 00087592 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys 2016-09-15 19:03 - 2016-09-15 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2016-09-15 19:03 - 2016-09-15 19:03 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert 2016-09-15 19:02 - 2016-09-15 19:02 - 00000000 ____D C:\Program Files (x86)\ESET 2016-09-15 19:01 - 2016-09-15 19:02 - 04812944 _____ (SurfRight B.V.) C:\Users\Michi\Downloads\hmpalert3.exe 2016-09-15 19:01 - 2016-09-15 19:02 - 02870984 _____ (ESET) C:\Users\Michi\Downloads\esetsmartinstaller_plk.exe 2016-09-15 15:34 - 2016-09-15 15:34 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk 2016-09-15 15:34 - 2016-09-15 15:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO 2016-09-15 15:34 - 2016-09-15 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2016-09-14 14:50 - 2016-09-14 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2016-09-14 14:50 - 2016-09-14 14:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2016-09-14 12:38 - 2016-09-14 12:38 - 00000000 _____ C:\ProgramData\cis619B.exe 2016-09-14 12:35 - 2016-09-14 12:36 - 68616400 _____ (COMODO) C:\Users\Michi\Downloads\cispremium_only_installer.exe 2016-09-13 21:08 - 2016-09-13 21:08 - 00000000 ____D C:\Users\Michi\AppData\Local\CrashDumps 2016-09-13 21:06 - 2016-09-13 21:15 - 72360934 _____ C:\Users\Michi\Downloads\Wondershare.MobileGo.7.6.1.25 (1).rar 2016-09-13 20:40 - 2016-09-13 20:49 - 00000000 ____D C:\Users\Michi\AppData\LocalLow\uTorrent 2016-09-13 20:40 - 2016-09-13 20:42 - 76834014 ____R C:\Users\Michi\Downloads\Wondershare MobileGo 8.2.0.88.zip 2016-09-13 20:24 - 2016-09-13 20:26 - 03802588 _____ C:\Users\Michi\Downloads\Easy Backup Restore_4.9.1_apk-dl.com.apk 2016-09-13 20:01 - 2016-09-13 20:07 - 72360934 _____ C:\Users\Michi\Downloads\Wondershare.MobileGo.7.6.1.25.rar 2016-09-12 21:55 - 2016-09-13 21:02 - 00000000 ____D C:\Users\Michi\Documents\Wondershare 2016-09-12 21:53 - 2016-09-12 21:54 - 00000000 ____D C:\Users\Public\Documents\Wondershare 2016-09-12 21:53 - 2016-09-12 21:53 - 01183888 _____ C:\Users\Michi\Downloads\mobilego_setup_full818.exe 2016-09-12 21:53 - 2016-09-12 21:53 - 01183888 _____ C:\Users\Michi\Downloads\mobilego_setup_full818 (1).exe 2016-09-12 21:52 - 2016-09-12 21:52 - 00000000 ____D C:\Users\Michi\Desktop\telefonpatryk 2016-09-12 21:28 - 2016-09-12 21:28 - 00000480 _____ C:\Users\Michi\Downloads\Connection Patcher.bat 2016-09-12 21:26 - 2016-09-12 21:26 - 00000369 _____ C:\Users\Michi\Downloads\Serials (1).txt 2016-09-12 21:25 - 2016-09-12 21:25 - 00000529 _____ C:\Users\Michi\Downloads\Install Notes (1).txt 2016-09-12 21:24 - 2016-09-12 21:24 - 00000000 ____D C:\Users\Michi\AppData\Local\Wondershare 2016-09-12 21:18 - 2016-09-12 21:18 - 00000529 _____ C:\Users\Michi\Downloads\Install Notes.txt 2016-09-12 21:16 - 2016-09-12 21:16 - 00000369 _____ C:\Users\Michi\Downloads\Serials.txt 2016-09-12 21:16 - 2016-09-12 21:16 - 00000000 ____D C:\ProgramData\wsr 2016-09-12 20:39 - 2016-09-12 21:55 - 00000000 ____D C:\Users\Michi\AppData\Roaming\HMYGSetting 2016-09-12 20:38 - 2016-09-12 22:00 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Wondershare 2016-09-12 20:38 - 2016-09-12 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2016-09-12 20:38 - 2016-09-12 21:26 - 00000000 ____D C:\ProgramData\Wondershare 2016-09-12 20:38 - 2016-09-12 20:38 - 00000000 ___HD C:\Program Files (x86)\DrFoneAndroid_Temp 2016-09-12 20:38 - 2015-02-27 10:35 - 00000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config 2016-09-12 20:34 - 2016-09-12 20:37 - 52468072 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Michi\Downloads\android-recovery.exe 2016-09-12 20:32 - 2016-09-12 23:39 - 07727621 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Michi\Downloads\Niepotwierdzony 629843.crdownload 2016-09-12 20:31 - 2016-09-12 20:37 - 00000000 ____D C:\Users\Michi\Desktop\fon 2016-09-10 08:26 - 2016-09-10 08:32 - 00000000 ____D C:\Users\Michi\Desktop\Do Laptopa 2016-09-09 12:02 - 2016-09-09 12:02 - 00055852 _____ C:\Users\Michi\Downloads\PILAT-PRZEMYSLAW.pdf 2016-09-07 20:15 - 2016-09-07 20:15 - 00050096 _____ C:\Users\Michi\Downloads\because_i_am_happy.zip 2016-09-07 19:00 - 2016-09-07 19:00 - 00002085 _____ C:\Users\Michi\Desktop\mobile.js 2016-09-07 18:58 - 2016-09-07 18:58 - 00002103 _____ C:\Users\Michi\Downloads\detectmobilebrowser.php.txt 2016-09-07 18:57 - 2016-09-07 19:00 - 00002073 _____ C:\Users\Michi\Downloads\detectmobilebrowser.js.txt 2016-09-07 18:43 - 2016-09-07 18:43 - 06662856 _____ (Tim Kosse) C:\Users\Michi\Downloads\FileZilla_3.21.0_win64-setup.exe 2016-09-07 18:05 - 2016-09-07 18:05 - 00000000 ____D C:\Users\Michi\Desktop\menu 2016-09-07 18:04 - 2016-09-07 18:05 - 22533317 _____ C:\Users\Michi\Downloads\retrocss3navigation.zip 2016-09-07 17:24 - 2016-09-07 17:24 - 00064107 _____ C:\Users\Michi\Downloads\code_download.zip 2016-09-07 17:24 - 2016-09-07 17:24 - 00000000 ____D C:\Users\Michi\Desktop\code_download 2016-09-07 17:17 - 2016-09-07 17:17 - 00025070 _____ C:\Users\Michi\Downloads\source (3).zip 2016-09-07 17:15 - 2016-09-07 17:15 - 00002698 _____ C:\Users\Michi\Downloads\source (2).zip 2016-09-07 17:15 - 2016-09-07 17:15 - 00002698 _____ C:\Users\Michi\Downloads\source (1).zip 2016-09-07 17:14 - 2016-09-07 17:14 - 00002698 _____ C:\Users\Michi\Downloads\source.zip 2016-09-06 19:50 - 2016-09-06 19:52 - 77156142 _____ C:\Users\Michi\Downloads\Tibialyzer.v1.4.1-beta.zip 2016-09-06 19:41 - 2016-09-06 19:41 - 20749160 _____ C:\Users\Michi\Downloads\Tibialyzer.zip 2016-09-06 18:25 - 2016-09-06 18:25 - 08261482 _____ C:\Users\Michi\Desktop\xxx.pdf 2016-09-06 16:15 - 2016-09-06 16:15 - 05350402 _____ C:\Users\Michi\Downloads\PokeBot.v1.0.9.apk 2016-09-05 21:05 - 2016-09-06 00:06 - 00000000 ____D C:\Users\Michi\AppData\Local\Temporary Projects 2016-09-05 20:56 - 2016-09-05 20:56 - 01270466 _____ C:\Users\Michi\Downloads\ProcessExplorer (2).zip 2016-09-05 19:35 - 2016-09-05 20:38 - 00000000 ____D C:\Users\Michi\Desktop\olydbg 2016-09-05 19:34 - 2016-09-05 19:34 - 01333471 _____ C:\Users\Michi\Downloads\odbg110.zip 2016-09-05 19:09 - 2016-09-05 19:09 - 00000788 _____ C:\Users\Michi\Downloads\Obrazy — skrót.lnk 2016-09-05 18:51 - 2016-09-05 18:51 - 00000000 ____D C:\Users\Michi\Documents\Virtual Machines 2016-09-05 18:48 - 2016-09-05 20:56 - 00000000 ____D C:\Users\Michi\AppData\Roaming\VMware 2016-09-05 18:48 - 2016-09-05 20:56 - 00000000 ____D C:\Users\Michi\AppData\Local\VMware 2016-09-05 18:48 - 2016-04-14 17:17 - 00066752 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys 2016-09-05 18:48 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys 2016-09-05 18:48 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll 2016-09-05 18:48 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll 2016-09-05 18:47 - 2016-09-16 03:44 - 00000000 ____D C:\ProgramData\VMware 2016-09-05 18:47 - 2016-09-05 18:47 - 00001276 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk 2016-09-05 18:47 - 2016-09-05 18:47 - 00001024 _____ C:\WINDOWS\SysWOW64\%TMP% 2016-09-05 18:47 - 2016-09-05 18:47 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines 2016-09-05 18:47 - 2016-09-05 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2016-09-05 18:47 - 2016-09-05 18:47 - 00000000 ____D C:\Program Files\Common Files\VMware 2016-09-05 18:47 - 2016-09-05 18:47 - 00000000 ____D C:\Program Files (x86)\VMware 2016-09-05 18:47 - 2016-04-14 17:17 - 00934080 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll 2016-09-05 18:47 - 2016-04-14 17:17 - 00392896 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe 2016-09-05 18:47 - 2016-04-14 17:17 - 00358080 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe 2016-09-05 18:47 - 2016-04-14 16:53 - 00026816 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys 2016-09-05 18:47 - 2016-03-10 08:03 - 00057536 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys 2016-09-05 18:46 - 2016-09-05 18:46 - 00000000 ____D C:\Users\Michi\Desktop\vm 2016-09-05 18:41 - 2016-09-05 18:46 - 299983712 ____R C:\Users\Michi\Downloads\VMware Workstation Pro 12.1.1 Build 3770994 + Keys [SadeemPC].zip 2016-09-05 18:31 - 2016-09-05 18:31 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\Michi\Desktop\procexp.exe 2016-09-05 18:30 - 2016-09-05 18:30 - 01270466 _____ C:\Users\Michi\Downloads\ProcessExplorer (1).zip 2016-09-05 18:24 - 2016-09-05 18:25 - 00000000 ____D C:\Program Files (x86)\Helbreath Olympia 2016-09-05 18:24 - 2016-09-05 18:24 - 00002162 _____ C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Helbreath Olympia.lnk 2016-09-05 18:24 - 2016-09-05 18:24 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Helbreath Olympia 2016-09-05 18:20 - 2016-09-05 18:24 - 250688223 _____ (Firebrink ) C:\Users\Michi\Downloads\OlympiaSetup_6_0.exe 2016-09-01 14:29 - 2016-09-01 14:29 - 172178083 _____ C:\ProgramData\Tibia_spr.bak 2016-09-01 14:29 - 2016-09-01 14:29 - 04064636 _____ C:\ProgramData\Tibia_pic.bak 2016-09-01 14:29 - 2016-09-01 14:29 - 01976912 _____ C:\ProgramData\Tibia_dat.bak 2016-08-28 21:43 - 2016-08-28 21:44 - 00000000 ____D C:\Users\Michi\Desktop\Tibialyzer v1.4.1-beta 2016-08-25 17:42 - 2016-08-25 17:42 - 00524911 _____ C:\Users\Michi\Desktop\Scan8.pdf 2016-08-25 17:23 - 2016-08-25 17:23 - 00029516 _____ C:\Users\Michi\Downloads\wniosek o rejestrację osoby bezrobotnej (1).xlsx 2016-08-25 17:15 - 2016-08-25 17:23 - 00029229 _____ C:\Users\Michi\Downloads\wniosek o rejestrację osoby bezrobotnej.xlsx 2016-08-25 16:27 - 2016-08-25 16:27 - 00032386 _____ C:\Users\Michi\Downloads\Extras.Txt 2016-08-25 15:07 - 2016-08-25 15:07 - 00000024 _____ C:\Users\Michi\Desktop\Nowy dokument tekstowy.txt 2016-08-24 13:35 - 2016-08-24 13:35 - 05684278 _____ C:\Users\Michi\Downloads\usa-ambas-calaveras.mp4 2016-08-23 19:18 - 2016-09-13 16:46 - 00000000 ____D C:\Users\Michi\AppData\Local\Tibia 2016-08-23 19:18 - 2016-09-10 08:28 - 00001122 _____ C:\Users\Michi\Desktop\Tibia.lnk 2016-08-23 19:18 - 2016-08-23 19:18 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia 2016-08-23 19:16 - 2016-08-23 19:18 - 05658072 _____ C:\Users\Michi\Downloads\Tibia_Setup.exe 2016-08-23 15:02 - 2016-08-23 15:03 - 00000000 ____D C:\Users\Michi\Desktop\PSP 2016-08-23 12:16 - 2016-08-23 12:17 - 00000000 ____D C:\Users\Michi\Desktop\pogo 2016-08-23 12:15 - 2016-08-23 12:15 - 00003598 _____ C:\Users\Michi\Downloads\PoGoAccountCheck-master.zip 2016-08-22 22:30 - 2016-08-22 22:30 - 00873488 _____ C:\Users\Michi\Downloads\tibiacast_3_1_63_0.zip 2016-08-22 22:08 - 2016-08-22 22:08 - 00000624 _____ C:\Users\Public\Desktop\Tibia.lnk 2016-08-22 22:07 - 2016-08-22 22:08 - 35367939 _____ (CipSoft GmbH ) C:\Users\Michi\Downloads\tibia1096.exe 2016-08-22 22:07 - 2016-08-22 22:08 - 00000019 _____ C:\Users\Michi\Desktop\pasy.txt 2016-08-22 21:53 - 2016-08-22 21:56 - 00005631 _____ C:\Users\Michi\Downloads\Wezwanie-do-wydania-przedmiotu 1.odt 2016-08-22 21:51 - 2016-08-22 21:51 - 00565451 _____ C:\Users\Michi\Desktop\patryk2.pdf 2016-08-22 21:50 - 2016-08-22 21:50 - 00559322 _____ C:\Users\Michi\Desktop\patryk1.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-16 03:47 - 2016-05-23 22:42 - 00939288 _____ C:\WINDOWS\ntbtlog.txt 2016-09-16 03:46 - 2016-05-23 22:42 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-09-16 03:44 - 2016-02-13 19:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-16 00:40 - 2015-03-30 14:32 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat 2016-09-16 00:28 - 2015-10-30 08:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-09-16 00:27 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-16 00:26 - 2016-04-15 10:19 - 02241086 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-16 00:26 - 2016-02-13 19:29 - 00958010 _____ C:\WINDOWS\system32\perfh015.dat 2016-09-16 00:26 - 2016-02-13 19:29 - 00219792 _____ C:\WINDOWS\system32\perfc015.dat 2016-09-16 00:26 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-09-16 00:20 - 2015-07-30 20:01 - 00000000 ____D C:\Users\Michi\AppData\Local\ElevatedDiagnostics 2016-09-15 23:46 - 2014-10-17 18:25 - 00001068 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-15 21:47 - 2015-03-29 00:08 - 00000000 ____D C:\AdwCleaner 2016-09-15 21:43 - 2014-10-26 14:58 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Skype 2016-09-15 21:39 - 2016-07-08 05:34 - 00000000 ____D C:\Users\Michi\Desktop\joomla 2016-09-15 21:00 - 2014-10-17 18:25 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-15 20:19 - 2015-01-05 17:33 - 00000000 ____D C:\Program Files (x86)\ElfBot NG 2016-09-15 19:32 - 2015-12-15 13:58 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4 2016-09-15 19:03 - 2014-11-01 21:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-15 17:48 - 2014-10-17 18:23 - 00004210 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{38D7EA20-AF69-44E6-AEAF-08A841C62920} 2016-09-15 17:42 - 2014-11-23 19:11 - 00000000 ____D C:\Users\Michi\AppData\Local\LogMeIn Hamachi 2016-09-15 17:31 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-15 17:31 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-15 15:42 - 2016-07-21 00:00 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi 2016-09-15 15:42 - 2016-07-21 00:00 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi 2016-09-14 22:03 - 2014-10-17 21:38 - 00000000 ____D C:\Users\Michi\AppData\Local\screenSHU 2016-09-14 12:25 - 2014-11-27 16:08 - 00000000 ____D C:\Users\Michi\AppData\Local\Battle.net 2016-09-14 11:52 - 2014-11-27 16:08 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-09-13 20:49 - 2014-10-18 14:50 - 00000000 ____D C:\Users\Michi\AppData\Roaming\uTorrent 2016-09-12 21:54 - 2016-02-02 23:08 - 00000000 ____D C:\Users\Michi\.android 2016-09-09 18:56 - 2016-02-13 10:46 - 04944536 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-09-08 12:28 - 2016-06-01 18:24 - 00000000 ____D C:\Users\Michi\AppData\Local\atom 2016-09-08 12:27 - 2016-06-01 18:24 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2016-09-08 12:26 - 2016-01-14 02:45 - 00000000 ____D C:\Users\Michi\AppData\Local\SquirrelTemp 2016-09-07 23:19 - 2015-11-18 23:11 - 00003996 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1447881075 2016-09-07 23:19 - 2015-11-18 23:11 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-09-07 23:19 - 2015-11-18 23:10 - 00000000 ____D C:\Program Files (x86)\Opera 2016-09-07 21:42 - 2014-11-01 13:31 - 00000000 ____D C:\Users\Michi\AppData\Roaming\FileZilla 2016-09-07 21:30 - 2016-06-01 18:24 - 00000000 ____D C:\Users\Michi\.atom 2016-09-07 20:28 - 2015-01-01 21:18 - 00000132 _____ C:\Users\Michi\AppData\Roaming\Adobe PNG Format CS5 Prefs 2016-09-07 18:43 - 2014-11-01 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2016-09-07 18:43 - 2014-11-01 13:31 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2016-09-06 00:10 - 2016-04-15 10:20 - 00000000 ____D C:\Users\Michi 2016-09-06 00:10 - 2016-02-18 04:18 - 00000000 ____D C:\Users\Michi\Documents\Visual Studio 2010 2016-09-05 20:56 - 2016-01-05 16:38 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2016-09-05 18:54 - 2016-07-18 15:10 - 00000000 ____D C:\Program Files\Microvirt 2016-09-05 18:50 - 2014-10-17 20:11 - 00000000 ____D C:\Program Files (x86)\Steam 2016-09-05 18:47 - 2016-04-15 10:19 - 02259090 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-09-05 01:22 - 2015-07-07 00:44 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2016-09-04 23:21 - 2016-07-27 16:18 - 00000178 _____ C:\Users\Michi\Desktop\kordynajce.txt 2016-09-02 12:40 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-08-26 00:17 - 2014-10-17 19:24 - 00000000 ____D C:\Users\Michi\AppData\Roaming\TS3Client 2016-08-25 18:46 - 2016-03-26 15:51 - 00000000 ____D C:\Users\Michi\AppData\Local\Discord 2016-08-25 18:46 - 2016-01-14 02:45 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2016-08-25 18:46 - 2016-01-14 02:45 - 00000000 ____D C:\Users\Michi\AppData\Roaming\discord 2016-08-22 22:53 - 2015-04-08 19:31 - 00000000 ____D C:\Program Files (x86)\Tibiacast 2016-08-22 22:53 - 2014-11-09 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibiacast 2016-08-22 22:30 - 2016-07-18 15:43 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2016-08-22 22:08 - 2016-04-05 14:13 - 00000000 ____D C:\Tibia854 2016-08-22 22:08 - 2014-10-28 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia 2016-08-22 21:29 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-03-23 17:25 - 2015-03-23 17:26 - 266006788 _____ () C:\Users\Michi\AppData\Roaming\.minecraft.rar 2015-10-20 22:32 - 2015-10-20 22:32 - 0000132 _____ () C:\Users\Michi\AppData\Roaming\Adobe GIF Format CS5 Prefs 2015-01-01 21:18 - 2016-09-07 20:28 - 0000132 _____ () C:\Users\Michi\AppData\Roaming\Adobe PNG Format CS5 Prefs 2015-02-10 20:03 - 2015-02-27 14:23 - 0000132 _____ () C:\Users\Michi\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG 2015-12-09 22:39 - 2015-12-10 20:26 - 0001456 _____ () C:\Users\Michi\AppData\Local\Adobe Save for Web 12.0 Prefs 2015-03-19 18:26 - 2016-02-02 23:23 - 0005632 _____ () C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-08 15:20 - 2014-11-08 15:26 - 0000600 _____ () C:\Users\Michi\AppData\Local\PUTTY.RND 2014-12-20 19:28 - 2016-07-27 15:51 - 0007602 _____ () C:\Users\Michi\AppData\Local\Resmon.ResmonCfg 2014-10-26 18:23 - 2014-10-26 18:23 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-09-14 12:38 - 2016-09-14 12:38 - 0000000 _____ () C:\ProgramData\cis619B.exe 2016-09-01 14:29 - 2016-09-01 14:29 - 1976912 _____ () C:\ProgramData\Tibia_dat.bak 2016-09-01 14:29 - 2016-09-01 14:29 - 4064636 _____ () C:\ProgramData\Tibia_pic.bak 2016-09-01 14:29 - 2016-09-01 14:29 - 172178083 _____ () C:\ProgramData\Tibia_spr.bak Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\cis619B.exe Niektóre pliki w TEMP: ==================== C:\Users\Michi\AppData\Local\Temp\HitmanPro_x64.exe C:\Users\Michi\AppData\Local\Temp\libeay32.dll C:\Users\Michi\AppData\Local\Temp\msvcr120.dll C:\Users\Michi\AppData\Local\Temp\s3.exe C:\Users\Michi\AppData\Local\Temp\sfamcc00001.dll C:\Users\Michi\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-09-15 11:59 ==================== Koniec FRST.txt ============================