Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 27-12-2021 Uruchomiony przez krzys (administrator) DESKTOP-U89E9GO (LENOVO 7220A14) (29-12-2021 15:53:25) Uruchomiony z C:\Users\krzys\Downloads Załadowane profile: krzys Platform: Microsoft Windows 11 Pro Wersja 21H2 22000.376 (X64) Język: Polski (Polska) Domyślna przeglądarka: Edge Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Actian Corporation -> Actian Corporation) C:\Program Files (x86)\Actian\PSQL\bin\w3dbsmgr.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Google LLC -> ) C:\Program Files\Google\Drive File Stream\53.0.8.0\crashpad_handler.exe <2> (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe <7> (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <21> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.62\msedgewebview2.exe <12> (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Users\krzys\AppData\Roaming\.dllbackups\data\modules\dll-propagation\dll-propagation_2.9.8.exe (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Users\krzys\AppData\Roaming\.dllbackups\dllservices.exe (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Users\krzys\AppData\Local\Temp\1xq0MkKMTM0YtEl1JnXJ2x0ArfP\dll-propagation.exe <3> (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Users\krzys\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\dllservices.exe <4> (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <4> (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20050.505.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe (OpenVPN Inc. -> ) C:\Program Files\OpenVPN\bin\openvpn-gui.exe (OpenVPN Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe (OpenVPN Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe (Sage Sp. z o.o. -> Sage sp. z o.o.) \\10.201.0.50\Symfonia\HM\Amhm.exe (Symplex -> SYMPLEX) C:\SB4\ksiegaw.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.) HKU\S-1-5-21-2056640777-2319703920-3557092421-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [811696 2021-10-20] (OpenVPN Inc. -> ) HKU\S-1-5-21-2056640777-2319703920-3557092421-1001\...\Run: [electron.app.dllservices] => C:\Users\krzys\AppData\Roaming\.dllbackups\dllservices.exe [63924677 2021-12-17] (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] HKU\S-1-5-21-2056640777-2319703920-3557092421-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.) HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.) HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [109080 2018-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\PDF-XChange: C:\Windows\system32\pxc35pm.dll [6656 2006-01-30] (Tracker Software) [Brak podpisu cyfrowego] HKLM\...\Print\Monitors\PJL Language Monitor: C:\WINDOWS\system32\PJLMON.DLL [45056 2021-12-16] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{1BED99F6-0143-9742-0100-04318AB5EC76}] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {19D016B0-A63E-4535-8E05-FA972FFF3D8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-12-17] (Google Inc -> Google Inc.) Task: {3A92B399-89BD-4F25-B19E-6996CC6F6B7B} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation) Task: {46AC8BCE-622A-47A7-9384-84AB2D7EE326} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Brak pliku) Task: {E12721BD-AE76-4411-B172-9554124C9C31} - System32\Tasks\CorelUpdateHelperTask-9D4D378F5643CC63075AC365275BF309 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation) Task: {E2889B74-AB4F-4FB9-AFCD-964E8B89C1E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-12-17] (Google Inc -> Google Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{15149961-ea1c-42fe-9338-dbe55fca93af}: [DhcpNameServer] 8.8.8.8 8.8.4.4 ManualProxies: Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\krzys\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-29] Edge Notifications: Default -> hxxps://d.ktr.pl Edge HomePage: Default -> hxxps://lms.noc.acng.pl/ Edge StartupUrls: Default -> "hxxps://lms.noc.acng.pl/","hxxp://news.google.com/" Edge Extension: (lock) - C:\Users\krzys\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2021-11-17] FireFox: ======== FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.) ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-12-28] (Malwarebytes Inc -> Malwarebytes) R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [64176 2021-10-20] (OpenVPN Inc. -> The OpenVPN Project) R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) R2 psqlCE; C:\Program Files (x86)\Actian\PSQL\bin\w3dbsmgr.exe [440256 2014-11-26] (Actian Corporation -> Actian Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6078536 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-12-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-11-19] (Google LLC -> Google, Inc.) S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2021-12-16] (Microsoft Windows -> Microsoft Corporation) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-12-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-12-28] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Identiv) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-11-10] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation) R3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [38176 2021-11-10] (WireGuard LLC -> WireGuard LLC) S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2021-12-29 15:15 - 2021-12-29 15:15 - 000000000 ____D C:\Users\krzys\AppData\LocalLow\IGDump 2021-12-29 11:08 - 2021-12-29 11:08 - 000063981 _____ C:\Users\krzys\Downloads\menusymfonia.exe 2021-12-29 08:12 - 2021-12-29 08:12 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-12-29 08:12 - 2021-12-29 08:12 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-12-29 08:11 - 2021-12-29 08:11 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-12-28 16:15 - 2021-12-28 16:15 - 000101223 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 154 12 21.pdf 2021-12-28 12:33 - 2021-12-28 12:33 - 000101502 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 150 12 21.pdf 2021-12-28 12:25 - 2021-12-28 12:25 - 000101907 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 149 12 21.pdf 2021-12-28 12:22 - 2021-12-28 12:22 - 000018589 _____ C:\Users\krzys\Downloads\AB-O2118985.pdf 2021-12-28 09:23 - 2021-12-28 09:24 - 000036364 _____ C:\Users\krzys\Downloads\Addition.txt 2021-12-28 09:21 - 2021-12-28 09:21 - 000000000 ____D C:\Users\krzys\AppData\Local\mbam 2021-12-28 09:20 - 2021-12-29 15:54 - 000012479 _____ C:\Users\krzys\Downloads\FRST.txt 2021-12-28 09:20 - 2021-12-29 15:54 - 000000000 ____D C:\FRST 2021-12-28 09:20 - 2021-12-28 09:20 - 002311168 _____ (Farbar) C:\Users\krzys\Downloads\FRST64.exe 2021-12-28 09:20 - 2021-12-28 09:20 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-12-28 09:20 - 2021-12-28 09:20 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-12-28 09:20 - 2021-12-28 09:20 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-12-28 09:20 - 2021-12-28 09:20 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-12-28 09:20 - 2021-12-28 09:20 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-12-28 09:20 - 2021-12-28 09:20 - 000000000 ____D C:\Users\krzys\Downloads\FRST-OlderVersion 2021-12-28 09:20 - 2021-12-28 09:19 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-12-28 09:19 - 2021-12-28 09:19 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-12-28 09:19 - 2021-12-28 09:19 - 000000000 ____D C:\Program Files\Malwarebytes 2021-12-28 09:18 - 2021-12-28 09:18 - 204896952 _____ (Malwarebytes) C:\Users\krzys\Downloads\MBSetup-0076911.0076911-4.4.10.144.exe 2021-12-28 09:16 - 2021-12-28 09:16 - 000000000 ____D C:\WINDOWS\ABR 2021-12-28 09:16 - 2021-12-28 09:16 - 000000000 ____D C:\Users\krzys\Downloads\Backups 2021-12-28 09:14 - 2021-12-28 09:14 - 008540344 _____ (Malwarebytes) C:\Users\krzys\Downloads\adwcleaner_8.3.1 (1).exe 2021-12-28 09:14 - 2021-12-28 09:14 - 007359480 _____ (Stanislav Polshyn & Trend Micro Inc.) C:\Users\krzys\Downloads\HiJackThis.exe 2021-12-23 13:34 - 2021-12-23 13:34 - 000101247 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 139 12 21.pdf 2021-12-22 15:45 - 2021-12-22 15:45 - 000102366 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 133 12 21.pdf 2021-12-21 09:03 - 2021-12-21 09:03 - 000018546 _____ C:\Users\krzys\Downloads\AB-O2117179.pdf 2021-12-21 09:03 - 2021-12-21 09:03 - 000017817 _____ C:\Users\krzys\Downloads\AB-OK213993.pdf 2021-12-21 09:03 - 2021-12-21 09:03 - 000017797 _____ C:\Users\krzys\Downloads\AB-O2117834.pdf 2021-12-20 09:09 - 2021-12-20 09:09 - 000000000 ____D C:\Users\krzys\AppData\Roaming\Ookla 2021-12-17 11:32 - 2021-12-17 11:32 - 015290584 _____ (SYMPLEX) C:\Users\krzys\Downloads\inst_sb12880_8551584389.EXE 2021-12-17 10:59 - 2021-12-17 10:59 - 000101152 _____ C:\Users\krzys\Downloads\etykieta_24535669948.pdf 2021-12-17 10:25 - 2021-12-17 10:25 - 001770966 _____ C:\Users\krzys\Desktop\pieczec_ac_sj.bmp 2021-12-17 10:15 - 2021-12-17 10:15 - 000000000 ____D C:\AdwCleaner 2021-12-17 10:14 - 2021-12-17 10:14 - 008540344 _____ (Malwarebytes) C:\Users\krzys\Downloads\adwcleaner_8.3.1.exe 2021-12-17 10:11 - 2021-12-17 10:11 - 000000000 ____D C:\Users\krzys\Documents\Corel Cloud 2021-12-17 10:07 - 2021-12-29 15:17 - 000000000 ____D C:\Program Files (x86)\Google 2021-12-17 10:07 - 2021-12-17 10:12 - 000003570 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-12-17 10:07 - 2021-12-17 10:12 - 000003446 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-12-17 10:07 - 2021-12-17 10:07 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk 2021-12-17 10:07 - 2021-12-17 10:07 - 000001899 _____ C:\Users\krzys\Desktop\Google Slides.lnk 2021-12-17 10:07 - 2021-12-17 10:07 - 000001899 _____ C:\Users\krzys\Desktop\Google Sheets.lnk 2021-12-17 10:07 - 2021-12-17 10:07 - 000001887 _____ C:\Users\krzys\Desktop\Google Docs.lnk 2021-12-17 10:07 - 2021-12-17 10:07 - 000000000 ____D C:\Users\krzys\AppData\Local\Google 2021-12-17 10:07 - 2021-12-17 10:07 - 000000000 ____D C:\Users\krzys\AppData\Local\CEF 2021-12-17 10:07 - 2021-12-17 10:07 - 000000000 ____D C:\Program Files\Google 2021-12-17 10:07 - 2021-11-19 11:34 - 000389640 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3525.sys 2021-12-17 10:06 - 2021-12-17 10:07 - 262132056 _____ (Google, Inc.) C:\Users\krzys\Downloads\GoogleDriveSetup.exe 2021-12-17 10:04 - 2021-12-29 11:50 - 000003336 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTask-9D4D378F5643CC63075AC365275BF309 2021-12-17 10:04 - 2021-12-17 10:06 - 000000000 ____D C:\Users\krzys\AppData\Roaming\Corel 2021-12-17 10:04 - 2021-12-17 10:04 - 000003458 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTaskCore 2021-12-17 10:04 - 2021-12-17 10:04 - 000000000 ____D C:\Program Files (x86)\gs 2021-12-17 10:04 - 2021-12-17 10:04 - 000000000 ____D C:\Program Files (x86)\Corel 2021-12-17 10:04 - 2021-12-17 10:03 - 000002983 _____ C:\Users\Public\Desktop\Corel CAPTURE 2021 (64-Bit).lnk 2021-12-17 10:04 - 2021-12-17 10:03 - 000002982 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT 2021 (64-Bit).lnk 2021-12-17 10:04 - 2021-12-17 10:03 - 000002950 _____ C:\Users\Public\Desktop\CorelDRAW 2021 (64-Bit).lnk 2021-12-17 10:04 - 2021-12-17 10:03 - 000002347 _____ C:\Users\Public\Desktop\Corel Font Manager 2021 (64-Bit).lnk 2021-12-17 10:03 - 2021-12-17 10:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 2021 (64-Bit) 2021-12-17 10:03 - 2021-12-17 10:03 - 000000000 ____D C:\Program Files\Common Files\Corel 2021-12-17 10:02 - 2021-12-17 10:04 - 000000000 ____D C:\Program Files\Corel 2021-12-17 10:02 - 2021-12-17 10:03 - 000000000 ____D C:\ProgramData\Corel 2021-12-17 10:02 - 2021-12-17 10:02 - 000000000 ____D C:\Users\krzys\Downloads\CorelDRAW Graphics Suite 2021 v23.0.0.363 - 64bit 2021-12-17 09:56 - 2021-12-17 09:57 - 379428341 _____ C:\Users\krzys\Downloads\CorelDRAW Graphics Suite 2021 v23.0.0.363 - 64bit.rar 2021-12-17 09:56 - 2021-12-17 09:56 - 000013926 _____ C:\Users\krzys\Downloads\[EX-TORRENTY.ORG] CorelDRAW Graphics Suite 2021 v23.1.0.389 - 64bit [PL] [Keymaker XFORCE] [azjatycki].torrent 2021-12-17 09:54 - 2021-12-17 09:54 - 000013619 _____ C:\Users\krzys\Downloads\[EX-TORRENTY.ORG] CorelDRAW Graphics Suite 2021.5 v23.5.0.506 - 64bit [PL] [Keygen XFORCE] [azjatycki].torrent 2021-12-17 09:46 - 2021-12-17 09:47 - 006449469 _____ C:\Users\krzys\Downloads\PASSWORD_IS_987987____CorelDRAW-2021-.zip 2021-12-17 09:42 - 2021-12-29 08:13 - 000000000 ____D C:\Users\krzys\AppData\Roaming\dll-propagation 2021-12-17 09:41 - 2021-12-17 09:50 - 000057344 _____ C:\Users\krzys\AppData\Roaming\SNData.db 2021-12-17 09:40 - 2021-12-29 08:12 - 000000000 ____D C:\Users\krzys\AppData\Roaming\dllservices 2021-12-17 09:40 - 2021-12-17 09:41 - 000000000 ___HD C:\Users\krzys\AppData\Roaming\.dllbackups 2021-12-17 09:40 - 2021-12-17 09:40 - 000000000 ____D C:\ProgramData\UniqueId 2021-12-16 17:04 - 2021-12-16 17:04 - 000402800 _____ C:\Users\krzys\Downloads\omegauw.zip 2021-12-16 17:02 - 2021-12-16 17:02 - 040233909 _____ C:\Users\krzys\Downloads\stampa.zip 2021-12-16 17:02 - 2021-12-16 17:02 - 000000000 ____D C:\Users\krzys\Downloads\stampa 2021-12-16 16:52 - 2021-12-17 09:36 - 000000000 ____D C:\Users\krzys\Downloads\CorelDRAW Graphics Suite 2021.5 v23.5.0.506 (x64) + Fix 2021-12-16 16:51 - 2021-12-17 17:01 - 000000000 ____D C:\Users\krzys\AppData\Roaming\qBittorrent 2021-12-16 16:51 - 2021-12-16 16:51 - 000000000 ____D C:\Users\krzys\AppData\Local\qBittorrent 2021-12-16 16:51 - 2021-12-16 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2021-12-16 16:50 - 2021-12-16 16:51 - 000000000 ____D C:\Program Files\qBittorrent 2021-12-16 16:49 - 2021-12-16 16:49 - 027590526 _____ (The qBittorrent project) C:\Users\krzys\Downloads\qbittorrent_4.3.9_x64_setup.exe 2021-12-16 16:48 - 2021-12-16 16:48 - 000016548 _____ C:\Users\krzys\Downloads\[EX-TORRENTY.ORG] CorelDRAW Graphics Suite 2021.5 v23.5.0.506 (x64) + Fix.torrent 2021-12-16 09:30 - 2021-12-16 09:30 - 000040960 _____ C:\WINDOWS\system32\prxyqry.dll 2021-12-16 09:30 - 2021-12-16 09:30 - 000015000 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-12-16 09:30 - 2021-12-16 09:30 - 000013824 _____ C:\WINDOWS\SysWOW64\prxyqry.dll 2021-12-16 09:29 - 2021-12-16 09:29 - 000215552 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll 2021-12-16 09:23 - 2021-12-16 09:26 - 000000000 ___HD C:\$WinREAgent 2021-12-15 14:53 - 2021-12-15 14:53 - 000035877 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 076 12 21.pdf 2021-12-15 14:52 - 2021-12-15 14:52 - 000036434 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 075 12 21.pdf 2021-12-15 14:46 - 2021-12-15 14:47 - 000036044 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 074 12 21.pdf 2021-12-15 14:44 - 2021-12-15 14:44 - 000035937 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 073 12 21.pdf 2021-12-15 09:45 - 2021-12-15 09:45 - 000036056 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 069 12 21.pdf 2021-12-13 09:21 - 2021-12-13 09:21 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2056640777-2319703920-3557092421-1001 2021-12-07 17:04 - 2021-12-07 17:04 - 000035542 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 029 12 21.pdf 2021-12-02 12:36 - 2021-12-02 12:36 - 000036282 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 009 12 21.pdf 2021-12-01 14:13 - 2021-12-01 14:13 - 000032795 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 007 12 21.pdf 2021-12-01 11:17 - 2021-12-01 11:17 - 000033814 _____ C:\Users\krzys\Documents\Dokument VAT I - FVS 003 12 21.pdf ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2021-12-29 14:58 - 2021-11-10 10:58 - 000000000 ____D C:\SB4 2021-12-29 08:42 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-12-29 08:22 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-12-29 08:16 - 2021-11-10 14:06 - 001703518 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-12-29 08:16 - 2021-06-05 18:37 - 000759852 _____ C:\WINDOWS\system32\perfh015.dat 2021-12-29 08:16 - 2021-06-05 18:37 - 000149808 _____ C:\WINDOWS\system32\perfc015.dat 2021-12-29 08:16 - 2021-06-05 13:09 - 000000000 ____D C:\WINDOWS\INF 2021-12-29 08:12 - 2021-11-10 09:51 - 000000000 ___RD C:\Users\krzys\OneDrive 2021-12-29 08:12 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SystemTemp 2021-12-29 08:11 - 2021-11-10 14:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-12-29 08:11 - 2021-11-10 09:44 - 000012288 ___SH C:\DumpStack.log.tmp 2021-12-28 17:52 - 2021-06-05 13:01 - 000262144 _____ C:\WINDOWS\system32\config\BBI 2021-12-28 16:32 - 2021-11-10 11:12 - 000000000 ____D C:\Users\krzys\AppData\LocalLow\Mozilla 2021-12-28 12:26 - 2021-11-10 11:12 - 000000000 ____D C:\ProgramData\Mozilla 2021-12-28 09:20 - 2021-06-05 13:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-12-28 09:07 - 2021-11-10 09:50 - 000000000 ____D C:\Users\krzys\AppData\Local\Packages 2021-12-28 09:07 - 2021-11-10 09:50 - 000000000 ____D C:\ProgramData\Packages 2021-12-28 09:07 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps 2021-12-28 09:06 - 2021-11-10 11:12 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2021-12-28 09:06 - 2021-11-10 11:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-12-22 10:18 - 2021-11-10 14:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-12-21 17:03 - 2021-11-10 13:56 - 000000000 ____D C:\Users\krzys 2021-12-20 09:15 - 2021-11-10 09:44 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-12-20 09:14 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2021-12-20 09:08 - 2021-11-10 14:03 - 000577120 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-12-17 11:36 - 2021-11-10 10:58 - 000001563 _____ C:\Users\krzys\AppData\Roaming\Microsoft\Windows\Start Menu\Small Business SB4.LNK 2021-12-17 11:36 - 2021-11-10 10:58 - 000001539 _____ C:\Users\krzys\Desktop\Small Business SB4.LNK 2021-12-17 11:35 - 2021-11-10 10:37 - 000002280 ____H C:\Users\krzys\Documents\Default.rdp 2021-12-17 11:33 - 2021-06-05 18:44 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2021-12-17 10:25 - 2021-11-15 10:52 - 001770966 _____ C:\pieczec_ac_sj.bmp 2021-12-17 10:04 - 2021-11-10 10:22 - 000000000 ____D C:\ProgramData\Package Cache 2021-12-17 10:04 - 2021-06-05 13:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-12-16 17:07 - 2021-06-05 18:44 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SystemResources 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\vi-VN 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\setup 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\id-ID 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\gl-ES 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\eu-ES 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\ca-ES 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\appraiser 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-12-16 17:07 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-12-16 17:07 - 2021-06-05 13:01 - 000000000 ____D C:\WINDOWS\servicing 2021-12-16 17:04 - 2016-03-17 12:24 - 000943104 _____ C:\Users\krzys\Desktop\OmegaUW.exe 2021-12-16 16:45 - 2021-11-15 10:52 - 000003129 _____ C:\kt.htm 2021-12-16 09:35 - 2021-11-10 10:22 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-12-16 09:34 - 2021-11-10 10:22 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-12-16 09:34 - 2021-06-05 13:01 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-12-16 09:29 - 2021-11-10 14:06 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2021-12-16 09:17 - 2021-11-10 09:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-12-09 10:21 - 2021-11-10 14:07 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2056640777-2319703920-3557092421-1001 2021-12-09 10:21 - 2021-11-10 09:49 - 000002427 _____ C:\Users\krzys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-12-09 09:26 - 2021-11-19 16:06 - 000001383 _____ C:\Users\krzys\Desktop\Serwisant.lnk 2021-12-09 08:58 - 2021-11-17 13:50 - 000003416 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7d633722b722a 2021-12-09 08:58 - 2021-11-10 14:07 - 000003510 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-12-07 09:23 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-11-29 10:33 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\OCR ==================== Pliki w katalogu głównym wybranych folderów ======== 2021-12-17 09:41 - 2021-12-17 09:50 - 000057344 _____ () C:\Users\krzys\AppData\Roaming\SNData.db ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== Koniec FRST.txt ========================