Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 21-09-2016 Uruchomiony przez wes (administrator) WES1 (22-09-2016 15:01:24) Uruchomiony z I:\portableapps\programy przenosne\frst Załadowane profile: wes & (Dostępne profile: wes) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\nis.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe (Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\nis.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Max Diesel) C:\Unreal Commander\Uncom.exe (Dominik Reichl) D:\inne\inne\inne\KeePass-1.29\KeePass.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6963272 2013-01-15] (Realtek Semiconductor) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-01-14] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation) HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2012-12-06] (Luis Cobian, CobianSoft) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation) HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {067da496-9751-11e4-b188-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {06d8ec24-9ccf-11e4-a115-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {0d296620-6693-11e4-a8c0-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {14296196-6f3a-11e4-86b1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {1e68dadd-d3ca-11e4-9a15-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {1f3e032b-fb15-11e4-b721-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {2288f794-74bd-11e4-991e-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {24a62e92-e512-11e4-a553-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {24d44e8a-73f6-11e4-9aee-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {263f7666-6adc-11e4-86fb-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {263f76c0-6adc-11e4-86fb-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {2af4918b-ecee-11e4-b373-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {2c70b422-cf0f-11e4-ba60-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {2cac8a1a-65d2-11e4-86a8-d43d7eb4ca7c} - G:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {2e1b1dca-df89-11e4-bc1b-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {359f9b94-a788-11e4-8271-d43d7eb4ca7c} - J:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {375fdc89-826e-11e4-b19f-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {3bf5e19a-8474-11e4-8696-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {412063b9-02aa-11e5-a772-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {4a78dead-ce53-11e4-9cfb-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {61dc9618-6e76-11e4-a8f1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {6601f109-70cc-11e4-a8fc-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {66a4fd31-d49d-11e4-a3c1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {6f4af93c-dec7-11e4-9e6e-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {73961bed-619b-11e4-ba2d-d43d7eb4ca7c} - G:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {7dfbc409-6a7f-11e4-b2b1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {7fc775d1-d306-11e4-805d-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {83b543aa-d882-11e4-9ad1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {84f4ec3f-ddff-11e4-9c9f-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {8b662313-7bd3-11e4-8b5e-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {9c253e15-6374-11e4-9dc4-d43d7eb4ca7c} - G:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {9c74c425-f401-11e4-ac93-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {9eee6470-6442-11e4-b190-d43d7eb4ca7c} - G:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {9fe6ba1b-cd85-11e4-b37d-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {a0041c1f-e76e-11e4-9925-d43d7eb4ca7c} - H:\setup.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {a26ba2d0-c99c-11e4-b7e1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {a5ddab9f-6504-11e4-8d04-d43d7eb4ca7c} - G:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {a82b7677-9d97-11e4-a8f1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {a98cd6ab-e042-11e4-9c37-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {b3b23e49-ef37-11e4-9be0-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {b70030eb-68e5-11e4-bc37-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {b8a43b8b-e900-11e4-8f0e-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {bde983df-e837-11e4-b372-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {c0c02626-ee80-11e4-a8ab-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {c9046de9-853c-11e4-8696-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {caab7715-7c9a-11e4-b8fd-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {dbd6731c-e448-11e4-97b4-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {e57bbb9a-700b-11e4-a719-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {ed0f6ff4-edb6-11e4-9c35-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {f4a78c1f-d1ee-11e4-8681-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {f85ba7ae-e381-11e4-a6c5-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {f8af1d17-9685-11e4-b1d7-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {fbe1d883-80dc-11e4-a7ab-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {fbf28e27-dcf6-11e4-9e19-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {ff24cc9d-981e-11e4-9af6-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000\...\MountPoints2: {ffb40588-7ef6-11e4-b1c2-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {067da496-9751-11e4-b188-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {06d8ec24-9ccf-11e4-a115-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0d296620-6693-11e4-a8c0-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {14296196-6f3a-11e4-86b1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1e68dadd-d3ca-11e4-9a15-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1f3e032b-fb15-11e4-b721-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2288f794-74bd-11e4-991e-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {24a62e92-e512-11e4-a553-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {24d44e8a-73f6-11e4-9aee-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {263f7666-6adc-11e4-86fb-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {263f76c0-6adc-11e4-86fb-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2af4918b-ecee-11e4-b373-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2c70b422-cf0f-11e4-ba60-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2cac8a1a-65d2-11e4-86a8-d43d7eb4ca7c} - G:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2e1b1dca-df89-11e4-bc1b-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {359f9b94-a788-11e4-8271-d43d7eb4ca7c} - J:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {375fdc89-826e-11e4-b19f-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3bf5e19a-8474-11e4-8696-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {412063b9-02aa-11e5-a772-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4a78dead-ce53-11e4-9cfb-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {61dc9618-6e76-11e4-a8f1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6601f109-70cc-11e4-a8fc-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {66a4fd31-d49d-11e4-a3c1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f4af93c-dec7-11e4-9e6e-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {73961bed-619b-11e4-ba2d-d43d7eb4ca7c} - G:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7dfbc409-6a7f-11e4-b2b1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7fc775d1-d306-11e4-805d-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {83b543aa-d882-11e4-9ad1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {84f4ec3f-ddff-11e4-9c9f-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8b662313-7bd3-11e4-8b5e-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9c253e15-6374-11e4-9dc4-d43d7eb4ca7c} - G:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9c74c425-f401-11e4-ac93-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9eee6470-6442-11e4-b190-d43d7eb4ca7c} - G:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9fe6ba1b-cd85-11e4-b37d-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a0041c1f-e76e-11e4-9925-d43d7eb4ca7c} - H:\setup.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a26ba2d0-c99c-11e4-b7e1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a5ddab9f-6504-11e4-8d04-d43d7eb4ca7c} - G:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a82b7677-9d97-11e4-a8f1-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a98cd6ab-e042-11e4-9c37-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b3b23e49-ef37-11e4-9be0-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b70030eb-68e5-11e4-bc37-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b8a43b8b-e900-11e4-8f0e-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bde983df-e837-11e4-b372-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c0c02626-ee80-11e4-a8ab-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c9046de9-853c-11e4-8696-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {caab7715-7c9a-11e4-b8fd-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {dbd6731c-e448-11e4-97b4-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e57bbb9a-700b-11e4-a719-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ed0f6ff4-edb6-11e4-9c35-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f4a78c1f-d1ee-11e4-8681-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f85ba7ae-e381-11e4-a6c5-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f8af1d17-9685-11e4-b1d7-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fbe1d883-80dc-11e4-a7ab-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fbf28e27-dcf6-11e4-9e19-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ff24cc9d-981e-11e4-9af6-d43d7eb4ca7c} - H:\autorun.exe HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ffb40588-7ef6-11e4-b1c2-d43d7eb4ca7c} - H:\autorun.exe ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6FDF1764-895D-4722-A5E7-191BD42C40E7}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{87464969-861F-4225-9482-E0EDB9C09A28}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{87464969-861F-4225-9482-E0EDB9C09A28}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default FF Homepage: hxxp://metalgearsolid.pl/ FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1670374395-1609964414-893824037-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Brak pliku] FF Plugin HKU\S-1-5-21-1670374395-1609964414-893824037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Brak pliku] FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\searchplugins\filestube.xml [2014-03-07] FF Extension: (Flashblock) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-03] FF Extension: (WOT) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-02-11] FF Extension: (Disconnect) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\extensions\2.0@disconnect.me.xpi [2016-05-09] FF Extension: (NoScript) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-13] FF Extension: (HTTPS Everywhere) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\extensions\https-everywhere@eff.org.xpi [2016-09-22] FF Extension: (Click to Play per-element) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\Extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2016-02-11] FF Extension: (Ghostery) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\Extensions\firefox@ghostery.com.xpi [2016-09-22] FF Extension: (Self-Destructing Cookies) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-04-10] FF Extension: (Flash Block Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\Extensions\jid1-n8wH2cBfc2QaUj@jetpack.xpi [2016-07-15] FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\Extensions\uBlock0@raymondhill.net.xpi [2016-09-22] FF Extension: (FEBE) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-03-27] FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF Extension: (DownThemAll!) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6n7p474z.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-22] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2016-09-22] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon Chrome: ======= CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-09-22] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-09-22] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian) [Brak podpisu cyfrowego] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\NIS.exe [289080 2016-08-16] (Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AE3000; C:\Windows\System32\DRIVERS\AE3000w764.sys [1717824 2012-03-02] (Ralink Technology Corp.) S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [268896 2015-06-03] (SysProgs.org) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160914.002\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1607010.020\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160920.005\IDSvia64.sys [1012440 2016-09-21] (Symantec Corporation) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-08-16] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-08-16] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-16] () R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-22] (Malwarebytes) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1607010.020\SRTSP64.SYS [773360 2016-08-10] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1607010.020\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-22] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1607010.020\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1607010.020\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-22] () S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-11-10] (Oracle Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2016-09-22] () S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\SDSDefs\20160624.021\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\SDSDefs\20160624.021\EX64.SYS [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-22 14:56 - 2016-09-22 14:56 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2016-09-22 14:01 - 2016-09-22 14:03 - 00000000 ____D C:\gmer 2016-09-22 13:59 - 2016-09-22 15:01 - 00000000 ____D C:\FRST 2016-09-22 11:26 - 2016-09-22 11:26 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-09-22 10:32 - 2016-09-22 10:32 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2016-09-22 10:27 - 2016-09-22 10:27 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2016-09-22 09:57 - 2016-09-22 10:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-09-22 09:55 - 2016-09-22 09:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-22 14:58 - 2016-06-19 16:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-22 14:56 - 2013-08-01 19:40 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys 2016-09-22 14:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-22 14:35 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-22 14:35 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-22 10:50 - 2015-12-16 16:46 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2016-09-22 10:27 - 2015-07-08 10:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2016-09-22 10:27 - 2014-02-08 13:33 - 00002413 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk 2016-09-22 10:27 - 2014-02-08 13:33 - 00000000 ____D C:\Windows\system32\Drivers\NISx64 2016-09-22 10:26 - 2014-02-08 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-22 10:17 - 2011-04-12 15:21 - 00740422 _____ C:\Windows\system32\perfh015.dat 2016-09-22 10:17 - 2011-04-12 15:21 - 00155996 _____ C:\Windows\system32\perfc015.dat 2016-09-22 10:17 - 2009-07-14 07:13 - 01670518 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-22 10:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-09-22 10:14 - 2014-06-17 12:02 - 00000000 ____D C:\Program Files (x86)\Steam 2016-09-22 09:57 - 2016-06-27 13:33 - 00000000 ____D C:\Users\user\AppData\Local\Ubisoft Game Launcher 2016-09-22 09:57 - 2013-08-01 19:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-02-27 13:09 - 2015-10-03 11:22 - 0010752 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-12-31 00:21 - 2015-12-31 00:21 - 0000218 _____ () C:\Users\user\AppData\Local\recently-used.xbel 2014-02-10 21:49 - 2016-04-03 06:32 - 0007639 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg Niektóre pliki w TEMP: ==================== C:\Users\user\AppData\Local\Temp\dllnt_dump.dll C:\Users\user\AppData\Local\Temp\proxy_vole5836771686417630214.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-08-13 15:19 ==================== Koniec FRST.txt ============================