REKLAMA

skany.zip

Infekcja winlogon.exe ITP. - Komputery Firmowe infekcja, wyłączanie przeglądarek

Witaj w załączniku przesyłam skany dorzuciłem jeszcze laptopa OLEG-PC który też jest w firmie.

skany.zip
- FRST.txt
- Addition.txt

skany.zip > Addition.txt

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 18-01-2017
Uruchomiony przez user (20-01-2017 08:58:55)
Uruchomiony z C:\Users\user\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-09-20 13:37:18)
Tryb startu: Normal
==========================================================

==================== Konta użytkowników: =============================

Administrator (S-1-5-21-969140806-4181738161-3310976127-500 - Administrator - Disabled)
Gość (S-1-5-21-969140806-4181738161-3310976127-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-969140806-4181738161-3310976127-1006 - Limited - Enabled)
user (S-1-5-21-969140806-4181738161-3310976127-1000 - Administrator - Enabled) = & gt; C:\Users\user

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą " Hidden " w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Acrylic Wi-Fi Professional v3.1 (HKU\S-1-5-21-969140806-4181738161-3310976127-1000\...\{FBD2EDDA-2B1B-49A2-9147-99CBCC5F10E5}_is1) (Version: 3.1 - Tarlogic Security S.L.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Cisco Network Magic (x32 Version: 5.5.09195.0 - Pure Networks) Hidden
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Generator kodów kreskowych (HKLM-x32\...\{9EE5269A-D2B6-4205-A30C-D3271369E38C}_is1) (Version: - LEO)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP LaserJet Pro M201-M202 (HKLM-x32\...\{e71f6d30-080d-43ef-87e0-1ac4d7f8adfa}) (Version: 12.0.14101.145 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
HPDXP (x32 Version: 3.0.26.14 - HP) Hidden
HPLJDXPHelper (x32 Version: 120.063.006 - HP) Hidden
HPLJProM201M202 (HKLM-x32\...\{F2C371CB-0B8B-4135-82AA-DA2147635412}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (x32 Version: 012.000.0001 - HP) Hidden
HPLJUTM201_202 (x32 Version: 012.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM201-M202LaserJetService (x32 Version: 001.034.00685 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 100.040.00218 - Hewlett Packard) Hidden
hpStatusAlertsM201-M202 (x32 Version: 120.046.00127 - Hewlett-Packard) Hidden
InsERT GT 1.43 (HKLM-x32\...\{7788C8A6-D456-42FB-ACB6-8D6D0315344B}) (Version: 1.43 - InsERT)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
LJDXPHelperUI (x32 Version: 120.063.006 - HP) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Command Line Utilities (HKLM\...\{D9F711D3-3C90-4D79-9292-47C90C722E2A}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{C3525BF7-3698-4CD3-A8C3-69BD6F57BA3B}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 pl)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Mozilla Thunderbird 45.6.0 (x86 pl) (HKLM-x32\...\Mozilla Thunderbird 45.6.0 (x86 pl)) (Version: 45.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)
PDF Editor 5 (HKLM-x32\...\PDF Editor 5) (Version: - )
Pure Networks Platform (x32 Version: 11.2.09195.1 - Pure Networks) Hidden
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Management Studio (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SteelSeries Engine 3.8.5 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.5 - SteelSeries ApS)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TP-LINK TL-WN725N_TL-WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
VNC Server 6.0.0 (HKLM\...\{55233098-158E-4500-B536-7FC644535F29}) (Version: 6.0.0.23442 - RealVNC Ltd)
VNC Viewer 6.0.0 (HKLM\...\{A55C0FBA-8B96-4C1C-B276-2E5328C57254}) (Version: 6.0.0.23442 - RealVNC Ltd)
Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
XnView 2.39 (HKLM-x32\...\XnView_is1) (Version: 2.39 - Gougelet Pierre-e)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {04279C08-8784-4832-919E-2457DC5006E1} - System32\Tasks\AutoKMS = & gt; C:\Windows\AutoKMS\AutoKMS.exe [2016-09-27] ()
Task: {26D9F470-416D-420F-BBE5-0E4B87077ADB} - System32\Tasks\Adobe Acrobat Update Task = & gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {2ED553D6-9601-47E6-868D-A2D4AC465538} - System32\Tasks\HPLJCustParticipation = & gt; C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-01-06] (Hewlett Packard)
Task: {54376813-032D-48A8-B0D6-065EB546B1AF} - System32\Tasks\GoogleUpdateTaskMachineCore = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-27] (Google Inc.)
Task: {58B57833-BB29-467C-A415-BC52713A2D72} - System32\Tasks\AVAST Software\Avast settings backup = & gt; C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-09-21] (AVAST Software)
Task: {76E14C62-4439-46AC-A24E-0928C304589A} - System32\Tasks\Adobe Flash Player Updater = & gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {FA16B8B5-56CE-48E8-810A-1D84515228B3} - System32\Tasks\GoogleUpdateTaskMachineUA = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-27] (Google Inc.)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job = & gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

==================== Załadowane moduły (filtrowane) ==============

2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
2016-09-27 06:20 - 2013-01-10 18:09 - 00848384 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2017-01-12 07:15 - 2017-01-12 07:15 - 31167576 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll
2016-09-27 06:20 - 2013-01-10 17:32 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-09-27 06:20 - 2013-01-10 18:16 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-09-27 06:20 - 2013-01-07 15:03 - 00297472 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość " AlternateShell " zostanie przywrócona.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc = & gt; " " = " Service "

==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)

==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)

==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-969140806-4181738161-3310976127-1000\Control Panel\Desktop\\Wallpaper - & gt; C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System = & gt; (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [SPPSVC-In-TCP] = & gt; %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] = & gt; %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{372B4E06-F51C-4654-8197-072432E48977}] = & gt; C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD2A5B2E-556A-4E6B-9422-36D0D619A96C}] = & gt; C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E148EA60-6B0E-4353-B2DF-9ADAF49A8C2C}] = & gt; C:\Program Files (x86)\HP\HP LaserJet Pro M201-M202\bin\EWSProxy.exe
FirewallRules: [{1ABE67D7-731A-47C7-9F1A-FDF90AAD72DE}] = & gt; C:\Program Files (x86)\HP\HP LaserJet Pro M201-M202\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FB75F494-94F0-4ED6-AA1E-0AA1C339470F}] = & gt; D:\Installer\hpbcsiInstaller.exe
FirewallRules: [{8B22CCDC-791A-4ADC-8254-A1AB5674FFC1}] = & gt; D:\Installer\hpbcsiInstaller.exe
FirewallRules: [{7613634B-0BA0-4E2E-95C2-0E9AC5F935EC}] = & gt; C:\Program Files\Acrylic Wi-Fi Professional\Acrylic.exe
FirewallRules: [{598758CD-5A34-46FE-93FD-1C13215CEC95}] = & gt; C:\Program Files\Acrylic Wi-Fi Professional\Acrylic.exe
FirewallRules: [{777CA039-6EB1-4062-90BE-AE1C2E436601}] = & gt; C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D745C7EB-FF3A-4B32-8AED-6AA86BE0A271}] = & gt; C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{298258A1-17A7-4023-B00D-F81D707031FD}] = & gt; C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] = & gt; %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] = & gt; %systemroot%\system32\tlntsvr.exe
FirewallRules: [{C15B49DA-3F45-4AB8-BEFA-0FCEEB334DA9}] = & gt; C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{DD8E331C-221B-412F-9D1A-EE4B6E33797E}] = & gt; C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{82FACBC9-3BBA-4CF8-9C52-23736364A22A}] = & gt; C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{069AEEF0-A8C5-4E62-9C1D-919E065968B4}] = & gt; C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4694183B-1D8C-4B0A-ACC5-E1FD229A594E}] = & gt; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{137EBD01-51D5-4859-95A2-78F11D3C3E04}] = & gt; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Punkty Przywracania systemu =========================

11-01-2017 15:34:54 Windows Update
18-01-2017 03:14:08 Windows Update
20-01-2017 07:05:47 Installed HiJackThis

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (01/20/2017 07:51:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 07:50:35 AM) (Source: SQLBrowser) (EventID: 1) (User: )
Description: The SQL configuration for SQL is inaccessible or invalid.

Error: (01/20/2017 06:40:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Z powodu wystąpienia problemu dane Programu poprawy jakości obsługi klienta nie zostały wysłane do firmy Microsoft. (Błąd 80004005).

Error: (01/20/2017 06:10:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 06:09:36 AM) (Source: SQLBrowser) (EventID: 1) (User: )
Description: The SQL configuration for SQL is inaccessible or invalid.

Error: (01/19/2017 02:27:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/19/2017 02:27:00 PM) (Source: SQLBrowser) (EventID: 1) (User: )
Description: The SQL configuration for SQL is inaccessible or invalid.

Error: (01/19/2017 06:59:18 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Z powodu wystąpienia problemu dane Programu poprawy jakości obsługi klienta nie zostały wysłane do firmy Microsoft. (Błąd 80004005).

Error: (01/19/2017 06:07:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/19/2017 06:06:23 AM) (Source: SQLBrowser) (EventID: 1) (User: )
Description: The SQL configuration for SQL is inaccessible or invalid.

Dziennik System:
=============
Error: (01/20/2017 07:50:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT)
Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.

Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll
Kod błędu: 126

Error: (01/20/2017 07:49:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Usługa udostępniania w sieci programu Windows Media Player z powodu następującego błędu:
Usługa nie została uruchomiona z powodu nieudanego logowania.

Error: (01/20/2017 07:49:41 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Usługa WMPNetworkSvc nie może zalogować się jako NT AUTHORITY\NetworkService za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu:
Żądanie nie jest obsługiwane.

Aby upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie Microsoft Management Console (MMC).

Error: (01/20/2017 07:49:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Windows Search z powodu następującego błędu:
Usługa nie została uruchomiona z powodu nieudanego logowania.

Error: (01/20/2017 07:49:41 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Usługa WSearch nie może zalogować się jako NT AUTHORITY\SYSTEM za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu:
Żądanie nie jest obsługiwane.

Aby upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie Microsoft Management Console (MMC).

Error: (01/20/2017 07:49:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (01/20/2017 07:49:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (01/20/2017 07:49:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Office Software Protection Platform niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (01/20/2017 07:49:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Pure Networks Platform Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (01/20/2017 07:49:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa LogMeIn Hamachi Tunneling Engine niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

==================== Statystyki pamięci ===========================

Procesor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Procent pamięci w użyciu: 74%
Całkowita pamięć fizyczna: 4085.42 MB
Dostępna pamięć fizyczna: 1057.89 MB
Całkowita pamięć wirtualna: 8169.03 MB
Dostępna pamięć wirtualna: 4682.72 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:4.14 GB) NTFS
Drive e: (GOODRAM) (Fixed) (Total:298.09 GB) (Free:294.87 GB) NTFS == & gt; [system z komponentami startowymi (pozyskano odczytując dysk)]

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: BD4DAEDE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 57F0C056)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== Koniec Addition.txt ============================

skany.zip > FRST.txt

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 18-01-2017
Uruchomiony przez user (administrator) TOPSOLID-LAPTOP (20-01-2017 08:33:20)
Uruchomiony z E:\SKANY
Załadowane profile: user (Dostępne profile: user & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: " C:\Users\user\AppData\Local\Amigo\Application\amigo.exe " -- " %1 " )
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [MSC] = & gt; c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [IntelPROSet] = & gt; C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel(R) Corporation)
HKLM-x32\...\Run: [NUSB3MON] = & gt; C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] = & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-24] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-615750280-2091331665-3815443580-1000\...\MountPoints2: {31a22d86-ab39-11e6-bf6e-642737833831} - E:\setup.exe
HKU\S-1-5-21-615750280-2091331665-3815443580-1000\...\MountPoints2: {a278fc64-ab0e-11e6-878e-642737833831} - G:\setup.exe
HKU\S-1-5-21-615750280-2091331665-3815443580-1000\...\MountPoints2: {de32a2a9-ab34-11e6-89a1-642737833831} - I:\setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll = & gt; C:\Windows\system32\nvinitx.dll [170688 2016-10-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll = & gt; C:\Windows\SysWOW64\nvinit.dll [148016 2016-10-22] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] - & gt; {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} = & gt; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] - & gt; {CF08DA3E-C97D-4891-A66B-E39B28DD270F} = & gt; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-23]
ShortcutTarget: McAfee Security Scan Plus.lnk - & gt; C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Ograniczenia & lt; ======= UWAGA
GroupPolicy\User: Ograniczenia & lt; ======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{23677A8D-4AE1-4FF6-A646-3582BDCFFC5D}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:
==================
HKU\S-1-5-21-615750280-2091331665-3815443580-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-615750280-2091331665-3815443580-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
BHO: McAfee WebAdvisor BHO - & gt; {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - & gt; c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
BHO-x32: True Key Helper - & gt; {0F4B8786-5502-4803-8EBC-F652A1153BB6} - & gt; C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-24] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO - & gt; {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - & gt; c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-24] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 4nry3le7.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4nry3le7.default [2017-01-20]
FF user.js: detected! = & gt; C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4nry3le7.default\user.js [2016-11-15]
FF NewTab: Mozilla\Firefox\Profiles\4nry3le7.default - & gt; hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ff_us_display?ie=UTF8 & tagbase=bds-p17 & tbrId=v1_abb-channel-17_8323051c_1201_1403_20161224_PL_ff_nt_
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\4nry3le7.default - & gt; Amazon
FF Homepage: Mozilla\Firefox\Profiles\4nry3le7.default - & gt; hxxps://go.mail.ru/?fr=ffhp1.0.4 & gp=818409
FF Keyword.URL: Mozilla\Firefox\Profiles\4nry3le7.default - & gt; hxxp://go.mail.ru/distib/ep/?product_id=%7B34B6B02B-FEC6-4347-AFEF-74C2D19396F4%7D & gp=811041
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-01]
FF Extension: (Brak nazwy) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4nry3le7.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [nie znaleziono]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 - & gt; C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - & gt; C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @nvidia.com/3DVision - & gt; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - & gt; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-615750280-2091331665-3815443580-1000: @unity3d.com/UnityPlayer,version=1.0 - & gt; C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default - & gt; hxxps://www.google.com/
CHR StartupUrls: Default - & gt; " hxxp://www.google.com/ "
CHR DefaultSearchURL: Default - & gt; hxxp://go.mail.ru/distib/ep/?q={searchTerms} & product_id=%7BB37DFC17-D455-4547-96B7-BA5E84B1D6CE%7D & gp=811037
CHR DefaultSearchKeyword: Default - & gt; go.mail.ru
CHR DefaultSuggestURL: Default - & gt; hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Extension: (Dokumenty Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-28]
CHR Extension: (Tampermonkey) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-03]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Tampermonkey) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-06]

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
S4 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
S2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S4 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2016-12-12] (McAfee, Inc.)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [Brak podpisu cyfrowego]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-22] (NVIDIA Corporation)
S4 NVWMI; C:\Windows\system32\nvwmi64.exe [4167224 2016-10-22] (NVIDIA Corporation)
S4 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
S4 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [Brak podpisu cyfrowego]
S4 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [Brak podpisu cyfrowego]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [Brak podpisu cyfrowego]
S4 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S4 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [Brak podpisu cyfrowego]
S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2017-01-05] (McAfee, Inc.)
S4 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.)
S4 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.)
S4 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S4 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [Brak podpisu cyfrowego]
R2 wbiosrvp; C:\Windows\SysWOW64\wbiosrvp.dll [345088 2014-09-10] () [Brak podpisu cyfrowego]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-10] (Microsoft Corporation)
S4 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-11-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-11-15] (Disc Soft Ltd)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [307768 2016-10-22] (NVIDIA Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 AIDA64Driver; \??\E:\AIDA64 Extreme Edition\kerneld.x64 [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-20 08:33 - 2017-01-20 08:33 - 00000000 ____D C:\FRST
2017-01-20 08:17 - 2017-01-20 08:21 - 00000000 ____D C:\Windows\pss
2017-01-20 08:16 - 2017-01-20 08:16 - 00000000 ___HD C:\Users\user\AppData\Roaming\GoldenGate
2017-01-20 08:04 - 2017-01-20 08:15 - 00000000 ____D C:\AdwCleaner
2017-01-16 09:55 - 2017-01-16 09:55 - 00036352 _____ C:\Users\user\Downloads\WYCENA-AKADEMIKI _ FRONT S.C..xls
2017-01-15 17:55 - 2017-01-15 17:55 - 02986267 _____ C:\Users\user\Downloads\FRONT S.C. POPRAWIONE V2.zip
2017-01-14 18:02 - 2017-01-14 18:02 - 10208725 _____ C:\Users\user\Downloads\FRONT S.C. (3).zip
2017-01-14 18:02 - 2017-01-14 18:02 - 10208725 _____ C:\Users\user\Downloads\FRONT S.C. (2).zip
2017-01-14 17:59 - 2017-01-14 17:59 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-14 17:52 - 2017-01-14 17:52 - 10208725 _____ C:\Users\user\Downloads\FRONT S.C. (1).zip
2017-01-14 17:49 - 2017-01-14 17:49 - 10208725 _____ C:\Users\user\Downloads\FRONT S.C..zip
2017-01-14 16:50 - 2017-01-14 16:50 - 00000000 ____D C:\Users\user\AppData\Roaming\OpenOffice
2017-01-14 16:49 - 2017-01-14 16:50 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-01-14 16:49 - 2017-01-14 16:49 - 01204344 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\readerdc_pl_id_install.exe
2017-01-14 16:49 - 2017-01-14 16:49 - 00001112 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
2017-01-14 16:49 - 2017-01-14 16:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-01-14 16:47 - 2017-01-14 16:47 - 00000000 ____D C:\Users\user\Desktop\OpenOffice 4.1.3 (ru) Installation Files
2017-01-14 16:22 - 2017-01-14 16:28 - 138794900 _____ C:\Users\user\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_ru.exe
2017-01-14 16:10 - 2017-01-14 16:11 - 44820795 _____ C:\Users\user\Downloads\cennik.zip
2017-01-14 11:50 - 2017-01-14 11:50 - 00000142 _____ C:\Users\user\Downloads\zdzichu_ch21.vcf
2017-01-14 11:04 - 2017-01-14 11:04 - 02710006 _____ C:\Users\user\Downloads\room_sd10102016 (1).dwg
2017-01-14 11:03 - 2017-01-14 11:03 - 02710006 _____ C:\Users\user\Downloads\room_sd10102016.dwg
2017-01-13 10:23 - 2017-01-13 10:23 - 00121198 _____ C:\Users\user\Documents\buk.xps
2017-01-13 10:23 - 2017-01-13 10:23 - 00000000 ____D C:\Users\user\AppData\LocalLow\Temp
2017-01-10 11:47 - 2017-01-10 11:47 - 00000000 ___RD C:\Users\user\Documents\bSolid
2017-01-10 11:46 - 2017-01-10 11:46 - 00000000 ____D C:\Users\user\Documents\Biesse Spa
2017-01-10 11:46 - 2017-01-10 11:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Biesse Spa
2017-01-10 11:27 - 2017-01-10 11:47 - 00000000 ____D C:\WNC
2017-01-10 11:26 - 2015-09-24 05:17 - 00109200 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksdf.sys
2017-01-10 11:25 - 2017-01-10 11:25 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2017-01-10 11:25 - 2015-09-24 05:17 - 04665168 _____ (SafeNet Inc.) C:\Windows\system32\hasplms.exe
2017-01-10 11:25 - 2015-09-24 05:17 - 04665168 _____ (SafeNet Inc.) C:\Windows\system32\aksllmtp.exe
2017-01-10 11:25 - 2015-09-24 05:17 - 00350552 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\hardlock.sys
2017-01-10 11:25 - 2015-09-24 05:17 - 00208328 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll
2017-01-10 11:25 - 2015-09-24 05:17 - 00205528 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksfridge.sys
2017-01-10 11:15 - 2017-01-10 11:41 - 00000000 ____D C:\biesse
2017-01-10 11:15 - 2017-01-10 11:16 - 00002103 _____ C:\Users\user\Desktop\1000009921 - PANEL MACHINING CENTRE SKIPPER V31.lnk
2017-01-10 11:15 - 2017-01-10 11:15 - 00003086 _____ C:\Windows\System32\Tasks\{F6A4A75C-A72D-440A-B543-F69B691A8E76}
2017-01-10 09:08 - 2017-01-10 09:08 - 00000677 _____ C:\Users\user\Desktop\PRO100 wersja 5.lnk
2017-01-10 09:08 - 2017-01-10 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRO100 wersja 5
2017-01-10 08:47 - 2017-01-10 08:47 - 00000000 ____D C:\Ecru
2017-01-06 10:30 - 2014-09-10 00:33 - 00345088 _____ C:\Windows\SysWOW64\wbiosrvp.dll
2017-01-06 10:30 - 2014-09-10 00:33 - 00126976 _____ C:\Windows\SysWOW64\biosysrt.dll
2017-01-04 04:36 - 2017-01-04 04:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-01-02 16:28 - 2017-01-02 16:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo
2017-01-02 08:51 - 2017-01-08 17:50 - 00000000 ____D C:\Program Files (x86)\Ghostery Storage Server
2017-01-02 08:47 - 2017-01-02 08:47 - 00003640 _____ C:\Windows\System32\Tasks\famousaactors
2017-01-02 08:46 - 2017-01-02 08:48 - 00000000 ____D C:\Users\user\Documents\The SIMS 4 by xatab
2017-01-02 08:45 - 2017-01-02 08:45 - 00037503 _____ C:\Users\user\Downloads\Sims-4-SNUG-ELF-RePack-ot-xatab.torrent
2017-01-02 08:44 - 2017-01-02 08:44 - 03728104 _____ () C:\Users\user\Downloads\Sims-4-SNUG-ELF-RePack-ot-xatab-4326.torrent.exe
2017-01-01 17:44 - 2017-01-01 17:45 - 00000000 ____D C:\Users\user\AppData\Roaming\MMFApplications
2017-01-01 17:23 - 2017-01-01 17:31 - 126972037 _____ () C:\Users\user\Downloads\FNAF-2-Simulator-Demo-5.exe
2017-01-01 17:08 - 2017-01-01 17:11 - 73350878 _____ () C:\Users\user\Downloads\FNAF-Simulator.exe
2017-01-01 17:07 - 2017-01-01 17:20 - 346150987 _____ C:\Users\user\Downloads\FNaF_World.exe
2016-12-29 09:34 - 2016-12-29 09:39 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-12-29 09:32 - 2016-12-29 09:32 - 00000000 ____D C:\Users\user\Documents\Clash of Clans
2016-12-29 09:30 - 2016-12-29 09:30 - 00505120 _____ (MediaGet LLC) C:\Users\user\Downloads\ckachat-clash-of-clans-na-kompyuter_id2889327ids4s.exe
2016-12-29 09:24 - 2016-12-29 09:24 - 00505120 _____ (MediaGet LLC) C:\Users\user\Downloads\ckachat-clash-of-clans-na-kompyuter_id2887852ids4s.exe
2016-12-28 21:21 - 2017-01-20 08:16 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2016-12-26 16:55 - 2016-12-29 09:12 - 00000000 ____D C:\Users\user\AppData\Local\Google
2016-12-26 16:54 - 2016-12-26 17:10 - 00002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-26 16:54 - 2016-12-26 17:10 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-26 16:53 - 2016-12-26 16:59 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-26 16:53 - 2016-12-26 16:59 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-26 16:52 - 2017-01-15 01:07 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-26 16:52 - 2017-01-10 21:39 - 00003998 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-26 16:52 - 2016-12-26 16:54 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-26 16:50 - 2016-12-26 16:50 - 01200744 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\flashplayer24pp_dd_install.exe
2016-12-26 10:26 - 2016-12-26 10:26 - 00896000 _____ C:\Users\user\Downloads\DMS (1).exe
2016-12-25 19:56 - 2017-01-20 08:32 - 00005014 _____ C:\Windows\System32\Tasks\WSCEAA
2016-12-25 15:33 - 2016-12-25 15:33 - 00000000 ____D C:\Users\user\AppData\Roaming\Unity
2016-12-25 14:16 - 2016-12-25 14:16 - 00249328 _____ C:\Users\user\Downloads\Update(6).exe
2016-12-25 09:51 - 2016-12-25 09:51 - 00000000 ____D C:\Users\user\AppData\Local\UnrealEngine
2016-12-25 09:51 - 2016-12-25 09:51 - 00000000 ____D C:\Users\user\AppData\Local\HelloNeighborReborn
2016-12-25 09:50 - 2016-12-25 09:50 - 00000419 _____ C:\Windows\DirectX.log
2016-12-25 09:50 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-12-25 09:50 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-12-25 09:50 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-12-25 09:50 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-12-25 09:50 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-12-25 09:50 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-12-25 09:50 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-12-25 09:50 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-12-25 09:50 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-12-25 09:50 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-12-25 09:50 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-12-25 09:50 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-12-25 09:50 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-12-25 09:50 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-12-25 09:50 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-12-25 09:50 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-12-25 09:50 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-12-25 09:19 - 2016-12-25 09:19 - 00000000 ____D C:\Users\user\Downloads\Hello_Neighbor_Alpha_3
2016-12-25 09:19 - 2016-12-25 09:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Opera Software
2016-12-25 09:19 - 2016-12-25 09:19 - 00000000 ____D C:\Users\user\AppData\Local\Opera Software
2016-12-25 09:17 - 2016-12-25 09:17 - 00496416 _____ (MediaGet LLC) C:\Users\user\Downloads\hello-neighbor_id4131914ids1s.exe
2016-12-25 09:17 - 2016-12-25 09:17 - 00003890 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1482653864
2016-12-25 09:17 - 2016-12-25 09:17 - 00001145 _____ C:\Users\Public\Desktop\Opera.lnk
2016-12-25 09:17 - 2016-12-25 09:17 - 00001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-25 09:17 - 2016-12-25 09:17 - 00000000 ____D C:\Program Files\McAfee
2016-12-25 09:16 - 2017-01-20 08:25 - 00000000 ____D C:\Users\user\AppData\Roaming\opera_helper
2016-12-25 09:16 - 2017-01-20 08:17 - 00000270 _____ C:\Windows\Tasks\Opera_helper.job
2016-12-25 09:16 - 2017-01-16 09:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-25 09:16 - 2016-12-25 09:16 - 00003222 _____ C:\Windows\System32\Tasks\Opera_helper
2016-12-25 09:16 - 2016-12-25 09:16 - 00002641 _____ C:\Users\user\Desktop\µTorrent.lnk
2016-12-25 09:16 - 2016-12-25 09:16 - 00002641 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-12-25 09:15 - 2017-01-20 08:17 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-12-25 09:14 - 2016-12-25 09:14 - 02403520 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent_3-4-9-42973.exe
2016-12-24 19:44 - 2016-12-24 20:00 - 00000000 ____D C:\Users\user\sminecraft
2016-12-24 19:43 - 2016-12-24 19:44 - 00000000 ____D C:\ProgramData\Oracle
2016-12-24 19:43 - 2016-12-24 19:43 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-12-24 19:43 - 2016-12-24 19:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2016-12-24 19:43 - 2016-12-24 19:43 - 00000000 ____D C:\Users\user\AppData\LocalLow\Sun
2016-12-24 19:43 - 2016-12-24 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-24 19:43 - 2016-12-24 19:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-24 19:41 - 2016-12-24 19:41 - 00737344 _____ (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2016-12-24 19:37 - 2016-12-24 19:38 - 00330669 _____ C:\Users\user\Downloads\SMINECRAFT.exe
2016-12-24 19:37 - 2016-12-24 19:33 - 00002334 ____R C:\Users\user\Downloads\skin_20161220110014110523.png
2016-12-23 19:20 - 2016-12-23 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-12-23 18:19 - 2016-12-23 18:19 - 00249328 _____ C:\Users\user\Downloads\Update(5).exe
2016-12-23 18:09 - 2016-12-23 18:09 - 00249328 _____ C:\Users\user\Downloads\Update(4).exe
2016-12-23 18:06 - 2016-12-23 18:13 - 197127223 _____ ( ) C:\Users\user\Downloads\Counter-Strike_1.6.exe
2016-12-23 17:45 - 2016-12-23 17:45 - 00017133 _____ C:\Users\user\Downloads\Hello-Neighbor-Alpha-2.rar.torrent
2016-12-23 17:45 - 2016-12-23 17:45 - 00017133 _____ C:\Users\user\Downloads\Hello-Neighbor-Alpha-2.rar(1).torrent
2016-12-23 17:11 - 2016-12-23 18:32 - 00524288 ___SH C:\Users\UpdatusUser\NTUSER.DAT{0846d13c-c92a-11e6-8e9d-642737833831}.TMContainer00000000000000000002.regtrans-ms
2016-12-23 17:11 - 2016-12-23 18:32 - 00524288 ___SH C:\Users\UpdatusUser\NTUSER.DAT{0846d13c-c92a-11e6-8e9d-642737833831}.TMContainer00000000000000000001.regtrans-ms
2016-12-23 17:11 - 2016-12-23 18:32 - 00065536 ___SH C:\Users\UpdatusUser\NTUSER.DAT{0846d13c-c92a-11e6-8e9d-642737833831}.TM.blf

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-20 08:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-20 08:32 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-20 08:32 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-20 08:29 - 2016-11-14 08:43 - 00000000 ____D C:\Program Files (x86)\ST Microelectronics
2017-01-20 08:29 - 2016-11-13 12:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-20 08:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-20 08:26 - 2016-11-15 14:16 - 00000000 ____D C:\Windows\system32\appmgmt
2017-01-20 08:24 - 2016-11-26 15:04 - 00000000 ____D C:\Games
2017-01-20 08:23 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-01-20 08:20 - 2016-11-15 10:01 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-01-20 08:16 - 2016-11-15 09:50 - 00000442 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-01-20 08:15 - 2016-11-26 19:19 - 00000000 ____D C:\Program Files\TrueKey
2017-01-20 08:15 - 2016-11-13 12:40 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-20 08:05 - 2011-04-12 14:21 - 00740348 _____ C:\Windows\system32\perfh015.dat
2017-01-20 08:05 - 2011-04-12 14:21 - 00155890 _____ C:\Windows\system32\perfc015.dat
2017-01-20 08:05 - 2009-07-14 06:13 - 01669190 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 07:55 - 2016-11-13 12:36 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-01-20 07:47 - 2016-11-26 19:19 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-20 05:53 - 2016-11-26 19:34 - 00000000 ____D C:\Users\user\AppData\Local\tkdata
2017-01-20 05:50 - 2016-11-26 19:33 - 00001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-20 05:49 - 2016-11-26 19:32 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-16 19:31 - 2016-11-27 10:52 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-01-15 18:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-14 17:58 - 2016-11-13 11:10 - 00071104 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-14 17:58 - 2009-07-14 05:45 - 00291680 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-14 17:56 - 2016-11-13 17:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-01-14 17:51 - 2016-11-13 17:45 - 00000000 ____D C:\ProgramData\Adobe
2017-01-13 10:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool
2017-01-12 08:44 - 2016-11-24 12:51 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-01-10 21:39 - 2016-11-26 19:19 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 21:39 - 2016-11-26 19:19 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 21:39 - 2016-11-26 19:19 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 21:39 - 2016-11-26 19:18 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 21:39 - 2016-11-26 19:18 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 11:56 - 2016-11-13 12:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-10 11:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Setup
2017-01-02 15:12 - 2016-11-25 17:15 - 00000000 ____D C:\Users\user\AppData\Local\Unity
2017-01-02 08:52 - 2016-11-25 17:15 - 00000000 ____D C:\Users\user\AppData\LocalLow\Unity
2017-01-02 08:49 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-02 08:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-01-01 18:06 - 2014-09-10 11:56 - 00000000 ___HD C:\Windows\msdownld.tmp
2017-01-01 18:06 - 2014-09-10 11:56 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-12-29 09:34 - 2016-11-13 11:09 - 00000000 ___SD C:\Users\user\AppData\Roaming\Microsoft
2016-12-26 16:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Tasks
2016-12-26 16:50 - 2016-11-26 15:06 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-12-26 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\wdi
2016-12-25 09:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Logs
2016-12-25 09:17 - 2009-07-14 04:20 - 00000000 ___RD C:\Program Files
2016-12-25 09:16 - 2016-11-26 19:19 - 00000000 ____D C:\ProgramData\McAfee
2016-12-23 19:58 - 2016-11-25 17:28 - 00000000 ____D C:\.nicemc
2016-12-23 19:20 - 2016-11-26 20:00 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-23 19:20 - 2016-11-26 19:19 - 00001968 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-12-23 19:20 - 2009-07-14 03:34 - 00000857 _____ C:\Windows\system32\Drivers\etc\hosts
2016-12-23 18:49 - 2016-11-21 14:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-23 18:49 - 2016-11-13 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-23 18:30 - 2014-09-10 12:02 - 01641796 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-23 17:11 - 2016-11-13 12:40 - 00000000 ____D C:\Users\UpdatusUser

==================== Pliki w katalogu głównym wybranych folderów =======

2012-05-21 14:00 - 2012-05-21 14:00 - 0020984 _____ (Intel Corporation) C:\Users\user\AppData\Roaming\JomCap.dll
2016-11-13 15:03 - 2016-11-13 15:03 - 0007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg

Niektóre pliki w TEMP:
====================
C:\Users\user\AppData\Local\Temp\mrutmp.exe
C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\setup.exe
C:\Users\user\AppData\Local\Temp\Uninstall.exe
C:\Users\user\AppData\Local\Temp\_is1A34.exe
C:\Users\user\AppData\Local\Temp\_is31EB.exe
C:\Users\user\AppData\Local\Temp\_is3487.exe
C:\Users\user\AppData\Local\Temp\_is48F1.exe
C:\Users\user\AppData\Local\Temp\_is5975.exe
C:\Users\user\AppData\Local\Temp\_is5A4F.exe
C:\Users\user\AppData\Local\Temp\_is5A6E.exe
C:\Users\user\AppData\Local\Temp\_is65B4.exe
C:\Users\user\AppData\Local\Temp\_is6E9A.exe
C:\Users\user\AppData\Local\Temp\_is7609.exe
C:\Users\user\AppData\Local\Temp\_is8BDA.exe
C:\Users\user\AppData\Local\Temp\_is97BC.exe
C:\Users\user\AppData\Local\Temp\_isA064.exe
C:\Users\user\AppData\Local\Temp\_isA340.exe
C:\Users\user\AppData\Local\Temp\_isAD1F.exe
C:\Users\user\AppData\Local\Temp\_isB163.exe
C:\Users\user\AppData\Local\Temp\_isB7BA.exe
C:\Users\user\AppData\Local\Temp\_isBDA3.exe
C:\Users\user\AppData\Local\Temp\_isC8F9.exe
C:\Users\user\AppData\Local\Temp\_isD162.exe
C:\Users\user\AppData\Local\Temp\_isF01B.exe
C:\Users\user\AppData\Local\Temp\_isF768.exe

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo

LastRegBack: 2016-12-14 00:42

==================== Koniec FRST.txt ============================

skany.zip > Addition.txt

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 18-01-2017
Uruchomiony przez user (20-01-2017 08:33:44)
Uruchomiony z E:\SKANY
Windows 7 Professional Service Pack 1 (X64) (2016-11-13 10:09:58)
Tryb startu: Normal
==========================================================

==================== Konta użytkowników: =============================

Administrator (S-1-5-21-615750280-2091331665-3815443580-500 - Administrator - Disabled)
Gość (S-1-5-21-615750280-2091331665-3815443580-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-615750280-2091331665-3815443580-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-615750280-2091331665-3815443580-1001 - Limited - Enabled) = & gt; C:\Users\UpdatusUser
user (S-1-5-21-615750280-2091331665-3815443580-1000 - Administrator - Enabled) = & gt; C:\Users\user

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą " Hidden " w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.1.4 - Intel) Hidden
µTorrent (HKU\S-1-5-21-615750280-2091331665-3815443580-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{8B5D0146-5187-40F5-9DD8-15DAF2D11902}) (Version: 2.3.24.1437 - Broadcom Corporation)
Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.12.108.1 - Intel Security)
Intel(R) Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.474.2 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.206 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 pl)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA nView 148.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.03 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.63 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.63 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA WMI 2.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.29.0 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{D1F99472-746B-4D3D-8A11-0818B81A666F}) (Version: 3.0.07.43 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.43 - O2Micro International LTD.) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{02F9BA51-8D5E-4A4C-861E-64B0602F73BE}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 42.0.2393.94 (HKLM-x32\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software)
Oprogramowanie Intel® PROSet/Wireless (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
Oprogramowanie mikroukładu Intel® (x32 Version: 10.1.1.14 - Intel(R) Corporation) Hidden
Panel sterowania NVIDIA 375.63 (Version: 375.63 - NVIDIA Corporation) Hidden
PBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) Hidden
Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
PRO100 Demo wersja 4.61 (HKLM-x32\...\PRO100 Demo_is1) (Version: 4.61 - Ecru Oprogramowanie)
PRO100 wersja 5.20 (HKLM-x32\...\PRO100_is1) (Version: 5.20 - Ecru Oprogramowanie)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) Hidden
TopSolid 2016 by Missler Software (HKLM-x32\...\{4C2D2ECE-210F-4EEA-8784-901892186560}) (Version: 6.17 - Missler Software)
TopSolid 2016 Global Patch (HKLM-x32\...\{ED312AE8-2CB3-4281-8677-1B6599223200}) (Version: 6.17 - Missler Software)
TopSolid'Cam 2016 Patch x64 (HKLM-x32\...\{E7419F4E-3055-45A0-9682-D572A1B6E669}) (Version: 6.17 - Missler Software)
TopSolid'Dnc (HKLM-x32\...\{DB317EC4-F871-478C-B007-D51707508AD2}) (Version: 3.1 - Missler Software)
TopSolid'Finder 2016 by Missler Software (HKLM-x32\...\{5DFF5809-5E20-4531-A154-5337B87FE640}) (Version: 6.17 - Missler Software)
TopSolid'Interop Spatial Kernel 2016 Patch x64 (HKLM-x32\...\{6AE7B847-9E32-4DE7-8903-A19B0DFCBA87}) (Version: 6.17 - Missler Software)
TopSolid'Quote 7.10 (HKLM\...\{DB646B37-B445-4AB7-9313-87AD541360C3}) (Version: 7.10 - Missler Software)
TopSolid'Update (HKLM\...\{213BF6F0-AC65-4D33-A9B6-0BF7C0CE5776}) (Version: 7.10 - Missler Software)
TopSolid'Viewer 2016 by Missler Software (HKLM-x32\...\{4C1DE579-2DFD-4C0A-9BC9-2112E90966D5}) (Version: 6.17 - Missler Software)
TopSolid'Wood Libraries 2016 by Missler Software (HKLM-x32\...\{21291E2C-73D9-48E9-B07A-A9E5BA36DDBE}) (Version: 6.17 - Missler Software)
Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
WinRAR 5.40 (32-bitowy) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {3A3BB03E-5FFD-448A-AB4E-ADE35A7AEFA3} - System32\Tasks\Adobe Flash Player Updater = & gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {49A27A96-0639-4C9B-A519-C32F9D0D94C6} - System32\Tasks\GoogleUpdateTaskMachineCore = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-26] (Google Inc.)
Task: {55B516A8-516A-4E58-BBDE-6D2CEA3DCA24} - System32\Tasks\Opera scheduled Autoupdate 1482653864 = & gt; C:\Program Files (x86)\Opera\launcher.exe [2016-12-19] (Opera Software)
Task: {5CF4E0A5-0664-4650-8099-978F64BC1597} - System32\Tasks\Opera_helper = & gt; C:\Users\user\AppData\Roaming\OPERA_~1\OPERA_~1.EXE
Task: {73F07372-40C2-4C63-96F5-A46DC02A8BEC} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan = & gt; c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {7B5DEFBA-AD88-456A-A297-7997FB5F57B8} - System32\Tasks\Adobe Acrobat Update Task = & gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {88C5D261-29E4-4110-AC3C-59717BF86CE2} - System32\Tasks\famousaactors = & gt; Chrome.exe hxxp://famousaactors.ru/syforge
Task: {92317C87-A201-4913-A011-8A90B9CBE8E5} - System32\Tasks\WSCEAA = & gt; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.)
Task: {A7284EC5-F2B1-4DC4-BF0F-E22FF4934928} - System32\Tasks\Intel\Intel Telemetry 2 = & gt; C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {B63E90ED-4836-472F-9146-24582852AB61} - System32\Tasks\Adobe Flash Player PPAPI Notifier = & gt; C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {B8DBCC9E-A033-4279-ADBE-FFF6DBF3E29F} - System32\Tasks\{F6A4A75C-A72D-440A-B543-F69B691A8E76} = & gt; pcalua.exe -a D:\1000009921\Setup.exe -d D:\1000009921
Task: {CFB93535-1A87-402E-9A2D-D969FA34945A} - System32\Tasks\GoogleUpdateTaskMachineUA = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-26] (Google Inc.)
Task: {D55EE3CE-5ED0-40B5-A3D7-CBE8E87ABE1A} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE = & gt; Wscript.exe //B //NoLogo " C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs "

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job = & gt; C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job = & gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Opera_helper.job = & gt; C:\Users\user\AppData\Roaming\OPERA_~1\OPERA_~1.EXE

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\Амиго.Музыка.lnk - & gt; C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) & lt; ===== Cyrillic
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\ВКонтакте.lnk - & gt; C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) & lt; ===== Cyrillic
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\Мини-игры Mail.Ru.lnk - & gt; C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) & lt; ===== Cyrillic
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\Мой Мир.lnk - & gt; C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) & lt; ===== Cyrillic
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\Одноклассники.lnk - & gt; C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) & lt; ===== Cyrillic
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\Почта Mail.Ru.lnk - & gt; C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) & lt; ===== Cyrillic

==================== Załadowane moduły (filtrowane) ==============

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość " AlternateShell " zostanie przywrócona.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys = & gt; " " = " Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys = & gt; " " = " Driver "

==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)

==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)

IE trusted site: HKU\S-1-5-21-615750280-2091331665-3815443580-1000\...\dell.com - & gt; dell.com

==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 03:34 - 2016-12-23 19:20 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-615750280-2091331665-3815443580-1000\Control Panel\Desktop\\Wallpaper - & gt; C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System = & gt; (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

MSCONFIG\Services: AdobeARMservice = & gt; 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc = & gt; 3
MSCONFIG\Services: BstHdAndroidSvc = & gt; 3
MSCONFIG\Services: BstHdLogRotatorSvc = & gt; 2
MSCONFIG\Services: BstHdUpdaterSvc = & gt; 2
MSCONFIG\Services: cphs = & gt; 3
MSCONFIG\Services: Credential Vault Host Control Service = & gt; 2
MSCONFIG\Services: Credential Vault Host Storage = & gt; 2
MSCONFIG\Services: Disc Soft Lite Bus Service = & gt; 3
MSCONFIG\Services: EmbassyService = & gt; 2
MSCONFIG\Services: EvtEng = & gt; 2
MSCONFIG\Services: gupdate = & gt; 2
MSCONFIG\Services: gupdatem = & gt; 3
MSCONFIG\Services: hasplms = & gt; 2
MSCONFIG\Services: ICCS = & gt; 3
MSCONFIG\Services: Intel(R) PROSet Monitoring Service = & gt; 2
MSCONFIG\Services: jhi_service = & gt; 2
MSCONFIG\Services: LMS = & gt; 2
MSCONFIG\Services: McAfee SiteAdvisor Service = & gt; 2
MSCONFIG\Services: McComponentHostService = & gt; 3
MSCONFIG\Services: MozillaMaintenance = & gt; 3
MSCONFIG\Services: MyWiFiDHCPDNS = & gt; 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem = & gt; 2
MSCONFIG\Services: nvUpdatusService = & gt; 2
MSCONFIG\Services: NVWMI = & gt; 2
MSCONFIG\Services: O2FLASH = & gt; 2
MSCONFIG\Services: O2SDIOAssist = & gt; 2
MSCONFIG\Services: PbaDrvSvc_x64 = & gt; 2
MSCONFIG\Services: RegSrvc = & gt; 2
MSCONFIG\Services: SecureStorageService = & gt; 3
MSCONFIG\Services: SystemUsageReportSvc_WILLAMETTE = & gt; 2
MSCONFIG\Services: tcsd_win32.exe = & gt; 2
MSCONFIG\Services: TdmService = & gt; 2
MSCONFIG\Services: TrueKey = & gt; 2
MSCONFIG\Services: TrueKeyScheduler = & gt; 2
MSCONFIG\Services: TrueKeyServiceHelper = & gt; 3
MSCONFIG\Services: UNS = & gt; 2
MSCONFIG\Services: USER_ESRV_SVC_WILLAMETTE = & gt; 3
MSCONFIG\Services: Wave Authentication Manager Service = & gt; 2
MSCONFIG\Services: WvPCR = & gt; 2
MSCONFIG\Services: ZeroConfigService = & gt; 2
MSCONFIG\startupreg: Apoint = & gt; C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: BlueStacks Agent = & gt; C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite Automount = & gt; " C:\Program Files\DAEMON Tools Lite\DTAgent.exe " -autorun
MSCONFIG\startupreg: DellAccessSystray = & gt; C:\Program Files\Dell\Dell Data Protection\Access\DellAccessSysTray.exe wbfupgrade
MSCONFIG\startupreg: nwiz = & gt; " C:\Program Files\NVIDIA Corporation\nview\nwiz.exe " /installquiet
MSCONFIG\startupreg: SunJavaUpdateSched = & gt; " C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
MSCONFIG\startupreg: TdmNotify = & gt; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
MSCONFIG\startupreg: uTorrent = & gt; " C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe " /MINIMIZED

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [SPPSVC-In-TCP] = & gt; %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] = & gt; %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{121B8A21-6D76-4B0F-8590-635B8604A31C}] = & gt; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B9938534-287F-4133-A97F-8B0268FDE090}] = & gt; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{90D2B75C-ACE6-42E2-80D8-E6B86FB1FFA0}] = & gt; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FC724F21-2C4E-40CD-9FC2-D5867B854CB2}] = & gt; C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{579A7685-AF11-4AB4-855E-0BDA3B590547}] = & gt; C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{11372393-F399-4A4A-8718-97CDD9BCC095}] = & gt; LPort=3935
FirewallRules: [TCP Query User{47E81D7E-4416-43ED-B87E-F95E048467D0}C:\.nicemc\java\bin\javaw.exe] = & gt; C:\.nicemc\java\bin\javaw.exe
FirewallRules: [UDP Query User{9593B5E0-B390-4962-937C-3598430AA958}C:\.nicemc\java\bin\javaw.exe] = & gt; C:\.nicemc\java\bin\javaw.exe
FirewallRules: [TCP Query User{35FEE71F-E126-43B1-8BAD-6A356A78B18B}C:\.nicemc\java\bin\java.exe] = & gt; C:\.nicemc\java\bin\java.exe
FirewallRules: [UDP Query User{8DBE823C-B6EF-4424-A425-40D922A3905A}C:\.nicemc\java\bin\java.exe] = & gt; C:\.nicemc\java\bin\java.exe
FirewallRules: [TCP Query User{582391E7-380E-40A7-AE17-84EEA4706429}C:\games\counter-strike 1.6 csgo\hl.exe] = & gt; C:\games\counter-strike 1.6 csgo\hl.exe
FirewallRules: [UDP Query User{2DD26065-847C-4D78-BF41-77EE80E38CE8}C:\games\counter-strike 1.6 csgo\hl.exe] = & gt; C:\games\counter-strike 1.6 csgo\hl.exe
FirewallRules: [TCP Query User{09FC1263-D778-4FA6-9C5E-392B5D3DC00A}C:\games\counter-strike 1.6 asiimov\hl.exe] = & gt; C:\games\counter-strike 1.6 asiimov\hl.exe
FirewallRules: [UDP Query User{BFFE327B-FD2B-4DF1-86A8-4EF1FE8B02C6}C:\games\counter-strike 1.6 asiimov\hl.exe] = & gt; C:\games\counter-strike 1.6 asiimov\hl.exe
FirewallRules: [TCP Query User{A0820BB6-92A1-4580-8964-36F10E6EE0EF}C:\games\counter-strike 1.6 asiimov\hl.exe] = & gt; C:\games\counter-strike 1.6 asiimov\hl.exe
FirewallRules: [UDP Query User{51EBBBF5-1229-4196-8771-9C8C5107571D}C:\games\counter-strike 1.6 asiimov\hl.exe] = & gt; C:\games\counter-strike 1.6 asiimov\hl.exe
FirewallRules: [TCP Query User{2CA92219-5E6B-4FAA-BB74-0A42EFDF5285}C:\.nicemc\java\bin\javaw.exe] = & gt; C:\.nicemc\java\bin\javaw.exe
FirewallRules: [UDP Query User{3767EC0B-190C-4731-AEF0-EDC21F7D9FD4}C:\.nicemc\java\bin\javaw.exe] = & gt; C:\.nicemc\java\bin\javaw.exe
FirewallRules: [TCP Query User{D0FF25CE-B36A-46F4-B356-6AE9DBB3A076}C:\.nicemc\java\bin\java.exe] = & gt; C:\.nicemc\java\bin\java.exe
FirewallRules: [UDP Query User{90FD1EC6-6B3A-4C67-A9AB-2B1BCF10E180}C:\.nicemc\java\bin\java.exe] = & gt; C:\.nicemc\java\bin\java.exe
FirewallRules: [TCP Query User{6E083AA1-BB8A-4D83-A670-024FB7662126}C:\games\counter-strike\hl.exe] = & gt; C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{47176B5B-A795-4E35-9A1F-BD82D0564537}C:\games\counter-strike\hl.exe] = & gt; C:\games\counter-strike\hl.exe
FirewallRules: [{C617B059-66E9-4033-8D1F-E1A28FAC4A7E}] = & gt; C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5ED8F4B1-3F0A-4FE1-ABD2-E8F02F092D2C}] = & gt; C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{534C7923-ED6C-418D-8352-B05B3B99CF42}] = & gt; C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{514D24EC-EE56-41C8-A377-0F7369828999}] = & gt; C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9D8384A2-9A9E-4D8F-B0BD-26D607F64702}] = & gt; C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{337FD51D-E253-4D9C-9FDA-ACEABDE3C35E}] = & gt; C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B3DD3E08-48A8-43B7-9021-685C9E2CFF9E}] = & gt; C:\Users\user\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{D9D74688-9963-4BC5-9473-BA820EF698CF}] = & gt; C:\Users\user\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{47ACAD20-5730-4F91-9EC1-1E694C634F3C}] = & gt; C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{377F424C-FEC7-4A8F-A3A9-D656A58C6E3D}] = & gt; C:\Users\user\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{CBCDC9D0-2434-483A-BA85-B1A48ACBA0A2}] = & gt; C:\Windows\system32\hasplms.exe
FirewallRules: [{ABCE99FB-B59C-48D5-A72F-84C2755A7E19}] = & gt; C:\WNC\home\xnc\bin\..\..\xming\xming.exe
FirewallRules: [{3089B380-9EF3-4E5B-A419-5267D8038A8E}] = & gt; C:\WNC\home\xnc\bin\sdmremotedriver.exe
FirewallRules: [{0998A38C-6294-4EA8-A07D-76FE64059640}] = & gt; C:\WNC\home\xnc\bin\xwinquote.exe
FirewallRules: [{EDB78915-FF21-4442-BDED-5ED9DF68389F}] = & gt; C:\WNC\home\xnc\bin\rtdb.exe
FirewallRules: [{74D56D73-F110-4D58-A813-C3CC346B683C}] = & gt; C:\WNC\home\xnc\bin\sockserv.exe
FirewallRules: [{358B3E15-709D-49DB-87E2-D6AFC7A0B7E8}] = & gt; C:\WNC\home\xnc\bin\datimaccnc1000.exe
FirewallRules: [{49E0F0B4-7EBA-4572-AE2C-91A9328AE5DD}] = & gt; C:\WNC\home\xnc\bin\qplc.exe
FirewallRules: [{70E62501-9254-4A59-821B-36925FE59273}] = & gt; C:\WNC\home\xnc\bin\..\..\edit_plc\edit_plc.exe

==================== Punkty Przywracania systemu =========================

25-12-2016 09:48:39 UE4 Prerequisites (x64)
25-12-2016 09:49:11 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
25-12-2016 09:49:46 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
25-12-2016 09:50:24 Zainstalowany program DirectX
10-01-2017 11:18:03 bSolid
10-01-2017 11:24:21 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
10-01-2017 11:24:59 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
10-01-2017 11:52:19 bSolid
14-01-2017 16:48:18 Установлено: OpenOffice 4.1.3
20-01-2017 08:22:46 Removed BlueStacks Notification Center
20-01-2017 08:26:12 Removed Sentinel System Driver Installer 7.5.8
20-01-2017 08:29:46 Usunięte ST Microelectronics 3 Axis Digital Accelerometer Soluti࢓

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click " Update Driver " , which starts the Hardware Update wizard.

Name: Sentinel64
Description: Sentinel64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Sentinel64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (01/20/2017 08:32:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: wmiprvse.exe, wersja: 6.1.7601.17514, sygnatura czasowa: 0x4ce79d42
Nazwa modułu powodującego błąd: TdmWmiProvider.dll, wersja: 5.0.2.24, sygnatura czasowa: 0x513671b8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x000000000001ad88
Identyfikator procesu powodującego błąd: 0xb84
Godzina uruchomienia aplikacji powodującej błąd: 0x01d272ef5fdfb539
Ścieżka aplikacji powodującej błąd: C:\Windows\system32\wbem\wmiprvse.exe
Ścieżka modułu powodującego błąd: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Identyfikator raportu: a07aadbe-dee2-11e6-b06c-642737833831

Error: (01/20/2017 08:32:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 08:27:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: wmiprvse.exe, wersja: 6.1.7601.17514, sygnatura czasowa: 0x4ce79d42
Nazwa modułu powodującego błąd: TdmWmiProvider.dll, wersja: 5.0.2.24, sygnatura czasowa: 0x513671b8
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x000000000001ad88
Identyfikator procesu powodującego błąd: 0x6a4
Godzina uruchomienia aplikacji powodującej błąd: 0x01d272eea8af8752
Ścieżka aplikacji powodującej błąd: C:\Windows\system32\wbem\wmiprvse.exe
Ścieżka modułu powodującego błąd: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Identyfikator raportu: ed12c348-dee1-11e6-bd1a-642737833831

Error: (01/20/2017 08:27:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 08:16:23 AM) (Source: Wave Platform Security) (EventID: 1008) (User: )
Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM

Error: (01/20/2017 08:15:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 08:10:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: mrupdsrv.exe, wersja: 3.3.0.7, sygnatura czasowa: 0x574d7b51
Nazwa modułu powodującego błąd: mrupdsrv.exe, wersja: 3.3.0.7, sygnatura czasowa: 0x574d7b51
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x000b0219
Identyfikator procesu powodującego błąd: 0x355c
Godzina uruchomienia aplikacji powodującej błąd: 0x01d272ec48839e45
Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
Identyfikator raportu: 8e53ff76-dedf-11e6-8a47-642737833831

Error: (01/16/2017 07:31:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: OPERA_~1.EXE, wersja: 0.0.0.0, sygnatura czasowa: 0x2a425e19
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18409, sygnatura czasowa: 0x53159a86
Kod wyjątku: 0x80004005
Przesunięcie błędu: 0x0000c42d
Identyfikator procesu powodującego błąd: 0xd28
Godzina uruchomienia aplikacji powodującej błąd: 0x01d2700b71aa5edf
Ścieżka aplikacji powodującej błąd: C:\Users\user\AppData\Roaming\OPERA_~1\OPERA_~1.EXE
Ścieżka modułu powodującego błąd: C:\Windows\syswow64\KERNELBASE.dll
Identyfikator raportu: fbd91e97-dc19-11e6-8a47-642737833831

Error: (01/16/2017 03:57:22 PM) (Source: Wave Platform Security) (EventID: 1008) (User: )
Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM

Error: (01/16/2017 03:57:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Dziennik System:
=============
Error: (01/20/2017 08:32:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Service Installer TrueKey z powodu następującego błędu:
Nie można odnaleźć określonego pliku.

Error: (01/20/2017 08:32:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Sentinel64 z powodu następującego błędu:
Nie można odnaleźć urządzenia.

Error: (01/20/2017 08:27:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Service Installer TrueKey z powodu następującego błędu:
Nie można odnaleźć określonego pliku.

Error: (01/20/2017 08:27:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Sentinel64 z powodu następującego błędu:
Nie można odnaleźć urządzenia.

Error: (01/20/2017 08:18:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Service Installer TrueKey z powodu następującego błędu:
Nie można odnaleźć określonego pliku.

Error: (01/20/2017 08:18:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Harmonogram zadań zależy od usługi Dziennik zdarzeń systemu Windows, której nie można uruchomić z powodu następującego błędu:
Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia.

Error: (01/20/2017 08:16:10 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Program przydzielania DHCP sam wyłączył się dla adresu IP 192.168.0.116, gdyż adres ten jest spoza zakresu 192.168.137.0/255.255.255.0, z którego są przydzielane adresy klientom DHCP. Aby włączyć program przydzielania DHCP dla tego adresu IP, zmień zakres, tak aby zawierał adres IP, albo zmień adres IP, tak aby mieścił się w zakresie.

Error: (01/20/2017 08:16:02 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Program przydzielania DHCP sam wyłączył się dla adresu IP 169.254.149.107, gdyż adres ten jest spoza zakresu 192.168.137.0/255.255.255.0, z którego są przydzielane adresy klientom DHCP. Aby włączyć program przydzielania DHCP dla tego adresu IP, zmień zakres, tak aby zawierał adres IP, albo zmień adres IP, tak aby mieścił się w zakresie.

Error: (01/20/2017 08:16:02 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: Usługa ICS_IPV6 nie mogła skonfigurować stosu IPv6.

Error: (01/20/2017 08:15:59 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: Agent proxy DNS nie może przydzielić 0 bajtów pamięci. Może to wskazywać, że w systemie brakuje pamięci wirtualnej lub że menedżer pamięci napotkał błąd wewnętrzny.

CodeIntegrity:
===================================
Date: 2016-11-13 17:44:08.023
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-13 17:44:08.008
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-13 17:32:16.245
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-13 17:32:16.229
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-13 15:05:27.857
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-13 15:05:27.641
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Statystyki pamięci ===========================

Procesor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Procent pamięci w użyciu: 14%
Całkowita pamięć fizyczna: 8148.94 MB
Dostępna pamięć fizyczna: 6950.77 MB
Całkowita pamięć wirtualna: 16296.05 MB
Dostępna pamięć wirtualna: 15080.7 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:141.91 GB) NTFS
Drive e: () (Removable) (Total:0.95 GB) (Free:0.38 GB) FAT

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 1C59BA2C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 971 MB) (Disk ID: 01BADB59)
Partition 1: (Active) - (Size=971 MB) - (Type=06)

==================== Koniec Addition.txt ============================

skany.zip > FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by FRONT1 (administrator) on KLAUDIA-PC (20-01-2017 09:24:29)
Running from E:\SKANY
Loaded Profiles: FRONT1 (Available Profiles: FRONT1)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CCE] = & gt; " E:\cleaner\CCE\CCE.exe " -showlog
HKLM-x32\...\Run: [] = & gt; [X]
HKLM-x32\...\Run: [AvgUi] = & gt; C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] = & gt; C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-920763586-2192554144-4087753356-1000\...\Run: [CCleaner Monitoring] = & gt; C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-920763586-2192554144-4087753356-1000\...\Run: [OfficeSyncProcess] = & gt; C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] = & gt; C:\Windows\System32\SPReview\SPReview.exe [301568 2016-10-15] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{03960341-7E00-4BAE-94E3-624D80396AF7}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:
==================
HKU\S-1-5-21-920763586-2192554144-4087753356-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-13] (Oracle Corporation)
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-13] (Oracle Corporation)
BHO-x32: True Key Helper - & gt; {0F4B8786-5502-4803-8EBC-F652A1153BB6} - & gt; C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
Toolbar: HKU\S-1-5-21-920763586-2192554144-4087753356-1000 - & gt; No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 - & gt; C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 - & gt; C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - & gt; disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\FRONT1\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Extension: (Prezentacje Google) - C:\Users\FRONT1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-13]
CHR Extension: (Dokumenty Google) - C:\Users\FRONT1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-13]
CHR Extension: (Dysk Google) - C:\Users\FRONT1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-13]
CHR Extension: (YouTube) - C:\Users\FRONT1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-13]
CHR Extension: (Adobe Acrobat) - C:\Users\FRONT1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-17]
CHR Extension: (Arkusze Google) - C:\Users\FRONT1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\FRONT1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-13]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\FRONT1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\FRONT1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-13]
CHR Extension: (Chrome Media Router) - C:\Users\FRONT1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2017-01-05] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.)
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [6693456 2016-10-31] (RealVNC Ltd)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3741960 2015-06-19] (Realtek Semiconductor Corporation )
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 09:24 - 2017-01-20 09:24 - 00000000 ____D C:\FRST
2017-01-20 09:21 - 2017-01-20 09:22 - 00000000 ____D C:\AdwCleaner
2017-01-20 07:01 - 2017-01-20 07:01 - 00002963 _____ C:\Users\FRONT1\Desktop\HiJackThis.lnk
2017-01-20 07:01 - 2017-01-20 07:01 - 00000000 ____D C:\Users\FRONT1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2017-01-20 07:01 - 2017-01-20 07:01 - 00000000 ____D C:\hijackthis
2017-01-20 07:00 - 2017-01-20 07:00 - 00000000 ____D C:\Windows\system32\appmgmt
2017-01-19 13:53 - 2017-01-19 13:53 - 00070067 _____ C:\Users\FRONT1\Downloads\label - REKLAMACJA (2).pdf
2017-01-19 11:53 - 2017-01-19 11:53 - 00069357 _____ C:\Users\FRONT1\Downloads\label Krzysztof Zdrojowy.pdf
2017-01-19 11:43 - 2017-01-19 11:43 - 00594546 _____ C:\Users\FRONT1\Desktop\pari 3.pdf
2017-01-19 08:20 - 2017-01-19 08:20 - 02239466 _____ C:\Users\FRONT1\Desktop\martyna.pdf
2017-01-18 14:24 - 2017-01-18 14:24 - 00105383 _____ C:\Users\FRONT1\Downloads\label (7).pdf
2017-01-18 12:10 - 2017-01-18 12:10 - 00020157 _____ C:\Users\FRONT1\Desktop\3.odt
2017-01-18 12:09 - 2017-01-18 12:09 - 00020207 _____ C:\Users\FRONT1\Desktop\2.odt
2017-01-18 11:42 - 2017-01-18 11:57 - 01033478 _____ C:\Users\FRONT1\Downloads\Umowa o pracę Bukowska.gofin
2017-01-18 11:16 - 2017-01-18 11:16 - 00344064 _____ C:\Users\FRONT1\Documents\Database1.accdb
2017-01-18 08:06 - 2017-01-18 08:06 - 00069042 _____ C:\Users\FRONT1\Downloads\label GÓRECKA.pdf
2017-01-18 08:01 - 2017-01-18 08:01 - 00060960 _____ C:\Users\FRONT1\Downloads\protocol GÓRECKA (1).pdf
2017-01-17 11:15 - 2017-01-17 11:15 - 00070067 _____ C:\Users\FRONT1\Downloads\label - REKLAMACJA (1).pdf
2017-01-17 11:14 - 2017-01-17 11:14 - 00074760 _____ C:\Users\FRONT1\Downloads\magdalena górecka.pdf
2017-01-17 11:13 - 2017-01-17 11:13 - 00060511 _____ C:\Users\FRONT1\Downloads\protocol górecka.pdf
2017-01-17 10:16 - 2017-01-17 10:16 - 00070067 _____ C:\Users\FRONT1\Downloads\label - REKLAMACJA.pdf
2017-01-17 09:30 - 2017-01-17 09:30 - 00207534 _____ C:\Users\FRONT1\Downloads\520000013260454009352265.pdf
2017-01-17 09:28 - 2017-01-17 09:29 - 00069357 _____ C:\Users\FRONT1\Downloads\Michał Ikaniewicz.pdf
2017-01-17 09:24 - 2017-01-17 09:24 - 00086040 _____ C:\Users\FRONT1\Downloads\label (6).pdf
2017-01-16 14:01 - 2017-01-16 14:01 - 00018491 _____ C:\Users\FRONT1\Desktop\REKLAMACJE FRONT (4).xlsx
2017-01-16 13:57 - 2017-01-16 13:57 - 00018475 _____ C:\Users\FRONT1\Downloads\REKLAMACJE FRONT (4).xlsx
2017-01-16 11:50 - 2017-01-16 11:51 - 00034346 _____ C:\Users\FRONT1\Documents\cc_20170116_115052.reg
2017-01-16 09:26 - 2017-01-18 08:18 - 00015260 _____ C:\Users\FRONT1\Desktop\URLOPY1 - Kopia.xlsx
2017-01-16 08:37 - 2017-01-16 08:37 - 00139819 _____ C:\Users\FRONT1\Downloads\WydrukZbiorczyA4_2017-01-16.pdf
2017-01-13 12:03 - 2017-01-13 12:03 - 00060928 _____ C:\Users\FRONT1\Downloads\urlopy (1).xls
2017-01-13 12:00 - 2017-01-13 12:00 - 00060928 _____ C:\Users\FRONT1\Downloads\urlopy.xls
2017-01-13 06:56 - 2017-01-13 06:56 - 00222882 _____ C:\Users\FRONT1\Downloads\WydrukZbiorczyA4_2017-01-12 (1).pdf
2017-01-12 13:57 - 2017-01-12 13:57 - 03699955 _____ C:\Users\FRONT1\Downloads\regulaminy od styczeń 2017.zip
2017-01-12 13:56 - 2017-01-12 13:56 - 00878054 _____ C:\Users\FRONT1\Downloads\e-commerce-polecony-inpost ulotka (2).pdf
2017-01-12 13:27 - 2017-01-12 13:27 - 00048294 _____ C:\Users\FRONT1\Downloads\Wydruk (14).pdf
2017-01-12 10:15 - 2017-01-12 10:15 - 00000165 ____H C:\Users\FRONT1\Desktop\~$płaca.xlsx
2017-01-12 09:53 - 2017-01-20 09:21 - 00114452 _____ C:\Users\FRONT1\Desktop\płaca.xlsx
2017-01-12 09:04 - 2017-01-12 09:04 - 00070038 _____ C:\Users\FRONT1\Downloads\etykiety_20161230_135922 (2).pdf
2017-01-12 08:53 - 2017-01-12 08:53 - 00070068 _____ C:\Users\FRONT1\Downloads\etykiety_20170104_112307 (3).pdf
2017-01-12 08:46 - 2017-01-12 08:46 - 00075050 _____ C:\Users\FRONT1\Downloads\etykiety_20161229_110019 (5).pdf
2017-01-12 08:43 - 2017-01-12 08:43 - 00070043 _____ C:\Users\FRONT1\Downloads\etykiety_20170109_131848 (1).pdf
2017-01-12 08:42 - 2017-01-12 08:42 - 00075050 _____ C:\Users\FRONT1\Downloads\etykiety_20161229_110019 (4).pdf
2017-01-12 08:42 - 2017-01-12 08:42 - 00070068 _____ C:\Users\FRONT1\Downloads\etykiety_20170104_112307 (2).pdf
2017-01-11 14:16 - 2017-01-11 14:16 - 00070068 _____ C:\Users\FRONT1\Downloads\etykiety_20170104_112307 (1).pdf
2017-01-11 14:15 - 2017-01-11 14:15 - 00075050 _____ C:\Users\FRONT1\Downloads\etykiety_20161229_110019 (3).pdf
2017-01-11 12:06 - 2017-01-05 19:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 12:06 - 2017-01-05 19:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 12:06 - 2017-01-05 19:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 12:06 - 2017-01-05 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 12:06 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-11 12:06 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 12:06 - 2017-01-05 18:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 12:06 - 2017-01-05 18:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 12:06 - 2017-01-05 18:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 12:06 - 2017-01-05 18:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 12:06 - 2017-01-05 18:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 12:06 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 12:06 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-11 11:46 - 2017-01-11 11:46 - 00185914 _____ C:\Users\FRONT1\Downloads\label (5).pdf
2017-01-11 11:44 - 2017-01-11 11:44 - 00161896 _____ C:\Users\FRONT1\Downloads\label (4).pdf
2017-01-11 11:44 - 2017-01-11 11:44 - 00070255 _____ C:\Users\FRONT1\Downloads\protocol (2).pdf
2017-01-11 11:43 - 2017-01-11 11:43 - 00099494 _____ C:\Users\FRONT1\Downloads\lista_wysylkowa (1).pdf
2017-01-11 11:34 - 2017-01-11 11:34 - 00103429 _____ C:\Users\FRONT1\Downloads\lista_wysylkowa.pdf
2017-01-11 07:20 - 2017-01-11 07:20 - 00068774 _____ C:\Users\FRONT1\Downloads\list - dpd Marta Włodarczyk (1).pdf
2017-01-11 07:18 - 2017-01-11 07:18 - 00068774 _____ C:\Users\FRONT1\Downloads\list - dpd Marta Włodarczyk.pdf
2017-01-11 07:09 - 2017-01-11 07:09 - 00070043 _____ C:\Users\FRONT1\Downloads\etykiety_20170109_131848.pdf
2017-01-10 18:32 - 2017-01-10 18:32 - 00017328 _____ C:\Users\FRONT1\Desktop\Środki trwałe.odt
2017-01-10 18:32 - 2017-01-10 18:32 - 00015912 _____ C:\Users\FRONT1\Desktop\wpłaty leasingów.odt
2017-01-10 18:29 - 2017-01-10 18:32 - 00015095 _____ C:\Users\FRONT1\Downloads\zestawienie edytowalne.xlsx
2017-01-10 16:29 - 2017-01-10 16:29 - 00021572 _____ C:\Users\FRONT1\Downloads\zestawienie edytowalne (2).pdf
2017-01-10 16:28 - 2017-01-10 16:28 - 00021572 _____ C:\Users\FRONT1\Downloads\zestawienie edytowalne (1).pdf
2017-01-10 16:27 - 2017-01-10 16:27 - 00021572 _____ C:\Users\FRONT1\Downloads\zestawienie edytowalne.pdf
2017-01-10 13:08 - 2017-01-10 13:08 - 00000165 ____H C:\Users\FRONT1\Desktop\~$URLOPY1.xlsx
2017-01-09 15:46 - 2017-01-09 15:46 - 00016777 _____ C:\Users\FRONT1\Downloads\KOSZTY STAŁE.xlsx
2017-01-09 09:03 - 2017-01-09 15:28 - 00000165 ____H C:\Users\FRONT1\Desktop\~$NR.xlsx
2017-01-09 07:50 - 2017-01-09 07:50 - 00108371 _____ C:\Users\FRONT1\Downloads\MALMO II LABEL IMAGE.pdf
2017-01-09 07:46 - 2017-01-09 07:46 - 00200112 _____ C:\Users\FRONT1\Downloads\Etykieta Portugalia Malmo II.pdf
2017-01-05 14:48 - 2017-01-05 14:48 - 00075050 _____ C:\Users\FRONT1\Downloads\etykiety_20161229_110019 (2).pdf
2017-01-05 14:40 - 2017-01-05 14:40 - 00070068 _____ C:\Users\FRONT1\Downloads\etykiety_20170104_112307.pdf
2017-01-05 07:02 - 2017-01-05 07:02 - 00071035 _____ C:\Users\FRONT1\Downloads\Andrzej Rydwelski.pdf
2017-01-04 11:43 - 2017-01-04 11:43 - 00069930 _____ C:\Users\FRONT1\Downloads\Weronika Wakuła (1).pdf
2017-01-04 11:42 - 2017-01-04 11:42 - 00068240 _____ C:\Users\FRONT1\Downloads\Anna Pazdziorko (1).pdf
2017-01-04 11:41 - 2017-01-04 11:41 - 00068240 _____ C:\Users\FRONT1\Downloads\Anna Pazdziorko.pdf
2017-01-04 11:38 - 2017-01-04 11:38 - 00069930 _____ C:\Users\FRONT1\Downloads\Weronika Wakuła.pdf
2017-01-04 10:31 - 2017-01-04 10:31 - 00214601 _____ C:\Users\FRONT1\Downloads\Etykieta do elementóW Pari4.pdf
2017-01-04 10:01 - 2017-01-20 08:58 - 00000000 ____D C:\Users\FRONT1\Desktop\płacaaaa
2017-01-04 09:37 - 2017-01-04 09:37 - 00070070 _____ C:\Users\FRONT1\Downloads\Mateusz Karzel.pdf
2017-01-04 08:58 - 2017-01-04 08:58 - 00133867 _____ C:\Users\FRONT1\Downloads\520000015316300002703900.pdf
2017-01-04 08:45 - 2017-01-04 08:45 - 00129552 _____ C:\Users\FRONT1\Downloads\520000013262035009076503 (4).pdf
2017-01-04 08:44 - 2017-01-04 08:44 - 00129552 _____ C:\Users\FRONT1\Downloads\520000013262035009076503 (3).pdf
2017-01-04 08:44 - 2017-01-04 08:44 - 00129552 _____ C:\Users\FRONT1\Downloads\520000013262035009076503 (2).pdf
2017-01-04 08:43 - 2017-01-04 08:43 - 00129552 _____ C:\Users\FRONT1\Downloads\520000013262035009076503 (1).pdf
2017-01-04 08:42 - 2017-01-04 08:42 - 00129552 _____ C:\Users\FRONT1\Downloads\520000013262035009076503.pdf
2017-01-04 08:18 - 2017-01-04 08:18 - 00070038 _____ C:\Users\FRONT1\Downloads\etykiety_20161230_135922 (1).pdf
2017-01-04 08:16 - 2017-01-04 08:16 - 00075050 _____ C:\Users\FRONT1\Downloads\etykiety_20161229_110019 (1).pdf
2017-01-04 08:03 - 2017-01-04 08:03 - 00086040 _____ C:\Users\FRONT1\Downloads\label (3).pdf
2017-01-04 07:36 - 2017-01-04 07:36 - 00070049 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_113042 (4).pdf
2017-01-04 07:30 - 2017-01-04 07:30 - 00108698 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_104353 (4).pdf
2017-01-02 14:15 - 2017-01-02 14:15 - 00048294 _____ C:\Users\FRONT1\Downloads\Wydruk (13).pdf
2017-01-02 14:06 - 2017-01-02 14:06 - 00050851 _____ C:\Users\FRONT1\Downloads\Wydruk (10).pdf
2017-01-02 14:06 - 2017-01-02 14:06 - 00050452 _____ C:\Users\FRONT1\Downloads\Wydruk (12).pdf
2017-01-02 14:06 - 2017-01-02 14:06 - 00050452 _____ C:\Users\FRONT1\Downloads\Wydruk (11).pdf
2017-01-02 14:05 - 2017-01-02 14:05 - 00051123 _____ C:\Users\FRONT1\Downloads\Wydruk (8).pdf
2017-01-02 14:05 - 2017-01-02 14:05 - 00050600 _____ C:\Users\FRONT1\Downloads\Wydruk (7).pdf
2017-01-02 14:05 - 2017-01-02 14:05 - 00049180 _____ C:\Users\FRONT1\Downloads\Wydruk (9).pdf
2017-01-02 14:04 - 2017-01-02 14:04 - 00051271 _____ C:\Users\FRONT1\Downloads\Wydruk (6).pdf
2017-01-02 14:04 - 2017-01-02 14:04 - 00050878 _____ C:\Users\FRONT1\Downloads\Wydruk (5).pdf
2017-01-02 14:03 - 2017-01-02 14:03 - 00051113 _____ C:\Users\FRONT1\Downloads\Wydruk (4).pdf
2017-01-02 14:02 - 2017-01-02 14:02 - 00050733 _____ C:\Users\FRONT1\Downloads\Wydruk (2).pdf
2017-01-02 14:02 - 2017-01-02 14:02 - 00050724 _____ C:\Users\FRONT1\Downloads\Wydruk (3).pdf
2017-01-02 13:30 - 2017-01-02 13:30 - 00050315 _____ C:\Users\FRONT1\Downloads\Wydruk.pdf
2017-01-02 13:30 - 2017-01-02 13:30 - 00050315 _____ C:\Users\FRONT1\Downloads\Wydruk (1).pdf
2017-01-02 12:32 - 2017-01-02 12:32 - 00143935 _____ C:\Users\FRONT1\Downloads\kwadrat 1.pdf
2017-01-02 12:17 - 2017-01-02 12:17 - 00040263 _____ C:\Users\FRONT1\Downloads\6946.pdf
2017-01-02 08:05 - 2017-01-02 08:05 - 00086040 _____ C:\Users\FRONT1\Downloads\label (2).pdf
2017-01-02 07:06 - 2017-01-02 07:06 - 00070042 _____ C:\Users\FRONT1\Downloads\etykiety_20161205_120707.pdf
2016-12-30 15:04 - 2016-12-30 15:04 - 00018385 _____ C:\Users\FRONT1\Downloads\REKLAMACJE FRONT (3).xlsx
2016-12-30 14:21 - 2016-12-30 14:21 - 00052721 _____ C:\Users\FRONT1\Downloads\Faktura_Vat_29977_naz_12_2016.pdf
2016-12-30 14:01 - 2016-12-30 14:01 - 00070038 _____ C:\Users\FRONT1\Downloads\etykiety_20161230_135922.pdf
2016-12-30 10:09 - 2016-12-30 10:09 - 07295807 _____ C:\Users\FRONT1\Downloads\KATALOG EDDA PL.pdf
2016-12-29 11:03 - 2016-12-29 11:04 - 00075050 _____ C:\Users\FRONT1\Downloads\etykiety_20161229_110019.pdf
2016-12-29 10:18 - 2016-12-29 10:18 - 00022381 _____ C:\Users\FRONT1\Downloads\FRONT29.pdf
2016-12-29 08:30 - 2016-12-29 08:30 - 00071714 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_152145 (4).pdf
2016-12-29 08:29 - 2016-12-29 08:29 - 00070049 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_113042 (3).pdf
2016-12-29 08:29 - 2016-12-29 08:29 - 00070047 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_110312 (4).pdf
2016-12-29 08:24 - 2016-12-29 08:24 - 00108698 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_104353 (3).pdf
2016-12-29 08:23 - 2016-12-29 08:24 - 00070047 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_110312 (3).pdf
2016-12-29 08:23 - 2016-12-29 08:23 - 00070049 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_113042 (2).pdf
2016-12-29 08:23 - 2016-12-29 08:23 - 00018279 _____ C:\Users\FRONT1\Downloads\fv54.pdf
2016-12-29 08:22 - 2016-12-29 08:22 - 00070029 _____ C:\Users\FRONT1\Downloads\etykiety_20161130_093553(1).pdf
2016-12-29 08:20 - 2016-12-29 08:20 - 00071714 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_152145 (3).pdf
2016-12-29 08:20 - 2016-12-29 08:20 - 00070049 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_113042 (1).pdf
2016-12-29 08:20 - 2016-12-29 08:20 - 00070047 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_110312 (2).pdf
2016-12-28 14:10 - 2016-12-28 14:10 - 00090645 _____ C:\Users\FRONT1\Downloads\label (1).pdf
2016-12-28 12:01 - 2016-12-28 12:01 - 00018262 _____ C:\Users\FRONT1\Downloads\REKLAMACJE FRONT (2).xlsx
2016-12-28 09:03 - 2016-12-28 09:03 - 00071714 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_152145 (2).pdf
2016-12-28 08:44 - 2016-12-28 08:45 - 01196512 _____ C:\Users\FRONT1\Downloads\CCF20161220.pdf
2016-12-27 12:32 - 2016-12-27 12:32 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-12-27 10:45 - 2016-12-27 10:45 - 00014398 _____ C:\Users\FRONT1\Downloads\opis firmy front SC.docx
2016-12-27 10:05 - 2016-12-27 10:05 - 00042390 _____ C:\Users\FRONT1\Downloads\fv 6400 (1).pdf
2016-12-27 10:03 - 2016-12-27 10:03 - 00044614 _____ C:\Users\FRONT1\Downloads\fv 6146.pdf
2016-12-27 10:02 - 2016-12-27 10:02 - 00042390 _____ C:\Users\FRONT1\Downloads\fv 6400.pdf
2016-12-23 07:17 - 2016-12-23 07:17 - 00108698 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_104353 (2).pdf
2016-12-23 07:16 - 2016-12-23 07:16 - 00099022 _____ C:\Users\FRONT1\Downloads\label.pdf
2016-12-22 10:51 - 2016-12-22 10:51 - 00018173 _____ C:\Users\FRONT1\Downloads\REKLAMACJE FRONT (1).xlsx
2016-12-22 10:11 - 2016-12-22 10:11 - 00044498 _____ C:\Users\FRONT1\Downloads\fv 6729.pdf
2016-12-22 09:49 - 2016-12-22 09:49 - 00074426 _____ C:\Users\FRONT1\Downloads\protocol (1).pdf
2016-12-22 07:52 - 2016-12-22 07:52 - 00092008 _____ C:\Users\FRONT1\Desktop\bc2ecebd39dd2b0b9a1c5520b5de59b97095add8_hq.jpg
2016-12-22 07:50 - 2016-12-22 07:50 - 00175692 _____ C:\Users\FRONT1\Desktop\60753963a0b5d6764956bffa903b64c4.jpg
2016-12-22 07:48 - 2016-12-22 07:48 - 00170402 _____ C:\Users\FRONT1\Desktop\maxresdefault.jpg
2016-12-22 07:46 - 2016-12-22 07:46 - 01275144 _____ C:\Users\FRONT1\Desktop\712825.jpg
2016-12-22 07:46 - 2016-12-22 07:46 - 00419670 _____ C:\Users\FRONT1\Desktop\1440x900-anime_tokyo_ghoul_simple_background_kaneki_ken-32155.png
2016-12-21 14:24 - 2016-12-21 14:24 - 00011744 _____ C:\Users\FRONT1\Downloads\MARTYNA.xlsx
2016-12-21 11:18 - 2016-12-21 11:18 - 01082276 _____ C:\Users\FRONT1\Downloads\Skierowanie na badania lekarskie karcz.gofin
2016-12-21 10:24 - 2017-01-13 17:39 - 00015316 _____ C:\Users\FRONT1\Desktop\URLOPY1.xlsx
2016-12-21 08:46 - 2016-12-21 08:46 - 00071714 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_152145 (1).pdf
2016-12-21 08:36 - 2017-01-04 08:56 - 00000000 ____D C:\Users\FRONT1\Desktop\skierowanka
2016-12-21 08:02 - 2016-12-21 08:02 - 00076412 _____ C:\Users\FRONT1\Downloads\protocol.pdf
2016-12-21 07:04 - 2016-12-21 07:04 - 00071714 _____ C:\Users\FRONT1\Downloads\etykiety_20161220_152145.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 09:24 - 2016-10-13 07:23 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-01-20 09:23 - 2016-11-05 13:15 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-01-20 09:23 - 2016-10-26 10:35 - 00000000 ____D C:\ProgramData\MFAData
2017-01-20 09:23 - 2016-10-13 07:37 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-20 09:23 - 2016-10-13 07:09 - 00000000 ____D C:\Program Files\TrueKey
2017-01-20 09:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-20 07:26 - 2016-12-19 11:20 - 00016931 _____ C:\Users\FRONT1\Desktop\NR.xlsx
2017-01-20 07:01 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-20 07:01 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-20 06:57 - 2016-10-13 07:35 - 00740082 _____ C:\Windows\system32\perfh015.dat
2017-01-20 06:57 - 2016-10-13 07:35 - 00155656 _____ C:\Windows\system32\perfc015.dat
2017-01-20 06:57 - 2009-07-14 06:13 - 01669190 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 06:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-20 06:56 - 2016-10-13 06:52 - 00000000 ____D C:\Users\FRONT1\AppData\Local\VirtualStore
2017-01-20 06:55 - 2016-10-13 07:37 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-19 11:21 - 2016-12-12 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-19 11:19 - 2016-12-12 13:56 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-01-18 11:23 - 2016-10-20 09:29 - 00000000 ____D C:\Users\FRONT1\Desktop\prezentacje
2017-01-16 12:49 - 2016-11-10 07:32 - 00000000 ____D C:\Users\FRONT1\Desktop\Druki
2017-01-16 09:03 - 2016-11-09 11:29 - 00057706 _____ C:\Users\FRONT1\Desktop\Tabele zatrudnienia 2016 FRONT S.C. (1).ods
2017-01-12 11:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-01-12 10:25 - 2016-11-28 09:20 - 00000000 ____D C:\Users\FRONT1\Desktop\meble
2017-01-12 08:47 - 2016-10-13 07:09 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 08:47 - 2016-10-13 07:09 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-11 15:05 - 2016-10-13 07:36 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 15:04 - 2016-10-13 07:36 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-11 12:55 - 2016-11-16 07:04 - 00000000 ____D C:\Users\FRONT1\Desktop\zarządzenia
2017-01-09 14:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-04 08:23 - 2016-10-21 07:49 - 00000000 ____D C:\BuchWIN
2016-12-28 14:46 - 2016-10-20 12:14 - 00000000 ____D C:\Users\FRONT1\Desktop\katalog
2016-12-28 11:23 - 2016-12-19 15:02 - 00000000 ____D C:\Users\FRONT1\AppData\Local\RealVNC
2016-12-27 12:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Drivers\UMDF

==================== Files in the root of some directories =======

2016-10-20 07:45 - 2016-10-20 07:45 - 0042088 _____ () C:\Users\FRONT1\AppData\Local\Bron.tok.A12.em.bin
2016-10-24 06:23 - 2016-10-24 09:30 - 0000635 _____ () C:\Users\FRONT1\AppData\Local\BronFoldNetDomList.txt
2016-10-20 07:45 - 2016-10-20 07:45 - 0000051 _____ () C:\Users\FRONT1\AppData\Local\Kosong.Bron.Tok.txt
2016-10-24 09:30 - 2016-10-24 09:30 - 0042088 _____ () C:\Users\FRONT1\AppData\Local\Update.12.Bron.Tok.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe = & gt; File is digitally signed
C:\Windows\system32\wininit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\wininit.exe = & gt; File is digitally signed
C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe = & gt; File is digitally signed
C:\Windows\system32\svchost.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe = & gt; File is digitally signed
C:\Windows\system32\services.exe = & gt; File is digitally signed
C:\Windows\system32\User32.dll = & gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll = & gt; File is digitally signed
C:\Windows\system32\userinit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe = & gt; File is digitally signed
C:\Windows\system32\rpcss.dll = & gt; File is digitally signed
C:\Windows\system32\dnsapi.dll = & gt; File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll = & gt; File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys = & gt; File is digitally signed

LastRegBack: 2017-01-13 08:39

==================== End of FRST.txt ============================

skany.zip > Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by FRONT1 (20-01-2017 09:24:50)
Running from E:\SKANY
Windows 7 Ultimate Service Pack 1 (X64) (2016-10-13 05:52:28)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-920763586-2192554144-4087753356-500 - Administrator - Disabled)
FRONT1 (S-1-5-21-920763586-2192554144-4087753356-1000 - Administrator - Enabled) = & gt; C:\Users\FRONT1
Guest (S-1-5-21-920763586-2192554144-4087753356-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with " Hidden " flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG (Version: 16.141.7998 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4749 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7998 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
DRUKI Gofin 3.0.54.0 (HKLM-x32\...\{21f7c79c-48a2-41c0-ac58-420c8d3440dd}) (Version: 3.0.54.0 - Wydawnictwo Podatkowe GOFIN sp. z o.o.)
DRUKI Gofin 3.0.54.0 (x32 Version: 3.0.54.0 - Wydawnictwo Podatkowe GOFIN sp. z o.o.) Hidden
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP LaserJet Pro M201-M202 (HKLM-x32\...\{e71f6d30-080d-43ef-87e0-1ac4d7f8adfa}) (Version: 12.0.14101.145 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
HPDXP (x32 Version: 3.0.26.14 - HP) Hidden
HPLJDXPHelper (x32 Version: 120.063.006 - HP) Hidden
HPLJProM201M202 (HKLM-x32\...\{F2C371CB-0B8B-4135-82AA-DA2147635412}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (x32 Version: 012.000.0001 - HP) Hidden
HPLJUTM201_202 (x32 Version: 012.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM201-M202LaserJetService (x32 Version: 001.034.00685 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 100.040.00218 - Hewlett Packard) Hidden
hpStatusAlertsM201-M202 (x32 Version: 120.046.00127 - Hewlett-Packard) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.12.108.1 - Intel Security)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LJDXPHelperUI (x32 Version: 120.063.006 - HP) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E0ED9630-38E3-418F-A615-A9B2B5758BE5}) (Version: 4.12.9782 - Apache Software Foundation)
TL-WN725N_WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
Trans 4.7.6.7071 (HKLM-x32\...\Trans_is1) (Version: 4.7.6.7071 - Logintrans sp. z o.o.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VNC Server 6.0.0 (HKLM\...\{55233098-158E-4500-B536-7FC644535F29}) (Version: 6.0.0.23442 - RealVNC Ltd)
VNC Viewer 6.0.0 (HKLM\...\{A55C0FBA-8B96-4C1C-B276-2E5328C57254}) (Version: 6.0.0.23442 - RealVNC Ltd)
WinRAR 5.40 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {51E007DD-A7C4-46B5-8D6D-9590C6597415} - System32\Tasks\CCleanerSkipUAC = & gt; C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {A6234B52-30E8-4A16-86C4-61BA741FC8C1} - System32\Tasks\McAfee Remediation (Prepare) = & gt; C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {ADC8D5FE-016F-42DC-AC24-6DC85E64F65E} - System32\Tasks\GoogleUpdateTaskMachineUA = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
Task: {B60566DF-AF4E-4089-B819-16892E6D3B08} - System32\Tasks\AutoKMS = & gt; C:\Windows\AutoKMS\AutoKMS.exe [2016-10-13] ()
Task: {BDB9E263-3D41-4C33-9A0C-93D74D7DF96E} - System32\Tasks\Adobe Acrobat Update Task = & gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {C35DC3CA-19C1-4D1D-9683-A6B290FA4250} - System32\Tasks\GoogleUpdateTaskMachineCore = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
Task: {E3A408AD-1AD9-45CD-B930-4210C7B61F4D} - System32\Tasks\AVG EUpdate Task = & gt; avgsetupx.exe
Task: {ED5AAF77-0495-43D5-A574-31097E2BC5E4} - System32\Tasks\HPLJCustParticipation = & gt; C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-01-06] (Hewlett Packard)
Task: {F6F83D8A-C4BD-45BD-91FE-1B48EC9998FB} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify = & gt; C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-12-12 13:56 - 2016-12-12 13:56 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The " AlternateShell " will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-10-13 07:10 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-920763586-2192554144-4087753356-1000\Control Panel\Desktop\\Wallpaper - & gt; C:\Users\FRONT1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System = & gt; (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: BCSSync = & gt; " C:\Program Files\Microsoft Office\Office14\BCSSync.exe " /DelayServices
MSCONFIG\startupreg: HP Software Update = & gt; C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: StatusAlerts = & gt; " C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe " /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: SunJavaUpdateSched = & gt; " C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{62A8C241-F462-410A-8D95-0DF078D3B0B5}] = & gt; C:\Program Files (x86)\HP\HP LaserJet Pro M201-M202\bin\EWSProxy.exe
FirewallRules: [{205AAF25-F46C-4425-9CF7-28B52B69E1E4}] = & gt; C:\Program Files (x86)\HP\HP LaserJet Pro M201-M202\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{373B1E2E-23D0-42D6-AD2F-70C315EE637C}] = & gt; C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D0E273E1-9A70-4D71-8E0B-246EE1F73680}] = & gt; C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{78F1ED2F-6DB3-479F-96FA-4379DFF4C752}] = & gt; C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{BAE1FC6A-9199-4181-AE1D-707ECDA54529}] = & gt; C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{38CFA18A-BB28-402D-BB82-9765264B07BE}] = & gt; C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{919D4563-399D-404A-8598-39987CECDFE3}] = & gt; C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{C8EF9C39-E9FE-4C7A-BFB8-1B3BB39CDB6B}] = & gt; C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{D0DB244F-270E-4AF4-ACA7-9ABD435BB2BF}] = & gt; C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{A41470A3-297C-437E-BB27-561C7211035B}] = & gt; C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{300866B1-3E90-43D5-96E3-70BE550351EE}] = & gt; C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{1B544BF7-0C7B-4BFF-9916-EE885B7CC30B}] = & gt; C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{5DB2EFAE-BC83-41A0-8D53-DB4E79090E9D}] = & gt; C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{99EA9AEC-C1A3-4228-A8C8-52BF006C9F4A}] = & gt; C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{B98C3DCC-C129-4C91-8E10-546A53E07355}] = & gt; C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{EDEB8749-5526-4334-8A14-72AFF7FD705D}] = & gt; C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

09-01-2017 07:46:08 Windows Update
11-01-2017 15:03:54 Windows Update
16-01-2017 11:47:54 Removed LogMeIn Hamachi
17-01-2017 07:01:12 Windows Update
20-01-2017 06:56:00 Installed HiJackThis
20-01-2017 07:00:30 Removed HiJackThis
20-01-2017 07:01:23 Installed HiJackThis

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2017 09:52:35 AM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft Publisher: Accepted Safe Mode action : Poprawne uruchomienie produktu Publisher ostatnim razem nie powiodło się. Uruchomienie produktu Publisher w trybie awaryjnym umożliwi poprawienie lub wyodrębnienie problemu związanego z uruchamianiem, w celu pomyślnego uruchomienia programu. Niektóre funkcje mogą być w tym trybie wyłączone.

Czy chcesz uruchomić produkt Publisher w trybie awaryjnym?.
Accepted Safe Mode action : Microsoft Publisher.

Error: (01/12/2017 07:11:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program MSPUB.EXE w wersji 14.0.4750.1000 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: d84

Godzina rozpoczęcia: 01d26c9aacdf651f

Godzina zakończenia: 0

Ścieżka aplikacji: C:\Program Files\Microsoft Office\Office14\MSPUB.EXE

Identyfikator raportu: f0ef686d-d88d-11e6-b1af-00199965e436

Error: (01/10/2017 04:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: AcroRd32.exe, wersja: 15.20.20042.8920, sygnatura czasowa: 0x5811d4c2
Nazwa modułu powodującego błąd: AcroRd32.dll, wersja: 15.20.20042.8920, sygnatura czasowa: 0x5811d4a0
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x003d4a16
Identyfikator procesu powodującego błąd: 0x1010
Godzina uruchomienia aplikacji powodującej błąd: 0x01d26b5643a60071
Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
Identyfikator raportu: 9c4d47eb-d749-11e6-b085-00199965e436

Error: (01/05/2017 12:01:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program BW5.EXE w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: e24

Godzina rozpoczęcia: 01d26729f345b99c

Godzina zakończenia: 0

Ścieżka aplikacji: C:\BuchWIN\BW5.EXE

Identyfikator raportu:

Error: (01/05/2017 09:01:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program BW5.EXE w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 1264

Godzina rozpoczęcia: 01d26724c6944e92

Godzina zakończenia: 0

Ścieżka aplikacji: C:\BuchWIN\BW5.EXE

Identyfikator raportu:

Error: (12/28/2016 11:23:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: vncserver.exe, wersja: 6.0.0.23442, sygnatura czasowa: 0x581724db
Nazwa modułu powodującego błąd: vncserver.exe, wersja: 6.0.0.23442, sygnatura czasowa: 0x581724db
Kod wyjątku: 0x40000015
Przesunięcie błędu: 0x0000000000014cec
Identyfikator procesu powodującego błąd: 0x8b4
Godzina uruchomienia aplikacji powodującej błąd: 0x01d260d259ff053a
Ścieżka aplikacji powodującej błąd: C:\Program Files\RealVNC\VNC Server\vncserver.exe
Ścieżka modułu powodującego błąd: C:\Program Files\RealVNC\VNC Server\vncserver.exe
Identyfikator raportu: aa26dff1-cce7-11e6-bebb-00199965e436

Error: (12/28/2016 11:19:49 AM) (Source: VNC Server) (EventID: 256) (User: )
Description: HostedRendezvous: Rendezvous lookup failed: Hosted Bootstrap error: Network failure: Error connecting: getaddrinfo: Żądana nazwa jest prawidłowa, ale dane żądanego typu nie zostały znalezione. (11004)

Error: (12/28/2016 09:19:42 AM) (Source: VNC Server) (EventID: 256) (User: )
Description: HostedRendezvous: Rendezvous lookup failed: Hosted Bootstrap error: Network failure: Error connecting: getaddrinfo: Żądana nazwa jest prawidłowa, ale dane żądanego typu nie zostały znalezione. (11004)

Error: (12/23/2016 01:45:36 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: HostedRendezvous: Rendezvous lookup failed: Hosted Bootstrap error: Network failure: Error connecting: getaddrinfo: Żądana nazwa jest prawidłowa, ale dane żądanego typu nie zostały znalezione. (11004)

Error: (12/23/2016 01:44:49 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: HostedRendezvous: Rendezvous lookup failed: Hosted Bootstrap error: Network failure: Error connecting: getaddrinfo: Żądana nazwa jest prawidłowa, ale dane żądanego typu nie zostały znalezione. (11004)

System errors:
=============
Error: (01/20/2017 09:23:46 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd:
Odmowa dostępu.
.

Error: (01/20/2017 09:23:44 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: Agent proxy DNS nie może przydzielić 0 bajtów pamięci. Może to wskazywać, że w systemie brakuje pamięci wirtualnej lub że menedżer pamięci napotkał błąd wewnętrzny.

Error: (01/20/2017 09:23:38 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd:
Odmowa dostępu.
.

Error: (01/20/2017 09:23:38 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.

Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll
Kod błędu: 126

Error: (01/20/2017 09:22:58 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd:
Odmowa dostępu.
.

Error: (01/20/2017 09:22:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Intel Security True Key niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service.

Error: (01/20/2017 09:22:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Interactive Services Detection niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (01/20/2017 09:22:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Media Player Network Sharing Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service.

Error: (01/20/2017 09:22:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Office Software Protection Platform niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (01/20/2017 09:22:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 34%
Total physical RAM: 3740.23 MB
Available physical RAM: 2466.06 MB
Total Virtual: 7478.64 MB
Available Virtual: 6205.35 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:106.13 GB) (Free:63.77 GB) NTFS == & gt; [drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:0.95 GB) (Free:0.38 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: DC10BB9A)
Partition 1: (Not Active) - (Size=5.7 GB) - (Type=27)
Partition 2: (Active) - (Size=106.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 971 MB) (Disk ID: 01BADB59)
Partition 1: (Active) - (Size=971 MB) - (Type=06)

==================== End of Addition.txt ============================

skany.zip > FRST.txt

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 18-01-2017
Uruchomiony przez user (administrator) DARIA-PC (20-01-2017 09:34:15)
Uruchomiony z E:\SKANY
Załadowane profile: user (Dostępne profile: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM-x32\...\Run: [HP Software Update] = & gt; C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] = & gt; [X]
HKLM-x32\...\Run: [StatusAlerts] = & gt; C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AvastUI.exe] = & gt; C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-22] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-472793631-3222835876-3111809641-1000\...\Policies\system: [DisableCMD] 0
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-11-22] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-10-10]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk - & gt; C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Hosts: 0x2320436F707972696768742028632920313939332D32303034204D6963726F736F667420436F72702E0D0A230D0A23204175746F47656E657261746564206279204D6963726F736F667420285229204D616C776172652050726F74656374696F6E20456E67696E652E0D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A3132372E302E302E31202020202020206C6F63616C686F73740D0A3A3A31202020202020202020202020206C6F63616C686F737400
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{0906F81E-9386-4277-A776-817B824FD024}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{C3DA8810-1EE0-4C04-BBBF-896AAD7FABF8}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - & gt; {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - & gt; C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: PDF Architect 4 Helper - & gt; {38279E1A-7019-40C1-B579-E99DFB3312E8} - & gt; C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)

FireFox:
========
FF DefaultProfile: nhyxpj7f.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nhyxpj7f.default [2017-01-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nhyxpj7f.default - & gt; Yahoo®
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nhyxpj7f.default - & gt; Yahoo®
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-11-22] [Brak podpisu cyfrowego]
FF Plugin: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 4 - & gt; C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Extension: (Prezentacje Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-24]
CHR Extension: (Dokumenty Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-24]
CHR Extension: (Dysk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-24]
CHR Extension: (Arkusze Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-25]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-24]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-22] (AVAST Software)
S4 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S4 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [Brak podpisu cyfrowego]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [Brak podpisu cyfrowego]
S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (Â© pdfforge GmbH.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [Brak podpisu cyfrowego]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-02-10] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-22] (AVAST Software)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3741960 2015-06-19] (Realtek Semiconductor Corporation )

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-20 09:34 - 2017-01-20 09:34 - 00000000 ____D C:\FRST
2017-01-20 09:31 - 2017-01-20 09:31 - 00000000 ____D C:\Windows\pss
2017-01-20 09:26 - 2017-01-20 09:28 - 00000000 ____D C:\AdwCleaner
2017-01-20 07:03 - 2017-01-20 07:03 - 00002953 _____ C:\Users\user\Desktop\HiJackThis.lnk
2017-01-20 07:03 - 2017-01-20 07:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2017-01-20 07:03 - 2017-01-20 07:03 - 00000000 ____D C:\hijackthis
2017-01-19 08:07 - 2017-01-19 08:07 - 00029394 _____ C:\Users\user\Desktop\Bez tytułu 3.odt
2017-01-19 08:07 - 2017-01-19 08:07 - 00000573 _____ C:\Users\user\Desktop\Bez tytułu 3.lnk
2017-01-16 09:02 - 2017-01-16 09:02 - 00928897 _____ C:\Users\user\Downloads\ot-imm2017.93.37098.1475.pdf
2017-01-16 09:00 - 2017-01-16 09:00 - 00953269 _____ C:\Users\user\Downloads\public_transport_tickets.pdf
2017-01-13 12:15 - 2017-01-13 12:15 - 00000490 _____ C:\Users\user\Desktop\ZEGAR.htm
2017-01-13 11:57 - 2017-01-13 12:00 - 36067443 _____ C:\Users\user\Downloads\cennik agata.odt
2017-01-13 11:43 - 2017-01-13 11:43 - 00049589 _____ C:\Users\user\Downloads\Wydruk (8).pdf
2017-01-13 08:57 - 2017-01-13 08:57 - 00042780 _____ C:\Users\user\Downloads\147.pdf
2017-01-12 16:15 - 2017-01-12 16:15 - 18456454 _____ (pdfforge GmbH ) C:\Users\user\Downloads\Niepotwierdzony 192946.crdownload
2017-01-12 13:14 - 2017-01-12 13:14 - 00048294 _____ C:\Users\user\Downloads\Wydruk (7).pdf
2017-01-12 12:54 - 2017-01-12 12:54 - 00051228 _____ C:\Users\user\Downloads\Wydruk (6).pdf
2017-01-12 10:24 - 2017-01-12 10:41 - 00010963 _____ C:\Users\user\Desktop\de.odt
2017-01-10 23:14 - 2017-01-05 19:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 23:14 - 2017-01-05 19:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 23:14 - 2017-01-05 19:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 23:14 - 2017-01-05 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 23:14 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 23:14 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 23:14 - 2017-01-05 18:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 23:14 - 2017-01-05 18:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 23:14 - 2017-01-05 18:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 23:14 - 2017-01-05 18:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 23:14 - 2017-01-05 18:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 23:14 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 23:14 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 15:05 - 2017-01-10 15:05 - 01457323 _____ C:\Users\user\Downloads\Cennik oferta.PDF
2017-01-10 14:58 - 2017-01-10 14:58 - 00012248 _____ C:\Users\user\Downloads\Kopia Elementy z reklamacji do dorobienia.xlsx
2017-01-10 14:57 - 2017-01-10 14:57 - 01263654 _____ C:\Users\user\Downloads\Front-Katalog2.pdf
2017-01-10 13:53 - 2017-01-10 13:53 - 00003428 _____ C:\Users\user\Downloads\smime.p7s
2017-01-10 09:47 - 2017-01-10 09:47 - 00008835 _____ C:\Users\user\Desktop\Nowy Arkusz programu Microsoft Excel.xlsx
2017-01-09 16:09 - 2017-01-09 16:09 - 00123700 _____ C:\Users\user\Downloads\Wydruk (5).pdf
2017-01-09 16:08 - 2017-01-09 16:08 - 00124090 _____ C:\Users\user\Downloads\Wydruk (4).pdf
2017-01-09 15:15 - 2017-01-09 15:15 - 00128669 _____ C:\Users\user\Downloads\Wydruk (2).pdf
2017-01-09 15:15 - 2017-01-09 15:15 - 00128342 _____ C:\Users\user\Downloads\Wydruk (3).pdf
2017-01-09 14:43 - 2017-01-09 14:43 - 00051228 _____ C:\Users\user\Downloads\Wydruk (1).pdf
2017-01-09 14:27 - 2017-01-09 14:27 - 00096985 _____ C:\Users\user\Downloads\_fv01411.pdf
2017-01-09 14:24 - 2017-01-09 14:24 - 00097119 _____ C:\Users\user\Downloads\_fv02991.pdf
2017-01-09 08:37 - 2017-01-09 08:37 - 00200112 _____ C:\Users\user\Downloads\Etykieta Portugalia Malmo II.pdf
2017-01-05 10:55 - 2017-01-05 10:55 - 00015817 _____ C:\Users\user\Downloads\Stół_obiadowy.zip
2017-01-05 10:55 - 2017-01-05 10:55 - 00000000 ____D C:\Users\user\AppData\Roaming\WinRAR
2016-12-28 09:45 - 2017-01-13 13:15 - 00000000 ____D C:\Users\user\Desktop\natti
2016-12-23 06:57 - 2016-12-23 06:57 - 00000000 ___SD C:\Windows\SysWOW64\Microsoft

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-20 09:33 - 2016-11-05 13:13 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-01-20 09:33 - 2016-10-10 07:05 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-01-20 09:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-20 09:32 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-20 09:32 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-20 09:28 - 2016-11-22 09:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Lavasoft
2017-01-20 09:28 - 2016-11-22 09:00 - 00000000 ____D C:\ProgramData\Lavasoft
2017-01-20 09:28 - 2016-11-22 09:00 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2017-01-20 08:41 - 2016-08-08 14:35 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-20 07:04 - 2011-04-12 14:21 - 00739694 _____ C:\Windows\system32\perfh015.dat
2017-01-20 07:04 - 2011-04-12 14:21 - 00155268 _____ C:\Windows\system32\perfc015.dat
2017-01-20 07:04 - 2009-07-14 06:13 - 01668226 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 07:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-20 07:03 - 2016-08-08 22:31 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2017-01-19 13:12 - 2016-10-27 14:34 - 00026624 _____ C:\Users\user\Desktop\FAKTURA PŁATNOŚCI.xlsx
2017-01-19 13:03 - 2016-10-26 10:49 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-01-18 13:56 - 2016-10-10 12:22 - 00000000 ____D C:\Users\user\AppData\Roaming\HpUpdate
2017-01-18 13:24 - 2016-11-17 07:25 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-01-13 07:03 - 2016-10-26 08:04 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-01-11 08:41 - 2016-12-14 09:41 - 19829336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-01-11 08:41 - 2016-08-08 14:35 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 08:41 - 2016-08-08 14:35 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 08:41 - 2016-08-08 14:35 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 08:41 - 2016-08-08 14:34 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-11 08:41 - 2016-08-08 14:34 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-11 03:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-01-09 13:36 - 2016-10-17 09:32 - 00000000 ____D C:\Users\user\Desktop\DOKUMENTY
2017-01-09 12:23 - 2016-11-22 08:22 - 00000000 ____D C:\Users\user\Desktop\RAPORTY
2017-01-05 16:09 - 2016-10-13 11:41 - 00000000 ____D C:\BuchWIN
2017-01-02 08:10 - 2016-10-20 06:31 - 00000000 ____D C:\Users\user\Desktop\Nowy folder
2016-12-21 07:02 - 2016-11-16 08:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-21 07:02 - 2016-08-08 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Pliki w katalogu głównym wybranych folderów =======

2016-10-20 07:47 - 2016-10-20 07:47 - 0042088 _____ () C:\Users\user\AppData\Local\Bron.tok.A12.em.bin
2016-10-21 07:56 - 2016-10-25 08:40 - 0000000 _____ () C:\Users\user\AppData\Local\BronFoldNetDomList.txt
2016-10-20 07:47 - 2016-10-20 07:47 - 0000051 _____ () C:\Users\user\AppData\Local\Kosong.Bron.Tok.txt
2016-10-20 07:42 - 2016-10-20 07:42 - 0042088 _____ () C:\Users\user\AppData\Local\ListHost12.txt
2016-10-25 08:49 - 2016-10-25 08:49 - 0042088 _____ () C:\Users\user\AppData\Local\Update.12.Bron.Tok.bin

Niektóre pliki w TEMP:
====================
C:\Users\user\AppData\Local\Temp\kcdegm39.dll

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo

LastRegBack: 2017-01-13 10:36

==================== Koniec FRST.txt ============================

skany.zip > Addition.txt

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 18-01-2017
Uruchomiony przez user (20-01-2017 09:34:59)
Uruchomiony z E:\SKANY
Windows 7 Professional Service Pack 1 (X64) (2016-08-08 21:31:33)
Tryb startu: Normal
==========================================================

==================== Konta użytkowników: =============================

Administrator (S-1-5-21-472793631-3222835876-3111809641-500 - Administrator - Disabled)
Gość (S-1-5-21-472793631-3222835876-3111809641-501 - Limited - Enabled)
user (S-1-5-21-472793631-3222835876-3111809641-1000 - Administrator - Enabled) = & gt; C:\Users\user

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą " Hidden " w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Archiwizator WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP LaserJet Pro M201-M202 (HKLM-x32\...\{e71f6d30-080d-43ef-87e0-1ac4d7f8adfa}) (Version: 12.0.14101.145 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
HPDXP (x32 Version: 3.0.26.14 - HP) Hidden
HPLJDXPHelper (x32 Version: 120.063.006 - HP) Hidden
HPLJProM201M202 (HKLM-x32\...\{F2C371CB-0B8B-4135-82AA-DA2147635412}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (x32 Version: 012.000.0001 - HP) Hidden
HPLJUTM201_202 (x32 Version: 012.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM201-M202LaserJetService (x32 Version: 001.034.00685 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 100.040.00218 - Hewlett Packard) Hidden
hpStatusAlertsM201-M202 (x32 Version: 120.046.00127 - Hewlett-Packard) Hidden
InsERT GT 1.43 (HKLM-x32\...\{7788C8A6-D456-42FB-ACB6-8D6D0315344B}) (Version: 1.43 - InsERT)
LJDXPHelperUI (x32 Version: 120.063.006 - HP) Hidden
Manager (x32 Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Command Line Utilities (HKLM\...\{D9F711D3-3C90-4D79-9292-47C90C722E2A}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 pl)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E0ED9630-38E3-418F-A615-A9B2B5758BE5}) (Version: 4.12.9782 - Apache Software Foundation)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.0 - pdfforge GmbH)
TL-WN725N_WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Companion (HKLM-x32\...\{6da4b945-9507-4319-a978-6dcd2d289323}) (Version: 2.3.1471.2857 - Lavasoft)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {1B079D2F-C2EC-422C-82A0-08D673500408} - System32\Tasks\HPLJCustParticipation = & gt; C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-01-06] (Hewlett Packard)
Task: {4EE60911-5D7F-402B-9E96-66EAC1AF33CF} - System32\Tasks\GoogleUpdateTaskMachineCore = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-24] (Google Inc.)
Task: {6B387041-3A1D-4EF1-88C3-5026366DF82C} - System32\Tasks\AutoKMS = & gt; C:\Windows\AutoKMS\AutoKMS.exe [2016-10-10] ()
Task: {8BC42B28-F207-4865-BB44-B0A8772A3167} - System32\Tasks\GoogleUpdateTaskMachineUA = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-24] (Google Inc.)
Task: {A34F92D5-ED02-4F7D-A9D1-962349C278FD} - System32\Tasks\AVG EUpdate Task = & gt; avgsetupx.exe
Task: {A5BDE174-7F71-4D85-87D7-00C5E909DE28} - System32\Tasks\AVAST Software\Avast settings backup = & gt; C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-11-22] (AVAST Software)
Task: {BD3686C0-EFAA-453C-800F-6FB1CB33513B} - System32\Tasks\avast! Emergency Update = & gt; C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-11-22] (AVAST Software)
Task: {E4A16462-B65D-4107-8563-EDEAD35A1B42} - System32\Tasks\Adobe Flash Player Updater = & gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job = & gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

==================== Załadowane moduły (filtrowane) ==============

2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-10-10 06:10 - 2015-03-20 15:23 - 02206208 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2016-11-22 08:58 - 2016-11-22 08:58 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-19 21:09 - 2017-01-19 21:09 - 04450840 _____ () C:\Program Files\AVAST Software\Avast\defs\17011903\algo.dll
2016-11-22 08:58 - 2016-11-22 08:58 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-10 06:10 - 2015-03-23 16:33 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-10-10 06:10 - 2015-03-20 15:16 - 00192000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-10-10 06:10 - 2015-03-20 15:36 - 01693696 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2016-11-22 08:58 - 2016-11-22 08:58 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość " AlternateShell " zostanie przywrócona.)

==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)

==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)

IE trusted site: HKU\.DEFAULT\...\localhost - & gt; localhost
IE trusted site: HKU\S-1-5-21-472793631-3222835876-3111809641-1000\...\localhost - & gt; localhost

==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2016-10-20 07:42 - 2016-10-25 08:55 - 00000821 ____A C:\Windows\system32\Drivers\etc\hosts

0x2320436F707972696768742028632920313939332D32303034204D6963726F736F667420436F72702E0D0A230D0A23204175746F47656E657261746564206279204D6963726F736F667420285229204D616C776172652050726F74656374696F6E20456E67696E652E0D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A3132372E302E302E31202020202020206C6F63616C686F73740D0A3A3A31202020202020202020202020206C6F63616C686F737400

==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-472793631-3222835876-3111809641-1000\Control Panel\Desktop\\Wallpaper - & gt; C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System = & gt; (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

MSCONFIG\Services: AdobeARMservice = & gt; 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc = & gt; 3
MSCONFIG\Services: avgsvc = & gt; 2
MSCONFIG\Services: gupdate = & gt; 2
MSCONFIG\Services: gupdatem = & gt; 3
MSCONFIG\Services: HP LaserJet Service = & gt; 2
MSCONFIG\Services: MozillaMaintenance = & gt; 3
MSCONFIG\Services: PDF Architect 4 = & gt; 3
MSCONFIG\Services: PDF Architect 4 CrashHandler = & gt; 3
MSCONFIG\Services: PDF Architect 4 Creator = & gt; 2
MSCONFIG\Services: PDF Architect 4 Manager = & gt; 2
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk = & gt; C:\Windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk.Startup
MSCONFIG\startupreg: Adobe ARM = & gt; " C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
MSCONFIG\startupreg: AvgUi = & gt; " C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe " /lps=fmw
MSCONFIG\startupreg: BCSSync = & gt; " C:\Program Files\Microsoft Office\Office14\BCSSync.exe " /DelayServices
MSCONFIG\startupreg: HotKeysCmds = & gt; C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray = & gt; C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence = & gt; C:\Windows\system32\igfxpers.exe

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [SPPSVC-In-TCP] = & gt; %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] = & gt; %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2E67E16E-9A9B-49D9-A0A4-04FAAB5C7C89}] = & gt; C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8029AB67-4BF3-45EF-B9E9-5C74CC35054E}] = & gt; C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A1D37C1-CBF8-4DDB-85D9-918FE495ADC8}] = & gt; C:\Program Files (x86)\HP\HP LaserJet Pro M201-M202\bin\EWSProxy.exe
FirewallRules: [{5830DECE-5DAB-43D1-8A32-31D8FBA391D3}] = & gt; C:\Program Files (x86)\HP\HP LaserJet Pro M201-M202\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DCE0F8BB-882A-4AB1-8740-4FBD0A5256AA}] = & gt; C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{B2848F62-56C2-499F-85A6-5F4FBDEA8DB2}] = & gt; C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{26DD2B1E-8610-46EB-AE2C-34EA979C2A27}] = & gt; C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Punkty Przywracania systemu =========================

22-12-2016 11:28:23 Zaplanowany punkt kontrolny
30-12-2016 08:05:20 Zaplanowany punkt kontrolny
09-01-2017 06:39:37 Zaplanowany punkt kontrolny
11-01-2017 03:00:14 Windows Update
19-01-2017 09:52:31 Zaplanowany punkt kontrolny
20-01-2017 07:03:19 Installed HiJackThis

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (01/20/2017 09:33:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 09:30:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/19/2017 09:09:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/19/2017 07:30:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2017 08:51:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/13/2017 06:22:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/12/2017 10:20:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/12/2017 06:59:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/11/2017 03:18:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/10/2017 02:27:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Dziennik System:
=============
Error: (01/20/2017 09:32:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT)
Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.

Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll
Kod błędu: 126

Error: (01/20/2017 09:31:51 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący błąd:
Odmowa dostępu.
.

Error: (01/20/2017 09:29:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT)
Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.

Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll
Kod błędu: 126

Error: (01/20/2017 09:28:29 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie:
Jedno wystąpienie usługi już działa.
.

Error: (01/20/2017 09:27:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Office Software Protection Platform niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (01/20/2017 09:27:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (01/20/2017 09:27:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (01/20/2017 09:27:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Usługa bramy warstwy aplikacji niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (01/20/2017 09:27:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (01/20/2017 09:27:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa WC Assistant niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

==================== Statystyki pamięci ===========================

Procesor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Procent pamięci w użyciu: 16%
Całkowita pamięć fizyczna: 8025.61 MB
Dostępna pamięć fizyczna: 6732.19 MB
Całkowita pamięć wirtualna: 16049.4 MB
Dostępna pamięć wirtualna: 14722 MB

==================== Dyski ================================

Drive c: () (Fixed) (Total:232.73 GB) (Free:182.07 GB) NTFS
Drive e: () (Removable) (Total:0.95 GB) (Free:0.38 GB) FAT

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 39626BB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 971 MB) (Disk ID: 01BADB59)
Partition 1: (Active) - (Size=971 MB) - (Type=06)

==================== Koniec Addition.txt ============================

skany.zip > FRST.txt

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 18-01-2017
Uruchomiony przez Klient (administrator) JULIA-PC (20-01-2017 09:12:48)
Uruchomiony z E:\SKANY
Załadowane profile: Klient (Dostępne profile: Klient)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Macrovision) C:\Windows\SysWOW64\drivers\CDAC11BA.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(Â© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(CryptoTech Sp. z o.o.) C:\Program Files (x86)\CryptoTech\CryptoCard\CCMonitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM-x32\...\Run: [] = & gt; [X]
HKLM-x32\...\Run: [StatusAlerts] = & gt; C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AVGUI.exe] = & gt; C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe [9523496 2017-01-19] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3294767028-2147052189-1141253506-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) & lt; ==== UWAGA
ShellIconOverlayIdentifiers: [00avg] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; - & gt; Brak pliku
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] - & gt; {36A21736-36C2-4C11-8ACB-D4136F2B57BD} = & gt; C:\Windows\SysWOW64\AcSignIcon.dll [2003-02-14] (Autodesk)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{C70CE652-C41F-4B8D-A841-AF8DB34BF26E}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910 & ResetID=131142246913230291 & GUID=00000000-0000-0000-0000-000000000000
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910 & ResetID=131142246912470248 & GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910 & ResetID=131142246913190289 & GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
HKU\S-1-5-21-3294767028-2147052189-1141253506-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
SearchScopes: HKLM-x32 - & gt; DefaultScope - brak wartości
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - & gt; {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - & gt; C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: PDF Architect 4 Helper - & gt; {38279E1A-7019-40C1-B579-E99DFB3312E8} - & gt; C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-05-04] (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-18] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-05-04] (pdfforge GmbH)

FireFox:
========
FF DefaultProfile: 6v0hrc5c.default
FF ProfilePath: C:\Users\Klient\AppData\Roaming\Mozilla\Firefox\Profiles\6v0hrc5c.default [2017-01-20]
FF user.js: detected! = & gt; C:\Users\Klient\AppData\Roaming\Mozilla\Firefox\Profiles\6v0hrc5c.default\user.js [2016-07-13]
FF Homepage: Mozilla\Firefox\Profiles\6v0hrc5c.default - & gt; hxxp://www.wp.pl/
FF Extension: (Adblock Plus) - C:\Users\Klient\AppData\Roaming\Mozilla\Firefox\Profiles\6v0hrc5c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-06-09] [Brak podpisu cyfrowego]
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 4 - & gt; C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-05-04] (pdfforge GmbH)

Chrome:
=======
CHR HomePage: Default - & gt; hxxp://www.google.com/
CHR StartupUrls: Default - & gt; " hxxp://www.google.com/ "
CHR Profile: C:\Users\Klient\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Extension: (Prezentacje Google) - C:\Users\Klient\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-20]
CHR Extension: (Dokumenty Google) - C:\Users\Klient\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-20]
CHR Extension: (Dysk Google) - C:\Users\Klient\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-20]
CHR Extension: (YouTube) - C:\Users\Klient\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-20]
CHR Extension: (Arkusze Google) - C:\Users\Klient\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\Klient\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Klient\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Klient\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-20]
CHR Extension: (Chrome Media Router) - C:\Users\Klient\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S2 AktualizujPP; C:\Program Files (x86)\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe [35152 2016-11-18] (Asseco Poland S.A.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [260080 2017-01-19] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [275616 2017-01-19] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [6183576 2017-01-19] (AVG Technologies CZ, s.r.o.)
R4 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1255272 2017-01-09] (AVG Technologies CZ, s.r.o.)
R4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego]
R2 C-DillaCdaC11BA; C:\Windows\SysWOW64\drivers\CDAC11BA.EXE [54784 2016-06-17] (Macrovision) [Brak podpisu cyfrowego]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [Brak podpisu cyfrowego]
R4 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174872 2012-04-17] (Intel Corporation)
R2 MSSQL$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [Brak podpisu cyfrowego]
S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438368 2016-05-04] (pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-05-04] (pdfforge GmbH)
R4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-05-04] (pdfforge GmbH)
R4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (Â© pdfforge GmbH.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [Brak podpisu cyfrowego]
S4 SQLAgent$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5907216 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071320 2012-04-17] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-26] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [165624 2017-01-19] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [311592 2017-01-19] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-01-19] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336920 2017-01-19] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-01-19] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-01-19] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [127072 2017-01-19] (AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2017-01-19] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\Windows\system32\drivers\avgNetSec.sys [456936 2017-01-19] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [101624 2017-01-19] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [75664 2017-01-19] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [992488 2017-01-19] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [555152 2017-01-19] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [163512 2017-01-19] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [311472 2017-01-19] (AVG Technologies CZ, s.r.o.)
S2 CdaC15BA; C:\Windows\SysWOW64\drivers\CDAC15BA.SYS [12464 2016-06-17] (Macrovision Europe Ltd) [Brak podpisu cyfrowego]
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-01-09] (AVG Netherlands B.V.)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160630.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160630.008\EX64.SYS [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-20 09:12 - 2017-01-20 09:12 - 00000000 ____D C:\FRST
2017-01-20 09:11 - 2017-01-20 09:11 - 00000000 ____D C:\Windows\pss
2017-01-20 09:01 - 2017-01-20 09:04 - 00000000 ____D C:\AdwCleaner
2017-01-20 06:53 - 2017-01-20 06:53 - 00011354 _____ C:\Users\Klient\Desktop\hijackthis-julia-pc.txt
2017-01-20 06:36 - 2017-01-20 06:36 - 00002963 _____ C:\Users\Klient\Desktop\HiJackThis.lnk
2017-01-20 06:36 - 2017-01-20 06:36 - 00000000 ____D C:\Users\Klient\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2017-01-20 06:36 - 2017-01-20 06:36 - 00000000 ____D C:\hijackthis
2017-01-19 16:27 - 2017-01-19 16:27 - 00011827 _____ C:\Users\Klient\Desktop\oc.xlsx
2017-01-19 10:47 - 2017-01-19 10:47 - 00003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2017-01-19 10:47 - 2017-01-19 10:47 - 00003694 _____ C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2017-01-19 08:10 - 2017-01-19 08:10 - 00002650 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2017-01-19 08:10 - 2017-01-19 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2017-01-19 08:10 - 2017-01-09 16:43 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2017-01-19 08:10 - 2017-01-09 16:39 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2017-01-19 08:10 - 2017-01-09 16:39 - 00042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2017-01-19 07:59 - 2017-01-19 07:59 - 03449440 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Klient\Downloads\Niepotwierdzony 930147.crdownload
2017-01-19 07:48 - 2017-01-19 07:48 - 00000000 ____D C:\Users\Klient\AppData\Roaming\AVG
2017-01-19 07:45 - 2017-01-19 07:45 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys
2017-01-19 07:45 - 2017-01-19 07:45 - 00555152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-01-19 07:45 - 2017-01-19 07:45 - 00397800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-01-19 07:45 - 2017-01-19 07:45 - 00311472 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-01-19 07:45 - 2017-01-19 07:45 - 00163512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-01-19 07:45 - 2017-01-19 07:45 - 00127072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-01-19 07:45 - 2017-01-19 07:45 - 00101624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-01-19 07:45 - 2017-01-19 07:45 - 00075664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-01-19 07:45 - 2017-01-19 07:45 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-01-19 07:45 - 2017-01-19 07:45 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-01-19 07:45 - 2017-01-19 07:44 - 00456936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys
2017-01-19 07:45 - 2017-01-19 07:44 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-01-19 07:45 - 2017-01-19 07:44 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-01-19 07:45 - 2017-01-19 07:44 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-01-19 07:45 - 2017-01-19 07:44 - 00165624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-01-19 07:45 - 2017-01-19 07:44 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-01-19 07:44 - 2017-01-19 07:44 - 00029944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetNd6.sys
2017-01-19 07:43 - 2017-01-19 07:43 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2017-01-19 07:43 - 2017-01-19 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-01-19 07:42 - 2017-01-19 08:06 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-01-19 07:41 - 2017-01-19 08:09 - 00000000 ____D C:\Program Files (x86)\AVG
2017-01-19 07:41 - 2017-01-19 07:41 - 00000000 ____D C:\Users\Klient\AppData\Local\CEF
2017-01-19 07:40 - 2017-01-20 06:32 - 00000000 ____D C:\ProgramData\Avg
2017-01-19 07:40 - 2017-01-19 08:09 - 00000000 ____D C:\Users\Klient\AppData\Local\Avg
2017-01-19 07:40 - 2017-01-19 08:08 - 00000000 ____D C:\Users\Klient\AppData\Local\AvgSetupLog
2017-01-19 07:39 - 2017-01-19 07:39 - 03449440 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Klient\Downloads\AVG_Protection_Free_1597(1).exe
2017-01-19 07:38 - 2017-01-19 07:38 - 03449440 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Klient\Downloads\AVG_Protection_Free_1597.exe
2017-01-18 13:48 - 2017-01-18 13:48 - 00016960 _____ C:\Users\Klient\Desktop\STOŁY.pdf
2017-01-18 08:50 - 2017-01-18 08:50 - 00030398 _____ C:\Users\Klient\Downloads\przelew(1).pdf
2017-01-18 07:49 - 2017-01-18 07:49 - 00030400 _____ C:\Users\Klient\Downloads\przelew.pdf
2017-01-18 06:57 - 2017-01-18 07:02 - 00000000 ____D C:\Users\Klient\Downloads\PARI_6_1200
2017-01-18 06:56 - 2017-01-18 06:56 - 00468122 _____ C:\Users\Klient\Downloads\PARI_6_1200.zip
2017-01-18 06:56 - 2017-01-18 06:56 - 00468122 _____ C:\Users\Klient\Downloads\PARI_6_1200 (1).zip
2017-01-17 17:54 - 2017-01-18 15:48 - 00018521 _____ C:\Users\Klient\Desktop\wzz english.odt
2017-01-16 07:23 - 2017-01-16 07:23 - 00800573 _____ C:\Users\Klient\Downloads\docl_14682_408406488.pdf
2017-01-13 11:42 - 2017-01-19 14:24 - 00000000 ____D C:\Users\Klient\Desktop\drewno
2017-01-12 09:05 - 2017-01-12 09:05 - 00016954 _____ C:\Users\Klient\Desktop\furni.pdf
2017-01-11 11:42 - 2017-01-11 11:42 - 00021400 _____ C:\Users\Klient\Desktop\poprawa.pdf
2017-01-11 11:32 - 2017-01-11 11:32 - 00028580 _____ C:\Users\Klient\Desktop\furni popr kor.pdf
2017-01-11 11:09 - 2017-01-11 11:09 - 00017456 _____ C:\Users\Klient\Desktop\furnilux fv do proformy.pdf
2017-01-11 11:04 - 2017-01-11 11:04 - 00028438 _____ C:\Users\Klient\Desktop\furnilux korekta.pdf
2017-01-11 11:01 - 2017-01-11 11:01 - 00016501 _____ C:\Users\Klient\Desktop\furnilux stoły.pdf
2017-01-11 07:07 - 2017-01-05 19:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 07:07 - 2017-01-05 19:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 07:07 - 2017-01-05 19:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 07:07 - 2017-01-05 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 07:07 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-11 07:07 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 07:07 - 2017-01-05 18:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 07:07 - 2017-01-05 18:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 07:07 - 2017-01-05 18:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 07:07 - 2017-01-05 18:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 07:07 - 2017-01-05 18:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 07:07 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 07:07 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 08:06 - 2017-01-10 08:06 - 00000000 ____D C:\Users\Klient\Desktop\stoliki zdjęcia
2017-01-09 12:31 - 2017-01-09 12:31 - 00043725 _____ C:\Users\Klient\Downloads\oferta stół.odt
2017-01-09 11:47 - 2017-01-09 11:47 - 00013408 _____ C:\Users\Klient\Desktop\ZESTAWIENIE WYN I ZUS ZA 2016.xlsx
2017-01-09 09:33 - 2017-01-09 09:33 - 00011869 _____ C:\Users\Klient\Desktop\2016 koszty.xlsx
2017-01-04 13:48 - 2017-01-04 13:48 - 00024530 _____ C:\Users\Klient\Desktop\furnilux.pdf
2017-01-04 12:11 - 2017-01-04 12:11 - 00012680 _____ C:\Users\Klient\Desktop\rozmiary stoły.xlsx
2017-01-02 16:19 - 2017-01-02 16:19 - 00001892 _____ C:\Users\Klient\Desktop\IrfanView 64 Thumbnails.lnk
2017-01-02 16:19 - 2017-01-02 16:19 - 00001018 _____ C:\Users\Klient\Desktop\IrfanView 64.lnk
2017-01-02 16:19 - 2017-01-02 16:19 - 00000000 ____D C:\Users\Klient\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2017-01-02 16:19 - 2017-01-02 16:19 - 00000000 ____D C:\Users\Klient\AppData\Roaming\IrfanView
2017-01-02 16:19 - 2017-01-02 16:19 - 00000000 ____D C:\Program Files\IrfanView
2017-01-02 16:18 - 2017-01-02 16:18 - 03399648 _____ (Irfan Skiljan) C:\Users\Klient\Downloads\iview444_x64_setup.exe
2017-01-02 16:16 - 2017-01-02 16:16 - 01259368 _____ ( ) C:\Users\Klient\Downloads\IrfanView-12867-dp(1).exe
2017-01-02 16:14 - 2017-01-02 16:14 - 01259368 _____ ( ) C:\Users\Klient\Downloads\IrfanView-12867-dp.exe
2016-12-29 14:51 - 2016-12-29 14:51 - 00015097 _____ C:\Users\Klient\Desktop\porto.docx
2016-12-29 14:51 - 2016-12-29 14:51 - 00000162 ____H C:\Users\Klient\Desktop\~$porto.docx
2016-12-29 14:44 - 2016-12-28 10:04 - 00026689 _____ C:\Users\Klient\Desktop\Etykieta Portugalia Stół obiadowy biały.docx
2016-12-29 11:59 - 2016-12-29 11:59 - 00010345 _____ C:\Users\Klient\Desktop\Kopia zamowienie 29-12-2016.xlsx
2016-12-29 11:56 - 2016-12-29 11:56 - 00010379 _____ C:\Users\Klient\Downloads\zamowienie 29-12-2016.xlsx
2016-12-29 06:46 - 2016-12-29 06:46 - 00039979 _____ C:\Users\Klient\Downloads\STOLIK KWADRAT I etykieta obrazek.docx
2016-12-28 11:38 - 2016-12-28 11:39 - 00280838 _____ C:\Users\Klient\Downloads\karta 2.pdf
2016-12-28 11:38 - 2016-12-28 11:38 - 00262709 _____ C:\Users\Klient\Downloads\karta 1.pdf
2016-12-28 10:59 - 2016-12-28 10:59 - 00472409 _____ C:\Users\Klient\Downloads\Zal-1a_N-Deklaracja-NF.pdf
2016-12-28 10:04 - 2017-01-14 09:47 - 00000000 ____D C:\Users\Klient\Desktop\bialy
2016-12-28 10:04 - 2016-12-28 10:04 - 00062621 _____ C:\Users\Klient\Downloads\Stół obiadowy biały etykieta obrazek.docx
2016-12-28 10:03 - 2017-01-14 14:02 - 00000000 ____D C:\Users\Klient\Desktop\sonoma
2016-12-23 10:52 - 2016-12-23 10:52 - 00059118 _____ C:\Users\Klient\Downloads\pko_trans_details_20161223_105238.pdf
2016-12-23 10:51 - 2016-12-23 10:51 - 00059123 _____ C:\Users\Klient\Downloads\pko_trans_details_20161223_105112.pdf
2016-12-23 10:14 - 2016-12-23 13:19 - 00000000 ___RD C:\Users\Klient\Desktop\etykiety portugalia
2016-12-22 12:07 - 2016-12-22 12:07 - 00038585 _____ C:\Users\Klient\Downloads\potwierdzenie111.pdf

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-20 09:14 - 2011-04-12 14:21 - 00805734 _____ C:\Windows\system32\perfh015.dat
2017-01-20 09:14 - 2011-04-12 14:21 - 00180238 _____ C:\Windows\system32\perfc015.dat
2017-01-20 09:14 - 2009-07-14 06:13 - 01853460 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 09:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-20 09:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-20 09:02 - 2016-11-09 14:05 - 00025999 _____ C:\Users\Klient\Desktop\WYJAZD TOPESHOP.xlsx
2017-01-20 09:02 - 2016-10-07 12:23 - 00000000 ____D C:\Users\Klient\Desktop\wszystko
2017-01-20 08:18 - 2016-03-23 10:16 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-20 07:41 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-20 07:41 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-20 07:36 - 2016-09-19 12:06 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
2017-01-20 07:02 - 2016-11-19 07:36 - 00000000 ____D C:\Users\Klient\AppData\LocalLow\Mozilla
2017-01-20 06:11 - 2016-10-31 08:50 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-20 06:09 - 2016-11-30 09:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-20 06:09 - 2016-03-23 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-19 14:59 - 2016-05-25 08:37 - 00000000 ____D C:\Users\Klient\Desktop\zszywka
2017-01-19 10:49 - 2016-11-25 12:32 - 00230400 ___SH C:\Users\Klient\Desktop\Thumbs.db
2017-01-19 10:47 - 2016-06-09 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2017-01-19 10:45 - 2016-07-16 06:15 - 00000000 ____D C:\Users\Klient\AppData\Roaming\HpUpdate
2017-01-19 10:45 - 2016-03-23 10:06 - 00000000 ____D C:\Users\Klient\AppData\Roaming\TeamViewer
2017-01-19 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep
2017-01-19 09:20 - 2016-05-10 11:42 - 00007887 _____ C:\Windows\BRRBCOM.INI
2017-01-19 09:00 - 2016-07-13 12:45 - 00000000 ____D C:\Users\Klient\AppData\Local\BenefittingPavans
2017-01-19 07:50 - 2016-11-30 13:57 - 00000000 ____D C:\Users\Klient\AppData\Roaming\flywheel-1
2017-01-19 07:50 - 2016-11-30 13:17 - 00000000 ____D C:\ProgramData\circle-2
2017-01-19 07:50 - 2016-11-30 13:13 - 00000000 ____D C:\Users\Klient\AppData\Roaming\powercap-64
2017-01-19 07:50 - 2016-11-30 13:10 - 00000000 ____D C:\ProgramData\scsi2-46
2017-01-19 07:40 - 2016-05-16 09:25 - 00000000 ____D C:\Users\Klient\AppData\Local\CrashDumps
2017-01-18 12:38 - 2016-11-25 13:00 - 00000000 ____D C:\#BAZA.ZUS
2017-01-18 07:13 - 2016-07-11 08:09 - 00000000 ____D C:\Users\Klient\Desktop\INSTRUKCJE
2017-01-17 13:06 - 2016-05-16 08:46 - 00000000 ____D C:\Users\Klient\Desktop\KADRY
2017-01-16 14:39 - 2016-05-16 08:45 - 00000000 ____D C:\Users\Klient\Desktop\Julia
2017-01-12 15:17 - 2016-10-21 06:02 - 00000000 ____D C:\BuchWIN
2017-01-12 11:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-01-11 08:18 - 2016-03-23 10:16 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 08:18 - 2016-03-23 10:16 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 08:18 - 2016-03-23 10:16 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 08:18 - 2016-03-23 10:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-11 08:18 - 2016-03-23 10:16 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-04 08:06 - 2016-12-10 10:51 - 00018163 _____ C:\Users\Klient\Desktop\WYJAZD HAAG.xlsx

==================== Pliki w katalogu głównym wybranych folderów =======

2016-06-09 13:08 - 2016-06-09 13:08 - 6867968 _____ () C:\Users\Klient\AppData\Roaming\agent.dat
2016-06-09 13:08 - 2016-06-09 13:08 - 0067968 _____ () C:\Users\Klient\AppData\Roaming\Config.xml
2016-06-09 13:08 - 2016-06-09 13:08 - 1759964 _____ () C:\Users\Klient\AppData\Roaming\Iceing.tst
2016-06-09 13:08 - 2016-06-09 13:08 - 0014448 _____ () C:\Users\Klient\AppData\Roaming\InstallationConfiguration.xml
2016-06-09 13:08 - 2016-06-09 13:08 - 0128512 _____ () C:\Users\Klient\AppData\Roaming\Installer.dat
2016-06-09 13:08 - 2016-06-09 13:08 - 0018432 _____ () C:\Users\Klient\AppData\Roaming\Main.dat
2016-06-09 13:08 - 2016-06-09 13:08 - 0005568 _____ () C:\Users\Klient\AppData\Roaming\md.xml
2016-06-09 13:08 - 2016-06-09 13:08 - 0126464 _____ () C:\Users\Klient\AppData\Roaming\noah.dat
2016-06-09 13:08 - 2016-06-09 13:08 - 0032038 _____ () C:\Users\Klient\AppData\Roaming\uninstall_temp.ico

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo

LastRegBack: 2017-01-13 00:57

==================== Koniec FRST.txt ============================

skany.zip > FRST.txt

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 18-01-2017
Uruchomiony przez user (administrator) KAMIL-PC (20-01-2017 08:58:06)
Uruchomiony z C:\Users\user\Downloads
Załadowane profile: user (Dostępne profile: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncagent.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [BCSSync] = & gt; C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] = & gt; C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] = & gt; [X]
HKLM-x32\...\Run: [StatusAlerts] = & gt; C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [nmctxth] = & gt; C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] = & gt; C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] = & gt; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-969140806-4181738161-3310976127-1000\...\Run: [OfficeSyncProcess] = & gt; C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; - & gt; Brak pliku
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-09-27]
ShortcutTarget: SteelSeries Engine 3.lnk - & gt; C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-09-27]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk - & gt; C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{53255CFE-F238-4469-B021-68F0CAB2A065}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{BB2D2943-EC55-42D0-B55E-1B6E48152F32}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-969140806-4181738161-3310976127-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)

FireFox:
========
FF DefaultProfile: haqqnlf8.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\haqqnlf8.default [2017-01-16]
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Extension: (Prezentacje Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27]
CHR Extension: (Dokumenty Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27]
CHR Extension: (Dysk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27]
CHR Extension: (Arkusze Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [Brak podpisu cyfrowego]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [6693456 2016-10-31] (RealVNC Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-01-12] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation )
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [52960 2016-10-05] (SteelSeries ApS)
U0 aswVmm; Brak ImagePath

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-20 08:58 - 2017-01-20 08:58 - 00012138 _____ C:\Users\user\Downloads\FRST.txt
2017-01-20 08:56 - 2017-01-20 08:56 - 02419712 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2017-01-20 08:02 - 2017-01-20 08:27 - 00000000 ____D C:\Users\user\Desktop\dane swoje
2017-01-20 07:46 - 2017-01-20 07:49 - 00000000 ____D C:\AdwCleaner
2017-01-20 07:45 - 2017-01-20 07:46 - 00000000 ____D C:\Users\user\Desktop\Nowy folder
2017-01-20 07:41 - 2017-01-20 08:58 - 00000000 ____D C:\FRST
2017-01-20 07:39 - 2017-01-20 07:39 - 01761792 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2017-01-20 07:06 - 2017-01-20 07:06 - 00002953 _____ C:\Users\user\Desktop\HiJackThis.lnk
2017-01-20 07:06 - 2017-01-20 07:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2017-01-20 07:06 - 2017-01-20 07:06 - 00000000 ____D C:\hijackthis
2017-01-19 13:45 - 2017-01-19 13:45 - 00010193 _____ C:\Users\user\Desktop\remanent.xlsx
2017-01-18 08:55 - 2017-01-18 08:55 - 00504373 _____ C:\Users\user\Downloads\01_KOMODA_3S_-_Instrukcja_03.zip
2017-01-18 08:50 - 2017-01-19 11:42 - 00000000 ____D C:\Users\user\Desktop\pari 3
2017-01-18 08:09 - 2017-01-18 08:10 - 00578927 _____ C:\Users\user\Downloads\ScaloneDokumenty (8).pdf
2017-01-18 07:49 - 2017-01-18 07:49 - 00710517 _____ C:\Users\user\Desktop\new-maag.pdf
2017-01-18 07:38 - 2017-01-18 07:38 - 00582886 _____ C:\Users\user\Desktop\pari 6.pdf
2017-01-17 08:45 - 2017-01-17 08:45 - 00000824 _____ C:\Users\user\Desktop\Nowy dokument tekstowy.txt
2017-01-16 11:00 - 2017-01-16 11:00 - 00105646 _____ C:\Users\user\Downloads\CV-KamilDziczek.pdf
2017-01-16 09:32 - 2017-01-16 09:32 - 01717939 _____ C:\Users\user\Downloads\KisilewiczB_LacznikiPolaczenia.pdf
2017-01-12 08:52 - 2017-01-12 08:53 - 15848540 _____ C:\Users\user\Downloads\katalog agata(1).odt
2017-01-12 08:52 - 2017-01-12 08:52 - 15848540 _____ C:\Users\user\Downloads\katalog agata.odt
2017-01-12 07:22 - 2017-01-12 07:22 - 00207376 _____ C:\Users\user\Downloads\ScaloneDokumenty (7).pdf
2017-01-11 07:34 - 2017-01-05 19:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 07:34 - 2017-01-05 19:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 07:34 - 2017-01-05 19:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 07:34 - 2017-01-05 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 07:34 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-11 07:34 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 07:34 - 2017-01-05 18:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 07:34 - 2017-01-05 18:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 07:34 - 2017-01-05 18:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 07:34 - 2017-01-05 18:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 07:34 - 2017-01-05 18:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 07:34 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 07:34 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 13:47 - 2017-01-10 13:47 - 00066625 _____ C:\Users\user\Downloads\arkusz-spisu-z-natury-20-pozycji.pdf
2017-01-10 08:55 - 2017-01-10 08:55 - 00000000 ____D C:\Users\user\AppData\Roaming\Foxit Software
2017-01-10 07:24 - 2017-01-10 07:24 - 00108161 _____ C:\Users\user\Downloads\s-01 (1).zip
2017-01-10 07:08 - 2017-01-10 07:08 - 1878716947 _____ (Ecru Oprogramowanie ) C:\Users\user\Desktop\pro100_plk.exe
2017-01-10 06:23 - 2017-01-10 07:08 - 1878716947 _____ (Ecru Oprogramowanie ) C:\Users\user\Downloads\pro100_plk.exe
2017-01-04 13:38 - 2017-01-04 13:38 - 00186966 _____ C:\Users\user\Desktop\Stolik MARTYNA - instrukcja.pdf
2017-01-04 13:16 - 2017-01-04 13:16 - 00068359 _____ C:\Users\user\Downloads\wniosek_o_ugode.pdf
2017-01-03 09:41 - 2017-01-03 09:41 - 00352747 _____ C:\Users\user\Downloads\ScaloneDokumenty (6).pdf
2017-01-02 15:45 - 2017-01-02 15:45 - 00609963 _____ C:\Users\user\Downloads\Instrukcja Malmo I.pdf
2017-01-02 15:41 - 2017-01-02 15:41 - 00481266 _____ C:\Users\user\Downloads\ScaloneDokumenty (5).pdf
2017-01-02 15:12 - 2017-01-02 15:12 - 00015024 _____ C:\Users\user\Downloads\s-01.zip
2017-01-02 14:55 - 2017-01-02 14:55 - 00776076 _____ C:\Users\user\Downloads\Instrukcja Kwadrat I.pdf
2017-01-02 14:31 - 2017-01-02 14:32 - 00772586 _____ C:\Users\user\Downloads\Instrukcja Kwadrat II.pdf
2017-01-02 14:03 - 2017-01-02 14:03 - 00785044 _____ C:\Users\user\Downloads\ScaloneDokumenty (4).pdf
2017-01-02 14:02 - 2017-01-02 14:02 - 00177742 _____ C:\Users\user\Downloads\kwadrat_1-3.pdf
2017-01-02 14:02 - 2017-01-02 14:02 - 00176593 _____ C:\Users\user\Downloads\kwadrat_1-4.pdf
2017-01-02 14:01 - 2017-01-02 14:01 - 00144648 _____ C:\Users\user\Downloads\kwadrat_1-2 (1).pdf
2017-01-02 14:00 - 2017-01-02 14:00 - 00144648 _____ C:\Users\user\Downloads\kwadrat_1-2.pdf
2017-01-02 13:45 - 2017-01-02 13:45 - 00934120 _____ C:\Users\user\Downloads\kwadrat_1.zip
2017-01-02 08:04 - 2017-01-02 08:07 - 00243844 _____ C:\Users\user\Desktop\001_2016_12_Clock.xls
2017-01-02 06:37 - 2017-01-02 06:37 - 00137220 _____ C:\Users\user\Downloads\Potwierdzenie wykonania przelewu.pdf
2017-01-02 06:37 - 2017-01-02 06:37 - 00137220 _____ C:\Users\user\Desktop\Potwierdzenie wykonania przelewu.pdf
2016-12-30 11:04 - 2016-12-30 11:04 - 00050517 _____ C:\Users\user\Downloads\transport-sylwester-swieta-przewoz-osob-rzeczy-CID619-IDjoF4S.pdf
2016-12-29 14:11 - 2016-12-29 14:11 - 00044173 _____ C:\Users\user\Downloads\front6878.pdf
2016-12-28 11:45 - 2016-12-28 11:46 - 00001564 _____ C:\Windows\system32\TeamViewer12_Hooks.log
2016-12-28 11:45 - 2016-12-28 11:45 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-28 11:45 - 2016-12-28 11:45 - 00000969 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-28 06:50 - 2016-12-28 06:50 - 00307147 _____ C:\Users\user\Downloads\ScaloneDokumenty (3).pdf
2016-12-28 06:34 - 2016-12-28 06:34 - 00374448 _____ C:\Users\user\Downloads\ScaloneDokumenty (2).pdf
2016-12-28 06:23 - 2016-12-28 06:23 - 00380472 _____ C:\Users\user\Downloads\Stół_obiadowy_-_instrukcja__biały__02.zip
2016-12-27 15:33 - 2016-12-27 15:33 - 00020035 _____ C:\Users\user\Desktop\asd.jpg
2016-12-23 09:07 - 2016-12-23 09:07 - 00397307 _____ C:\Users\user\Downloads\ScaloneDokumenty (1).pdf
2016-12-22 10:42 - 2016-12-22 10:42 - 00038711 _____ C:\Users\user\Desktop\potwierdzenie(107).pdf
2016-12-22 06:49 - 2017-01-12 07:23 - 00000000 ____D C:\Users\user\Desktop\portugalia
2016-12-21 16:03 - 2016-12-21 16:03 - 00466375 _____ C:\Users\user\Downloads\drzewo.JPG
2016-12-21 16:02 - 2016-12-21 16:02 - 00623211 _____ C:\Users\user\Downloads\drzewo 2.JPG
2016-12-21 16:02 - 2016-12-21 16:02 - 00555210 _____ C:\Users\user\Downloads\drzewo 1.JPG
2016-12-21 15:40 - 2016-12-21 15:40 - 03791368 _____ C:\Users\user\Downloads\dąb zrzyny.jpg

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-20 08:26 - 2016-09-21 06:09 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-20 08:05 - 2011-04-12 14:21 - 00740098 _____ C:\Windows\system32\perfh015.dat
2017-01-20 08:05 - 2011-04-12 14:21 - 00155672 _____ C:\Windows\system32\perfc015.dat
2017-01-20 08:05 - 2009-07-14 06:13 - 01669190 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 08:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-20 07:58 - 2009-07-14 05:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-20 07:58 - 2009-07-14 05:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-20 07:51 - 2016-12-17 11:05 - 00000000 ____D C:\Users\user\AppData\Local\LogMeIn Hamachi
2017-01-20 07:51 - 2016-09-27 07:44 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-01-20 07:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-20 07:06 - 2016-09-20 14:37 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2017-01-18 07:47 - 2016-12-01 12:38 - 00000000 ____D C:\Users\user\Desktop\instrukcje
2017-01-18 07:30 - 2016-10-31 08:45 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-17 10:04 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-01-17 06:40 - 2016-09-27 07:55 - 00000000 ____D C:\Users\user\Desktop\cleaner
2017-01-16 07:47 - 2016-09-29 11:02 - 00011030 _____ C:\Users\user\Desktop\KOSZTA.xlsx
2017-01-16 06:47 - 2016-12-14 11:37 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-01-12 07:01 - 2016-09-21 06:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-01-12 07:00 - 2016-10-03 06:39 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 03:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-01-11 17:23 - 2016-12-19 14:53 - 00000000 ____D C:\Users\user\AppData\Local\RealVNC
2017-01-11 08:26 - 2016-09-21 06:09 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 08:26 - 2016-09-21 06:09 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 08:26 - 2016-09-21 06:09 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 08:26 - 2016-09-21 06:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-11 08:26 - 2016-09-21 06:09 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-09 23:34 - 2016-10-31 07:18 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-01-09 14:39 - 2016-11-24 13:10 - 00012375 _____ C:\Users\user\Desktop\KORNIX.xlsx
2017-01-09 09:37 - 2016-10-19 09:15 - 00000000 ____D C:\Users\user\Desktop\lechpak
2017-01-03 16:57 - 2016-09-27 07:55 - 00000000 ____D C:\Users\user\Desktop\ZAMÓWIENIA
2017-01-03 11:27 - 2016-09-27 07:55 - 00000000 ____D C:\Users\user\Desktop\ZAOPATRZENIE
2017-01-03 08:45 - 2016-11-22 08:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-03 08:45 - 2016-09-21 06:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-29 08:16 - 2016-09-21 06:11 - 00114528 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-29 03:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-29 03:05 - 2015-02-12 20:46 - 01640860 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-28 15:11 - 2016-09-27 05:59 - 00244426 _____ C:\Windows\PFRO.log
2016-12-28 15:11 - 2016-09-20 14:30 - 00425664 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-28 11:45 - 2016-10-31 08:45 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2016-12-28 11:45 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Fonts
2016-12-28 11:45 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-23 13:30 - 2016-09-27 07:55 - 00000000 ____D C:\Users\user\Desktop\komody excel

==================== Pliki w katalogu głównym wybranych folderów =======

2016-10-25 07:41 - 2016-10-25 07:41 - 0042088 _____ () C:\Users\user\AppData\Local\Bron.tok.A12.em.bin
2012-02-25 12:56 - 2012-01-03 19:30 - 0042687 _____ () C:\Users\user\AppData\Local\inetinfo.exe
2016-10-25 07:42 - 2016-10-25 07:42 - 0000051 _____ () C:\Users\user\AppData\Local\Kosong.Bron.Tok.txt

Niektóre pliki w TEMP:
====================
C:\Users\user\AppData\Local\Temp\setup.exe

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo

LastRegBack: 2017-01-13 05:04

==================== Koniec FRST.txt ============================

skany.zip > Addition.txt

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 18-01-2017
Uruchomiony przez Klient (20-01-2017 09:16:24)
Uruchomiony z E:\SKANY
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-20 12:42:09)
Tryb startu: Normal
==========================================================

==================== Konta użytkowników: =============================

Administrator (S-1-5-21-3294767028-2147052189-1141253506-500 - Administrator - Disabled)
Gość (S-1-5-21-3294767028-2147052189-1141253506-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3294767028-2147052189-1141253506-1006 - Limited - Enabled)
Klient (S-1-5-21-3294767028-2147052189-1141253506-1000 - Administrator - Enabled) = & gt; C:\Users\Klient

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Antivirus (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą " Hidden " w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

µTorrent (HKU\S-1-5-21-3294767028-2147052189-1141253506-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AutoCAD 2004 (HKLM-x32\...\{5783F2D7-0201-0415-0002-0060B0CE6BBA}) (Version: 16.0.0.086 - Autodesk)
Autodesk Express Viewer (HKLM-x32\...\Autodesk Express Viewer) (Version: 3.1 - Autodesk, Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.126.2.56387 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.72.2.55508 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.72.3 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.1.3006 - AVG Technologies)
AVG Zen (Version: 1.126.7 - AVG Technologies) Hidden
Brother MFL-Pro Suite DCP-J100 (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCSuiteKirBranding (x32 Version: 2.01.00170 - CryptoTech) Hidden
CryptoCard Suite (32/64 bit) (HKLM-x32\...\{058db6be-813e-4cf5-a71d-d9b2c3ea74a0}) (Version: 2.1.170 - CryptoTech)
CryptoCard Suite (64bit) (Version: 2.01.00170 - CryptoTech) Hidden
CryptoCard Suite (x32 Version: 2.01.00170 - CryptoTech) Hidden
DRUKI Gofin 3.0.44.0 (HKLM-x32\...\{E7C5CE65-934A-4A7B-92F8-F94C2026D5CA}) (Version: 3.0.44.0 - Wydawnictwo Podatkowe GOFIN sp. z o.o.)
FMW 1 (Version: 1.152.5 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP LaserJet Pro M201-M202 (HKLM-x32\...\{e71f6d30-080d-43ef-87e0-1ac4d7f8adfa}) (Version: 12.0.14101.145 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
HPDXP (x32 Version: 3.0.26.14 - HP) Hidden
HPLJDXPHelper (x32 Version: 120.063.006 - HP) Hidden
HPLJProM201M202 (HKLM-x32\...\{F2C371CB-0B8B-4135-82AA-DA2147635412}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (x32 Version: 012.000.0001 - HP) Hidden
HPLJUTM201_202 (x32 Version: 012.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM201-M202LaserJetService (x32 Version: 001.034.00685 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 100.040.00218 - Hewlett Packard) Hidden
hpStatusAlertsM201-M202 (x32 Version: 120.046.00127 - Hewlett-Packard) Hidden
InsERT GT 1.43 (HKLM-x32\...\{7788C8A6-D456-42FB-ACB6-8D6D0315344B}) (Version: 1.43 - InsERT)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LJDXPHelperUI (x32 Version: 120.063.006 - HP) Hidden
Manager (x32 Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{DB7B2107-C3C9-439E-BDA8-823CCC152977}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Command Line Utilities (HKLM\...\{D9F711D3-3C90-4D79-9292-47C90C722E2A}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 (HKLM-x32\...\Microsoft SQL Server SQLServer2016) (Version: - Microsoft Corporation)
Microsoft SQL Server 2016 Policies (HKLM-x32\...\{0BA40265-9FDA-41FF-8111-E22AE2508F60}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM\...\{FE3BF1DD-677E-4793-9770-C07AECC88882}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{A9865C00-A2E1-4FE5-8821-72EEFBDD32E2}) (Version: 13.0.3485.1 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 16.5 (HKLM-x32\...\{7fb0c169-b438-4c56-9c85-a447e2600aa4}) (Version: 13.0.16000.28 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{353253a9-15a3-4727-b415-79b4e6be765e}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 pl)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.0.6226 - Mozilla)
Mozilla Thunderbird 51.0 (x86 pl) (HKLM-x32\...\Mozilla Thunderbird 51.0 (x86 pl)) (Version: 51.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E0ED9630-38E3-418F-A615-A9B2B5758BE5}) (Version: 4.12.9782 - Apache Software Foundation)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.1.4.27684 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.1.4.27684 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.1.4.27684 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
Płatnik 10.01.001 (HKLM-x32\...\{05381030-963D-4779-BECA-0D7D49268EDB}) (Version: 10.01.001 - Asseco Poland S.A.)
Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
SafeCast Shared Components (HKLM-x32\...\CdaC13Ba) (Version: - Macrovision)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SpringPublisher (HKLM-x32\...\{02869C6E-427C-4227-A9F1-76717A9A0F21}) (Version: 5.0 - SpringPublisher Team)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2016 Batch Parser (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools (x32 Version: 13.0.16000.28 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools Extensions (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools Extensions (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Common Files (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Connection Info (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 DMF (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio (Version: 13.0.16000.28 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio (x32 Version: 13.0.16000.28 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio Extensions (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio for Analysis Services (Version: 13.0.16000.28 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio for Analysis Services (x32 Version: 13.0.16000.28 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio for Analysis Services Localization (x32 Version: 13.0.16000.28 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio for Reporting Services (x32 Version: 13.0.16000.28 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio for Reporting Services Localization (x32 Version: 13.0.16000.28 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects Extensions (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 SQL Diagnostics (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 XEvent (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sterowniki czytnika W7_64 (HKLM-x32\...\{B46BBC03-2B5D-4B29-803B-081D1013A87B}) (Version: 1.10.0000 - Krajowa Izba Rozliczeniowa S.A.)
Szafir2.0 (HKLM-x32\...\{47B55674-69B4-4FD4-9EDA-435A794D1686}) (Version: 2.001.529 - Krajowa Izba Rozliczeniowa S.A.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for PriceFountain (HKU\S-1-5-21-3294767028-2147052189-1141253506-1000\...\{5E883F97-AC66-0074-398F-07D4EE652A8A}) (Version: - Update for PriceFountain) & lt; ==== UWAGA
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WRF (Płatnik) 1.03.002 (HKLM-x32\...\{460BE803-88CF-4FD2-9082-2450A5959959}) (Version: 1.03.002 - Asseco Poland S.A.)
WRFKL 1.02.001 H (HKLM-x32\...\{A98C53C1-D7D5-43FE-82F4-EACD66292004}) (Version: 1.02.001 H - Asseco Poland S.A.)
WRFSL 1.02.001 J (HKLM-x32\...\{98A95680-71E0-4C6B-B3D0-384193FCA4F6}) (Version: 1.02.001 J - Asseco Poland S.A.)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {11E4B107-C048-46C1-93D3-7A2DECEB6B5E} - System32\Tasks\{BB33CC05-D13F-40CC-BDC7-6750D579A370} = & gt; pcalua.exe -a C:\Users\Klient\Downloads\jxpiinstall.exe -d C:\Users\Klient\Downloads
Task: {33D66D71-4BCB-4E8A-9C01-826CC724FCBA} - System32\Tasks\Adobe Flash Player Updater = & gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {445B96DB-E25D-493F-B219-0BBE597690BD} - System32\Tasks\Adobe Reader and Acrobat Manager = & gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23] (Adobe Systems Incorporated)
Task: {555D52EF-C60E-436E-A5A6-447572CAE7E9} - System32\Tasks\GoogleUpdateTaskMachineUA = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-20] (Google Inc.)
Task: {563FD4DB-ED21-43F6-AC45-C0A47A2C6EAC} - System32\Tasks\Java Platform SE Auto Updater = & gt; C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {57EED9D1-F046-4B52-AEBB-CBD584A5F13F} - System32\Tasks\KlientUnderscoresRecaptureV2 = & gt; Rundll32.exe MisliesChucking.dll,main 7 1 & lt; ==== UWAGA
Task: {5B7D8F84-1143-4BD2-AD14-5FACCDE00FF9} - System32\Tasks\AutoKMS = & gt; C:\Windows\AutoKMS\AutoKMS.exe [2016-09-19] ()
Task: {6C8734C8-E212-4839-97E2-0D29BFC72A69} - System32\Tasks\GoogleUpdateTaskMachineCore = & gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-20] (Google Inc.)
Task: {785DC886-5339-4851-BE08-BA2EADB2085F} - System32\Tasks\HPLJCustParticipation = & gt; C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-01-06] (Hewlett Packard)
Task: {B6FA6792-2C6A-47C2-BF58-41970434394B} - System32\Tasks\AVG EUpdate Task = & gt; avgsetupx.exe
Task: {D0C9206B-0E96-47EF-A7EB-3B6751198F67} - System32\Tasks\Antivirus Emergency Update = & gt; C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-01-19] (AVG Technologies CZ, s.r.o.)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job = & gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

==================== Załadowane moduły (filtrowane) ==============

2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2017-01-19 07:44 - 2017-01-19 07:44 - 00163584 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
2017-01-19 07:45 - 2017-01-19 07:45 - 00794216 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
2017-01-19 07:44 - 2017-01-19 07:44 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-01-19 14:50 - 2017-01-19 14:50 - 04368896 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17011902\algo.dll
2017-01-19 07:45 - 2017-01-19 07:45 - 00656040 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-01-19 07:42 - 2017-01-19 07:41 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-05-10 11:41 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-01-19 07:45 - 2017-01-19 07:45 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2014-11-17 07:06 - 2012-04-17 11:41 - 00077824 _____ () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość " AlternateShell " zostanie przywrócona.)

==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)

HKU\S-1-5-21-3294767028-2147052189-1141253506-1000\Software\Classes\.scr: AutoCADScriptFile = & gt; " C:\Windows\notepad.exe " " %1 "

==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)

==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-3294767028-2147052189-1141253506-1000\Control Panel\Desktop\\Wallpaper - & gt; C:\Users\Klient\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System = & gt; (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows [funkcja wyłączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

MSCONFIG\Services: AdobeARMservice = & gt; 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc = & gt; 3
MSCONFIG\Services: avgsvc = & gt; 2
MSCONFIG\Services: BrYNSvc = & gt; 3
MSCONFIG\Services: gupdate = & gt; 2
MSCONFIG\Services: gupdatem = & gt; 3
MSCONFIG\Services: LMS = & gt; 2
MSCONFIG\Services: MozillaMaintenance = & gt; 3
MSCONFIG\Services: PDF Architect 4 = & gt; 3
MSCONFIG\Services: PDF Architect 4 CrashHandler = & gt; 3
MSCONFIG\Services: PDF Architect 4 Creator = & gt; 2
MSCONFIG\Services: PDF Architect 4 Manager = & gt; 2
MSCONFIG\Services: TuneUp.UtilitiesSvc = & gt; 2
MSCONFIG\startupfolder: C:^Users^Klient^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^x.vbs = & gt; C:\Windows\pss\x.vbs.Startup
MSCONFIG\startupreg: AvgUi = & gt; " C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe " /lps=fmw
MSCONFIG\startupreg: BCSSync = & gt; " C:\Program Files\Microsoft Office\Office14\BCSSync.exe " /DelayServices
MSCONFIG\startupreg: BrHelp = & gt; C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
MSCONFIG\startupreg: BrStsMon00 = & gt; C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 = & gt; C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: CryptoCard Suite Cert Monitor = & gt; C:\Program Files (x86)\CryptoTech\CryptoCard\CCMonitor.exe
MSCONFIG\startupreg: HotKeysCmds = & gt; C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray = & gt; C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence = & gt; C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: picon = & gt; " C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe " -startup
MSCONFIG\startupreg: Tv-Plug-In = & gt; " C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe " nogui
MSCONFIG\startupreg: Unattend0000000001{E1FF9665-DF33-4AF5-9D14-7D5A248EEF3C} = & gt; %SYSTEMDRIVE%\restore\createrestore.exe /r

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{DFF8FA81-FDEE-4A6B-960A-2E752B725D8A}] = & gt; C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{57DF8FA1-7F40-4052-A437-095EF469B771}] = & gt; C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{60ECA1BE-56F8-41E7-A9C6-B76052FA6A8D}] = & gt; C:\Users\Klient\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{70BE340D-361D-422C-9CA3-73A3A5D5133D}] = & gt; C:\Users\Klient\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FEEC4119-B3D4-4BFB-B735-2F15135D4F49}] = & gt; C:\Program Files (x86)\HP\HP LaserJet Pro M201-M202\bin\EWSProxy.exe
FirewallRules: [{CAC0C7F5-9009-42F0-A677-F3E4F44C80AC}] = & gt; C:\Program Files (x86)\HP\HP LaserJet Pro M201-M202\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3B9E61C1-0DE2-4D86-8759-F5B901B322E4}] = & gt; C:\Program Files (x86)\HP\csiInstaller\e71f6d30-080d-43ef-87e0-1ac4d7f8adfa\Installer\hpbcsiInstaller.exe
FirewallRules: [{7D342D76-7820-4474-97BD-18118E536A3B}] = & gt; C:\Program Files (x86)\HP\csiInstaller\e71f6d30-080d-43ef-87e0-1ac4d7f8adfa\Installer\hpbcsiInstaller.exe
FirewallRules: [{EFAB43BD-FA54-415A-B851-1E3F38EE42E9}] = & gt; D:\Installer\hpbcsiInstaller.exe
FirewallRules: [{46B5F38A-D3DF-44D7-A7B5-A8C22E5D330F}] = & gt; D:\Installer\hpbcsiInstaller.exe
FirewallRules: [{8DB79365-6718-496F-8218-CC3B152282C2}] = & gt; C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BC5E843A-B651-4C08-B019-EB211B562209}] = & gt; C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1E2A10D5-437C-4EE9-B9F0-9402F1B50962}] = & gt; C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{221A5EDD-F8DD-4F7B-9CE2-BEAA75E219D5}] = & gt; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{46E0F1F1-CC86-4A1D-9E2C-DADECAE5E057}] = & gt; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Punkty Przywracania systemu =========================

04-01-2017 10:55:59 Zaplanowany punkt kontrolny
09-01-2017 06:07:35 Windows Update
11-01-2017 16:33:42 Windows Update
17-01-2017 08:55:56 Windows Update
19-01-2017 07:45:49 Instalacja pakietu sterownika urządzenia: AVG Technologies Usługa sieciowa
20-01-2017 06:35:19 Installed HiJackThis

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (01/20/2017 09:08:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: AutoKMS.exe, wersja: 2.6.0.0, sygnatura czasowa: 0x562603f9
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.23572, sygnatura czasowa: 0x57fd0696
Kod wyjątku: 0xe0434352
Przesunięcie błędu: 0x000000000001a06d
Identyfikator procesu powodującego błąd: 0x6c4
Godzina uruchomienia aplikacji powodującej błąd: 0x01d272f426a34cf7
Ścieżka aplikacji powodującej błąd: C:\Windows\AutoKMS\AutoKMS.exe
Ścieżka modułu powodującego błąd: C:\Windows\system32\KERNELBASE.dll
Identyfikator raportu: 9d3a1ec5-dee7-11e6-9f86-0019996d7d97

Error: (01/20/2017 09:08:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 09:08:07 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
at System.Management.ThreadDispatch.Start()
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at ..(System.String)
at ..(.)
at ..(.)
at ..()

Error: (01/20/2017 09:07:41 AM) (Source: MSSQL$INSERTGT) (EventID: 5596) (User: )
Description: FILESTREAM feature configuration might be inconsistent. Use the sp_filestream_configure stored procedure to reset the configuration.

Error: (01/20/2017 09:07:31 AM) (Source: MSSQLServerADHelper100) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (01/20/2017 09:07:20 AM) (Source: Aktualizacja Programu Płatnik) (EventID: 0) (User: )
Description: Service cannot be started. Nieprawidłowe dojście

Error: (01/20/2017 06:12:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query " SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA " Win32_Processor " AND TargetInstance.LoadPercentage & gt; 99 " could not be reactivated in namespace " //./root/CIMV2 " because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 06:11:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: AutoKMS.exe, wersja: 2.6.0.0, sygnatura czasowa: 0x562603f9
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.23572, sygnatura czasowa: 0x57fd0696
Kod wyjątku: 0xe0434352
Przesunięcie błędu: 0x000000000001a06d
Identyfikator procesu powodującego błąd: 0x638
Godzina uruchomienia aplikacji powodującej błąd: 0x01d272db652133fa
Ścieżka aplikacji powodującej błąd: C:\Windows\AutoKMS\AutoKMS.exe
Ścieżka modułu powodującego błąd: C:\Windows\system32\KERNELBASE.dll
Identyfikator raportu: ee5588ac-dece-11e6-b02e-0019996d7d97

Error: (01/20/2017 06:11:15 AM) (Source: MSSQL$INSERTGT) (EventID: 5596) (User: )
Description: FILESTREAM feature configuration might be inconsistent. Use the sp_filestream_configure stored procedure to reset the configuration.

Error: (01/20/2017 06:11:14 AM) (Source: Aktualizacja Programu Płatnik) (EventID: 0) (User: )
Description: Service cannot be started. Nieprawidłowe dojście

Dziennik System:
=============
Error: (01/20/2017 09:11:08 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący błąd:
Odmowa dostępu.
.

Error: (01/20/2017 09:11:08 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący błąd:
Odmowa dostępu.
.

Error: (01/20/2017 09:11:08 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący błąd:
Odmowa dostępu.
.

Error: (01/20/2017 09:07:31 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Usługa SQL Active Directory Helper Service zakończyła działanie; wystąpił specyficzny dla niej błąd %%-1073741724.

Error: (01/20/2017 09:07:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi CdaC15BA z powodu następującego błędu:
Nastąpiło zablokowanie ładowania sterownika

Error: (01/20/2017 09:07:07 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Ładowanie sterownika \??\C:\Windows\SysWow64\drivers\CDAC15BA.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.

Error: (01/20/2017 09:04:47 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie:
Jedno wystąpienie usługi już działa.
.

Error: (01/20/2017 09:04:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Office Software Protection Platform niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (01/20/2017 09:04:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Intel(R) Management and Security Application User Notification Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (01/20/2017 09:04:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

==================== Statystyki pamięci ===========================

Procesor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Procent pamięci w użyciu: 54%
Całkowita pamięć fizyczna: 3740.23 MB
Dostępna pamięć fizyczna: 1691.9 MB
Całkowita pamięć wirtualna: 7478.65 MB
Dostępna pamięć wirtualna: 5625.77 MB

==================== Dyski ================================

Drive c: (Windows) (Fixed) (Total:143.94 GB) (Free:76.41 GB) NTFS == & gt; [dysk z komponentami startowymi (pozyskano odczytując BCD)]
Drive e: () (Removable) (Total:0.95 GB) (Free:0.38 GB) FAT

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 5109FFC1)
Partition 1: (Not Active) - (Size=5.1 GB) - (Type=27)
Partition 2: (Active) - (Size=143.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 971 MB) (Disk ID: 01BADB59)
Partition 1: (Active) - (Size=971 MB) - (Type=06)

==================== Koniec Addition.txt ============================