Solved Trojan: Win32/Xadupi

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

undertaker

PCHF Member
PCHF Member
Jun 4, 2019
8
2
34
Hi guys,

I guess I need your help. Windows Defender has found a Trojan Win32/Xadupi, i have removed it, but after restart it was back again.
I post logs from FRST below - unfortunately I got them in my native language - Polish. Hope you are still able to help? :giggle:
Please don't hesitate to ask questions if you need transaltion.

FRST.txt :

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 04-06-2019
Uruchomiony przez Piotr (administrator) PIOTR (Hewlett-Packard HP ProBook 450 G1) (04-06-2019 20:55:07)
Uruchomiony z C:\Users\Piotr\Desktop
Załadowane profile: Piotr (Dostępne profile: Piotr)
Platform: Windows 10 Home Wersja 1511 10586.545 (X64) Język: Polski (Polska)
Domyślna przeglądarka: Edge
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

() [Brak podpisu cyfrowego] C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) [Brak podpisu cyfrowego] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(IDT, Inc.) [Brak podpisu cyfrowego] C:\Program Files\IDT\WDM\stacsv64.exe
(IDT, Inc.) [Brak podpisu cyfrowego] C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) [Brak podpisu cyfrowego] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Corporation -> Malwarebytes) D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\Piotr\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Mozilla Corporation -> Mozilla Corporation) D:\Zainstalowane programy\Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) D:\Zainstalowane programy\Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) D:\Zainstalowane programy\Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) D:\Zainstalowane programy\Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) D:\Zainstalowane programy\Firefox\firefox.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\assistant\browser_assistant.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Validity Sensors, Inc -> Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe

==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-09-04] (IDT, Inc.) [Brak podpisu cyfrowego]
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [2312792 2019-05-23] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Run: [OneDrive] => "C:\Users\Piotr\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Run: [BingSvc] => C:\Users\Piotr\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Run: [Spybot-S&D Cleaning] => D:\Zainstalowane programy\SpybotPortable\App\Spybot\SDCleaner.exe [4594552 2015-06-17] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [Brak podpisu cyfrowego]
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Run: [NetBalancer] => D:\Zainstalowane programy\NetBalancer\SeriousBit.NetBalancer.Tray.exe
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\MountPoints2: {76fac55f-b3dc-11e5-825c-18cf5e306948} - "G:\.\StartModem.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-30] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2015-12-19]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {1D6725B9-7C81-4F8D-B1D1-E1F25EECFA2C} - System32\Tasks\Opera scheduled assistant Autoupdate 1547133333 => C:\Program Files (x86)\Opera\launcher.exe [1301592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [39936 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {3195B162-97E8-496F-A50C-D59A8E4DDE7F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {349B445C-8A98-4453-976C-178D2178CEB1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {3DFCDCE4-5E9C-4068-B98F-E5FE97CE5A8B} - Brak ścieżki do pliku
Task: {45561755-0BB2-49DF-9B3C-3F0CEB4AB61E} - System32\Tasks\Microsoft\Windows\WS\Badge Update => {00CCDDF6-5107-424D-853D-3907AE5502DC}
Task: {4F4D8284-0BC5-47EA-BEF6-3EED862284AC} - Brak ścieżki do pliku
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32768 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [39936 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {80E1C2ED-121D-4178-AACF-046B267A1B99} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-19] (Adobe Inc. -> Adobe)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {946CE320-2A0D-4801-8C1C-7C10DF127CDE} - Brak ścieżki do pliku
Task: {955E8D5B-0718-411A-9D8F-83454788272B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update => {A6BA00FE-40E8-477C-B713-C64A14F18ADB} C:\Windows\System32\wuautoappupdate.dll [33280 2016-03-29] (Microsoft Windows -> Microsoft Corporation)
Task: {95B15CEA-750C-4B5A-BCF4-75E1D5773782} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1175040 2015-11-19] () [Brak podpisu cyfrowego]
Task: {9C6F5899-596E-4445-A142-A54D4DF969E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {9C8E21C9-6AB1-4D66-8DF5-73AF5359B24E} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses => {10F591BE-3C84-418A-86DD-BAA002E2F36E}
Task: {9D6CC196-F399-4000-8C8E-FA5E2706E2DB} - Brak ścieżki do pliku
Task: {A5D08D33-48AE-43FF-A0E3-4B703CD3E1A4} - Brak ścieżki do pliku
Task: {A7A9B815-C63E-4885-959B-CC536A7BDBEF} - Brak ścieżki do pliku
Task: {C7F9D6C6-5D79-4FBC-A1D4-D3F1E0EF655A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-02] (Google Inc -> Google Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D322A23A-C264-4E9A-B255-33782C43BE99} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Piotr\Downloads\adwcleaner_7.3.exe [7025360 2019-06-04] (Malwarebytes Corporation -> Malwarebytes)
Task: {E509FFD3-2D4D-4C32-8880-635891D9DF8A} - System32\Tasks\{B53817F9-E77C-4773-854F-276034D8F48B} => C:\WINDOWS\system32\pcalua.exe -a "D:\Zainstalowane programy\win64_154025.4464.exe" -d "D:\Zainstalowane programy"
Task: {EBC20FDA-2541-44E0-920C-99EE0C0E5BEC} - System32\Tasks\Opera scheduled Autoupdate 1449074856 => C:\Program Files (x86)\Opera\launcher.exe [1301592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {F86A569D-D143-4D49-B034-C8CC92D67F20} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {FACF3865-06FF-4C17-B2DF-B9A6A9268C55} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_pepper.exe [1452600 2019-04-19] (Adobe Inc. -> Adobe)
Task: {FC633E7A-B9D2-4983-BE93-425815F3AEDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-02] (Google Inc -> Google Inc.)
Task: {FDFF09EC-FD80-40C4-B9E6-D66D6EF26739} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-19] (Adobe Inc. -> Adobe)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{4e8d123d-f05a-48c1-8608-b67605f3653f}: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{8f94b0c0-4256-4ba2-8568-770a612bc4a2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9541afd2-cebb-4b84-9ade-58041b2790ed}: [NameServer] 194.239.134.83 193.162.153.164
Tcpip\..\Interfaces\{ad9a20d8-1a55-44f7-ac16-5097883e989c}: [NameServer] 194.239.134.83 193.162.153.164

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130947392450772176&GUID=488C669A-F441-4FEB-952A-F17C7E337534
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130947392451027811&GUID=488C669A-F441-4FEB-952A-F17C7E337534
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2520020342-3197839907-3958264092-1001 -> hxxp://www.google.com

FireFox:
========
FF DefaultProfile: kgtrohkh.default
FF ProfilePath: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\kgtrohkh.default [2019-06-04]
FF user.js: detected! => C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\kgtrohkh.default\user.js [2015-12-14]
FF Homepage: Mozilla\Firefox\Profiles\kgtrohkh.default -> hxxp://www.onet.pl/
FF NewTab: Mozilla\Firefox\Profiles\kgtrohkh.default -> hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ff_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_72704653_1201_1403_20160427_DK_ff_nt_
FF Extension: (English (US) Language Pack) - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\kgtrohkh.default\Extensions\[email protected] [2019-06-02]
FF Extension: (Video DownloadHelper) - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\kgtrohkh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-05-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-19] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-19] (Adobe Inc. -> )
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-30] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-30] (Google Inc -> Google LLC)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxp://onet.pl/"
CHR DefaultSearchURL: Default -> hxxps://www.amazon.com/websearch/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> amazon
CHR Profile: C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default [2019-06-04]
CHR Extension: (Prezentacje) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-07]
CHR Extension: (Dokumenty) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-07]
CHR Extension: (Dysk Google) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02]
CHR Extension: (Lærdansk EduLife) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbljgbbjangdpgenohkmonoclkhicjd [2016-02-07]
CHR Extension: (YouTube) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]
CHR Extension: (Google Search) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-03-18]
CHR Extension: (Arkusze) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-06-04]
CHR Extension: (Skype) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-01-07]
CHR Extension: (AppWriter Cloud) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lokadhdaghfjbmailhhenifjejpokche [2019-06-04]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (Gmail) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-04]
CHR Extension: (Chrome Media Router) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-04]
CHR HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://onet.pl/"
OPR Extension: (CyberGhost VPN - Free Proxy) - C:\Users\Piotr\AppData\Roaming\Opera Software\Opera Stable\Extensions\mapjiibffmopkdcncmaifgdjjiooifnn [2016-01-30]

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company -> Hewlett-Packard Company) [Brak podpisu cyfrowego]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-06-17] (Intel(R) pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Brak podpisu cyfrowego]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [188472 2019-01-18] (SeriousBit Srl -> SeriousBit)
S4 SDScannerService; D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S4 SDUpdateService; D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S4 SDWSCService; D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339968 2013-09-04] (IDT, Inc.) [Brak podpisu cyfrowego]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation -> Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43320 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4320280 2015-09-21] (WDKTestCert qcaswbld,130129545209614653 -> Qualcomm Atheros Communications, Inc.)
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 bmfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [40448 2014-07-30] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 bmusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [239104 2014-07-30] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 bmusbwwan; C:\WINDOWS\System32\drivers\qcusbwwan.sys [478720 2014-07-30] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2019-06-04] (SurfRight B.V. -> )
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [30520 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr.sys [26504 2013-07-22] (Hewlett-Packard Company -> Hewlett-Packard Company)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-04] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R1 nbdrv; C:\WINDOWS\system32\DRIVERS\nbdrv.sys [42128 2016-01-15] (SeriousBit Srl -> SeriousBit)
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-04] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [760832 2016-03-09] (Sunplus Innovation Technology Inc. -> Sunplus)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-09-04] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.3.14\Definitions\SDSDefs\20170721.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.3.14\Definitions\SDSDefs\20170721.001\NAVEX15.SYS [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc (utworzone) ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2019-06-04 20:55 - 2019-06-04 20:57 - 000033052 _____ C:\Users\Piotr\Desktop\FRST.txt
2019-06-04 20:54 - 2019-06-04 20:55 - 000000000 ____D C:\FRST
2019-06-04 20:47 - 2019-06-04 20:54 - 002416640 _____ (Farbar) C:\Users\Piotr\Desktop\FRST64.exe
2019-06-04 20:29 - 2019-06-04 20:35 - 151549096 _____ (Microsoft Corporation) C:\Users\Piotr\Downloads\msert.exe
2019-06-04 19:05 - 2019-06-04 19:05 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-04 19:03 - 2019-06-04 19:03 - 000003244 _____ C:\WINDOWS\system32\.crusader
2019-06-04 18:59 - 2019-06-04 19:05 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2019-06-04 18:40 - 2019-06-04 18:40 - 000003172 _____ C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot
2019-06-04 18:15 - 2019-06-04 19:03 - 000000000 ____D C:\ProgramData\HitmanPro
2019-06-04 18:15 - 2019-06-04 18:15 - 000000000 ____D C:\Program Files\HitmanPro
2019-06-04 18:14 - 2019-06-04 18:15 - 011535320 _____ (SurfRight B.V.) C:\Users\Piotr\Downloads\HitmanPro_x64.exe
2019-06-04 18:10 - 2019-06-04 18:40 - 000000000 ____D C:\AdwCleaner
2019-06-04 18:09 - 2019-06-04 18:10 - 007025360 _____ (Malwarebytes) C:\Users\Piotr\Downloads\adwcleaner_7.3.exe
2019-06-04 17:14 - 2019-06-04 19:06 - 000000713 _____ C:\Users\Piotr\Desktop\ESET Online Scanner.lnk
2019-06-04 17:14 - 2019-06-04 17:14 - 007990296 _____ (ESET spol. s r.o.) C:\Users\Piotr\Downloads\esetonlinescanner_plk.exe
2019-06-04 17:14 - 2019-06-04 17:14 - 000000812 _____ C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-05-30 20:11 - 2019-06-03 19:33 - 000000120 _____ C:\Users\Piotr\Desktop\h.txt
2019-05-30 18:32 - 2019-06-03 21:02 - 000000329 _____ C:\Users\Piotr\Desktop\oslony iphone.txt

==================== Jeden miesiąc (zmodyfikowane) ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2019-06-04 20:45 - 2016-11-24 20:37 - 000000000 ____D C:\Users\Piotr\AppData\LocalLow\Mozilla
2019-06-04 19:12 - 2015-12-01 19:57 - 001845594 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-04 19:12 - 2015-10-30 21:19 - 000818302 _____ C:\WINDOWS\system32\perfh015.dat
2019-06-04 19:12 - 2015-10-30 21:19 - 000157970 _____ C:\WINDOWS\system32\perfc015.dat
2019-06-04 19:12 - 2015-10-30 09:21 - 000000000 ____D C:\WINDOWS\INF
2019-06-04 19:06 - 2016-01-11 21:47 - 000414208 ___SH C:\Users\Piotr\Desktop\Thumbs.db
2019-06-04 19:06 - 2015-12-01 20:29 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-06-04 19:06 - 2015-12-01 20:29 - 000000000 __SHD C:\Users\Piotr\IntelGraphicsProfiles
2019-06-04 19:05 - 2015-12-01 19:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-04 19:04 - 2015-10-30 08:28 - 001048576 ___SH C:\WINDOWS\system32\config\BBI
2019-06-04 19:03 - 2016-03-19 12:16 - 000000000 ____D C:\Users\Piotr\AppData\Roaming\AIMP
2019-06-03 17:53 - 2015-12-02 18:44 - 000000000 ____D C:\Program Files (x86)\Opera
2019-06-03 16:41 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-06-01 17:46 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-01 14:06 - 2018-06-11 18:44 - 000001390 _____ C:\Users\Public\Desktop\Skype.lnk
2019-06-01 14:06 - 2018-01-08 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-05-31 16:23 - 2017-10-08 09:49 - 000000000 ____D C:\Users\Piotr\AppData\Local\CrashDumps
2019-05-31 16:12 - 2015-12-01 06:55 - 000000000 ____D C:\Users\Piotr\AppData\Local\Packages
2019-05-31 16:12 - 2015-10-30 09:24 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-30 18:16 - 2016-02-02 21:56 - 000002314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-30 18:16 - 2016-02-02 21:56 - 000002273 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-30 17:59 - 2016-02-02 21:55 - 000003568 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-30 17:59 - 2016-02-02 21:55 - 000003444 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-30 17:58 - 2018-10-06 10:01 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-30 17:53 - 2015-12-02 18:47 - 000003992 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1449074856
2019-05-30 17:51 - 2019-01-10 17:15 - 000004174 _____ C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1547133333

==================== Pliki w katalogu głównym wybranych folderów =======

2016-11-02 18:11 - 2016-08-29 17:32 - 000000218 _____ () C:\Users\Piotr\AppData\Local\recently-used.xbel
2016-06-27 17:13 - 2016-06-27 17:17 - 000007598 _____ () C:\Users\Piotr\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================


(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)


LastRegBack: 2016-09-10 17:18
==================== Koniec FRST.txt ============================


ADDITION.txt

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 04-06-2019
Uruchomiony przez Piotr (04-06-2019 20:57:29)
Uruchomiony z C:\Users\Piotr\Desktop
Windows 10 Home Wersja 1511 10586.545 (X64) (2015-12-01 18:00:15)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-2520020342-3197839907-3958264092-500 - Administrator - Disabled)
Gość (S-1-5-21-2520020342-3197839907-3958264092-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2520020342-3197839907-3958264092-1005 - Limited - Enabled)
Konto domyślne (S-1-5-21-2520020342-3197839907-3958264092-503 - Limited - Disabled)
Piotr (S-1-5-21-2520020342-3197839907-3958264092-1001 - Administrator - Enabled) => C:\Users\Piotr

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
AIMP (HKLM-x32\...\AIMP) (Version: v4.13.1895, 07.05.2017 - AIMP DevTeam)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.0.8014 - Citrix Systems, Inc.)
D-Link Connection Manager v2.0.1EU (HKLM-x32\...\Broad Mobi HSPA Modem Normal Version_is1) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Freelang (HKLM-x32\...\{0F44DC3F-6E62-4AB1-A14B-56223C512F9B}_is1) (Version: 4.3.0.0 - Freelang.net)
Freelang (HKLM-x32\...\{A09E2D66-B931-415C-A9DE-FF030AB5AD77}_is1) (Version: - Freelang)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{A3876D50-4A88-4A34-92E1-5D7BC8F886E1}) (Version: 1.0.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6492.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Kadu 4.3 (HKLM-x32\...\Kadu) (Version: 4.3 - Kadu Team)
K-Lite Codec Pack 11.7.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.0 - )
Malwarebytes (wersja 3.7.1.2839) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x64 pl) (HKLM\...\Mozilla Firefox 42.0 (x64 pl)) (Version: 42.0 - Mozilla)
Mozilla Firefox 67.0 (x64 pl) (HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Mozilla Firefox 67.0 (x64 pl)) (Version: 67.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
NetBalancer (HKLM\...\NetBalancer_is1) (Version: - SeriousBit)
Online Plug-in (HKLM-x32\...\{3D6AA3F8-2977-474E-95EB-4058983C4C0F}) (Version: 14.4.0.8014 - Citrix Systems, Inc.) Hidden
Opera Stable 60.0.3255.109 (HKLM-x32\...\Opera 60.0.3255.109) (Version: 60.0.3255.109 - Opera Software)
Ordbogsprogrammet (HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Ordbogsprogrammet) (Version: 3.1.3 - Ordbogen A/S)
Pakiet sterowników systemu Windows - Intel (NETwNb64) net (09/19/2013 16.5.3.6) (HKLM\...\C105B46C12BF5C68D54DDAA3E4B52509BB082E02) (Version: 09/19/2013 16.5.3.6 - Intel)
Pakiet sterowników systemu Windows - Intel (NETwNe64) net (08/22/2013 15.10.3.2) (HKLM\...\B31B3E354D2F4C3E85B5677527B78DD45B4FF8C2) (Version: 08/22/2013 15.10.3.2 - Intel)
Pakiet sterowników systemu Windows - Intel (NETwNs64) net (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Pakiet sterowników systemu Windows - Intel (NETwNs64) net (08/22/2013 15.9.1.2) (HKLM\...\4366DCA050B272626F1B40732D28F9E6A4562ECD) (Version: 08/22/2013 15.9.1.2 - Intel)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.10667 - Kakao Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Self-service Plug-in (HKLM-x32\...\{1E9FB772-15A9-4077-934C-11C927919D7D}) (Version: 4.4.0.11833 - Citrix Systems, Inc.) Hidden
Skype (wersja 8.46) (HKLM-x32\...\Skype_is1) (Version: 8.46 - Skype Technologies S.A.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{F5850B80-27F9-406E-91D3-1329F813BA63}) (Version: 4.5.130.0 - Validity Sensors, Inc.)
WhatsApp (HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\WhatsApp) (Version: 0.3.1847 - WhatsApp)

Packages:
=========
6,000 Words - Learn Danish for Free with FunEasyLearn -> C:\Program Files\WindowsApps\7834FunEasyLearn.LearnDanish6000Words_1.7.0.0_x64__7gx4vzs52w5bw [2018-12-31] (Fun Easy Learn) [MS Ad]
DevicesFlow -> C:\Windows\DevicesFlow [2016-07-21] (Microsoft Corporation)
Dostawca tożsamości Xbox -> C:\Windows\SystemApps\Microsoft.XboxIdentityProvider_cw5n1h2txyewy [2015-12-01] (Microsoft Corporation)
Duńsko-Polski słownik -> C:\Program Files\WindowsApps\10668Dict.land.DanishPolishdictionary_1.5.1.0_x64__pht0r4cb04wa0 [2018-05-05] (Dict.land) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-12-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-12-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.6.12153.0_x64__8wekyb3d8bbwe [2015-12-19] (Microsoft Studios) [MS Ad]
MSN Finanse -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.7.118.0_x86__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation) [MS Ad]
MSN Pogoda -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.7.118.0_x86__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.7.130.0_x86__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation) [MS Ad]
MSN Wiadomości -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.7.118.0_x86__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-04-29] (Netflix, Inc.)
Opinie o systemie Windows -> C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy [2015-12-01] (Microsoft Corporation)
Poczta i Kalendarz -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe [2016-01-11] (Microsoft Corporation)
Pomocnik telefonu Microsoft -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1511.18010.0_x64__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation)
Purchase Dialog -> C:\Windows\PurchaseDialog [2016-10-23] (Microsoft Corporation)
Telefon Microsoft -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_2.12.2002.0_x64__8wekyb3d8bbwe [2015-12-14] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_4.3.3.0_x86__wgeqdkkx372wm [2015-12-19] (Twitter Inc.)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [Brak podpisu cyfrowego]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => D:\Zainstalowane programy\AIMP3\System\aimp_menu64.dll [2017-06-04] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [Brak podpisu cyfrowego]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => D:\Zainstalowane programy\AIMP3\System\aimp_menu64.dll [2017-06-04] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [Brak podpisu cyfrowego]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Skróty & WMI ========================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)


Shortcut: C:\Users\Piotr\Desktop\DLink Modem.lnk -> C:\Users\Piotr\Desktop\odpalanie modemu.bat ()

==================== Załadowane moduły (filtrowane) ==============

2015-11-18 19:09 - 2015-11-18 19:09 - 002293760 _____ (Apache Software Foundation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Citrix\AuthManager\xerces-c_3_1.dll
2015-12-09 12:45 - 2015-12-09 12:45 - 002293760 _____ (Apache Software Foundation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Citrix\ICA Client\Receiver\xerces-c_3_1.dll
2013-01-23 22:42 - 2013-01-23 22:42 - 001006424 _____ (Hewlett-Packard Company -> Hewlett-Packard Company) [Brak podpisu cyfrowego] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
2013-01-23 22:43 - 2013-01-23 22:43 - 002452824 _____ (Hewlett-Packard Company -> Hewlett-Packard Company) [Brak podpisu cyfrowego] C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll
2014-01-15 14:26 - 2013-09-04 22:08 - 000339968 _____ (IDT, Inc.) [Brak podpisu cyfrowego] C:\Program Files\IDT\WDM\STacSV64.exe
2014-01-15 14:26 - 2013-09-04 22:08 - 001703424 _____ (IDT, Inc.) [Brak podpisu cyfrowego] C:\Program Files\IDT\WDM\sttray64.exe
2016-03-18 22:27 - 2015-12-31 16:15 - 000077312 _____ (Igor Pavlov) [Brak podpisu cyfrowego] C:\Program Files\7-Zip\7-zip.dll
2013-08-27 15:32 - 2013-08-27 15:32 - 000747520 _____ (Intel(R) Corporation) [Brak podpisu cyfrowego] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2013-09-25 03:29 - 2013-09-25 03:29 - 000312448 _____ (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)


==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


2016-01-09 12:03 - 2018-08-01 16:54 - 000000505 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

8.137.239 Windows-Phone.mshome.net # 2016 6 0 12 8 4 6 113
560

==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Piotr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.137.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

Załączenie wejścia w fixlist spowoduje jego usunięcie.

MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{B28D8A35-86CD-45A6-BFD8-99EBE0D8655A}] => (Allow) D:\Zainstalowane programy\Office\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A919A7B-046A-42D2-965F-5BA2A613F6AD}] => (Allow) D:\Zainstalowane programy\Office\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E84CDFDC-C60E-470E-835E-A9E67A579886}] => (Allow) D:\Zainstalowane programy\Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4B12142F-10A7-4889-90A7-2F67DEA2014A}] => (Allow) D:\Zainstalowane programy\Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{CD0F93E8-7D70-41A8-9B3D-75B916C7264A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe Brak pliku
FirewallRules: [UDP Query User{0DEE8D87-9B66-4774-8FB7-5A788813FC7D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe Brak pliku
FirewallRules: [TCP Query User{30B78807-6820-42C0-96B3-2DB34E3B7032}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe Brak pliku
FirewallRules: [{6A423150-08A4-4113-BA5E-E3716D27221E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B06FE77B-9604-4918-993E-5CF3C4F43B2E}] => (Allow) C:\Program Files (x86)\Opera\58.0.3135.132\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{AAD75254-2071-4EE3-90E7-CE3718052F68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B98448A8-605E-444D-9142-A83C99E87B69}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C318CE67-FAE5-46B9-9D8E-6C9498A09E0E}] => (Allow) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{966EDA56-C83A-4802-865C-1B19A2F3E102}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{0701C9B3-54EF-4AD7-A1F1-735CBE8C1506}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4CC6A5B7-506C-46EA-859F-1CCE0E1DDE99}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
StandardProfile\AuthorizedApplications: [D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Punkty Przywracania systemu =========================

UWAGA: Przywracanie systemu jest wyłączone

==================== Wadliwe urządzenia w Menedżerze urządzeń =============


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (06/04/2019 06:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: SeriousBit.NetBalancer.Service.exe, wersja: 9.12.8.0, sygnatura czasowa: 0x5c418ede
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 10.0.10586.494, sygnatura czasowa: 0x5775e4c5
Kod wyjątku: 0xe0434352
Przesunięcie błędu: 0x0000000000071f28
Identyfikator procesu powodującego błąd: 0x216c
Godzina uruchomienia aplikacji powodującej błąd: 0x01d51af57c58dd10
Ścieżka aplikacji powodującej błąd: C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
Ścieżka modułu powodującego błąd: C:\WINDOWS\system32\KERNELBASE.dll
Identyfikator raportu: c73520cd-f8c5-4f12-90ed-5664dd2c19dd
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (06/04/2019 06:50:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikacja: SeriousBit.NetBalancer.Service.exe
Wersja architektury: v4.0.30319
Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
Informacje o wyjątku: System.ComponentModel.Win32Exception

Informacje o wyjątku: System.InvalidOperationException
w System.ServiceProcess.ServiceController.Stop()
w ‫‎‪‏‪‌‪‬‬‎‭‪‌‮‫‮+<>c.‪‬‫‮‭‪‌‮‌‫‫‎‫‌‬‍‌‍‫‏‫‮(System.Object)
w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
w System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
w System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (06/04/2019 04:34:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Nie powiodło się wykonanie procedury otwierania dla usługi „BITS” w bibliotece DLL „C:\Windows\System32\bitsperf.dll”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu.

Error: (06/01/2019 02:42:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "D:\Zainstalowane programy\Spybot - Search & Destroy 2\Tools.dll". Błąd w pliku manifestu lub w pliku zasad "D:\Zainstalowane programy\Spybot - Search & Destroy 2\Tools.dll" w wierszu 2.
Element główny pliku manifestu musi być zmontowany.

Error: (06/01/2019 02:42:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDWinLogon.dll". Błąd w pliku manifestu lub w pliku zasad "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDWinLogon.dll" w wierszu 2.
Element główny pliku manifestu musi być zmontowany.

Error: (06/01/2019 02:42:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDResources.dll". Błąd w pliku manifestu lub w pliku zasad "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDResources.dll" w wierszu 2.
Element główny pliku manifestu musi być zmontowany.

Error: (06/01/2019 02:42:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDEvents.dll". Błąd w pliku manifestu lub w pliku zasad "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDEvents.dll" w wierszu 2.
Element główny pliku manifestu musi być zmontowany.

Error: (06/01/2019 02:42:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "D:\Zainstalowane programy\Spybot - Search & Destroy 2\NotificationSpreader.dll". Błąd w pliku manifestu lub w pliku zasad "D:\Zainstalowane programy\Spybot - Search & Destroy 2\NotificationSpreader.dll" w wierszu 2.
Element główny pliku manifestu musi być zmontowany.


Dziennik System:
=============
Error: (06/04/2019 07:13:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Usługa Usługa magazynu zawiesiła się podczas uruchamiania.

Error: (06/04/2019 07:11:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Usługa Ochrona oprogramowania zawiesiła się podczas uruchamiania.

Error: (06/04/2019 07:07:34 PM) (Source: DCOM) (EventID: 10016) (User: PIOTR)
Description: Zgodnie z ustawieniami uprawnienia domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
i identyfikatorem aplikacji APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
użytkownikowi Piotr\Piotr o identyfikatorze zabezpieczeń SID (S-1-5-21-2520020342-3197839907-3958264092-1001) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (06/04/2019 07:07:34 PM) (Source: DCOM) (EventID: 10016) (User: PIOTR)
Description: Zgodnie z ustawieniami uprawnienia domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
i identyfikatorem aplikacji APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
użytkownikowi Piotr\Piotr o identyfikatorze zabezpieczeń SID (S-1-5-21-2520020342-3197839907-3958264092-1001) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (06/04/2019 07:07:34 PM) (Source: DCOM) (EventID: 10016) (User: PIOTR)
Description: Zgodnie z ustawieniami uprawnienia domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
i identyfikatorem aplikacji APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
użytkownikowi Piotr\Piotr o identyfikatorze zabezpieczeń SID (S-1-5-21-2520020342-3197839907-3958264092-1001) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (06/04/2019 07:07:34 PM) (Source: DCOM) (EventID: 10016) (User: PIOTR)
Description: Zgodnie z ustawieniami uprawnienia domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
i identyfikatorem aplikacji APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
użytkownikowi Piotr\Piotr o identyfikatorze zabezpieczeń SID (S-1-5-21-2520020342-3197839907-3958264092-1001) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (06/04/2019 07:07:34 PM) (Source: DCOM) (EventID: 10016) (User: PIOTR)
Description: Zgodnie z ustawieniami uprawnienia domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
i identyfikatorem aplikacji APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
użytkownikowi Piotr\Piotr o identyfikatorze zabezpieczeń SID (S-1-5-21-2520020342-3197839907-3958264092-1001) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (06/04/2019 07:07:34 PM) (Source: DCOM) (EventID: 10016) (User: PIOTR)
Description: Zgodnie z ustawieniami uprawnienia domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
i identyfikatorem aplikacji APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
użytkownikowi Piotr\Piotr o identyfikatorze zabezpieczeń SID (S-1-5-21-2520020342-3197839907-3958264092-1001) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.


Windows Defender:
===================================
Date: 2019-06-04 19:39:44.879
Description:
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
Nazwa: Trojan:Win32/Xadupi
Identyfikator: 2147709752
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: file:_C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip\libeay32.dll
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: FastPath
Źródło wykrycia: Ochrona w czasie rzeczywistym
Użytkownik: Piotr\Piotr
Nazwa procesu: C:\Users\Piotr\Downloads\esetonlinescanner_plk.exe
Wersja podpisu: AV: 1.293.2570.0, AS: 1.293.2570.0, NIS: 119.0.0.0
Wersja aparatu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-06-04 19:38:47.667
Description:
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
Nazwa: Trojan:Win32/Xadupi
Identyfikator: 2147709752
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: file:_C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\libeay32.dll
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: FastPath
Źródło wykrycia: System
Użytkownik: ZARZĄDZANIE NT\SYSTEM
Nazwa procesu: Unknown
Wersja podpisu: AV: 1.293.2570.0, AS: 1.293.2570.0, NIS: 119.0.0.0
Wersja aparatu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-06-04 17:47:45.419
Description:
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
Nazwa: Trojan:Win32/Xadupi
Identyfikator: 2147709752
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: file:_C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip\libcurl.dll
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: FastPath
Źródło wykrycia: Ochrona w czasie rzeczywistym
Użytkownik: Piotr\Piotr
Nazwa procesu: C:\Users\Piotr\Downloads\esetonlinescanner_plk.exe
Wersja podpisu: AV: 1.293.2570.0, AS: 1.293.2570.0, NIS: 119.0.0.0
Wersja aparatu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-06-04 17:47:44.511
Description:
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
Nazwa: Trojan:Win32/Xadupi
Identyfikator: 2147709752
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: file:_C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\libcurl.dll;regkey:_HKCR\.7z\\;regkey:_HKCR\.arj\\;regkey:_HKCR\.bz2\\;regkey:_HKCR\.bzip2\\;regkey:_HKCR\.cab\\;regkey:_HKCR\.cpio\\;regkey:_HKCR\.deb\\;regkey:_HKCR\.dmg\\;regkey:_HKCR\.fat\\;regkey:_HKCR\.gzip\\;regkey:_HKCR\.gz\\;regkey:_HKCR\.hfs\\;regkey:_HKCR\.iso\\;regkey:_HKCR\.lha\\;regkey:_HKCR\.lzh\\;regkey:_HKCR\.lzma\\;regkey:_HKCR\.ntfs\\;regkey:_HKCR\.rar\\;regkey:_HKCR\.squashfs\\;regkey:_HKCR\.swm\\;regkey:_HKCR\.tar\\;regkey:_HKCR\.taz\\;regkey:_HKCR\.tbz2\\;regkey:_HKCR\.tbz\\;regkey:_HKCR\.tgz\\;regkey:_HKCR\.tpz\\;regkey:_HKCR\.txz\\;regkey:_HKCR\.vhd\\;regkey:_HKCR\.wim\\;regkey:_HKCR\.xar\\;regkey:_HKCR\.xz\\;regkey:_HKCR\.zip\\;regkey:_HKCR\.z\\
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: FastPath
Źródło wykrycia: System
Użytkownik: ZARZĄDZANIE NT\SYSTEM
Nazwa procesu: Unknown
Wersja podpisu: AV: 1.293.2570.0, AS: 1.293.2570.0, NIS: 119.0.0.0
Wersja aparatu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-06-04 17:46:38.074
Description:
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
Nazwa: Trojan:Win32/Xadupi
Identyfikator: 2147709752
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: file:_C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\libcurl.dll
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: FastPath
Źródło wykrycia: System
Użytkownik: ZARZĄDZANIE NT\SYSTEM
Nazwa procesu: Unknown
Wersja podpisu: AV: 1.293.2570.0, AS: 1.293.2570.0, NIS: 119.0.0.0
Wersja aparatu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-06-03 16:28:02.582
Description:
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 119.0.0.0
Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
Typ podpisu: System inspekcji sieci
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\USŁUGA SIECIOWA
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 2.1.14600.4
Kod błędu: 0x80072ee7
Opis błędu: Nie można określić nazwy serwera lub adresu.

Date: 2019-06-03 16:28:02.578
Description:
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.293.2570.0
Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
Typ podpisu: Oprogramowanie antyszpiegowskie
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\USŁUGA SIECIOWA
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 1.1.15900.4
Kod błędu: 0x80072ee7
Opis błędu: Nie można określić nazwy serwera lub adresu.

Date: 2019-06-03 16:28:02.577
Description:
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.293.2570.0
Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\USŁUGA SIECIOWA
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 1.1.15900.4
Kod błędu: 0x80072ee7
Opis błędu: Nie można określić nazwy serwera lub adresu.

Date: 2019-06-03 16:28:02.556
Description:
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.293.2570.0
Źródło aktualizacji: Serwer usługi Microsoft Update
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\SYSTEM
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 1.1.15900.4
Kod błędu: 0x8024402c
Opis błędu: Podczas sprawdzania aktualizacji wystąpił nieoczekiwany problem. Aby uzyskać informacje na temat instalowania aktualizacji i rozwiązywania problemów z nimi, zobacz Pomoc i obsługę techniczną.

Date: 2019-05-30 17:46:57.611
Description:
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 119.0.0.0
Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
Typ podpisu: System inspekcji sieci
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\USŁUGA SIECIOWA
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 2.1.14600.4
Kod błędu: 0x80072ee7
Opis błędu: Nie można określić nazwy serwera lub adresu.

CodeIntegrity:
===================================

Date: 2019-06-04 18:58:52.330
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:52.297
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.752
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.722
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.673
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.625
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.551
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.521
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Statystyki pamięci ===========================

BIOS: Hewlett-Packard L74 Ver. 01.09 04/29/2014
Motherboard: Hewlett-Packard 1942
Procesor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Procent pamięci w użyciu: 71%
Całkowita pamięć fizyczna: 3977.11 MB
Dostępna pamięć fizyczna: 1118.28 MB
Całkowita pamięć wirtualna: 4681.11 MB
Dostępna pamięć wirtualna: 1239.78 MB

==================== Dyski ================================

Drive c: (Windows) (Fixed) (Total:99.54 GB) (Free:65.45 GB) NTFS
Drive d: (DATA) (Fixed) (Total:365.29 GB) (Free:126.28 GB) NTFS
Drive g: (D-Link Modem) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

\\?\Volume{ef5c2e2c-3c5e-453f-8637-235b1e977554}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0992951E)

Partition: GPT.

==================== Koniec Addition.txt ============================
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
Step 1:

Security Check Scan.



  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.


Step 2:


File Search.

Get the Everything Search Engine
Install Program, Right Click Run As Admin. Type omigazip into to search window.
Then Click Edit.
Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard. >>>>> Paste content of clipboard, here in your next reply.

Then search just omiga and post the results


Step 3:

Also, to give us the FRST logs in English please do the following.

I'd like to have these logs in English please.
Right Click on FRST64 and rename the FRST file to FRST64english.exe
Please then re-run the scan and post the FRST and Addition.txt logs.
Make sure and still run the program as Administrator.
 

undertaker

PCHF Member
PCHF Member
Jun 4, 2019
8
2
34
I start with Step 3 - log from FRST in English (thanks for a tip how to do it).

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2019 01
Ran by Piotr (administrator) on PIOTR (Hewlett-Packard HP ProBook 450 G1) (06-06-2019 18:00:08)
Running from C:\Users\Piotr\Desktop
Loaded Profiles: Piotr (Available Profiles: Piotr)
Platform: Windows 10 Home Version 1511 10586.545 (X64) Language: Polski (Polska)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Corporation -> Malwarebytes) D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\Piotr\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation -> Mozilla Corporation) D:\Zainstalowane programy\Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) D:\Zainstalowane programy\Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) D:\Zainstalowane programy\Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) D:\Zainstalowane programy\Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) D:\Zainstalowane programy\Firefox\firefox.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\60.0.3255.109\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\assistant\browser_assistant.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Validity Sensors, Inc -> Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-09-04] (IDT, Inc.) [File not signed]
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [2312792 2019-05-23] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Run: [OneDrive] => "C:\Users\Piotr\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Run: [BingSvc] => C:\Users\Piotr\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Run: [Spybot-S&D Cleaning] => D:\Zainstalowane programy\SpybotPortable\App\Spybot\SDCleaner.exe [4594552 2015-06-17] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Run: [NetBalancer] => D:\Zainstalowane programy\NetBalancer\SeriousBit.NetBalancer.Tray.exe
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\MountPoints2: {76fac55f-b3dc-11e5-825c-18cf5e306948} - "G:\.\StartModem.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-30] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2015-12-19]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D6725B9-7C81-4F8D-B1D1-E1F25EECFA2C} - System32\Tasks\Opera scheduled assistant Autoupdate 1547133333 => C:\Program Files (x86)\Opera\launcher.exe [1301592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [39936 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {3195B162-97E8-496F-A50C-D59A8E4DDE7F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {349B445C-8A98-4453-976C-178D2178CEB1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {3DFCDCE4-5E9C-4068-B98F-E5FE97CE5A8B} - no filepath
Task: {45561755-0BB2-49DF-9B3C-3F0CEB4AB61E} - System32\Tasks\Microsoft\Windows\WS\Badge Update => {00CCDDF6-5107-424D-853D-3907AE5502DC}
Task: {4F4D8284-0BC5-47EA-BEF6-3EED862284AC} - no filepath
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32768 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [39936 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {80E1C2ED-121D-4178-AACF-046B267A1B99} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-19] (Adobe Inc. -> Adobe)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {946CE320-2A0D-4801-8C1C-7C10DF127CDE} - no filepath
Task: {955E8D5B-0718-411A-9D8F-83454788272B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update => {A6BA00FE-40E8-477C-B713-C64A14F18ADB} C:\Windows\System32\wuautoappupdate.dll [33280 2016-03-29] (Microsoft Windows -> Microsoft Corporation)
Task: {95B15CEA-750C-4B5A-BCF4-75E1D5773782} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1175040 2015-11-19] () [File not signed]
Task: {9C6F5899-596E-4445-A142-A54D4DF969E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {9C8E21C9-6AB1-4D66-8DF5-73AF5359B24E} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses => {10F591BE-3C84-418A-86DD-BAA002E2F36E}
Task: {9D6CC196-F399-4000-8C8E-FA5E2706E2DB} - no filepath
Task: {A5D08D33-48AE-43FF-A0E3-4B703CD3E1A4} - no filepath
Task: {A7A9B815-C63E-4885-959B-CC536A7BDBEF} - no filepath
Task: {C7F9D6C6-5D79-4FBC-A1D4-D3F1E0EF655A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-02] (Google Inc -> Google Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D322A23A-C264-4E9A-B255-33782C43BE99} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Piotr\Downloads\adwcleaner_7.3.exe [7025360 2019-06-04] (Malwarebytes Corporation -> Malwarebytes)
Task: {E509FFD3-2D4D-4C32-8880-635891D9DF8A} - System32\Tasks\{B53817F9-E77C-4773-854F-276034D8F48B} => C:\WINDOWS\system32\pcalua.exe -a "D:\Zainstalowane programy\win64_154025.4464.exe" -d "D:\Zainstalowane programy"
Task: {EBC20FDA-2541-44E0-920C-99EE0C0E5BEC} - System32\Tasks\Opera scheduled Autoupdate 1449074856 => C:\Program Files (x86)\Opera\launcher.exe [1301592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {F86A569D-D143-4D49-B034-C8CC92D67F20} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {FACF3865-06FF-4C17-B2DF-B9A6A9268C55} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_pepper.exe [1452600 2019-04-19] (Adobe Inc. -> Adobe)
Task: {FC633E7A-B9D2-4983-BE93-425815F3AEDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-02] (Google Inc -> Google Inc.)
Task: {FDFF09EC-FD80-40C4-B9E6-D66D6EF26739} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-19] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{4e8d123d-f05a-48c1-8608-b67605f3653f}: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{8f94b0c0-4256-4ba2-8568-770a612bc4a2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9541afd2-cebb-4b84-9ade-58041b2790ed}: [NameServer] 194.239.134.83 193.162.153.164
Tcpip\..\Interfaces\{ad9a20d8-1a55-44f7-ac16-5097883e989c}: [NameServer] 194.239.134.83 193.162.153.164

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130947392450772176&GUID=488C669A-F441-4FEB-952A-F17C7E337534
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130947392451027811&GUID=488C669A-F441-4FEB-952A-F17C7E337534
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2520020342-3197839907-3958264092-1001 -> hxxp://www.google.com

FireFox:
========
FF DefaultProfile: kgtrohkh.default
FF ProfilePath: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\kgtrohkh.default [2019-06-06]
FF user.js: detected! => C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\kgtrohkh.default\user.js [2015-12-14]
FF Homepage: Mozilla\Firefox\Profiles\kgtrohkh.default -> hxxp://www.onet.pl/
FF NewTab: Mozilla\Firefox\Profiles\kgtrohkh.default -> hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ff_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_72704653_1201_1403_20160427_DK_ff_nt_
FF Extension: (English (US) Language Pack) - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\kgtrohkh.default\Extensions\[email protected] [2019-06-02]
FF Extension: (Video DownloadHelper) - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\kgtrohkh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-05-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-19] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-19] (Adobe Inc. -> )
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-30] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-30] (Google Inc -> Google LLC)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://onet.pl/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default [2019-06-05]
CHR Extension: (Prezentacje) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-07]
CHR Extension: (Dokumenty) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-07]
CHR Extension: (Dysk Google) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02]
CHR Extension: (Lærdansk EduLife) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbljgbbjangdpgenohkmonoclkhicjd [2016-02-07]
CHR Extension: (YouTube) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]
CHR Extension: (Google Search) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
CHR Extension: (Bing) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2019-06-05]
CHR Extension: (Arkusze) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-06-04]
CHR Extension: (Skype) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-01-07]
CHR Extension: (AppWriter Cloud) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lokadhdaghfjbmailhhenifjejpokche [2019-06-04]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (Gmail) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-04]
CHR Extension: (Chrome Media Router) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-04]
CHR HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://onet.pl/"
OPR Extension: (CyberGhost VPN - Free Proxy) - C:\Users\Piotr\AppData\Roaming\Opera Software\Opera Stable\Extensions\mapjiibffmopkdcncmaifgdjjiooifnn [2016-01-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-06-17] (Intel(R) pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [188472 2019-01-18] (SeriousBit Srl -> SeriousBit)
S4 SDScannerService; D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S4 SDUpdateService; D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S4 SDWSCService; D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339968 2013-09-04] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43320 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4320280 2015-09-21] (WDKTestCert qcaswbld,130129545209614653 -> Qualcomm Atheros Communications, Inc.)
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 bmfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [40448 2014-07-30] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 bmusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [239104 2014-07-30] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 bmusbwwan; C:\WINDOWS\System32\drivers\qcusbwwan.sys [478720 2014-07-30] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2019-06-04] (SurfRight B.V. -> )
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [30520 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr.sys [26504 2013-07-22] (Hewlett-Packard Company -> Hewlett-Packard Company)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-04] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R1 nbdrv; C:\WINDOWS\system32\DRIVERS\nbdrv.sys [42128 2016-01-15] (SeriousBit Srl -> SeriousBit)
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-04] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [760832 2016-03-09] (Sunplus Innovation Technology Inc. -> Sunplus)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-09-04] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.3.14\Definitions\SDSDefs\20170721.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.3.14\Definitions\SDSDefs\20170721.001\NAVEX15.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-06 18:02 - 2019-06-06 18:02 - 001604128 _____ () C:\Users\Piotr\Desktop\Everything-1.4.1.935.x64-Setup.exe
2019-06-06 18:00 - 2019-06-06 18:02 - 000032201 _____ C:\Users\Piotr\Desktop\FRST.txt
2019-06-06 18:00 - 2019-06-06 18:00 - 000528638 _____ (glax24 (safezone.cc)) C:\Users\Piotr\Desktop\SecurityCheck.exe
2019-06-06 18:00 - 2019-06-06 18:00 - 000000000 ____D C:\Users\Piotr\Desktop\FRST-OlderVersion
2019-06-04 20:54 - 2019-06-06 18:00 - 000000000 ____D C:\FRST
2019-06-04 20:47 - 2019-06-06 18:00 - 002417664 _____ (Farbar) C:\Users\Piotr\Desktop\FRST64english.exe
2019-06-04 20:29 - 2019-06-04 20:35 - 151549096 _____ (Microsoft Corporation) C:\Users\Piotr\Downloads\msert.exe
2019-06-04 19:05 - 2019-06-04 19:05 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-04 19:03 - 2019-06-04 19:03 - 000003244 _____ C:\WINDOWS\system32\.crusader
2019-06-04 18:59 - 2019-06-04 19:05 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2019-06-04 18:40 - 2019-06-04 18:40 - 000003172 _____ C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot
2019-06-04 18:15 - 2019-06-04 19:03 - 000000000 ____D C:\ProgramData\HitmanPro
2019-06-04 18:15 - 2019-06-04 18:15 - 000000000 ____D C:\Program Files\HitmanPro
2019-06-04 18:14 - 2019-06-04 18:15 - 011535320 _____ (SurfRight B.V.) C:\Users\Piotr\Downloads\HitmanPro_x64.exe
2019-06-04 18:10 - 2019-06-04 18:40 - 000000000 ____D C:\AdwCleaner
2019-06-04 18:09 - 2019-06-04 18:10 - 007025360 _____ (Malwarebytes) C:\Users\Piotr\Downloads\adwcleaner_7.3.exe
2019-06-04 17:14 - 2019-06-04 19:06 - 000000713 _____ C:\Users\Piotr\Desktop\ESET Online Scanner.lnk
2019-06-04 17:14 - 2019-06-04 17:14 - 007990296 _____ (ESET spol. s r.o.) C:\Users\Piotr\Downloads\esetonlinescanner_plk.exe
2019-06-04 17:14 - 2019-06-04 17:14 - 000000812 _____ C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-05-30 20:11 - 2019-06-06 17:22 - 000000151 _____ C:\Users\Piotr\Desktop\h.txt
2019-05-30 18:32 - 2019-06-03 21:02 - 000000329 _____ C:\Users\Piotr\Desktop\oslony iphone.txt

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-06 17:56 - 2016-11-24 20:37 - 000000000 ____D C:\Users\Piotr\AppData\LocalLow\Mozilla
2019-06-06 16:58 - 2015-12-01 20:29 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-06-06 16:58 - 2015-12-01 20:29 - 000000000 __SHD C:\Users\Piotr\IntelGraphicsProfiles
2019-06-05 20:30 - 2016-03-19 12:16 - 000000000 ____D C:\Users\Piotr\AppData\Roaming\AIMP
2019-06-05 20:30 - 2015-12-19 11:52 - 000000000 ____D C:\Users\Piotr\AppData\Local\Citrix
2019-06-05 07:08 - 2015-12-01 19:57 - 001845594 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-05 07:08 - 2015-10-30 21:19 - 000818302 _____ C:\WINDOWS\system32\perfh015.dat
2019-06-05 07:08 - 2015-10-30 21:19 - 000157970 _____ C:\WINDOWS\system32\perfc015.dat
2019-06-05 07:08 - 2015-10-30 09:21 - 000000000 ____D C:\WINDOWS\INF
2019-06-04 19:06 - 2016-01-11 21:47 - 000414208 ___SH C:\Users\Piotr\Desktop\Thumbs.db
2019-06-04 19:05 - 2015-12-01 19:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-04 19:04 - 2015-10-30 08:28 - 001048576 ___SH C:\WINDOWS\system32\config\BBI
2019-06-03 17:53 - 2015-12-02 18:44 - 000000000 ____D C:\Program Files (x86)\Opera
2019-06-03 16:41 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-06-01 17:46 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-01 14:06 - 2018-06-11 18:44 - 000001390 _____ C:\Users\Public\Desktop\Skype.lnk
2019-06-01 14:06 - 2018-01-08 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-05-31 16:23 - 2017-10-08 09:49 - 000000000 ____D C:\Users\Piotr\AppData\Local\CrashDumps
2019-05-31 16:12 - 2015-12-01 06:55 - 000000000 ____D C:\Users\Piotr\AppData\Local\Packages
2019-05-31 16:12 - 2015-10-30 09:24 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-30 18:16 - 2016-02-02 21:56 - 000002314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-30 18:16 - 2016-02-02 21:56 - 000002273 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-30 17:59 - 2016-02-02 21:55 - 000003568 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-30 17:59 - 2016-02-02 21:55 - 000003444 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-30 17:58 - 2018-10-06 10:01 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-30 17:53 - 2015-12-02 18:47 - 000003992 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1449074856
2019-05-30 17:51 - 2019-01-10 17:15 - 000004174 _____ C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1547133333

==================== Files in the root of some directories =======

2016-11-02 18:11 - 2016-08-29 17:32 - 000000218 _____ () C:\Users\Piotr\AppData\Local\recently-used.xbel
2016-06-27 17:13 - 2016-06-27 17:17 - 000007598 _____ () C:\Users\Piotr\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2016-09-10 17:18
==================== End of FRST.txt ============================

ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2019 01
Ran by Piotr (06-06-2019 18:02:44)
Running from C:\Users\Piotr\Desktop
Windows 10 Home Version 1511 10586.545 (X64) (2015-12-01 18:00:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2520020342-3197839907-3958264092-500 - Administrator - Disabled)
Gość (S-1-5-21-2520020342-3197839907-3958264092-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2520020342-3197839907-3958264092-1005 - Limited - Enabled)
Konto domyślne (S-1-5-21-2520020342-3197839907-3958264092-503 - Limited - Disabled)
Piotr (S-1-5-21-2520020342-3197839907-3958264092-1001 - Administrator - Enabled) => C:\Users\Piotr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
AIMP (HKLM-x32\...\AIMP) (Version: v4.13.1895, 07.05.2017 - AIMP DevTeam)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.0.8014 - Citrix Systems, Inc.)
D-Link Connection Manager v2.0.1EU (HKLM-x32\...\Broad Mobi HSPA Modem Normal Version_is1) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Freelang (HKLM-x32\...\{0F44DC3F-6E62-4AB1-A14B-56223C512F9B}_is1) (Version: 4.3.0.0 - Freelang.net)
Freelang (HKLM-x32\...\{A09E2D66-B931-415C-A9DE-FF030AB5AD77}_is1) (Version: - Freelang)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{A3876D50-4A88-4A34-92E1-5D7BC8F886E1}) (Version: 1.0.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6492.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Kadu 4.3 (HKLM-x32\...\Kadu) (Version: 4.3 - Kadu Team)
K-Lite Codec Pack 11.7.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.0 - )
Malwarebytes (wersja 3.7.1.2839) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x64 pl) (HKLM\...\Mozilla Firefox 42.0 (x64 pl)) (Version: 42.0 - Mozilla)
Mozilla Firefox 67.0.1 (x64 pl) (HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Mozilla Firefox 67.0.1 (x64 pl)) (Version: 67.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
NetBalancer (HKLM\...\NetBalancer_is1) (Version: - SeriousBit)
Online Plug-in (HKLM-x32\...\{3D6AA3F8-2977-474E-95EB-4058983C4C0F}) (Version: 14.4.0.8014 - Citrix Systems, Inc.) Hidden
Opera Stable 60.0.3255.109 (HKLM-x32\...\Opera 60.0.3255.109) (Version: 60.0.3255.109 - Opera Software)
Ordbogsprogrammet (HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\Ordbogsprogrammet) (Version: 3.1.3 - Ordbogen A/S)
Pakiet sterowników systemu Windows - Intel (NETwNb64) net (09/19/2013 16.5.3.6) (HKLM\...\C105B46C12BF5C68D54DDAA3E4B52509BB082E02) (Version: 09/19/2013 16.5.3.6 - Intel)
Pakiet sterowników systemu Windows - Intel (NETwNe64) net (08/22/2013 15.10.3.2) (HKLM\...\B31B3E354D2F4C3E85B5677527B78DD45B4FF8C2) (Version: 08/22/2013 15.10.3.2 - Intel)
Pakiet sterowników systemu Windows - Intel (NETwNs64) net (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Pakiet sterowników systemu Windows - Intel (NETwNs64) net (08/22/2013 15.9.1.2) (HKLM\...\4366DCA050B272626F1B40732D28F9E6A4562ECD) (Version: 08/22/2013 15.9.1.2 - Intel)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.10667 - Kakao Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Self-service Plug-in (HKLM-x32\...\{1E9FB772-15A9-4077-934C-11C927919D7D}) (Version: 4.4.0.11833 - Citrix Systems, Inc.) Hidden
Skype (wersja 8.46) (HKLM-x32\...\Skype_is1) (Version: 8.46 - Skype Technologies S.A.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{F5850B80-27F9-406E-91D3-1329F813BA63}) (Version: 4.5.130.0 - Validity Sensors, Inc.)
WhatsApp (HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\WhatsApp) (Version: 0.3.1847 - WhatsApp)

Packages:
=========
6,000 Words - Learn Danish for Free with FunEasyLearn -> C:\Program Files\WindowsApps\7834FunEasyLearn.LearnDanish6000Words_1.7.0.0_x64__7gx4vzs52w5bw [2018-12-31] (Fun Easy Learn) [MS Ad]
DevicesFlow -> C:\Windows\DevicesFlow [2016-07-21] (Microsoft Corporation)
Dostawca tożsamości Xbox -> C:\Windows\SystemApps\Microsoft.XboxIdentityProvider_cw5n1h2txyewy [2015-12-01] (Microsoft Corporation)
Duńsko-Polski słownik -> C:\Program Files\WindowsApps\10668Dict.land.DanishPolishdictionary_1.5.1.0_x64__pht0r4cb04wa0 [2018-05-05] (Dict.land) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-12-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-12-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.6.12153.0_x64__8wekyb3d8bbwe [2015-12-19] (Microsoft Studios) [MS Ad]
MSN Finanse -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.7.118.0_x86__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation) [MS Ad]
MSN Kuchnia -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation) [MS Ad]
MSN Podróże -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation) [MS Ad]
MSN Pogoda -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.7.118.0_x86__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.7.130.0_x86__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation) [MS Ad]
MSN Wiadomości -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.7.118.0_x86__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation) [MS Ad]
MSN Zdrowie i fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-04-29] (Netflix, Inc.)
Opinie o systemie Windows -> C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy [2015-12-01] (Microsoft Corporation)
Pomocnik telefonu Microsoft -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1511.18010.0_x64__8wekyb3d8bbwe [2015-12-02] (Microsoft Corporation)
Purchase Dialog -> C:\Windows\PurchaseDialog [2016-10-23] (Microsoft Corporation)
Telefon Microsoft -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_2.12.2002.0_x64__8wekyb3d8bbwe [2015-12-14] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_4.3.3.0_x86__wgeqdkkx372wm [2015-12-19] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => D:\Zainstalowane programy\AIMP3\System\aimp_menu64.dll [2017-06-04] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => D:\Zainstalowane programy\AIMP3\System\aimp_menu64.dll [2017-06-04] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Piotr\Desktop\DLink Modem.lnk -> C:\Users\Piotr\Desktop\odpalanie modemu.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-11-18 19:09 - 2015-11-18 19:09 - 002293760 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Citrix\AuthManager\xerces-c_3_1.dll
2015-12-09 12:45 - 2015-12-09 12:45 - 002293760 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Citrix\ICA Client\Receiver\xerces-c_3_1.dll
2013-01-23 22:42 - 2013-01-23 22:42 - 001006424 _____ (Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
2013-01-23 22:43 - 2013-01-23 22:43 - 002452824 _____ (Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll
2014-01-15 14:26 - 2013-09-04 22:08 - 000339968 _____ (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\STacSV64.exe
2014-01-15 14:26 - 2013-09-04 22:08 - 001703424 _____ (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
2016-03-18 22:27 - 2015-12-31 16:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2013-08-27 15:32 - 2013-08-27 15:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2013-09-25 03:29 - 2013-09-25 03:29 - 000312448 _____ (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


2016-01-09 12:03 - 2018-08-01 16:54 - 000000505 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

8.137.239 Windows-Phone.mshome.net # 2016 6 0 12 8 4 6 113
560

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Piotr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.137.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B28D8A35-86CD-45A6-BFD8-99EBE0D8655A}] => (Allow) D:\Zainstalowane programy\Office\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A919A7B-046A-42D2-965F-5BA2A613F6AD}] => (Allow) D:\Zainstalowane programy\Office\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E84CDFDC-C60E-470E-835E-A9E67A579886}] => (Allow) D:\Zainstalowane programy\Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4B12142F-10A7-4889-90A7-2F67DEA2014A}] => (Allow) D:\Zainstalowane programy\Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{CD0F93E8-7D70-41A8-9B3D-75B916C7264A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{0DEE8D87-9B66-4774-8FB7-5A788813FC7D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{30B78807-6820-42C0-96B3-2DB34E3B7032}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{6A423150-08A4-4113-BA5E-E3716D27221E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B06FE77B-9604-4918-993E-5CF3C4F43B2E}] => (Allow) C:\Program Files (x86)\Opera\58.0.3135.132\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{AAD75254-2071-4EE3-90E7-CE3718052F68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B98448A8-605E-444D-9142-A83C99E87B69}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C318CE67-FAE5-46B9-9D8E-6C9498A09E0E}] => (Allow) C:\Program Files (x86)\Opera\60.0.3255.109\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{966EDA56-C83A-4802-865C-1B19A2F3E102}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{0701C9B3-54EF-4AD7-A1F1-735CBE8C1506}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4CC6A5B7-506C-46EA-859F-1CCE0E1DDE99}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
StandardProfile\AuthorizedApplications: [D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2019 06:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: SeriousBit.NetBalancer.Service.exe, wersja: 9.12.8.0, sygnatura czasowa: 0x5c418ede
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 10.0.10586.494, sygnatura czasowa: 0x5775e4c5
Kod wyjątku: 0xe0434352
Przesunięcie błędu: 0x0000000000071f28
Identyfikator procesu powodującego błąd: 0x216c
Godzina uruchomienia aplikacji powodującej błąd: 0x01d51af57c58dd10
Ścieżka aplikacji powodującej błąd: C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
Ścieżka modułu powodującego błąd: C:\WINDOWS\system32\KERNELBASE.dll
Identyfikator raportu: c73520cd-f8c5-4f12-90ed-5664dd2c19dd
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (06/04/2019 06:50:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikacja: SeriousBit.NetBalancer.Service.exe
Wersja architektury: v4.0.30319
Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
Informacje o wyjątku: System.ComponentModel.Win32Exception

Informacje o wyjątku: System.InvalidOperationException
w System.ServiceProcess.ServiceController.Stop()
w ‫‎‪‏‪‌‪‬‬‎‭‪‌‮‫‮+<>c.‪‬‫‮‭‪‌‮‌‫‫‎‫‌‬‍‌‍‫‏‫‮(System.Object)
w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
w System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
w System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (06/04/2019 04:34:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Nie powiodło się wykonanie procedury otwierania dla usługi „BITS” w bibliotece DLL „C:\Windows\System32\bitsperf.dll”. Dane wydajności dla tej usługi nie będą dostępne. Pierwsze cztery bajty (DWORD) sekcji danych Data zawierają kod błędu.

Error: (06/01/2019 02:42:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "D:\Zainstalowane programy\Spybot - Search & Destroy 2\Tools.dll". Błąd w pliku manifestu lub w pliku zasad "D:\Zainstalowane programy\Spybot - Search & Destroy 2\Tools.dll" w wierszu 2.
Element główny pliku manifestu musi być zmontowany.

Error: (06/01/2019 02:42:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDWinLogon.dll". Błąd w pliku manifestu lub w pliku zasad "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDWinLogon.dll" w wierszu 2.
Element główny pliku manifestu musi być zmontowany.

Error: (06/01/2019 02:42:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDResources.dll". Błąd w pliku manifestu lub w pliku zasad "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDResources.dll" w wierszu 2.
Element główny pliku manifestu musi być zmontowany.

Error: (06/01/2019 02:42:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDEvents.dll". Błąd w pliku manifestu lub w pliku zasad "D:\Zainstalowane programy\Spybot - Search & Destroy 2\SDEvents.dll" w wierszu 2.
Element główny pliku manifestu musi być zmontowany.

Error: (06/01/2019 02:42:45 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "D:\Zainstalowane programy\Spybot - Search & Destroy 2\NotificationSpreader.dll". Błąd w pliku manifestu lub w pliku zasad "D:\Zainstalowane programy\Spybot - Search & Destroy 2\NotificationSpreader.dll" w wierszu 2.
Element główny pliku manifestu musi być zmontowany.


System errors:
=============
Error: (06/06/2019 05:01:04 PM) (Source: DCOM) (EventID: 10016) (User: PIOTR)
Description: Zgodnie z ustawieniami uprawnienia domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
i identyfikatorem aplikacji APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
użytkownikowi Piotr\Piotr o identyfikatorze zabezpieczeń SID (S-1-5-21-2520020342-3197839907-3958264092-1001) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Microsoft.WindowsStore_2015.25.5.0_x64__8wekyb3d8bbwe (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (06/06/2019 04:23:27 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: ZARZĄDZANIE NT)
Description: Sprawdzanie zaszyfrowanego woluminu: nie można odczytać informacji o woluminie F:.

Error: (06/06/2019 04:23:27 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: ZARZĄDZANIE NT)
Description: Sprawdzanie zaszyfrowanego woluminu: nie można odczytać informacji o woluminie F:.

Error: (06/06/2019 04:23:26 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ZARZĄDZANIE NT)
Description: Miniport: D-Link HS-USB WWAN Adapter #2, {9541AFD2-CEBB-4B84-9ADE-58041B2790ED}, zdarzenie: 74

Error: (06/05/2019 08:31:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Dostęp do danych użytkownika_1f12c24 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (06/05/2019 08:31:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Magazyn danych użytkownika_1f12c24 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (06/05/2019 08:31:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Dane kontaktowe_1f12c24 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (06/05/2019 08:31:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Synchronizuj hosta_1f12c24 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.


Windows Defender:
===================================
Date: 2019-06-04 19:39:44.879
Description:
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
Nazwa: Trojan:Win32/Xadupi
Identyfikator: 2147709752
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: file:_C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip\libeay32.dll
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: FastPath
Źródło wykrycia: Ochrona w czasie rzeczywistym
Użytkownik: Piotr\Piotr
Nazwa procesu: C:\Users\Piotr\Downloads\esetonlinescanner_plk.exe
Wersja podpisu: AV: 1.293.2570.0, AS: 1.293.2570.0, NIS: 119.0.0.0
Wersja aparatu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-06-04 19:38:47.667
Description:
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
Nazwa: Trojan:Win32/Xadupi
Identyfikator: 2147709752
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: file:_C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\libeay32.dll
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: FastPath
Źródło wykrycia: System
Użytkownik: ZARZĄDZANIE NT\SYSTEM
Nazwa procesu: Unknown
Wersja podpisu: AV: 1.293.2570.0, AS: 1.293.2570.0, NIS: 119.0.0.0
Wersja aparatu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-06-04 17:47:45.419
Description:
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
Nazwa: Trojan:Win32/Xadupi
Identyfikator: 2147709752
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: file:_C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip\libcurl.dll
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: FastPath
Źródło wykrycia: Ochrona w czasie rzeczywistym
Użytkownik: Piotr\Piotr
Nazwa procesu: C:\Users\Piotr\Downloads\esetonlinescanner_plk.exe
Wersja podpisu: AV: 1.293.2570.0, AS: 1.293.2570.0, NIS: 119.0.0.0
Wersja aparatu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-06-04 17:47:44.511
Description:
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
Nazwa: Trojan:Win32/Xadupi
Identyfikator: 2147709752
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: file:_C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\libcurl.dll;regkey:_HKCR\.7z\\;regkey:_HKCR\.arj\\;regkey:_HKCR\.bz2\\;regkey:_HKCR\.bzip2\\;regkey:_HKCR\.cab\\;regkey:_HKCR\.cpio\\;regkey:_HKCR\.deb\\;regkey:_HKCR\.dmg\\;regkey:_HKCR\.fat\\;regkey:_HKCR\.gzip\\;regkey:_HKCR\.gz\\;regkey:_HKCR\.hfs\\;regkey:_HKCR\.iso\\;regkey:_HKCR\.lha\\;regkey:_HKCR\.lzh\\;regkey:_HKCR\.lzma\\;regkey:_HKCR\.ntfs\\;regkey:_HKCR\.rar\\;regkey:_HKCR\.squashfs\\;regkey:_HKCR\.swm\\;regkey:_HKCR\.tar\\;regkey:_HKCR\.taz\\;regkey:_HKCR\.tbz2\\;regkey:_HKCR\.tbz\\;regkey:_HKCR\.tgz\\;regkey:_HKCR\.tpz\\;regkey:_HKCR\.txz\\;regkey:_HKCR\.vhd\\;regkey:_HKCR\.wim\\;regkey:_HKCR\.xar\\;regkey:_HKCR\.xz\\;regkey:_HKCR\.zip\\;regkey:_HKCR\.z\\
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: FastPath
Źródło wykrycia: System
Użytkownik: ZARZĄDZANIE NT\SYSTEM
Nazwa procesu: Unknown
Wersja podpisu: AV: 1.293.2570.0, AS: 1.293.2570.0, NIS: 119.0.0.0
Wersja aparatu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-06-04 17:46:38.074
Description:
Produkt Windows Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie.
Aby uzyskać więcej informacji, zobacz:
Nazwa: Trojan:Win32/Xadupi
Identyfikator: 2147709752
Ważność: Poważny
Kategoria: Koń trojański
Ścieżka: file:_C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\libcurl.dll
Pochodzenie wykrycia: Komputer lokalny
Typ wykrycia: FastPath
Źródło wykrycia: System
Użytkownik: ZARZĄDZANIE NT\SYSTEM
Nazwa procesu: Unknown
Wersja podpisu: AV: 1.293.2570.0, AS: 1.293.2570.0, NIS: 119.0.0.0
Wersja aparatu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-06-06 16:33:29.327
Description:
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 119.0.0.0
Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
Typ podpisu: System inspekcji sieci
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\USŁUGA SIECIOWA
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 2.1.14600.4
Kod błędu: 0x80072ee7
Opis błędu: Nie można określić nazwy serwera lub adresu.

Date: 2019-06-06 16:33:29.315
Description:
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.295.49.0
Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
Typ podpisu: Oprogramowanie antyszpiegowskie
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\USŁUGA SIECIOWA
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 1.1.16000.6
Kod błędu: 0x80072ee7
Opis błędu: Nie można określić nazwy serwera lub adresu.

Date: 2019-06-06 16:33:29.314
Description:
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.295.49.0
Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\USŁUGA SIECIOWA
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 1.1.16000.6
Kod błędu: 0x80072ee7
Opis błędu: Nie można określić nazwy serwera lub adresu.

Date: 2019-06-06 16:33:29.241
Description:
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 1.295.49.0
Źródło aktualizacji: Serwer usługi Microsoft Update
Typ podpisu: Oprogramowanie antywirusowe
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\SYSTEM
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 1.1.16000.6
Kod błędu: 0x80240438
Opis błędu: Podczas sprawdzania aktualizacji wystąpił nieoczekiwany problem. Aby uzyskać informacje na temat instalowania aktualizacji i rozwiązywania problemów z nimi, zobacz Pomoc i obsługę techniczną.

Date: 2019-06-03 16:28:02.582
Description:
Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów.
Nowa wersja podpisu:
Poprzednia wersja podpisu: 119.0.0.0
Źródło aktualizacji: Centrum firmy Microsoft ds. ochrony przed złośliwym oprogramowaniem
Typ podpisu: System inspekcji sieci
Typ aktualizacji: Pełne
Użytkownik: ZARZĄDZANIE NT\USŁUGA SIECIOWA
Bieżąca wersja aparatu:
Poprzednia wersja aparatu: 2.1.14600.4
Kod błędu: 0x80072ee7
Opis błędu: Nie można określić nazwy serwera lub adresu.

CodeIntegrity:
===================================

Date: 2019-06-04 18:58:52.330
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:52.297
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.752
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.722
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.673
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.625
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.551
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-04 18:58:51.521
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Hewlett-Packard L74 Ver. 01.09 04/29/2014
Motherboard: Hewlett-Packard 1942
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 56%
Total physical RAM: 3977.11 MB
Available physical RAM: 1722.26 MB
Total Virtual: 5659.81 MB
Available Virtual: 2749.66 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:99.54 GB) (Free:64.42 GB) NTFS
Drive d: (DATA) (Fixed) (Total:365.29 GB) (Free:126.28 GB) NTFS
Drive g: (D-Link Modem) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

\\?\Volume{ef5c2e2c-3c5e-453f-8637-235b1e977554}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0992951E)

Partition: GPT.

==================== End of Addition.txt ============================
 

undertaker

PCHF Member
PCHF Member
Jun 4, 2019
8
2
34
Log from Security check

SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 06.06.2019 18:08:55
Path starting: C:\Users\Piotr\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Piotr
VersionXML: 6.50is-05.06.2019
___________________________________________________________________________

Windows 10(6.3.10586) (x64) Core Release: 1511 Lang: Polish(0415)
Installation date OS: 01.12.2015 18:00:15
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: Microsoft Edge (C:\WINDOWS\system32\LaunchWinApp.exe)
SystemDrive: C: FS: [NTFS] Capacity: [99.5 Gb] Used: [35.1 Gb] Free: [64.4 Gb]
------------------------------- [ Windows ] -------------------------------
Extended support has ended Warning! Download Update
Internet Explorer 11.545.10586.0 Warning! Download Update
User Account Control enabled (Level 3)
Automatically download and schedule installation
Centrum zabezpieczeń (wscsvc) - The service is running
Rejestr zdalny (RemoteRegistry) - The service has stopped
Odnajdywanie SSDP (SSDPSRV) - The service is running
Usługi pulpitu zdalnego (TermService) - The service has stopped
Zdalne zarządzanie systemem Windows (WS-Management) (WinRM) - The service has stopped
System Restore Disable
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6612.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Zapora systemu Windows (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Spybot - Search and Destroy (disabled and up to date)
Windows Defender (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes (wersja 3.7.1.2839) v.3.7.1.2839
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
Spybot - Search & Destroy v.2.7.64.0
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.50428.0 Warning! Download Update
Microsoft Office Home and Student 2007 v.12.0.6612.1000 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice
K-Lite Codec Pack 11.7.0 Full v.11.7.0 Warning! Download Update
Microsoft Office 2007 Service Pack 3 (SP3) Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice
-------------------------------- [ Arch ] ---------------------------------
7-Zip 15.14 (x64) v.15.14 Warning! Download Update
Uninstall old version and install new one.
--------------------------------- [ IM ] ----------------------------------
WhatsApp v.0.3.1847
Skype (wersja 8.46) v.8.46
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 211 v.8.0.2110.12
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 32 NPAPI v.32.0.0.171 Warning! Download Update
Adobe Flash Player 32 PPAPI v.32.0.0.171 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 42.0 (x64 pl) v.42.0 Warning! Download Update
Mozilla Firefox 67.0.1 (x64 pl) v.67.0.1
Google Chrome v.74.0.3729.169 Warning! Download Update
Opera Stable 60.0.3255.109 v.60.0.3255.109 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\mbamtray.exe v.3.1.0.1807
Malwarebytes Service (MBAMService) - The service is running
D:\Zainstalowane programy\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe v.3.2.0.765
Spybot-S&D 2 Scanner Service (SDScannerService) - The service has stopped
Spybot-S&D 2 Security Center Service (SDWSCService) - The service has stopped
Spybot-S&D 2 Updating Service (SDUpdateService) - The service has stopped
C:\Program Files\Windows Defender\MsMpEng.exe v.4.9.10586.494
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.9.10586.494
C:\Program Files\Windows Defender\NisSrv.exe v.4.9.10586.0
Usługa Windows Defender (WinDefend) - The service is running
Usługa inspekcji sieci Windows Defender (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------
 

undertaker

PCHF Member
PCHF Member
Jun 4, 2019
8
2
34
Everything search engine

Omigazip
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\eInstall\Install\OmigaZip.inst
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\uninstaller\OmigaZip.inst
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\eInstall\Install\OmigaZip.inst
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip\uninstaller\OmigaZip.inst
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\eInstall\layout\default\OmigaZipInstall.xml
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\layout\default\OmigaZipInstall.xml
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\eInstall\layout\default\OmigaZipInstall.xml
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip\layout\default\OmigaZipInstall.xml
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\eInstall\layout\default\uninstOmigaZip.xml
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\layout\default\uninstOmigaZip.xml
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\eInstall\layout\default\uninstOmigaZip.xml
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip\layout\default\uninstOmigaZip.xml

Omiga
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\eInstall\Install\OmigaZip.inst
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\uninstaller\OmigaZip.inst
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\eInstall\Install\OmigaZip.inst
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip\uninstaller\OmigaZip.inst
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\eInstall\layout\default\OmigaZipInstall.xml
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\layout\default\OmigaZipInstall.xml
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\eInstall\layout\default\OmigaZipInstall.xml
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip\layout\default\OmigaZipInstall.xml
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\eInstall\layout\default\uninstOmigaZip.xml
C:\Users\Piotr\AppData\Local\Temp\istBFA0.tmp\omigazip\layout\default\uninstOmigaZip.xml
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\eInstall\layout\default\uninstOmigaZip.xml
C:\Users\Piotr\AppData\Local\Temp\~eqtmp252562\omigazip\layout\default\uninstOmigaZip.xml
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
Uninstall the program below.

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Please let me know if the issue is still there in your next reply.
 

Attachments

undertaker

PCHF Member
PCHF Member
Jun 4, 2019
8
2
34
Thanks :)
Log below:

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-06-2019
Ran by Piotr (07-06-2019 16:19:15) Run:1
Running from C:\Users\Piotr\Desktop
Loaded Profiles: Piotr (Available Profiles: Piotr)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {3DFCDCE4-5E9C-4068-B98F-E5FE97CE5A8B} - no filepath
Task: {4F4D8284-0BC5-47EA-BEF6-3EED862284AC} - no filepath
Task: {946CE320-2A0D-4801-8C1C-7C10DF127CDE} - no filepath
Task: {9D6CC196-F399-4000-8C8E-FA5E2706E2DB} - no filepath
Task: {A5D08D33-48AE-43FF-A0E3-4B703CD3E1A4} - no filepath
Task: {A7A9B815-C63E-4885-959B-CC536A7BDBEF} - no filepath
Tcpip\Parameters: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{4e8d123d-f05a-48c1-8608-b67605f3653f}: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{8f94b0c0-4256-4ba2-8568-770a612bc4a2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9541afd2-cebb-4b84-9ade-58041b2790ed}: [NameServer] 194.239.134.83 193.162.153.164
Tcpip\..\Interfaces\{ad9a20d8-1a55-44f7-ac16-5097883e989c}: [NameServer] 194.239.134.83 193.162.153.164
FF user.js: detected! => C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\kgtrohkh.default\user.js [2015-12-14]
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.3.14\Definitions\SDSDefs\20170721.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.3.14\Definitions\SDSDefs\20170721.001\NAVEX15.SYS [X]
2019-06-04 17:14 - 2019-06-04 19:06 - 000000713 _____ C:\Users\Piotr\Desktop\ESET Online Scanner.lnk
2019-06-04 17:14 - 2019-06-04 17:14 - 007990296 _____ (ESET spol. s r.o.) C:\Users\Piotr\Downloads\esetonlinescanner_plk.exe
2019-06-04 17:14 - 2019-06-04 17:14 - 000000812 _____ C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
reboot:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3DFCDCE4-5E9C-4068-B98F-E5FE97CE5A8B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DFCDCE4-5E9C-4068-B98F-E5FE97CE5A8B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F4D8284-0BC5-47EA-BEF6-3EED862284AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F4D8284-0BC5-47EA-BEF6-3EED862284AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{946CE320-2A0D-4801-8C1C-7C10DF127CDE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{946CE320-2A0D-4801-8C1C-7C10DF127CDE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D6CC196-F399-4000-8C8E-FA5E2706E2DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D6CC196-F399-4000-8C8E-FA5E2706E2DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5D08D33-48AE-43FF-A0E3-4B703CD3E1A4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5D08D33-48AE-43FF-A0E3-4B703CD3E1A4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A7A9B815-C63E-4885-959B-CC536A7BDBEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7A9B815-C63E-4885-959B-CC536A7BDBEF}" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => not found
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4e8d123d-f05a-48c1-8608-b67605f3653f}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8f94b0c0-4256-4ba2-8568-770a612bc4a2}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9541afd2-cebb-4b84-9ade-58041b2790ed}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ad9a20d8-1a55-44f7-ac16-5097883e989c}\\NameServer" => removed successfully
C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\kgtrohkh.default\user.js => moved successfully
HKLM\System\CurrentControlSet\Services\NAVENG => removed successfully
NAVENG => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVEX15 => removed successfully
NAVEX15 => service removed successfully
C:\Users\Piotr\Desktop\ESET Online Scanner.lnk => moved successfully
C:\Users\Piotr\Downloads\esetonlinescanner_plk.exe => moved successfully
C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

Ok.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2520020342-3197839907-3958264092-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Odmowa dost©pu.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on PoĄczenie lokalne* 1 while it has its media disconnected.
No operation can be performed on PoĄczenie lokalne* 2 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on PoĄczenie lokalne* 1 while it has its media disconnected.
No operation can be performed on PoĄczenie lokalne* 2 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting , failed.
Odmowa dost©pu.

There's no user specified settings to be reset.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Odmowa dost©pu.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 158625 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20086967 B
Java, Flash, Steam htmlcache => 2362 B
Windows/system/drivers => 458386797 B
Edge => 69534711 B
Chrome => 363146389 B
Firefox => 1107485482 B
Opera => 42975048 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 918 B
LocalService => 8131 B
NetworkService => -656 B
Piotr => 1868895481 B

RecycleBin => 684857735 B
EmptyTemp: => 4.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:26:14 ====
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
Make sure and update the programs as suggested in the Security check log. You can do this easily with PatchMyPC

Also, lets clean up the tools we used here.

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
I'll mark this one as solved but will leave it open for a couple days incase the issue arises again.
 
  • Like
Reactions: jmarket
Status
Not open for further replies.