Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 22-01-2017 Uruchomiony przez KubaDamaszk (administrator) LAPTOPKUBY (22-01-2017 18:20:47) Uruchomiony z C:\Users\KubaDamaszk\Documents\programy adware Załadowane profile: KubaDamaszk (Dostępne profile: KubaDamaszk & Administrator & Gość) Platform: Windows 8.1 (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: "C:\Program Files (x86)\SuperBird\superbird.exe" -- "%1") Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe () C:\Program Files\AMD\ATI.ACE\a4\AdaptiveSleepService.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (The Superbird Authors) C:\Program Files (x86)\SuperBird\superbird.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (The Superbird Authors) C:\Program Files (x86)\SuperBird\superbird.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (The Superbird Authors) C:\Program Files (x86)\SuperBird\superbird.exe Brak dostępu do procesu -> RadeonSettings.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688472 2013-07-23] (Alps Electric Co., Ltd.) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-18] (TOSHIBA Corporation) HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-12] (TOSHIBA Corporation) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6626696 2016-07-18] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-20] (AVAST Software) HKU\S-1-5-21-499711634-606110142-1186871544-1001\...\Run: [MSConfig] => "C:\Users\KubaDamaszk\oklghvki.exe" HKU\S-1-5-21-499711634-606110142-1186871544-1001\...\Run: [rmwmrrqm] => C:\Users\KubaDamaszk\AppData\Roaming\gvuyqy\ymmrzit.exe [427008 2017-01-20] (hEX-rays sA) HKU\S-1-5-21-499711634-606110142-1186871544-1001\...\Policies\Explorer\Run: [Clients] => C:\Users\KubaDamaszk\AppData\Roaming\Microsoft\svbietti\wvrcgeii.exe HKU\S-1-5-21-499711634-606110142-1186871544-1001\...\MountPoints2: D - "D:\Msetup4.exe" HKU\S-1-5-21-499711634-606110142-1186871544-1001\...\MountPoints2: E - "E:\AutoRun.exe" ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-20] (AVAST Software) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{17C01D4E-80B7-4480-ADC8-A4FA98E5399E}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{1CDFFD6F-0069-40B8-A6FF-70DE31FAC30B}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{3B37EFE3-2907-4E30-8730-BD01F49B341C}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{48CAF017-ACAF-49F6-B2EF-1AD9DD5A71BD}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{5251CEA9-619B-4F0F-9EC1-7315A878DD51}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{5EEA99ED-E211-40EA-8BB7-E9DDA813B900}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{99760B7B-DB9D-4CCD-9D78-A180D95BC734}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{AD1BCB8C-B7FE-47AD-BF65-EE2F9A3DF53B}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{C8CA2C0E-B20D-489D-84A4-881C2EE801B4}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{D2FB6462-013A-4C70-9859-874A09E38F88}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{F35074D8-BA81-4D37-A483-A4555A98FE26}: [NameServer] 104.197.191.4 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-01-20] (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-14] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-20] (AVAST Software) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.amisites.com/?type=sc&ts=1484905529&z=004fa85502041a5ebd0df3cg4z9b3z1t2e8w6w1c7e&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT FireFox: ======== FF DefaultProfile: r95iswg6.default FF ProfilePath: C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\r95iswg6.default\Profiles\r95iswg6.default [nie znaleziono] FF ProfilePath: C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\r95iswg6.default\Profiles\u1xphgb4.default-1466814126981 [nie znaleziono] FF ProfilePath: C:\Users\KubaDamaszk\AppData\Roaming\K-Meleon\98pkvktu.default [2017-01-15] FF user.js: detected! => C:\Users\KubaDamaszk\AppData\Roaming\K-Meleon\98pkvktu.default\user.js [2006-04-06] FF ProfilePath: C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\r95iswg6.default [2017-01-19] FF user.js: detected! => C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\r95iswg6.default\user.js [2016-06-25] FF NewTab: Firefox\Firefox\Profiles\r95iswg6.default -> C:\\ProgramData\\Hotfreshs\\ff.NT FF DefaultSearchEngine: Firefox\Firefox\Profiles\r95iswg6.default -> Google FF DefaultSearchUrl: Firefox\Firefox\Profiles\r95iswg6.default -> hxxps://www.google.com/search?trackid=sp-006 FF SearchEngineOrder.1: Firefox\Firefox\Profiles\r95iswg6.default -> Google FF SelectedSearchEngine: Firefox\Firefox\Profiles\r95iswg6.default -> Google FF Homepage: Firefox\Firefox\Profiles\r95iswg6.default -> hxxp://www.searchinme.com/?type=hp&ts=1484834654500&z=&from=official&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT FF Keyword.URL: Firefox\Firefox\Profiles\r95iswg6.default -> hxxps://www.google.com/search?trackid=sp-006 FF Extension: (FF Adr) - C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\r95iswg6.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-01-19] [Brak podpisu cyfrowego] FF Extension: (Auto Refresh) - C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\r95iswg6.default\Extensions\autorefresh@plugin.xpi [2016-06-25] FF Extension: (English (US) Language Pack) - C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\r95iswg6.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-01-19] [Brak podpisu cyfrowego] FF Extension: (Video AdBlock for Firefox) - C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\r95iswg6.default\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2017-01-19] [Brak podpisu cyfrowego] FF Extension: (Adblock Plus) - C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\r95iswg6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-25] FF SearchPlugin: C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\r95iswg6.default\searchplugins\findit.xml [2017-01-18] FF SearchPlugin: C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\r95iswg6.default\searchplugins\google-avast.xml [2016-04-10] FF SearchPlugin: C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\r95iswg6.default\searchplugins\grjsiaw4.xml [2017-01-18] FF SearchPlugin: C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\r95iswg6.default\searchplugins\searchinme.xml [2017-01-19] FF ProfilePath: C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\u1xphgb4.default-1466814126981 [2017-01-19] FF user.js: detected! => C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\u1xphgb4.default-1466814126981\user.js [2016-06-25] FF Extension: (Adblock Plus) - C:\Users\KubaDamaszk\AppData\Roaming\Firefox\Firefox\Profiles\u1xphgb4.default-1466814126981\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-25] Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=991eeaa45e277dcfe876a04g8z8bcz0m3eco4odt0g&from=icb&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&type=hp CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=991eeaa45e277dcfe876a04g8z8bcz0m3eco4odt0g&from=icb&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&type=hp" CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=991eeaa45e277dcfe876a04g8z8bcz0m3eco4odt0g&from=icb&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&type=sp CHR DefaultSearchKeyword: ChromeDefaultData -> trotux CHR Profile: C:\Users\KubaDamaszk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-22] <==== UWAGA CHR Extension: (Adblock Plus) - C:\Users\KubaDamaszk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-20] CHR Extension: (Gimper Online) - C:\Users\KubaDamaszk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gmklimjlpbnlnhlfeklocagfmodikbhm [2016-04-16] CHR Extension: (Avast Online Security) - C:\Users\KubaDamaszk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-20] CHR Extension: (hitbox+) - C:\Users\KubaDamaszk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\kcenaommnnmnokafpkmekmgbhpbobcpg [2017-01-20] CHR Extension: (Ace Stream Web Extension) - C:\Users\KubaDamaszk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-01-20] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\KubaDamaszk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20] CHR Extension: (Chrome Media Router) - C:\Users\KubaDamaszk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-20] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx CHR HKU\S-1-5-21-499711634-606110142-1186871544-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-499711634-606110142-1186871544-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdaptiveSleepService; C:\Program Files\AMD\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-07-18] () [Brak podpisu cyfrowego] R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-06-22] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-10-01] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-20] (AVAST Software) R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [387944 2016-05-25] (Digital Wave Ltd.) R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] () R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] () R2 MSLN; C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll [443392 2017-01-19] () [Brak podpisu cyfrowego] R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG) S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] (Nero AG) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3305824 2015-05-05] (INCA Internet Co., Ltd.) [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 Alpham1; C:\Windows\System32\drivers\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation) S3 Alpham2; C:\Windows\System32\drivers\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-20] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2017-01-20] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-20] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-01-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-01-20] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-20] (AVAST Software) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [110096 2016-05-04] (Advanced Micro Devices) S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-25] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47160 2015-11-25] (Disc Soft Ltd) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-18] (REALiX(tm)) S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-06-01] (Duplex Secure Ltd.) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider) S3 usbbus; C:\Windows\System32\drivers\lgx64bus.sys [17920 2012-03-02] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\system32\DRIVERS\lgx64diag.sys [28160 2012-03-02] (LG Electronics Inc.) S3 USBModem; C:\Windows\system32\DRIVERS\lgx64modem.sys [34816 2012-03-02] (LG Electronics Inc.) R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation) R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation) S3 zghsdiag; C:\Windows\system32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated) [Brak podpisu cyfrowego] S3 zghsser; C:\Windows\system32\DRIVERS\zghsser.sys [134976 2013-09-11] (ZTE Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-22 18:19 - 2017-01-22 18:19 - 00014826 _____ C:\Users\KubaDamaszk\Desktop\AdwCleaner[S0].txt 2017-01-22 18:05 - 2017-01-22 18:13 - 00000000 ____D C:\AdwCleaner 2017-01-22 18:05 - 2017-01-22 18:05 - 03988944 _____ C:\Users\KubaDamaszk\Downloads\AdwCleaner.exe 2017-01-22 17:43 - 2017-01-22 17:44 - 00002017 _____ C:\Users\KubaDamaszk\Desktop\Chromium.lnk 2017-01-21 04:41 - 2017-01-21 04:42 - 00281568 _____ C:\Windows\Minidump\012117-38906-01.dmp 2017-01-21 04:26 - 2017-01-21 04:26 - 00281568 _____ C:\Windows\Minidump\012117-53906-01.dmp 2017-01-20 22:21 - 2017-01-21 00:37 - 00003962 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1484947229 2017-01-20 22:21 - 2017-01-21 00:37 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-01-20 22:21 - 2017-01-20 22:21 - 00001072 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2017-01-20 22:05 - 2017-01-21 01:11 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-01-20 22:05 - 2017-01-21 01:11 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-01-20 22:03 - 2017-01-20 22:03 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2017-01-20 21:21 - 2017-01-20 21:21 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\AVAST Software 2017-01-20 21:20 - 2017-01-20 21:20 - 00001951 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-01-20 21:20 - 2017-01-20 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2017-01-20 21:17 - 2017-01-21 00:24 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2017-01-20 21:16 - 2017-01-20 21:19 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-01-20 21:16 - 2017-01-20 21:18 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2017-01-20 21:16 - 2017-01-20 21:18 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2017-01-20 21:16 - 2017-01-20 21:13 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-01-20 21:16 - 2017-01-20 21:13 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-01-20 21:16 - 2017-01-20 21:13 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-01-20 21:16 - 2017-01-20 21:13 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-01-20 21:16 - 2017-01-20 21:13 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-01-20 21:15 - 2017-01-20 21:13 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-01-20 21:15 - 2017-01-20 21:12 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2017-01-20 21:15 - 2017-01-20 21:11 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-01-20 21:10 - 2017-01-20 21:10 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2017-01-20 10:45 - 2017-01-20 10:45 - 00000040 _____ C:\Program Files (x86)\settings.dat 2017-01-20 10:45 - 2017-01-20 10:45 - 00000000 ____D C:\Program Files (x86)\reports 2017-01-20 10:45 - 2017-01-20 10:45 - 00000000 _____ C:\Program Files (x86)\metadata 2017-01-20 10:04 - 2017-01-20 10:42 - 00000000 ____D C:\Program Files (x86)\MIO 2017-01-20 10:04 - 2017-01-20 10:04 - 00003586 _____ C:\Windows\System32\Tasks\Milimili 2017-01-20 01:58 - 2017-01-21 04:41 - 450220828 _____ C:\Windows\MEMORY.DMP 2017-01-20 01:58 - 2017-01-20 01:59 - 00991656 _____ C:\Windows\Minidump\012017-65171-01.dmp 2017-01-20 01:58 - 2017-01-20 01:58 - 00404576 _____ C:\Windows\system32\FNTCACHE.DAT 2017-01-20 00:29 - 2017-01-20 00:29 - 00002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-01-20 00:26 - 2017-01-20 00:26 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\gvuyqy 2017-01-19 22:35 - 2017-01-19 22:36 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\datasyst 2017-01-19 15:04 - 2017-01-19 15:04 - 00000000 ____D C:\Users\KubaDamaszk\AppData\LocalLow\Mozilla 2017-01-19 15:03 - 2017-01-19 15:03 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Local\Firefox 2017-01-19 15:01 - 2017-01-22 17:25 - 00001736 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-01-19 15:01 - 2017-01-21 00:36 - 00002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-19 15:01 - 2017-01-19 15:01 - 00000000 ____D C:\Windows\system32\log 2017-01-19 15:01 - 2017-01-19 15:01 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\Firefox 2017-01-19 15:01 - 2017-01-19 15:01 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Local\Fishhas 2017-01-19 14:58 - 2017-01-22 17:29 - 00000000 _____ C:\Users\Public\Documents\temp.dat 2017-01-19 14:58 - 2017-01-22 17:03 - 00000000 _____ C:\Users\Public\Documents\report.dat 2017-01-19 11:02 - 2017-01-22 17:56 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-499711634-606110142-1186871544-1001 2017-01-19 02:22 - 2017-01-22 12:46 - 00000000 ____D C:\Program Files\f09er35s 2017-01-18 14:22 - 2017-01-18 14:22 - 00003652 _____ C:\Windows\System32\Tasks\WinTOOL 2017-01-18 14:22 - 2017-01-18 14:22 - 00000000 ____D C:\ProgramData\wintools 2017-01-18 14:21 - 2017-01-22 08:55 - 00000000 ____D C:\Program Files (x86)\WinArcher 2017-01-18 14:20 - 2017-01-22 17:23 - 00000000 ____D C:\Program Files\grjsiaw4 2017-01-18 03:25 - 2017-01-18 03:25 - 00000949 _____ C:\Users\KubaDamaszk\Downloads\Obrazy — skrót.lnk 2017-01-18 03:17 - 2017-01-20 01:00 - 00000000 ____D C:\Program Files\Opera 2017-01-18 02:26 - 2017-01-18 02:26 - 00000000 ____D C:\Program Files\Common Files\VST2 2017-01-18 02:26 - 2017-01-18 02:26 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2017-01-18 02:20 - 2017-01-18 02:24 - 00000000 ____D C:\ProgramData\ProductData 2017-01-18 02:20 - 2017-01-18 02:20 - 00000000 ____D C:\ProgramData\Avira 2017-01-18 02:19 - 2017-01-18 02:21 - 00000000 ____D C:\Users\KubaDamaszk\AppData\LocalLow\IObit 2017-01-18 02:19 - 2017-01-18 02:19 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS 2017-01-18 02:19 - 2017-01-18 02:19 - 00000000 ____D C:\Windows\IObit 2017-01-18 02:19 - 2017-01-18 02:19 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\IObit 2017-01-18 02:18 - 2017-01-19 07:53 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\Lqergh 2017-01-18 02:18 - 2017-01-18 02:23 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Local\Duqchplercadom 2017-01-18 02:17 - 2017-01-18 02:18 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\win-svc 2017-01-18 02:13 - 2017-01-18 02:13 - 00002398 _____ C:\Windows\SysWOW64\findit.xml 2017-01-18 02:13 - 2017-01-18 02:13 - 00000000 ____D C:\ProgramData\Hotfreshs 2017-01-18 02:12 - 2017-01-21 04:27 - 00000000 ____D C:\ProgramData\Logic Handler 2017-01-18 01:58 - 2017-01-18 01:58 - 00000000 ____D C:\Users\KubaDamaszk\Downloads\Image-Line FL Studio Producer Edition 12.4 Build 29 Incl Keygen 2017-01-15 04:40 - 2017-01-15 04:40 - 00000847 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-12-28 20:57 - 2016-12-28 20:57 - 02324011 _____ C:\Users\KubaDamaszk\Downloads\Król Albanii feat. BOYS - Wolność.mp3 2016-12-28 20:49 - 2016-12-28 20:49 - 03426643 _____ C:\Users\KubaDamaszk\Downloads\Popek x Matheo ft. Matheo - Nie mów mu nic (www.NoweMP3.pl).mp3 2016-12-28 20:44 - 2016-12-28 20:44 - 04070683 _____ C:\Users\KubaDamaszk\Downloads\Popek X Matheo - Wynocha (love song) www.Nowosci-Mp3.pl.mp3 2016-12-28 20:43 - 2016-12-28 20:43 - 03686138 _____ C:\Users\KubaDamaszk\Downloads\Popek - Gdzie Jesteś Tato.mp3 2016-12-28 20:41 - 2016-12-28 20:41 - 03289494 _____ C:\Users\KubaDamaszk\Downloads\KOLEJNY SINGIEL POPEK EW TY KONTRA RESZTA SWIATA.mp3 2016-12-28 20:39 - 2016-12-28 20:39 - 03483277 _____ C:\Users\KubaDamaszk\Downloads\POPEK - ON & ONA [www.TylkoMp3.pl].mp3 2016-12-28 20:38 - 2016-12-28 20:38 - 13278909 _____ C:\Users\KubaDamaszk\Downloads\B.A.D. POP (POPEK & DANIEL) - BALLAD 4x4 www.emuza.net.mp3 2016-12-28 20:37 - 2016-12-28 20:37 - 09249931 _____ C:\Users\KubaDamaszk\Downloads\Popek & Denis - Przygody Abdula Baska Gdzie Jesteś [discopolonew.cba.pl].mp3 2016-12-28 20:34 - 2016-12-28 20:34 - 02399241 _____ C:\Users\KubaDamaszk\Downloads\POPEK & EW - Ja chce do Tajlandii (UNOFFICIAL VIDEO).mp3 2016-12-28 20:25 - 2016-12-28 20:25 - 00000000 ____D C:\Users\KubaDamaszk\Downloads\Klubowa Paczka Numer 215 www.eNutka.net 2016-12-28 20:22 - 2016-12-28 20:24 - 171537939 _____ C:\Users\KubaDamaszk\Downloads\Klubowa Paczka Numer 215 www.eNutka.net.rar 2016-12-28 20:21 - 2016-12-28 20:21 - 07473111 _____ C:\Users\KubaDamaszk\Downloads\Popek x Matheo - Wjezdzaja cyganie (prod. Matheo) Up for Miasto-muzyki.com.mp3 ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-22 18:20 - 2016-04-11 16:30 - 00000000 ____D C:\FRST 2017-01-22 18:04 - 2016-04-11 16:19 - 00000000 ____D C:\Users\KubaDamaszk\Documents\programy adware 2017-01-22 17:52 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2017-01-22 17:50 - 2016-09-16 23:37 - 00000000 ____D C:\Program Files (x86)\Steam 2017-01-22 17:41 - 2015-09-27 23:29 - 00000000 __RDO C:\Users\KubaDamaszk\SkyDrive 2017-01-22 17:34 - 2013-11-28 23:07 - 00005434 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-22 17:34 - 2013-08-28 15:28 - 30845714 _____ C:\Windows\system32\perfh015.dat 2017-01-22 17:34 - 2013-08-28 15:28 - 10047366 _____ C:\Windows\system32\perfc015.dat 2017-01-22 17:29 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-22 17:28 - 2014-02-19 19:42 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2017-01-22 17:25 - 2014-05-22 02:39 - 00001189 _____ C:\Users\KubaDamaszk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-01-22 17:25 - 2014-05-22 02:38 - 00000000 ____D C:\Users\KubaDamaszk 2017-01-21 04:41 - 2014-10-26 01:10 - 00000000 ____D C:\Windows\Minidump 2017-01-21 04:27 - 2016-06-25 23:28 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\Vuibzh 2017-01-21 01:53 - 2014-06-05 20:56 - 00000000 ____D C:\Users\KubaDamaszk\Desktop\Moje mixy 2017-01-21 01:27 - 2014-06-07 12:00 - 00000000 ____D C:\Program Files (x86)\Google 2017-01-20 22:10 - 2015-12-26 18:46 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-01-20 22:03 - 2014-06-17 17:14 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-20 21:27 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2017-01-20 20:52 - 2016-04-10 12:32 - 00000000 ____D C:\Program Files\AVAST Software 2017-01-20 01:00 - 2014-06-26 21:32 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\Opera Software 2017-01-20 01:00 - 2014-06-26 21:32 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Local\Opera Software 2017-01-20 00:56 - 2016-08-13 11:57 - 00000000 ____D C:\Program Files (x86)\Mr DJ 2017-01-20 00:54 - 2014-08-28 20:46 - 00000000 ____D C:\Program Files (x86)\DSPRobotics 2017-01-20 00:53 - 2014-05-23 17:15 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2017-01-20 00:53 - 2014-05-23 16:18 - 00000000 ____D C:\Program Files (x86)\Image-Line 2017-01-20 00:47 - 2014-06-19 15:44 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\uTorrent 2017-01-20 00:41 - 2016-06-27 01:16 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\ACEStream 2017-01-20 00:41 - 2014-05-23 17:15 - 00000000 ____D C:\Program Files (x86)\VstPlugins 2017-01-20 00:27 - 2014-09-18 12:57 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Local\Adobe 2017-01-19 15:01 - 2016-11-13 22:18 - 00001471 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-01-19 15:01 - 2015-09-28 09:28 - 00001483 _____ C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-01-19 10:57 - 2016-09-25 12:47 - 01164288 ___SH C:\Users\KubaDamaszk\Desktop\Thumbs.db 2017-01-18 23:55 - 2016-08-01 12:10 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\AIMP 2017-01-18 18:27 - 2016-09-25 19:26 - 00491008 ___SH C:\Users\KubaDamaszk\Downloads\Thumbs.db 2017-01-18 02:25 - 2014-08-07 22:13 - 00000000 ____D C:\Program Files (x86)\IObit 2017-01-18 02:23 - 2014-05-23 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line 2017-01-18 02:20 - 2016-10-13 11:53 - 00000000 ____D C:\Program Files (x86)\Phyxion.net 2017-01-18 02:20 - 2016-07-29 03:28 - 00000000 ____D C:\Temp 2017-01-18 02:20 - 2015-10-18 14:27 - 00000000 ____D C:\Program Files (x86)\Ideazon 2017-01-18 02:20 - 2015-08-07 20:58 - 00000000 ____D C:\Gry 2017-01-18 02:20 - 2014-10-02 12:42 - 00000000 ____D C:\Action! 2017-01-18 02:20 - 2014-08-27 21:01 - 00000000 ____D C:\ProgramData\AVG 2017-01-18 02:19 - 2014-08-07 22:13 - 00000000 ____D C:\ProgramData\IObit 2017-01-18 02:18 - 2014-05-22 02:39 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\Adobe 2017-01-18 01:57 - 2016-12-22 19:33 - 00000000 ____D C:\Users\KubaDamaszk\AppData\LocalLow\uTorrent 2017-01-15 18:04 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2017-01-15 05:05 - 2015-08-03 20:28 - 00000000 ____D C:\Program Files (x86)\Sony 2017-01-15 05:05 - 2014-02-19 19:40 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-15 04:42 - 2015-12-10 15:12 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Roaming\MPC-HC 2017-01-15 04:40 - 2014-06-07 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-01-15 04:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF 2017-01-14 09:09 - 2014-05-22 03:32 - 00000000 ____D C:\Users\KubaDamaszk\Desktop\Muzyka 2017-01-11 04:12 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-11 04:12 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-08 17:06 - 2016-10-13 12:39 - 00000000 ____D C:\ProgramData\CanonIJPLM 2017-01-07 17:37 - 2016-11-03 18:00 - 00000000 ____D C:\Users\KubaDamaszk\Desktop\ScreenShooter 2017-01-05 17:39 - 2016-11-23 11:51 - 00000078 _____ C:\Users\KubaDamaszk\AppData\default.pls 2017-01-01 02:08 - 2014-05-22 02:39 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Local\Packages 2016-12-28 19:16 - 2014-05-22 02:38 - 00000000 ___RD C:\Users\KubaDamaszk\Pictures ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-01-20 10:45 - 2017-01-20 10:45 - 0000000 _____ () C:\Program Files (x86)\metadata 2017-01-20 10:45 - 2017-01-20 10:45 - 0000040 _____ () C:\Program Files (x86)\settings.dat 2016-05-22 11:20 - 2016-05-22 11:20 - 0000040 _____ () C:\Users\KubaDamaszk\AppData\Roaming\cdr.ini 2015-10-28 20:59 - 2016-03-29 20:20 - 0003584 _____ () C:\Users\KubaDamaszk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-07-13 11:14 - 2015-07-13 11:14 - 0001018 _____ () C:\Users\KubaDamaszk\AppData\Local\recently-used.xbel 2014-07-07 18:40 - 2015-04-04 19:46 - 0007605 _____ () C:\Users\KubaDamaszk\AppData\Local\Resmon.ResmonCfg 2016-07-22 02:40 - 2016-07-22 02:40 - 0000169 _____ () C:\Users\KubaDamaszk\AppData\Local\uts.ini ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll [2014-07-02 09:49] - [2014-07-02 09:49] - 0494592 ____A (Microsoft Corporation) 26454B3F127ADE09FF4C1487C5BD601E C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-01-16 07:27 ==================== Koniec FRST.txt ============================