Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 07-12-2016 Uruchomiony przez Nesste (administrator) NESTE (12-12-2016 16:01:59) Uruchomiony z C:\Users\Nesste\Desktop\Nowy folder (2) Załadowane profile: Nesste (Dostępne profile: Nesste) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrA.exe (StarWind Software) E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Wargaming.net) E:\Gry\WoT\WargamingGameUpdater.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor) HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-10-25] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKU\S-1-5-21-2816774600-1235983040-3463408076-1000\...\Run: [World of Tanks] => E:\Gry\WoT\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net) HKU\S-1-5-21-2816774600-1235983040-3463408076-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd) HKU\S-1-5-21-2816774600-1235983040-3463408076-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [978456 2016-08-03] (BlueStack Systems, Inc.) HKU\S-1-5-21-2816774600-1235983040-3463408076-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ShellExecuteHooks: - {3F1B64C0-AA92-11E6-B58E-64006A5CFC23} - C:\Users\Nesste\AppData\Roaming\Elukweceward\Tiwale.dll Brak pliku [ ] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => Brak pliku GroupPolicy: Ograniczenia - Chrome <======= UWAGA GroupPolicy\User: Ograniczenia <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.99.99 Tcpip\..\Interfaces\{66F21D74-F112-4F2F-A518-694DA8CC407D}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{ECF23C1C-01F2-4091-AF4B-472D33120739}: [DhcpNameServer] 192.168.99.99 Tcpip\..\Interfaces\{FB2AB971-E764-4476-9D5B-1DDCF3871F53}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-2816774600-1235983040-3463408076-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2816774600-1235983040-3463408076-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2816774600-1235983040-3463408076-1000\Software\Microsoft\Internet Explorer\Main,Start Page = URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> DefaultScope {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2816774600-1235983040-3463408076-1000 -> DefaultScope {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms} SearchScopes: HKU\S-1-5-21-2816774600-1235983040-3463408076-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2816774600-1235983040-3463408076-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-2816774600-1235983040-3463408076-1000 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF DefaultProfile: p1gqi1zc.default FF ProfilePath: C:\Users\Nesste\AppData\Roaming\Mozilla\Firefox\Profiles\7lod76sk.default [2016-12-12] FF Extension: (Brak nazwy) - C:\Users\Nesste\AppData\Roaming\Mozilla\Firefox\Profiles\7lod76sk.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [nie znaleziono] FF ProfilePath: C:\Users\Nesste\AppData\Roaming\Profiles\p1gqi1zc.default [2016-12-10] FF Keyword.URL: Profiles\p1gqi1zc.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B9E7FD863-F7C7-4110-85AF-73B8D38F332C%7D&gp=811014 FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] () FF Plugin-x32: @alawar.com/npapi -> C:\Windows\npapi.dll [Brak pliku] FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-12] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=154 CHR StartupUrls: Default -> "hxxp://www.gazeta.pl/0,0.html?p=154","hxxp://www.istartsurf.com/?type=hp&ts=1409675265&from=smt&uid=ST1500DM003-9YN16G_W1E2QME9XXXXW1E2QME9" CHR Profile: C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default [2016-12-12] CHR Extension: (Prezentacje Google) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-12] CHR Extension: (Dokumenty Google) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-12] CHR Extension: (Dysk Google) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-12] CHR Extension: (YouTube) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-12] CHR Extension: (Arkusze Google) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-12] CHR Extension: (Gmail) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdpfakmkmnhbmpkjoalflbdchkpggned [2016-12-12] CHR Extension: (Dokumenty Google offline) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-12] CHR Extension: (Szukaj w Google) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpjmkngecpnnajkmdhplmeoelenkpgk [2016-12-12] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-12] CHR Extension: (Gmail) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-12] CHR Extension: (Chrome Media Router) - C:\Users\Nesste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-12] Opera: ======= OPR Extension: (CinPl2.3c) - C:\Users\Nesste\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhnjdejfbngngppihmpgncfnpfdaglhg [2014-09-02] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-10-25] (Advanced Micro Devices) [Brak podpisu cyfrowego] S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S2 AxAutoMntSrv; E:\Programy\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [445976 2016-08-03] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [425496 2016-08-03] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [462360 2016-08-03] (BlueStack Systems, Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Brak podpisu cyfrowego] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-03-29] () R2 StarWindServiceAE; E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Brak podpisu cyfrowego] S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X] S2 GmSvc; C:\Program Files (x86)\LDSGameCenter\GmSvc.dll [X] S2 PlaysService; "C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ALSysIO; Brak ImagePath R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-10-25] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2014-09-02] () S3 BRDriver64_1_3_3_E02B25FC; Brak ImagePath R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2016-08-03] (BlueStack Systems) R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. ) S3 EagleX64; Brak ImagePath S3 gdrv; Brak ImagePath S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-08-16] (Sony Mobile Communications) R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-08-31] (Highresolution Enterprises [www.highrez.co.uk]) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-09-02] () R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-12] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-12] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-12] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-12] (Malwarebytes) S3 netfitsprocadapter; C:\Windows\System32\DRIVERS\netfitsproc.sys [30480 2016-12-10] (Netfits) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.) S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [126208 2012-10-26] (QUALCOMM Incorporated) [Brak podpisu cyfrowego] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-02-05] (Duplex Secure Ltd.) R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [208696 2007-03-28] (StorageCraft) U3 a703yn3y; C:\Windows\System32\Drivers\a703yn3y.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder) U0 aswVmm; Brak ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X] S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X] S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X] S3 qcusbnet; system32\DRIVERS\qcusbnet.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) NETSVCx32: HpSvc -> Brak ścieżki do pliku. NETSVCx32: WpSvc -> Brak ścieżki do pliku. NETSVCx32: GmSvc -> C:\Program Files (x86)\LDSGameCenter\GmSvc.dll ==> Brak pliku ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-12 02:03 - 2016-12-12 02:03 - 00380928 _____ C:\Users\Nesste\Downloads\s9bre691.exe 2016-12-12 01:42 - 2016-12-12 01:42 - 00000000 _____ C:\Users\Nesste\Desktop\Nowy dokument tekstowy.txt 2016-12-12 01:41 - 2016-12-12 16:01 - 00000000 ____D C:\Users\Nesste\Desktop\Nowy folder (2) 2016-12-12 01:41 - 2016-12-12 01:41 - 00000022 _____ C:\Users\Nesste\Downloads\Upload.zip 2016-12-12 01:38 - 2016-12-12 01:43 - 00000000 ____D C:\FRST 2016-12-12 01:35 - 2016-12-12 01:35 - 00022688 _____ C:\Users\Nesste\Downloads\FRST.txt 2016-12-12 01:04 - 2016-12-12 15:56 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-12-12 01:04 - 2016-12-12 01:04 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2016-12-12 01:04 - 2016-12-12 01:04 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2016-12-12 01:03 - 2016-12-12 15:56 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-12 01:03 - 2016-12-12 15:56 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-12-12 01:03 - 2016-12-12 01:03 - 00001875 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2016-12-12 01:03 - 2016-12-12 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-12-12 01:03 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2016-12-12 01:02 - 2016-12-12 01:03 - 51969976 _____ (Malwarebytes ) C:\Users\Nesste\Downloads\mb3-setup-consumer-3.0.4.1269.exe 2016-12-12 00:01 - 2016-12-12 01:43 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-12 00:00 - 2016-12-12 15:55 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-12-12 00:00 - 2016-12-12 15:05 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-12-12 00:00 - 2016-12-12 00:13 - 00000000 ____D C:\Users\Nesste\AppData\Local\Google 2016-12-12 00:00 - 2016-12-12 00:01 - 00000000 ____D C:\Program Files (x86)\Google 2016-12-12 00:00 - 2016-12-12 00:00 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-12 00:00 - 2016-12-12 00:00 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-11 23:42 - 2016-12-11 23:42 - 01065376 _____ (Google Inc.) C:\Users\Nesste\Desktop\ChromeSetup.exe 2016-12-11 23:31 - 2016-12-11 23:38 - 00000000 ____D C:\EEK 2016-12-11 23:31 - 2016-12-11 23:31 - 266094448 _____ C:\Users\Nesste\Downloads\EmsisoftEmergencyKit.exe 2016-12-11 23:27 - 2016-12-11 23:27 - 01626336 _____ C:\Users\Nesste\Downloads\Emsisoft-Emergency-Kit-13269-dp.exe 2016-12-11 22:14 - 2016-12-11 22:14 - 00028304 _____ C:\ComboFix.txt 2016-12-11 22:04 - 2016-12-12 01:04 - 00240894 _____ C:\Windows\ntbtlog.txt 2016-12-11 21:52 - 2016-12-11 22:14 - 00000000 ____D C:\Qoobox 2016-12-11 21:52 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2016-12-11 21:52 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2016-12-11 21:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-12-11 21:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-12-11 21:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-12-11 21:52 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2016-12-11 21:52 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2016-12-11 21:52 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2016-12-11 20:49 - 2016-12-11 22:53 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\Lenovo 2016-12-11 01:19 - 2016-12-11 01:19 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-10 23:33 - 2016-12-10 23:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-10 23:31 - 2016-12-11 21:38 - 00000000 ____D C:\$AVG 2016-12-10 23:30 - 2016-12-10 23:46 - 00000000 ____D C:\Users\Nesste\Doctor Web 2016-12-10 23:21 - 2016-12-11 22:00 - 00000000 ____D C:\Windows\erdnt 2016-12-10 23:21 - 2016-12-10 23:21 - 00000000 ____D C:\Program Files\McAfee 2016-12-10 23:20 - 2016-12-10 23:20 - 05658636 ____R (Swearware) C:\Users\Nesste\Downloads\ComboFix 16.11.13.01 [1].exe 2016-12-10 22:47 - 2016-12-10 22:47 - 00250912 _____ C:\Windows\SysWOW64\kz.exe 2016-12-10 22:45 - 2016-12-10 22:45 - 00000266 __RSH C:\Users\Nesste\ntuser.pol 2016-12-10 22:42 - 2016-12-10 22:42 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-12-10 22:41 - 2016-12-10 22:41 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2016-12-10 22:41 - 2016-12-10 22:41 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2016-12-10 22:41 - 2016-12-10 22:41 - 00000000 ____D C:\ProgramData\{D0717883-7508-4308-9A88-311E19C5C458}.tmp 2016-12-10 22:40 - 2016-12-11 22:53 - 00000000 ____D C:\Program Files (x86)\Lenovo 2016-12-10 22:40 - 2016-12-10 22:40 - 00030480 _____ (Netfits) C:\Windows\system32\Drivers\netfitsproc.sys 2016-12-10 22:38 - 2016-12-10 22:38 - 00000000 ____D C:\ProgramData\Avira 2016-12-10 22:37 - 2016-12-11 00:20 - 00000000 ____D C:\ProgramData\AVAST Software 2016-12-10 22:37 - 2016-12-10 22:37 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll 2016-12-10 22:37 - 2016-12-10 22:37 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll 2016-12-10 22:37 - 2016-12-10 22:37 - 00003512 _____ C:\Windows\System32\Tasks\d6a959b4fd1aaa581ab458d9d73c08ff 2016-12-10 22:36 - 2016-12-11 02:17 - 00000000 ____D C:\Program Files (x86)\Arozalyprogly 2016-12-10 22:36 - 2016-12-10 22:44 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\Elukweceward 2016-12-10 22:36 - 2016-12-10 22:37 - 00000000 ____D C:\Users\Nesste\AppData\Local\Dritopy 2016-12-10 22:36 - 2016-12-10 22:36 - 00000000 ____D C:\Users\Public\Thunder Network 2016-12-10 22:36 - 2016-11-09 15:55 - 00778752 _____ C:\Windows\system32\chtbrkg.dll 2016-12-10 22:36 - 2016-11-09 15:55 - 00590848 _____ C:\Windows\SysWOW64\chtbrkg.dll 2016-12-10 22:34 - 2016-12-10 22:34 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2016-12-10 21:58 - 2016-12-10 22:37 - 00000000 ____D C:\Program Files (x86)\RAR Password Unlocker 2016-12-10 21:23 - 2016-12-10 22:37 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2016-12-10 21:23 - 2016-12-10 21:23 - 00001217 _____ C:\Users\Nesste\Desktop\Uplay.lnk 2016-12-10 21:23 - 2016-12-10 21:23 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2016-12-10 19:28 - 2016-12-10 19:28 - 00000000 ____D C:\Users\Nesste\AppData\LocalLow\uTorrent 2016-12-07 20:12 - 2016-12-07 20:12 - 00000372 _____ C:\Users\Nesste\Desktop\DiRT2 — skrót.lnk 2016-12-05 00:12 - 2016-12-05 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace 2016-12-04 22:08 - 2016-12-04 22:09 - 00000000 ____D C:\Users\Nesste\Documents\NFS Most Wanted 2016-12-04 22:06 - 2016-12-04 22:06 - 00000819 _____ C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk 2016-11-26 18:02 - 2016-11-26 18:02 - 00001771 _____ C:\Users\Nesste\Desktop\SpinTires.exe — skrót.lnk 2016-11-26 16:36 - 2016-11-28 19:24 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\SpinTires 2016-11-20 00:34 - 2016-11-20 00:34 - 00000520 _____ C:\Users\Nesste\Desktop\Battlefield™ Hardline — skrót.lnk 2016-11-19 22:39 - 2016-11-19 22:43 - 00000000 ____D C:\Users\Nesste\Documents\BFH 2016-11-19 22:38 - 2016-11-19 22:38 - 00000000 ____D C:\Program Files\BreakPoint Software 2016-11-19 22:37 - 2016-11-19 22:37 - 18864464 _____ (BreakPoint Software) C:\Users\Nesste\Downloads\hw_v680.exe 2016-11-19 21:56 - 2016-12-10 22:37 - 00000000 ____D C:\Program Files (x86)\BFH 2016-11-15 16:15 - 2016-11-15 16:15 - 00678753 _____ C:\Users\Nesste\Desktop\skierowanie 2.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-12 16:00 - 2011-04-12 14:21 - 13586118 _____ C:\Windows\system32\perfh015.dat 2016-12-12 16:00 - 2011-04-12 14:21 - 04560926 _____ C:\Windows\system32\perfc015.dat 2016-12-12 16:00 - 2009-07-14 06:13 - 00006212 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-12 15:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-12 15:54 - 2013-12-31 21:34 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2016-12-12 01:17 - 2013-12-31 20:32 - 00001224 _____ C:\Users\Nesste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-12-12 01:17 - 2013-12-31 20:32 - 00001224 _____ C:\Users\Nesste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-12-12 01:03 - 2016-05-14 21:11 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-12 00:07 - 2016-02-12 10:46 - 00000000 ____D C:\Users\Nesste\AppData\Local\ElevatedDiagnostics 2016-12-11 23:53 - 2016-10-16 03:08 - 00000000 ____D C:\AdwCleaner 2016-12-11 23:47 - 2014-09-01 19:48 - 00000000 ____D C:\ProgramData\McAfee 2016-12-11 23:46 - 2009-07-14 05:45 - 00031728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-11 23:46 - 2009-07-14 05:45 - 00031728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-11 22:32 - 2015-02-03 22:13 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2016-12-11 22:13 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2016-12-11 21:51 - 2014-07-19 14:49 - 00000000 ___RD C:\Users\Nesste\Desktop\Pobrane 2016-12-11 21:50 - 2016-11-09 15:16 - 00000000 ____D C:\Users\Nesste\Desktop\Nowy folder 2016-12-11 21:49 - 2014-07-19 15:02 - 00000000 ___RD C:\Users\Nesste\Desktop\Programy 2016-12-11 21:47 - 2016-05-14 23:36 - 00000000 ____D C:\Users\Nesste\AppData\Local\AvgSetupLog 2016-12-11 21:47 - 2014-04-13 20:05 - 00000000 ____D C:\ProgramData\AVG 2016-12-11 21:46 - 2015-07-03 22:15 - 00000000 ____D C:\Users\Nesste\AppData\Local\Avg 2016-12-11 21:46 - 2014-04-14 18:39 - 00000000 ____D C:\ProgramData\MFAData 2016-12-11 02:38 - 2013-12-31 20:31 - 00000000 ____D C:\Users\Nesste 2016-12-11 01:39 - 2016-10-19 15:33 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-12-10 23:32 - 2015-08-27 23:21 - 00000000 ____D C:\Program Files\Common Files\AV 2016-12-10 22:45 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-10 22:43 - 2014-01-06 13:00 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\uTorrent 2016-12-10 22:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-12-10 22:40 - 2014-11-02 15:03 - 00000000 ____D C:\Users\Nesste\AppData\Local\Chromium 2016-12-10 22:38 - 2016-11-10 18:39 - 00000000 ____D C:\Program Files (x86)\FreeMouseAutoClicker 2016-12-10 22:38 - 2016-10-16 03:01 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2016-12-10 22:38 - 2014-01-06 17:53 - 00000000 ____D C:\Program Files (x86)\OpenAL 2016-12-10 22:38 - 2014-01-01 13:14 - 00000000 ____D C:\Program Files (x86)\Adobe Story 2016-12-10 22:38 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-12-10 22:37 - 2016-11-05 19:27 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2016-12-10 22:37 - 2016-10-21 21:51 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2016-12-10 22:37 - 2016-09-18 02:48 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-12-10 22:37 - 2016-09-18 02:48 - 00000000 ____D C:\Program Files (x86)\AMD 2016-12-10 22:37 - 2016-08-31 00:08 - 00000000 ____D C:\Program Files (x86)\Kerish Doctor 2016-12-10 22:37 - 2016-08-27 13:40 - 00000000 ____D C:\Program Files (x86)\Panda Security 2016-12-10 22:37 - 2016-07-31 12:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2016-12-10 22:37 - 2016-07-31 12:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2016-12-10 22:37 - 2016-07-31 12:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2016-12-10 22:37 - 2016-07-31 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-12-10 22:37 - 2016-06-15 00:08 - 00000000 ____D C:\Program Files (x86)\mp3DirectCut 2016-12-10 22:37 - 2016-05-20 21:01 - 00000000 ____D C:\Program Files (x86)\Steam 2016-12-10 22:37 - 2016-05-14 20:26 - 00000000 ____D C:\Program Files (x86)\ChomikBox 2016-12-10 22:37 - 2015-12-25 21:47 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2016-12-10 22:37 - 2015-10-31 10:48 - 00000000 ____D C:\Program Files (x86)\Drakensang Online 2016-12-10 22:37 - 2015-09-07 23:04 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE 2016-12-10 22:37 - 2015-03-15 01:08 - 00000000 ____D C:\Program Files (x86)\WinHex 2016-12-10 22:37 - 2015-01-23 01:30 - 00000000 ____D C:\Program Files (x86)\DataMax 2016-12-10 22:37 - 2014-10-06 21:29 - 00000000 ____D C:\Program Files (x86)\AIMP3 2016-12-10 22:37 - 2014-08-16 18:11 - 00000000 ____D C:\Program Files (x86)\Sony Mobile 2016-12-10 22:37 - 2014-08-16 18:08 - 00000000 ____D C:\Program Files (x86)\Sony 2016-12-10 22:37 - 2014-07-09 22:51 - 00000000 ____D C:\Program Files (x86)\QUALCOMM Incorporated 2016-12-10 22:37 - 2014-02-09 10:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-12-10 22:37 - 2014-01-05 21:51 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2016-12-10 22:37 - 2014-01-05 18:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2016-12-10 22:37 - 2013-12-31 21:30 - 00000000 ____D C:\Program Files (x86)\AMD APP 2016-12-10 22:37 - 2013-12-31 21:28 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2016-12-10 22:37 - 2013-12-31 21:25 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-12-10 22:37 - 2013-12-31 21:11 - 00000000 ____D C:\Program Files (x86)\GIGABYTE 2016-12-10 22:37 - 2013-12-31 20:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-12-10 22:37 - 2013-12-31 20:49 - 00000000 ____D C:\Program Files (x86)\Realtek 2016-12-10 22:37 - 2013-12-31 20:48 - 00000000 ___HD C:\Program Files (x86)\Temp 2016-12-10 22:37 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2016-12-10 22:37 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-12-10 22:37 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2016-12-10 22:37 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-12-10 22:37 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-12-10 22:37 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-12-10 22:37 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Windows NT 2016-12-10 22:34 - 2016-10-16 03:00 - 00000000 _____ C:\TOSTACK 2016-12-10 21:42 - 2016-06-03 21:44 - 00000000 ____D C:\Users\Nesste\AppData\Local\Ubisoft Game Launcher 2016-12-10 21:12 - 2013-12-31 21:45 - 00000000 ____D C:\Windows\SysWOW64\directx 2016-12-10 19:56 - 2014-01-05 16:06 - 00000651 _____ C:\Users\Nesste\Documents\ax_files.xml 2016-12-09 16:35 - 2014-03-02 08:47 - 00000000 ____D C:\Windows\Minidump 2016-12-09 16:35 - 2013-12-31 03:20 - 00287333 ____N C:\Windows\Minidump\120916-17643-01.dmp 2016-12-05 13:52 - 2009-07-14 05:45 - 04981736 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-05 00:27 - 2015-01-12 19:35 - 00000000 ____D C:\Users\Nesste\Documents\My Games 2016-12-05 00:27 - 2014-01-06 17:54 - 00000000 ____D C:\ProgramData\Codemasters 2016-12-05 00:04 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-12-04 22:06 - 2015-02-11 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2016-12-04 21:56 - 2016-07-04 22:59 - 00111144 _____ C:\Users\Nesste\AppData\Local\GDIPFONTCACHEV1.DAT 2016-12-04 12:01 - 2013-12-31 03:20 - 00287013 ____N C:\Windows\Minidump\120416-26847-01.dmp 2016-12-04 00:28 - 2014-03-16 18:29 - 00000000 ____D C:\Users\Nesste\Documents\Euro Truck Simulator 2 2016-12-03 15:17 - 2016-09-17 14:01 - 00000000 ____D C:\ProgramData\AlawarWrapper 2016-12-03 15:05 - 2016-10-30 10:45 - 00000000 ____D C:\Users\Nesste\Documents\The Witcher 3 2016-12-02 19:20 - 2014-10-06 21:29 - 00000000 ____D C:\Users\Nesste\AppData\Roaming\AIMP3 2016-11-30 20:12 - 2014-07-19 14:57 - 00000000 ___RD C:\Users\Nesste\Desktop\Gry 2016-11-29 12:32 - 2013-12-31 03:20 - 00287269 ____N C:\Windows\Minidump\112916-17253-01.dmp ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-03-19 19:24 - 2016-03-19 19:24 - 6493696 _____ () C:\Users\Nesste\AppData\Roaming\agent.dat 2016-03-19 19:24 - 2016-03-19 19:24 - 0127488 _____ () C:\Users\Nesste\AppData\Roaming\Installer.dat 2016-03-19 19:24 - 2016-03-19 19:24 - 0018432 _____ () C:\Users\Nesste\AppData\Roaming\Main.dat 2015-03-15 03:27 - 2015-03-15 03:27 - 0000001 _____ () C:\Users\Nesste\AppData\Local\llftool.4.40.agreement 2014-01-03 00:28 - 2014-01-03 00:28 - 0007605 _____ () C:\Users\Nesste\AppData\Local\Resmon.ResmonCfg Niektóre pliki w TEMP: ==================== C:\Users\Nesste\AppData\Local\Temp\libeay32.dll C:\Users\Nesste\AppData\Local\Temp\msvcr120.dll C:\Users\Nesste\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll [2010-11-21 04:24] - [2016-08-30 23:43] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2010-11-21 04:24] - [2016-08-30 23:43] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-12-09 16:05 ==================== Koniec FRST.txt ============================