Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 14.03.2018 Uruchomiony przez Łukasz (administrator) ŁUKASZ-KOMPUTER (28-03-2018 14:15:30) Uruchomiony z C:\Users\Łukasz\Downloads Załadowane profile: Łukasz (Dostępne profile: Łukasz) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AMD) C:\Windows\System32\atieclxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (iS3, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SZServer.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (ThreatTrack Security Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SBAMSvc.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (iS3, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiVirus\STOPzilla.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google) C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\SwReporter\27.147.200\software_reporter_tool.exe (Google) C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\SwReporter\27.147.200\software_reporter_tool.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2016-02-19] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle Corporation) HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\Run: [EPSON SX218 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd) HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3198752 2018-03-27] (Valve Corporation) HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-22] (SUPERAntiSpyware) HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\MountPoints2: {749ae62b-d71d-11e5-a3bd-a9955758421b} - H:\AutoRun.exe HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Games\TERROR~1\Data\LEVELS~2\Levels.scr HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{528655A1-4E73-4396-BC7F-AC8BEBA611AF}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{6D651157-7A12-41D1-B8E6-CC2FBBB90603}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{6D651157-7A12-41D1-B8E6-CC2FBBB90603}: [DhcpNameServer] 192.168.8.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.pl/ URLSearchHook: HKLM-x32 - (Brak nazwy) - {eae1e35c-bdd4-49aa-adc9-e82496f88370} - Brak pliku URLSearchHook: HKU\S-1-5-21-3069082019-2975524053-1918208989-1000 - (Brak nazwy) - {eae1e35c-bdd4-49aa-adc9-e82496f88370} - Brak pliku SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-07] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-07] (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Brak nazwy -> {eae1e35c-bdd4-49aa-adc9-e82496f88370} -> Brak pliku FireFox: ======== FF ProfilePath: C:\Users\Łukasz\AppData\Roaming\TomTom\HOME\Profiles\4ngglqys.default [2017-06-03] FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-07] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3069082019-2975524053-1918208989-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Łukasz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Profile: C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default [2018-03-28] CHR Extension: (Dysk Google) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20] CHR Extension: (YouTube) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20] CHR Extension: (Google Search) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20] CHR Extension: (Trustnav adblocker) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgbldpiollgaehnlegmfhioconikkjjh [2018-03-25] CHR Extension: (Trustnav safe search) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjdbeiflalimgifllheflljdconlbig [2018-03-25] CHR Extension: (Ad-Blocker) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kacljcbejojnapnmiifgckbafkojcncf [2018-03-25] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-14] CHR Extension: (Gmail) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20] CHR Extension: (Chrome Media Router) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-24] CHR HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2018-02-24] () R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-11-20] (Cybereason) [Brak podpisu cyfrowego] R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2018-03-27] (SurfRight B.V.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender) R2 SBAMSvc; C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SBAMSvc.exe [3984912 2015-08-27] (ThreatTrack Security Inc.) R2 sz7; C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SZServer.exe [1755040 2016-08-10] (iS3, Inc.) S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-10-17] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1622528 2016-02-19] (AVerMedia TECHNOLOGIES, Inc.) R1 bdfwfpf; C:\Program Files\iS3\STOPzilla AntiVirus\drivers\bdfwfpf\bdfwfpf.sys [127312 2017-09-26] (BitDefender LLC) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] () S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security) S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security) S3 GridinSoftInetSecurityDriver; C:\Windows\System32\DRIVERS\gsInetSecurity.sys [102736 2018-03-20] (GridinSoft LLC) R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-10] (Malwarebytes) S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-23] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-12] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-23] (Malwarebytes) S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2015-08-27] (ThreatTrack Security Inc.) S3 SBHIPS; C:\Windows\System32\drivers\sbhips.sys [63696 2015-08-27] (ThreatTrack Security) R1 sbwfw; C:\Windows\System32\DRIVERS\sbwfw.sys [345392 2015-08-27] (ThreatTrack Security) R3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [95608 2015-08-27] (ThreatTrack Security) S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [29456 2018-03-20] (Windows (R) Win 7 DDK provider) U1 aswbdisk; Brak ImagePath S3 MBAMProtection; system32\DRIVERS\mbam.sys [X] S1 uxwvhfyu; \??\C:\Windows\system32\drivers\uxwvhfyu.sys [X] S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-03-28 14:15 - 2018-03-28 14:20 - 000015816 _____ C:\Users\Łukasz\Downloads\FRST.txt 2018-03-28 14:15 - 2018-03-28 14:15 - 000000000 ____D C:\FRST 2018-03-28 14:08 - 2018-03-28 14:08 - 000510768 ____N C:\Users\Łwz6jv\enthusiasm why ships rapid.xlsx 2018-03-28 14:08 - 2018-03-28 14:08 - 000500228 ____N C:\Users\Ajknrw\encloseappears.xlsx 2018-03-28 14:08 - 2018-03-28 14:08 - 000215823 ____N C:\Users\Łwz6jv\puerto.morphology.weed.material.mdb 2018-03-28 14:08 - 2018-03-28 14:08 - 000207386 ____N C:\Users\Ajknrw\authenticpestwilliamlibrarian.mdb 2018-03-28 14:08 - 2018-03-28 14:08 - 000064576 ____N C:\Users\Łwz6jv\excitingpatgrind.xls 2018-03-28 14:08 - 2018-03-28 14:08 - 000062431 ____N C:\Users\Ajknrw\scarcely-dissatisfaction-restrictions-government.xls 2018-03-28 14:08 - 2018-03-28 14:08 - 000053812 ____N C:\Users\Ajknrw\mustmethods.pem 2018-03-28 14:08 - 2018-03-28 14:08 - 000050359 ____N C:\Users\Łwz6jv\formula.appreciate.fees.pem 2018-03-28 14:08 - 2018-03-28 14:08 - 000030503 ____N C:\Users\Łwz6jv\flashtalesmilingentrance.txt 2018-03-28 14:08 - 2018-03-28 14:08 - 000029378 ____N C:\Users\Ajknrw\duration.legislation.prefer.offers.sql 2018-03-28 14:08 - 2018-03-28 14:08 - 000016599 ____N C:\Users\Ajknrw\officers soil.txt 2018-03-28 14:08 - 2018-03-28 14:08 - 000011102 ____N C:\Users\Łwz6jv\highintroductionadjective.sql 2018-03-28 14:08 - 2018-03-28 14:08 - 000000000 __SHD C:\Users\Łukasz\Desktop\0K, this directory is for Ransomware detection (just leave it here) 2018-03-28 14:08 - 2018-03-28 14:08 - 000000000 ___HD C:\Users\Łwz6jv 2018-03-28 14:08 - 2018-03-28 14:08 - 000000000 ___HD C:\Users\Łukasz\Documents\Vdates34 2018-03-28 14:08 - 2018-03-28 14:08 - 000000000 ___HD C:\Users\Łukasz\Documents\AAtools27 2018-03-28 14:08 - 2018-03-28 14:08 - 000000000 ___HD C:\Users\Ajknrw 2018-03-28 14:08 - 2018-03-28 14:08 - 000000000 ____D C:\Xvalues41 2018-03-28 14:08 - 2018-03-28 14:08 - 000000000 ____D C:\Aclog118 2018-03-27 18:49 - 2018-03-27 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft 2018-03-27 18:49 - 2018-03-27 18:49 - 000000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer 2018-03-27 18:30 - 2018-03-27 18:30 - 000822328 _____ (Roblox Corporation) C:\Users\Łukasz\Downloads\RobloxPlayerLauncher.exe 2018-03-27 18:29 - 2018-03-27 18:29 - 000002039 _____ C:\Users\Łukasz\Desktop\STOPzilla AntiVirus.lnk 2018-03-27 18:06 - 2018-03-27 18:06 - 000000000 ____D C:\Program Files\HitmanPro 2018-03-27 18:05 - 2018-03-27 18:05 - 011605440 _____ (SurfRight B.V.) C:\Users\Łukasz\Downloads\HitmanPro_x64.exe 2018-03-27 17:55 - 2018-03-27 17:58 - 000003106 _____ C:\RakhniDecryptor.1.21.15.5_27.03.2018_17.55.16_log.txt 2018-03-27 17:45 - 2018-03-27 17:50 - 000004612 _____ C:\RakhniDecryptor.1.21.15.5_27.03.2018_17.45.24_log.txt 2018-03-27 17:44 - 2018-03-27 17:45 - 005324509 _____ C:\Users\Łukasz\Downloads\RakhniDecryptor.zip 2018-03-27 17:37 - 2018-03-27 17:42 - 000003442 _____ C:\RannohDecryptor.1.9.6.1_27.03.2018_17.37.41_log.txt 2018-03-27 17:14 - 2018-03-27 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla 2018-03-27 16:12 - 2018-03-27 16:12 - 000000000 ____D C:\SUPERDelete 2018-03-27 14:17 - 2018-03-28 14:08 - 000003276 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware 2018-03-27 14:16 - 2018-03-27 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware 2018-03-27 14:16 - 2018-03-27 14:16 - 000000000 ____D C:\ProgramData\GridinSoft 2018-03-27 14:15 - 2018-03-27 14:16 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware 2018-03-27 14:11 - 2018-03-27 14:11 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyKiller 2018-03-27 14:09 - 2018-03-27 14:11 - 000000000 ____D C:\Program Files (x86)\SpyKiller 2018-03-27 14:09 - 2018-03-27 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyKiller 2018-03-27 14:08 - 2018-03-27 14:08 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2018-03-27 14:07 - 2018-03-27 14:08 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2018-03-25 06:59 - 2018-03-25 06:59 - 000000000 ____D C:\Program Files\iS3 2018-03-25 00:26 - 2018-03-25 00:26 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0 2018-03-24 23:41 - 2018-03-24 23:41 - 000000000 ____D C:\ProgramData\VIPRE 2018-03-24 23:40 - 2018-03-24 23:40 - 000003202 _____ C:\Windows\System32\Tasks\VIPRE Spectre CPU Flow Fix Task Once 2018-03-24 23:40 - 2018-03-24 23:40 - 000003038 _____ C:\Windows\System32\Tasks\VIPRE Spectre CPU Flow Fix Task v3 2018-03-24 23:23 - 2018-03-27 14:23 - 000000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2d2e123-a811-4972-b4bd-8ff992d8ce26.job 2018-03-24 23:23 - 2018-03-25 06:43 - 000000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f5f77eb9-eae0-4bf2-b1f3-c97afd9129c5.job 2018-03-24 23:23 - 2018-03-24 23:23 - 000003602 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f5f77eb9-eae0-4bf2-b1f3-c97afd9129c5 2018-03-24 23:23 - 2018-03-24 23:23 - 000003528 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f2d2e123-a811-4972-b4bd-8ff992d8ce26 2018-03-24 23:23 - 2018-03-24 23:23 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\SUPERAntiSpyware.com 2018-03-24 23:22 - 2018-03-24 23:22 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2018-03-23 10:22 - 2018-03-23 10:22 - 000001190 _____ C:\Windows\SysWOW64\ServiceConfig.xml 2018-03-23 09:29 - 2018-03-27 18:25 - 000000000 ____D C:\AdwCleaner 2018-03-23 07:52 - 2018-03-23 07:52 - 000000000 _____ C:\Windows\system32\SBRC.dat 2018-03-23 07:46 - 2016-03-04 12:26 - 000032400 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys 2018-03-23 07:46 - 2015-08-27 08:31 - 000040584 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys 2018-03-23 07:38 - 2018-03-28 14:10 - 000000000 ____D C:\ProgramData\STOPzilla! 2018-03-23 07:38 - 2015-08-27 18:50 - 000063696 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\sbhips.sys 2018-03-23 07:37 - 2018-03-23 07:37 - 000000000 ____D C:\Program Files (x86)\iS3 2018-03-21 07:25 - 2018-03-21 07:25 - 000000000 ____D C:\Users\Łukasz\AppData\LocalLow\CorvoGames 2018-03-21 07:23 - 2018-03-23 21:57 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-03-20 19:05 - 2018-03-23 21:51 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-03-20 14:25 - 2018-03-20 14:25 - 000102736 _____ (GridinSoft LLC) C:\Windows\system32\Drivers\gsInetSecurity.sys 2018-03-20 14:25 - 2018-03-20 14:25 - 000029456 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys 2018-03-19 07:29 - 2018-03-19 07:29 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2018-03-19 07:29 - 2018-03-19 07:29 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2018-03-19 07:29 - 2018-03-19 07:29 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2018-03-19 07:29 - 2018-03-19 07:29 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2018-03-19 07:29 - 2018-03-19 07:29 - 000000000 ____D C:\Program Files (x86)\OpenAL 2018-03-17 22:02 - 2018-03-17 22:02 - 000000000 ____D C:\Users\Łukasz\AppData\Local\ShopSim 2018-03-17 22:00 - 2018-03-23 15:38 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\itch 2018-03-17 22:00 - 2018-03-17 22:00 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Itch Corp 2018-03-17 21:59 - 2018-03-17 22:00 - 000000000 ____D C:\Users\Łukasz\AppData\Local\SquirrelTemp 2018-03-17 21:59 - 2018-03-17 22:00 - 000000000 ____D C:\Users\Łukasz\AppData\Local\itch 2018-03-17 21:27 - 2018-03-17 21:27 - 000000000 ____D C:\Program Files (x86)\WinRAR 2018-03-17 19:50 - 2018-03-17 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2018-03-16 22:42 - 2018-03-27 18:28 - 000000000 ____D C:\ProgramData\HitmanPro 2018-03-15 19:09 - 2018-03-17 19:15 - 000011689 _____ C:\Users\Łukasz\AppData\Roaming\TheHunterSettings_live.bin 2018-03-15 17:39 - 2018-03-15 17:43 - 000000045 _____ C:\Users\Łukasz\AppData\Roaming\TheHunterSettings_steam_live.cfg 2018-03-15 17:39 - 2018-03-15 17:39 - 000000000 ____D C:\Users\Łukasz\Documents\theHunter 2018-03-15 17:39 - 2018-03-15 17:39 - 000000000 ____D C:\Users\Łukasz\AppData\Local\theHunter 2018-03-15 17:39 - 2018-03-15 17:39 - 000000000 ____D C:\Users\Łukasz\AppData\Local\CrashRpt 2018-03-15 17:37 - 2018-03-15 17:37 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\theHunterSteam 2018-03-15 15:16 - 2018-03-15 15:16 - 000000222 _____ C:\Users\Łukasz\Desktop\theHunter Classic.url 2018-03-15 15:05 - 2018-03-15 15:05 - 000030903 _____ C:\ProgramData\agent.update.1521119129.bdinstall.bin 2018-03-15 14:56 - 2018-03-28 14:11 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2018-03-15 14:54 - 2018-03-15 15:06 - 000000000 ____D C:\Program Files\Bitdefender Agent 2018-03-15 14:54 - 2018-03-15 14:54 - 000049473 _____ C:\ProgramData\agent.1521118480.bdinstall.bin 2018-03-14 16:52 - 2018-03-20 19:50 - 000000096 _____ C:\Users\Łukasz\AppData\Roaming\LauncherSettings_live.cfg 2018-03-14 16:49 - 2018-03-14 16:49 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\theHunter 2018-03-14 16:49 - 2018-03-14 16:49 - 000000000 ____D C:\ProgramData\Hunter 2018-03-14 16:48 - 2018-03-15 15:09 - 000000000 ____D C:\Program Files (x86)\theHunter 2018-03-14 16:48 - 2018-03-14 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\theHunter 2018-03-14 16:45 - 2018-03-14 16:45 - 019690528 _____ (Expansive Worlds ) C:\Users\Łukasz\Downloads\theHunterLauncherSetup.exe 2018-03-14 16:12 - 2018-02-13 20:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-03-14 16:12 - 2018-02-13 20:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2018-03-14 16:12 - 2018-02-13 16:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2018-03-14 16:12 - 2018-02-13 16:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2018-03-14 16:12 - 2018-02-13 16:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2018-03-14 16:12 - 2018-02-13 16:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2018-03-14 16:12 - 2018-02-13 16:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2018-03-14 16:12 - 2018-02-13 16:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2018-03-14 16:12 - 2018-02-13 16:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2018-03-14 16:12 - 2018-02-13 16:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2018-03-12 16:12 - 2018-03-12 16:12 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-03-10 22:01 - 2018-03-10 23:07 - 000000000 ___HD C:\Users\Łv038yjf 2018-03-10 22:01 - 2018-03-10 23:07 - 000000000 ___HD C:\Users\Łukasz\Documents\Utransfer13 2018-03-10 22:01 - 2018-03-10 23:07 - 000000000 ___HD C:\Users\Łukasz\Documents\ABfiles117 2018-03-10 22:01 - 2018-03-10 23:07 - 000000000 ___HD C:\Users\Akxvcd 2018-03-10 12:26 - 2018-03-10 12:26 - 000000000 ____D C:\Spacekace 2018-03-10 08:58 - 2018-03-10 08:58 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-03-10 08:51 - 2018-03-10 08:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-07 15:19 - 2018-03-07 15:19 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\java 2018-03-07 15:18 - 2018-03-07 15:18 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2018-03-07 15:18 - 2018-03-07 15:18 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\Sun 2018-03-07 15:18 - 2018-03-07 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-03-07 15:12 - 2018-03-27 14:42 - 000000000 ____D C:\Users\Łukasz\.junique 2018-03-07 15:12 - 2018-03-27 14:41 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\Crystal-Launcher 2018-03-07 15:04 - 2018-03-07 16:17 - 000000000 ____D C:\Program Files (x86)\Java 2018-03-07 15:01 - 2018-03-07 15:01 - 000597276 _____ () C:\Users\Łukasz\Desktop\CrystalLauncher.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-03-28 14:21 - 2017-11-19 10:38 - 000000000 ____D C:\Users\Łukasz\Desktop\cusie 2018-03-28 14:09 - 2017-12-15 13:08 - 000000000 ____D C:\Program Files (x86)\Steam 2018-03-28 14:09 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing 2018-03-28 14:08 - 2017-11-17 19:27 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2018-03-28 14:07 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-27 18:01 - 2009-07-14 06:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-03-27 18:01 - 2009-07-14 06:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-03-27 17:58 - 2011-04-12 15:21 - 000740098 _____ C:\Windows\system32\perfh015.dat 2018-03-27 17:58 - 2011-04-12 15:21 - 000155672 _____ C:\Windows\system32\perfc015.dat 2018-03-27 17:58 - 2009-07-14 07:13 - 001669190 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-27 17:58 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-03-27 16:38 - 2016-04-05 18:37 - 000000000 ____D C:\Users\Łukasz\AppData\Local\CrashDumps 2018-03-27 16:10 - 2016-02-19 17:40 - 000000000 ____D C:\Users\Łukasz 2018-03-26 15:16 - 2018-02-10 09:26 - 000000000 ____D C:\Users\Łukasz\AppData\Local\MyComGames 2018-03-23 07:50 - 2016-02-20 22:33 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-03-23 07:50 - 2016-02-20 22:33 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-03-23 07:33 - 2018-01-16 06:57 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2018-03-20 20:19 - 2016-02-21 15:47 - 000000000 ____D C:\ProgramData\Adobe 2018-03-20 19:45 - 2017-11-18 13:07 - 000000000 ____D C:\Users\Łukasz\Desktop\LEGO prace 2018-03-17 21:37 - 2016-12-31 14:51 - 000000000 ____D C:\Games 2018-03-16 10:25 - 2014-11-27 22:17 - 001640860 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2018-03-16 09:05 - 2016-07-17 23:11 - 000000000 ____D C:\Users\Łukasz\AppData\Roaming\AVG 2018-03-16 09:05 - 2016-07-17 22:55 - 000000000 ____D C:\Users\Łukasz\AppData\Local\Avg 2018-03-16 09:05 - 2016-07-17 22:55 - 000000000 ____D C:\ProgramData\Avg 2018-03-16 09:05 - 2016-02-21 01:00 - 000000000 ____D C:\Windows\system32\appraiser 2018-03-15 19:36 - 2016-07-31 20:04 - 000000000 ____D C:\Windows\system32\MRT 2018-03-15 19:35 - 2018-01-14 10:19 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-03-15 19:35 - 2016-07-31 20:04 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-03-15 17:27 - 2016-03-25 10:55 - 000000000 ____D C:\Users\Łukasz\AppData\Local\ElevatedDiagnostics 2018-03-15 17:27 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache 2018-03-14 16:48 - 2016-12-28 16:52 - 000000000 ___HD C:\Windows\msdownld.tmp 2018-03-14 16:48 - 2016-02-21 02:53 - 000000000 ____D C:\Windows\SysWOW64\directx 2018-03-13 16:55 - 2016-05-19 22:30 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-03-13 16:55 - 2016-05-19 22:30 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-03-13 16:55 - 2016-05-19 22:30 - 000004566 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-03-13 16:55 - 2016-05-19 22:30 - 000004412 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-03-13 16:55 - 2016-05-19 22:30 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-03-13 16:55 - 2016-05-19 22:30 - 000000000 ____D C:\Windows\system32\Macromed 2018-03-07 15:18 - 2017-12-17 18:27 - 000000000 ____D C:\Program Files\Java 2018-03-07 15:11 - 2017-12-17 18:27 - 000000000 ____D C:\ProgramData\Oracle 2018-03-05 14:50 - 2018-02-07 07:47 - 000000000 ____D C:\Users\Łukasz\AppData\Local\GameLoad 2018-02-28 17:15 - 2018-01-03 15:43 - 000000000 ____D C:\Users\Łukasz\Documents\DAVAProject 2018-02-27 14:44 - 2009-07-14 07:08 - 000032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-03-14 16:52 - 2018-03-20 19:50 - 000000096 _____ () C:\Users\Łukasz\AppData\Roaming\LauncherSettings_live.cfg 2018-03-15 19:09 - 2018-03-17 19:15 - 000011689 _____ () C:\Users\Łukasz\AppData\Roaming\TheHunterSettings_live.bin 2018-03-15 17:39 - 2018-03-15 17:43 - 000000045 _____ () C:\Users\Łukasz\AppData\Roaming\TheHunterSettings_steam_live.cfg Niektóre pliki w TEMP: ==================== 2018-03-23 07:36 - 2018-03-27 17:11 - 000075264 _____ (DeskMetrics) C:\Users\Łukasz\AppData\Local\Temp\DeskMetrics.dll 2018-03-09 08:42 - 2018-03-09 08:42 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Łukasz\AppData\Local\Temp\jansi-64-190383582121894326.dll 2018-03-07 15:41 - 2018-03-07 15:41 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Łukasz\AppData\Local\Temp\jansi-64-5620059855262741762.dll 2018-03-20 20:36 - 2018-03-20 20:36 - 000465920 ____N () C:\Users\Łukasz\AppData\Local\Temp\OpenComputersMod-native.64.dll 2016-09-05 17:51 - 2009-07-13 22:59 - 000026176 ____R () C:\Users\Łukasz\AppData\Local\Temp\VP6Install.exe 2016-09-05 17:51 - 2009-07-13 22:59 - 000445504 ____R (On2.com) C:\Users\Łukasz\AppData\Local\Temp\VP6VFW.dll 2009-10-08 14:14 - 2009-10-08 14:14 - 000456024 ____R (Macrovision Corporation) C:\Users\Łukasz\AppData\Local\Temp\_is1026.exe 2009-10-08 14:14 - 2009-10-08 14:14 - 000456024 ____R (Macrovision Corporation) C:\Users\Łukasz\AppData\Local\Temp\_is482.exe 2018-02-22 10:01 - 2006-05-24 13:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Łukasz\AppData\Local\Temp\_is83A0.exe 2009-10-08 14:14 - 2009-10-08 14:14 - 000456024 ____R (Macrovision Corporation) C:\Users\Łukasz\AppData\Local\Temp\_is9339.exe 2009-10-13 10:43 - 2009-10-13 10:43 - 000453776 ____R (Macrovision Corporation) C:\Users\Łukasz\AppData\Local\Temp\_is93C7.exe 2009-10-13 10:43 - 2009-10-13 10:43 - 000453776 ____R (Macrovision Corporation) C:\Users\Łukasz\AppData\Local\Temp\_is9D57.exe 2006-05-24 13:10 - 2006-05-24 13:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Łukasz\AppData\Local\Temp\_isA5C0.exe 2009-10-08 14:14 - 2009-10-08 14:14 - 000456024 ____R (Macrovision Corporation) C:\Users\Łukasz\AppData\Local\Temp\_isBE20.exe 2009-10-08 14:14 - 2009-10-08 14:14 - 000456024 ____R (Macrovision Corporation) C:\Users\Łukasz\AppData\Local\Temp\_isC052.exe 2009-10-08 14:14 - 2009-10-08 14:14 - 000456024 ____R (Macrovision Corporation) C:\Users\Łukasz\AppData\Local\Temp\_isC419.exe 2009-10-08 14:14 - 2009-10-08 14:14 - 000456024 ____R (Macrovision Corporation) C:\Users\Łukasz\AppData\Local\Temp\_isDE9B.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-03-23 08:11 ==================== Koniec FRST.txt ============================