Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 01-05-2017 Uruchomiony przez mr nobody (administrator) MRNOBODY (02-05-2017 15:20:02) Uruchomiony z C:\Users\mr nobody\Desktop Załadowane profile: mr nobody (Dostępne profile: mr nobody) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe () C:\ProgramData\MobileBrServ\mbbService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (Opera Software) C:\Program Files\Opera\44.0.2510.1449\opera.exe (Opera Software) C:\Program Files\Opera\44.0.2510.1449\opera.exe (Opera Software) C:\Program Files\Opera\44.0.2510.1449\opera.exe (Opera Software) C:\Program Files\Opera\44.0.2510.1449\opera.exe (Opera Software) C:\Program Files\Opera\44.0.2510.1449\opera.exe (Opera Software) C:\Program Files\Opera\44.0.2510.1449\opera.exe (Opera Software) C:\Program Files\Opera\44.0.2510.1449\opera.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Opera Software) C:\Program Files\Opera\44.0.2510.1449\opera.exe (Opera Software) C:\Program Files\Opera\44.0.2510.1449\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-03-24] (Intel Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Tv-Plug-In] => "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui HKU\S-1-5-21-3353418528-3540362297-2981854600-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation) HKU\S-1-5-21-3353418528-3540362297-2981854600-1000\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.) HKU\S-1-5-21-3353418528-3540362297-2981854600-1000\...\Run: [Napisy24Update] => "C:\Program Files (x86)\Napisy24\Napisy24Update.exe" "sleep" HKU\S-1-5-21-3353418528-3540362297-2981854600-1000\...\MountPoints2: {46c58959-26a6-11e6-a9cd-d8cb8a7d3e3d} - D:\setup.exe HKU\S-1-5-21-3353418528-3540362297-2981854600-1000\...\MountPoints2: {4dbe41e6-b938-11e6-b6b9-d8cb8a7d3e3d} - D:\AutoRun.exe HKU\S-1-5-21-3353418528-3540362297-2981854600-1000\...\MountPoints2: {da83775f-7125-11e6-858d-d8cb8a7d3e3d} - D:\Setup.exe IFEO\taskmgr.exe: [Debugger] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-04-07] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-11-04] ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{4ED964A2-7FD8-4DC4-9B41-FB97BF4F2A74}: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{59A1394D-A16C-4A51-AA4A-0CFAC9D23C30}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKU\S-1-5-21-3353418528-3540362297-2981854600-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190 HKU\S-1-5-21-3353418528-3540362297-2981854600-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab) BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab) Toolbar: HKU\S-1-5-21-3353418528-3540362297-2981854600-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-03-29] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-01] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-01] (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib Opera: ======= OPR Extension: (AdBlock) - C:\Users\mr nobody\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-04-24] StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 3DM; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 3DM; C:\windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-11-16] () S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Brak podpisu cyfrowego] R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] () R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [454872 2016-01-28] (Rivet Networks) S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] () R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-01] (NVIDIA Corporation) R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-24] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-24] (Electronic Arts) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [147528 2016-01-24] (Rivet Networks, LLC.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-30] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-30] (Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] () R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [125488 2015-03-18] (Qualcomm Atheros, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195296 2017-04-19] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [313120 2017-03-29] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1035480 2017-04-19] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2017-03-29] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-29] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-04-19] (AO Kaspersky Lab) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-05-02] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-02] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-02] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-02] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-05-02] (Malwarebytes) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-05-30] (Duplex Secure Ltd.) R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [41816 2016-11-03] (SteelSeries ApS) R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [52960 2016-10-05] (SteelSeries ApS) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-02 15:20 - 2017-05-02 15:20 - 00016799 _____ C:\Users\mr nobody\Desktop\FRST.txt 2017-05-02 15:17 - 2017-05-02 15:17 - 00380928 _____ C:\Users\mr nobody\Desktop\d35rgsuh.exe 2017-05-02 15:16 - 2017-05-02 15:20 - 00000000 ____D C:\FRST 2017-05-02 15:16 - 2017-05-02 15:16 - 02428416 _____ (Farbar) C:\Users\mr nobody\Desktop\FRST64.exe 2017-05-02 15:13 - 2017-05-02 15:13 - 00051042 _____ C:\Users\mr nobody\Downloads\FRST.txt 2017-05-02 14:22 - 2017-05-02 14:22 - 00003874 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1493727755 2017-05-02 14:22 - 2017-05-02 14:22 - 00001097 _____ C:\Users\Public\Desktop\Opera.lnk 2017-05-02 14:22 - 2017-05-02 14:22 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2017-05-02 10:53 - 2017-05-02 10:53 - 00000045 ___HT C:\Windows\SysWOW64\81f196743c3d2c31672283a392c3b3a2230698273d20641f203b3c3a67b5671a11c1dd61e743c3d2c31 2017-05-02 10:35 - 2017-05-02 10:55 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-05-02 10:35 - 2017-05-02 10:35 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-05-02 10:34 - 2017-05-02 14:28 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-05-02 10:34 - 2017-05-02 10:55 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-05-02 10:34 - 2017-05-02 10:55 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-05-02 10:34 - 2017-05-02 10:34 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-05-02 10:34 - 2017-05-02 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-05-02 10:34 - 2017-05-02 10:34 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-05-02 10:34 - 2017-05-02 10:34 - 00000000 ____D C:\Program Files\Malwarebytes 2017-05-02 10:34 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-05-02 10:29 - 2017-05-02 10:33 - 00000000 ____D C:\ProgramData\TEMP 2017-05-02 10:29 - 2017-05-02 10:32 - 00000000 ____D C:\Users\mr nobody\scan_results 2017-05-02 10:29 - 2017-05-02 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ UNDELETE Freeware 2017-05-02 10:29 - 2017-05-02 10:29 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies 2017-05-02 09:59 - 2017-05-02 10:53 - 00000023 _____ C:\Users\Public\Documents\temp.dat 2017-05-02 09:42 - 2017-05-02 10:33 - 00000000 ____D C:\Users\mr nobody\Desktop\Nowy folder (2) 2017-04-29 09:12 - 2017-04-29 09:12 - 81907624 _____ C:\Users\mr nobody\Desktop\SteelSeriesEngine3.10.1Setup.exe 2017-04-28 22:53 - 2017-04-28 22:53 - 00000000 ____D C:\Users\mr nobody\Desktop\Nowy folder 2017-04-28 13:09 - 2017-04-28 13:09 - 00219922 _____ C:\Windows\ntbtlog.txt 2017-04-28 13:04 - 2017-04-28 13:04 - 00000000 ____D C:\Windows\pss 2017-04-28 12:22 - 2017-04-28 12:22 - 00872683 _____ C:\Users\mr nobody\Downloads\PIT-11 (23)_ Service Optimation Spolka z ograniczona odpowiedzialnoscia 5252633664 (Mossakowski Albert 92061807850) [2017-04-24].pdf 2017-04-28 11:09 - 2017-04-28 11:09 - 00013877 _____ C:\Users\mr nobody\Desktop\podanie 2.odt 2017-04-28 11:06 - 2017-04-28 11:06 - 00230300 _____ C:\Users\mr nobody\Downloads\D20121022.pdf 2017-04-28 11:05 - 2017-04-28 11:05 - 00166618 _____ C:\Users\mr nobody\Downloads\D20161513.pdf 2017-04-28 10:41 - 2017-04-28 10:41 - 00007334 _____ C:\Users\mr nobody\Desktop\Nowy OpenDocument Dokument tekstowy.odt 2017-04-26 11:09 - 2017-04-26 11:09 - 00019703 _____ C:\Users\mr nobody\Downloads\www.paa.gov.pl_Dane_kontaktowe.pdf 2017-04-25 19:51 - 2017-04-28 09:56 - 00000000 ____D C:\Users\mr nobody\AppData\LocalLow\Mozilla 2017-04-25 19:51 - 2017-04-25 19:51 - 00000000 ____D C:\Users\mr nobody\AppData\Roaming\Mozilla 2017-04-24 11:55 - 2017-04-24 11:55 - 00016916 _____ C:\Users\mr nobody\Desktop\Duże AGD (2).ods 2017-04-24 11:49 - 2017-04-24 11:49 - 00026412 _____ C:\Users\mr nobody\Downloads\Duże AGD (2).xlsx 2017-04-24 11:49 - 2017-04-24 11:49 - 00026412 _____ C:\Users\mr nobody\Desktop\Duże AGD (2).xlsx 2017-04-23 22:15 - 2017-04-23 22:32 - 1525050363 _____ C:\Users\mr nobody\Downloads\X-Men.Apocalypse.2016.PL.720p.BluRay.x264.AC3-KiT.mkv 2017-04-23 20:36 - 2017-04-23 20:40 - 00000000 ____D C:\Program Files (x86)\Google 2017-04-23 20:36 - 2017-04-23 20:36 - 00000000 ____D C:\Users\mr nobody\AppData\Local\Google 2017-04-21 23:04 - 2017-04-21 23:04 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-04-21 23:04 - 2017-04-21 23:04 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-04-21 23:04 - 2017-04-21 23:04 - 00004582 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-04-21 23:04 - 2017-04-21 23:04 - 00000000 ____D C:\Windows\system32\Macromed 2017-04-21 22:36 - 2017-05-02 14:22 - 00000000 ____D C:\Program Files\Opera 2017-04-21 22:36 - 2017-04-21 22:36 - 01186072 _____ (Opera Software) C:\Users\mr nobody\Downloads\OperaSetup.exe 2017-04-21 22:36 - 2017-04-21 22:36 - 00000000 ____D C:\Users\mr nobody\AppData\Roaming\Opera Software 2017-04-21 22:36 - 2017-04-21 22:36 - 00000000 ____D C:\Users\mr nobody\AppData\Local\Opera Software 2017-04-21 22:28 - 2017-04-21 22:28 - 04089296 _____ C:\Users\mr nobody\Downloads\adwcleaner_6.045.exe 2017-04-21 22:03 - 2017-04-21 22:03 - 03762680 _____ (Google) C:\Users\mr nobody\Downloads\chrome_cleanup_tool.exe 2017-04-21 22:00 - 2017-04-21 22:00 - 00000000 ____D C:\Users\mr nobody\AppData\Local\Deployment 2017-04-21 22:00 - 2017-04-21 22:00 - 00000000 ____D C:\Users\mr nobody\AppData\Local\Apps\2.0 2017-04-21 21:47 - 2017-04-21 21:47 - 01128792 _____ (Google Inc.) C:\Users\mr nobody\Downloads\Niepotwierdzony 608102.crdownload 2017-04-20 11:34 - 2017-04-20 11:34 - 00437083 _____ C:\Users\mr nobody\Desktop\27088141511194410339.mp4 2017-04-20 11:33 - 2017-04-20 11:33 - 06175197 _____ C:\Users\mr nobody\Desktop\75135656492784620682.mp4 2017-04-19 20:02 - 2017-04-19 20:02 - 00000000 ____D C:\Users\mr nobody\AppData\Roaming\Twitch Setup 2017-04-19 20:01 - 2017-04-19 20:01 - 115979360 _____ (Twitch Interactive, Inc.) C:\Users\mr nobody\Downloads\TwitchSetup.exe 2017-04-19 16:09 - 2017-04-19 16:09 - 00262144 _____ C:\Windows\system32\config\elam 2017-04-19 16:06 - 2017-04-19 16:06 - 00001342 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk 2017-04-19 16:06 - 2017-04-19 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection 2017-04-19 16:05 - 2017-04-19 16:05 - 00002051 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk 2017-04-19 16:05 - 2017-04-19 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2017-04-19 16:04 - 2017-05-02 14:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-04-19 16:04 - 2017-04-19 16:47 - 01035480 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2017-04-19 16:04 - 2017-04-19 16:47 - 00195296 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2017-04-19 16:04 - 2017-04-19 16:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2017-04-19 16:04 - 2017-04-19 16:04 - 00000000 ____D C:\Windows\ELAMBKUP 2017-04-19 16:04 - 2017-03-29 04:05 - 00313120 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2017-04-19 16:04 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2017-04-19 14:57 - 2017-05-02 09:55 - 00000854 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-04-19 14:57 - 2017-04-19 18:17 - 00000000 ____D C:\Users\mr nobody\AppData\Local\3DM 2017-04-19 14:57 - 2017-04-19 15:03 - 00000000 ____D C:\Windows\46B04D534E344388B6EE80FAB66AEF9B.TMP 2017-04-19 14:30 - 2017-04-19 14:30 - 00000000 _____ C:\autoexec.bat 2017-04-19 14:20 - 2017-04-19 14:22 - 00000000 _____ C:\Windows\SysWOW64\2 2017-04-19 09:37 - 2017-04-19 09:37 - 00017259 _____ C:\Users\mr nobody\Downloads\Duże AGD (1) (1).ods 2017-04-18 13:59 - 2017-04-18 13:59 - 00000000 ____D C:\Users\mr nobody\AppData\Local\SNARE 2017-04-18 13:59 - 2017-04-18 13:59 - 00000000 ____D C:\ProgramData\Software 2017-04-18 11:37 - 2017-04-18 11:37 - 00009507 _____ C:\Users\mr nobody\Downloads\Albert Mossakowski (2).pdf 2017-04-14 23:35 - 2017-04-14 23:35 - 00000000 ____D C:\Users\mr nobody\AppData\Roaming\Twitch 2017-04-14 23:35 - 2017-04-14 23:35 - 00000000 ____D C:\ProgramData\Twitch 2017-04-13 19:38 - 2017-04-13 19:38 - 00000000 ____D C:\ProgramData\X360CE 2017-04-12 23:57 - 2017-04-12 23:57 - 104857600 _____ C:\Users\mr nobody\Downloads\100mb.gts 2017-04-11 09:13 - 2017-04-11 09:13 - 00827112 _____ C:\Users\mr nobody\Downloads\468849_intl_x64_zip (1).exe 2017-04-11 09:13 - 2017-04-11 09:13 - 00000000 ____D C:\585f78366cf9e778b5 2017-04-11 09:12 - 2017-04-11 09:12 - 00007620 _____ C:\Users\mr nobody\AppData\Local\Resmon.ResmonCfg 2017-04-11 09:11 - 2017-04-11 09:11 - 00827112 _____ C:\Users\mr nobody\Downloads\468849_intl_x64_zip.exe 2017-04-10 10:21 - 2017-04-10 10:22 - 00016876 _____ C:\Users\mr nobody\Downloads\Duże AGD (1).ods 2017-04-07 11:43 - 2017-04-07 11:43 - 00028376 _____ C:\Users\mr nobody\Downloads\Umowa_o_dzielo_Albert Mossakowski.pdf 2017-04-03 09:09 - 2017-04-03 09:09 - 00026412 _____ C:\Users\mr nobody\Downloads\Duże AGD (1).xlsx ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-02 14:55 - 2009-07-14 06:45 - 00020368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-05-02 14:55 - 2009-07-14 06:45 - 00020368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-05-02 11:21 - 2017-02-27 19:57 - 00000000 ____D C:\Users\mr nobody\AppData\Roaming\vlc 2017-05-02 11:04 - 2016-04-07 13:55 - 00000000 ____D C:\Program Files (x86)\Steam 2017-05-02 10:54 - 2016-04-07 23:05 - 00000000 ____D C:\ProgramData\NVIDIA 2017-05-02 10:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-05-02 10:32 - 2009-07-14 19:55 - 00740000 _____ C:\Windows\system32\perfh015.dat 2017-05-02 10:32 - 2009-07-14 19:55 - 00155574 _____ C:\Windows\system32\perfc015.dat 2017-05-02 10:32 - 2009-07-14 07:13 - 01668786 _____ C:\Windows\system32\PerfStringBackup.INI 2017-05-02 10:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2017-05-02 10:29 - 2016-04-07 13:14 - 00000000 ____D C:\Users\mr nobody 2017-05-02 10:21 - 2016-04-07 23:11 - 00000000 ____D C:\Users\mr nobody\AppData\Local\CrashDumps 2017-05-02 09:55 - 2016-10-19 21:20 - 00000000 ____D C:\AdwCleaner 2017-05-02 09:55 - 2016-08-10 16:59 - 00001036 _____ C:\Users\mr nobody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk 2017-05-02 09:55 - 2016-04-07 13:15 - 00001005 _____ C:\Users\mr nobody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2017-05-02 09:55 - 2016-04-07 13:14 - 00001152 _____ C:\Users\mr nobody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-04-29 09:15 - 2016-10-19 12:47 - 00000000 ____D C:\Users\mr nobody\AppData\Roaming\steelseries-engine-3-client 2017-04-21 23:04 - 2016-04-20 00:21 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-04-21 23:04 - 2016-04-20 00:18 - 00000000 ____D C:\Users\mr nobody\AppData\Local\Adobe 2017-04-19 16:47 - 2016-06-14 17:47 - 00199392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys 2017-04-19 16:12 - 2017-03-16 01:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-04-19 16:06 - 2016-04-07 13:47 - 00000000 ____D C:\Program Files\Common Files\AV 2017-04-19 16:05 - 2016-10-02 22:44 - 00000000 ____D C:\Users\admin 2017-04-19 15:48 - 2016-05-14 13:22 - 00000000 ____D C:\Program Files (x86)\AVG 2017-04-19 15:47 - 2016-05-14 13:21 - 00000000 ____D C:\Users\mr nobody\AppData\Local\AvgSetupLog 2017-04-19 15:47 - 2016-04-07 13:45 - 00000000 ____D C:\ProgramData\Avg 2017-04-19 15:45 - 2016-05-14 13:22 - 00000000 ____D C:\ProgramData\MFAData 2017-04-19 15:39 - 2016-04-07 13:44 - 00000000 ____D C:\Users\mr nobody\AppData\Local\Avg 2017-04-19 14:42 - 2016-09-14 13:17 - 00000000 ___HD C:\Program Files (x86)\Temp 2017-04-16 21:51 - 2016-12-15 14:34 - 00000000 ____D C:\Users\mr nobody\Desktop\ogolnie 2017-04-15 02:18 - 2016-06-03 14:38 - 00000000 ____D C:\Users\mr nobody\AppData\Roaming\Curse Client 2017-04-12 21:38 - 2016-05-12 22:05 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-04-12 21:37 - 2016-05-12 22:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-04-11 09:12 - 2016-04-07 13:14 - 00000000 ____D C:\Users\mr nobody\AppData\Local\VirtualStore 2017-04-11 09:02 - 2016-09-29 15:38 - 00000000 ____D C:\Games 2017-04-02 00:45 - 2016-04-09 23:18 - 00000000 ____D C:\Users\mr nobody\AppData\Roaming\TS3Client ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-04-07 13:25 - 2016-04-07 13:34 - 0000000 _____ () C:\Users\mr nobody\AppData\Local\Driver_LOM_8161Present.flag 2017-04-11 09:12 - 2017-04-11 09:12 - 0007620 _____ () C:\Users\mr nobody\AppData\Local\Resmon.ResmonCfg Niektóre pliki w TEMP: ==================== 2016-12-08 22:55 - 2016-12-08 22:55 - 0079736 _____ (AppWork GmbH) C:\Users\mr nobody\AppData\Local\Temp\131257041454661300.exe 2016-12-08 22:56 - 2016-12-08 22:56 - 0079736 _____ (AppWork GmbH) C:\Users\mr nobody\AppData\Local\Temp\131257041900236786.exe 2016-12-08 22:57 - 2016-12-08 22:57 - 0079736 _____ (AppWork GmbH) C:\Users\mr nobody\AppData\Local\Temp\131257042208194400.exe 2016-12-08 22:59 - 2016-12-08 22:59 - 0079736 _____ (AppWork GmbH) C:\Users\mr nobody\AppData\Local\Temp\131257043854658572.exe 2016-12-08 23:22 - 2017-03-16 01:06 - 33233128 _____ (ALLPlayer ) C:\Users\mr nobody\AppData\Local\Temp\ALLPlayerPL.exe 2016-04-18 20:31 - 2016-04-18 20:31 - 2152872 _____ (ALLPlayer ) C:\Users\mr nobody\AppData\Local\Temp\ALLRemote.exe 2016-07-27 15:26 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\mr nobody\AppData\Local\Temp\avguirn_08101008040.exe 2016-05-31 14:10 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\mr nobody\AppData\Local\Temp\avguirn_081364677183.exe 2016-06-23 19:39 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\mr nobody\AppData\Local\Temp\avguirn_081452168415.exe 2016-05-15 14:34 - 2016-02-18 12:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\mr nobody\AppData\Local\Temp\avguirn_08435000022.exe 2016-08-23 10:39 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\mr nobody\AppData\Local\Temp\avguirn_08440466013.exe 2013-08-06 08:59 - 2013-08-06 08:59 - 0047720 _____ () C:\Users\mr nobody\AppData\Local\Temp\AxSFADownloader.exe 2016-04-26 20:09 - 2016-06-01 10:11 - 0036864 _____ () C:\Users\mr nobody\AppData\Local\Temp\CmdLineExt02.dll 2016-04-19 15:21 - 2016-04-19 15:21 - 3757491 _____ (Napisy24.pl ) C:\Users\mr nobody\AppData\Local\Temp\Napisy24.exe 2016-04-07 23:04 - 2016-11-11 00:23 - 0747648 _____ (NVIDIA Corporation) C:\Users\mr nobody\AppData\Local\Temp\nvSCPAPI.dll 2016-05-30 23:14 - 2016-11-17 02:46 - 0351680 _____ (NVIDIA Corporation) C:\Users\mr nobody\AppData\Local\Temp\nvStInst.exe 2016-12-09 22:37 - 2016-12-09 22:37 - 0040448 ____N () C:\Users\mr nobody\AppData\Local\Temp\proxy_vole446775079581899904.dll 2016-04-26 20:09 - 2016-06-01 10:11 - 0012067 ____T () C:\Users\mr nobody\AppData\Local\Temp\SIntf16.dll 2016-04-26 20:09 - 2016-06-01 10:11 - 0019924 ____T () C:\Users\mr nobody\AppData\Local\Temp\SIntf32.dll 2016-04-26 20:09 - 2016-06-01 10:11 - 0024516 ____T () C:\Users\mr nobody\AppData\Local\Temp\SIntfNT.dll 2016-09-27 20:32 - 2016-09-27 20:32 - 0035813 _____ () C:\Users\mr nobody\AppData\Local\Temp\t.dll 2016-02-22 22:28 - 2016-02-22 22:28 - 7194312 _____ (Microsoft Corporation) C:\Users\mr nobody\AppData\Local\Temp\vcredist_x64.exe 2016-02-22 22:28 - 2016-02-22 22:28 - 6503984 _____ (Microsoft Corporation) C:\Users\mr nobody\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-08-30 14:25 ==================== Koniec FRST.txt ============================