Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 24-05-2017 Uruchomiony przez admin (administrator) DESKTOP-04BH4US (24-05-2017 21:07:25) Uruchomiony z C:\Users\admin\Downloads Załadowane profile: admin (Dostępne profile: admin) Platform: Windows 10 Home Wersja 1607 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () D:\Program Files (x86)\Gameplay Time Tracker\GameplayTimeTracker.exe (OGM5890F) C:\Program Files\HITZNUA10T\HITZNUA10.exe (OGM5890F) C:\Program Files (x86)\eyaphvt55iq\C8S7X.exe (OGM5890F) C:\Program Files\P8XC967TUM\2X4RH5DTT.exe (OGM5890F) C:\Program Files\790CVSULAP\1NIKNWK44.exe (OGM5890F) C:\Program Files\CZN4XFWKJC\CZN4XFWKJ.exe (mik61) D:\Program Files (x86)\Gameplay Time Tracker\Support64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3942568 2000-01-01] (Synaptics Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] () HKLM\...\RunOnce: [OMEWPRODUCT_UZB92] => C:\Program Files (x86)\eyaphvt55iq\DOYPNQ3TAXZUD99.exe [337408 2017-05-24] (OGM5890F) <===== UWAGA HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [GameplayTimeTracker] => D:\Program Files (x86)\Gameplay Time Tracker\GameplayTimeTracker.exe [855552 2016-09-07] () HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [V12Y27HY6STKBW0] => C:\Program Files\HITZNUA10T\HITZNUA10.exe [1315328 2017-05-24] (OGM5890F) HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [5p4YmO_d3s.exe] => C:\Program Files\Reference Assemblies\70EVTG2ZPNWVVL6SPOIMH\5p4YmO_d3s.exe [156672 2017-05-24] () HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [THT8PA9OI31NURL] => C:\Program Files (x86)\eyaphvt55iq\C8S7X.exe [1315328 2017-05-24] (OGM5890F) HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [isMiner V 1.9] => "C:\Users\admin\AppData\Roaming\isMiner\isMiner.exe" -checkforupdates <===== UWAGA HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [xietxvykhzl] => C:\Users\admin\AppData\Roaming\k0ruiq1pirp\a4mehszsmk4.exe [7680 2017-05-24] () HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [OHAV4XPVGTAKRP5] => C:\Program Files\P8XC967TUM\2X4RH5DTT.exe [1315328 2017-05-24] (OGM5890F) HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [x0qfecw5glx] => C:\Users\admin\AppData\Roaming\1g4d54mzxn0\5vhtkic5ixc.exe [7680 2017-05-24] () HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [sdhpoontprb] => C:\Users\admin\AppData\Roaming\qpoa210rlkx\f4swrzfzgur.exe [7680 2017-05-24] () HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [LNSCN9XCNNDQW34] => C:\Program Files\790CVSULAP\1NIKNWK44.exe [1315328 2017-05-24] (OGM5890F) HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\Run: [AH2J41WIYNE0IEU] => C:\Program Files\CZN4XFWKJC\CZN4XFWKJ.exe [1315328 2017-05-24] (OGM5890F) HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\RunOnce: [0808pkhGoI.exe] => C:\Program Files\Reference Assemblies\70EVTG2ZPNWVVL6SPOIMH\0808pkhGoI.exe [758272 2017-05-24] () HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\MountPoints2: {fdddf63f-4bea-11e6-9bda-28c2ddb64f1e} - "G:\setup.exe" ShellExecuteHooks: Brak nazwy - {2B91D8EE-3EB5-11E7-ACC2-64006A5CFC23} - C:\Users\admin\AppData\Roaming\Seruygzient\Sergecult.dll [146432 2017-05-24] () ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-16] () ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-16] () ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-05-16] () ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX32.dll [2017-05-16] () ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX32.dll [2017-05-16] () ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\admin\AppData\Local\MEGAsync\ShellExtX32.dll [2017-05-16] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-02-24] ShortcutTarget: MEGAsync.lnk -> C:\Users\admin\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 1510 series.lnk [2017-05-15] ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XenoSuite.lnk [2017-05-21] ShortcutTarget: XenoSuite.lnk -> C:\Program Files (x86)\XenoBot\XenoSuite.exe () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{cd1adf02-f2a6-403f-915a-057f6574a92d}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{f93ce941-8b8a-4107-80f8-420770dbe319}: [DhcpNameServer] 192.168.40.1 Internet Explorer: ================== HKU\S-1-5-21-320741745-3816550499-1170541307-1001\Software\Microsoft\Internet Explorer\Main,Start Page = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-320741745-3816550499-1170541307-1001 -> hxxp://www.google.com FireFox: ======== FF DefaultProfile: dwt48jmq.default FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\dwt48jmq.default [2017-05-24] FF NewTab: Mozilla\Firefox\Profiles\dwt48jmq.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H5Ozbcnbl1BU,5f990486-f490-4ce1-a981-602b0b8332e2, FF DefaultSearchEngine: Mozilla\Firefox\Profiles\dwt48jmq.default -> initialsite123 FF SelectedSearchEngine: Mozilla\Firefox\Profiles\dwt48jmq.default -> initialsite123 FF Homepage: Mozilla\Firefox\Profiles\dwt48jmq.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H5Ozbcnbl1BU,5f990486-f490-4ce1-a981-602b0b8332e2, FF Extension: (Fast search) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\dwt48jmq.default\Extensions\amcontextmenu@loucypher [2017-05-24] FF Extension: (uBlock Origin) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\dwt48jmq.default\Extensions\uBlock0@raymondhill.net.xpi [2017-05-15] FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\dwt48jmq.default\searchplugins\1ko66ldz.xml [2017-05-24] FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\dwt48jmq.default\searchplugins\smod.xml [2017-05-24] FF HKU\S-1-5-21-320741745-3816550499-1170541307-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - => nie znaleziono FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-05-01] () FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-05-01] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-11] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-320741745-3816550499-1170541307-1001: @my.com/Games -> [Brak pliku] Chrome: ======= CHR DefaultProfile: vugatherckumocultjqety CHR HomePage: vugatherckumocultjqety -> hxxp://www.initialsite123.com/?z=141df75b177ecc7fd7a6bedg0zat5wcqawfg1c1ofe&from=icb&uid=HGSTXHTS541010A9E680_JD1008DMGBUMTWGBUMTWX&type=hp CHR StartupUrls: vugatherckumocultjqety -> "hxxp://www.initialsite123.com/?z=141df75b177ecc7fd7a6bedg0zat5wcqawfg1c1ofe&from=icb&uid=HGSTXHTS541010A9E680_JD1008DMGBUMTWGBUMTWX&type=hp" CHR DefaultSearchURL: vugatherckumocultjqety -> hxxp://www.initialsite123.com/search/?q={searchTerms}&z=141df75b177ecc7fd7a6bedg0zat5wcqawfg1c1ofe&from=icb&uid=HGSTXHTS541010A9E680_JD1008DMGBUMTWGBUMTWX&type=sp CHR DefaultSearchKeyword: vugatherckumocultjqety -> initialsite123 CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\vugatherckumocultjqety [2017-04-17] <==== UWAGA CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-22] () S3 Disc Soft Lite Bus Service; D:\Program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd) S4 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-04] (Intel Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359856 2015-07-30] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Brak podpisu cyfrowego] R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Brak podpisu cyfrowego] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation) S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7801944 2016-10-20] (INCA Internet Co., Ltd.) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Brak podpisu cyfrowego] S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-09-05] (The OpenVPN Project) R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2017-03-03] () R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-04] (Intel Corporation) R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-04] (Intel Corporation) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-07-17] (Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-07-17] (Disc Soft Ltd) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-04] (Intel Corporation) R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-02-11] (REALiX(tm)) R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation) R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2017-03-03] () S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2000-01-01] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2000-01-01] (Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2000-01-01] (Synaptics Incorporated) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-11-18] (Wellbia.com Co., Ltd.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-24 21:08 - 2017-05-24 21:08 - 00380928 _____ C:\Users\admin\Downloads\6gcq0msj.exe 2017-05-24 21:07 - 2017-05-24 21:08 - 00020131 _____ C:\Users\admin\Downloads\FRST.txt 2017-05-24 21:07 - 2017-05-24 21:07 - 02429952 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe 2017-05-24 21:07 - 2017-05-24 21:07 - 00000000 ____D C:\FRST 2017-05-24 21:04 - 2017-05-24 21:04 - 00881904 _____ (Plumbytes Software) C:\Users\admin\Downloads\antimalwaresetup.exe 2017-05-24 21:02 - 2017-05-24 21:02 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-05-24 21:01 - 2017-05-24 21:01 - 00001383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-24 21:01 - 2017-05-24 21:01 - 00001371 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-05-24 21:01 - 2017-05-24 21:01 - 00000800 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-05-24 21:01 - 2017-05-24 21:01 - 00000800 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-05-24 20:58 - 2017-05-24 20:58 - 00016860 _____ C:\WINDOWS\System32\Tasks\QTrans Bazason Panel 2017-05-24 20:58 - 2017-05-24 20:58 - 00000000 ____D C:\Program Files (x86)\Vogukqogeph 2017-05-24 20:57 - 2017-05-24 20:57 - 00000000 ____D C:\Users\admin\AppData\Roaming\qpoa210rlkx 2017-05-24 20:57 - 2017-05-24 20:57 - 00000000 ____D C:\Users\admin\AppData\Roaming\k0ruiq1pirp 2017-05-24 20:57 - 2017-05-24 20:57 - 00000000 ____D C:\Users\admin\AppData\Roaming\1g4d54mzxn0 2017-05-24 20:57 - 2017-05-24 20:57 - 00000000 ____D C:\Program Files\P8XC967TUM 2017-05-24 20:57 - 2017-05-24 20:57 - 00000000 ____D C:\Program Files\CZN4XFWKJC 2017-05-24 20:57 - 2017-05-24 20:57 - 00000000 ____D C:\Program Files\790CVSULAP 2017-05-24 20:50 - 2017-05-24 20:50 - 04110280 _____ C:\Users\admin\Downloads\adwcleaner_6.047.exe 2017-05-24 20:42 - 2017-05-24 20:58 - 00000000 ____D C:\Users\admin\AppData\Roaming\Seruygzient 2017-05-24 20:42 - 2017-05-24 20:46 - 00000042 _____ C:\ServiceLog.txt 2017-05-24 20:42 - 2017-05-24 20:42 - 00006084 _____ C:\WINDOWS\System32\Tasks\Aticucultpofesy Host 2017-05-24 20:42 - 2017-05-24 20:42 - 00000000 ____D C:\Users\admin\AppData\Local\Drugichpruik 2017-05-24 20:42 - 2017-05-24 20:42 - 00000000 ____D C:\Program Files (x86)\Aticucultpofesy Host 2017-05-24 20:41 - 2017-05-24 20:41 - 00000000 ____D C:\Users\admin\AppData\Roaming\powz2q0mq4x 2017-05-24 20:41 - 2017-05-24 20:41 - 00000000 ____D C:\Users\admin\AppData\Roaming\3yiy5s4ouyt 2017-05-24 20:41 - 2017-05-24 20:41 - 00000000 ____D C:\Program Files\HITZNUA10T 2017-05-24 20:41 - 2017-05-24 20:41 - 00000000 ____D C:\Program Files (x86)\eyaphvt55iq 2017-05-24 20:37 - 2017-05-24 20:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2017-05-24 20:30 - 2017-05-24 20:30 - 00000000 ____D C:\Users\admin\Downloads\2012+CWM+Recovery+5.0.2.8 2017-05-24 20:02 - 2017-05-24 20:03 - 00000000 ____D C:\Users\admin\Desktop\karta 2017-05-24 20:01 - 2017-05-24 21:03 - 00000000 ____D C:\Users\admin\AppData\Local\Htc 2017-05-24 19:59 - 2017-05-24 20:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\HTC 2017-05-24 19:59 - 2017-05-24 19:59 - 00003708 _____ C:\WINDOWS\System32\Tasks\Launch HTC Sync Loader 2017-05-24 19:59 - 2017-05-24 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync 2017-05-24 19:57 - 2017-05-24 19:57 - 00000000 ____D C:\Users\admin\Downloads\SimpleGoldCard 2017-05-24 19:51 - 2017-05-24 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2017-05-24 19:51 - 2017-05-24 19:51 - 00000000 ____D C:\Program Files (x86)\Spirent Communications 2017-05-24 19:50 - 2017-05-24 19:59 - 00000000 ____D C:\Program Files (x86)\HTC 2017-05-24 19:50 - 2017-05-24 19:50 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2017-05-24 19:50 - 2017-05-24 19:50 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2017-05-21 16:52 - 2017-05-21 16:52 - 00001146 _____ C:\Users\admin\Desktop\Windows Hider.lnk 2017-05-21 16:52 - 2017-05-21 16:52 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Hider 2017-05-21 16:52 - 2017-05-21 16:52 - 00000000 ____D C:\Program Files (x86)\Windows Hider 2017-05-21 12:12 - 2017-05-24 07:54 - 00000000 ____D C:\Program Files (x86)\XenoBot 2017-05-21 12:12 - 2017-05-21 12:23 - 00000000 ____D C:\Users\admin\Documents\XenoBot 2017-05-21 12:12 - 2017-05-21 12:12 - 00002028 _____ C:\Users\admin\Desktop\XenoSuite.lnk 2017-05-21 12:12 - 2017-05-21 12:12 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XenoBot 2017-05-16 18:31 - 2017-05-16 18:32 - 51096280 _____ C:\Users\admin\Downloads\hexera.zip 2017-05-16 18:28 - 2017-05-21 12:22 - 00000000 ____D C:\Users\admin\AppData\Roaming\Tibia 2017-05-15 16:07 - 2017-05-15 16:07 - 00003780 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 1510 series 2017-05-15 16:07 - 2017-05-15 16:07 - 00002305 _____ C:\Users\Public\Desktop\HP Deskjet 1510 series.lnk 2017-05-15 16:07 - 2017-05-15 16:07 - 00000000 ____D C:\Users\admin\Documents\HpReg_Backup 2017-05-15 16:06 - 2017-05-15 16:06 - 00000057 _____ C:\ProgramData\Ament.ini 2017-05-15 16:02 - 2017-05-15 16:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\HPPSDr 2017-05-12 09:51 - 2017-05-24 21:01 - 00000000 ____D C:\AdwCleaner 2017-05-09 11:43 - 2017-05-09 11:43 - 00000000 ____D C:\Users\admin\AppData\Roaming\Vestios 2017-05-02 19:45 - 2017-05-02 19:45 - 00001208 _____ C:\Users\admin\Desktop\Paint.lnk 2017-05-02 18:56 - 2017-05-02 18:56 - 00000000 ____D C:\Program Files (x86)\ExtremeInjector 2017-05-01 07:12 - 2017-05-01 07:12 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-05-01 07:12 - 2017-05-01 07:12 - 00002409 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-24 21:06 - 2016-11-19 08:56 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla 2017-05-24 21:03 - 2016-12-09 18:16 - 00000165 _____ C:\Users\admin\AppData\Roaming\sp_data.sys 2017-05-24 21:02 - 2016-10-12 12:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-05-24 21:02 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-05-24 21:02 - 2015-09-19 05:38 - 00000000 __SHD C:\Users\admin\IntelGraphicsProfiles 2017-05-24 20:52 - 2016-07-17 00:05 - 07489726 _____ C:\WINDOWS\system32\perfh015.dat 2017-05-24 20:52 - 2016-07-17 00:05 - 03115426 _____ C:\WINDOWS\system32\perfc015.dat 2017-05-24 20:52 - 2015-08-15 07:21 - 08402052 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-05-24 20:41 - 2016-11-13 15:52 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2017-05-24 20:41 - 2016-10-12 12:29 - 00000000 ____D C:\Program Files\Reference Assemblies 2017-05-24 20:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-05-24 19:51 - 2017-01-01 14:50 - 00000000 ____D C:\Users\admin\AppData\Local\Downloaded Installations 2017-05-24 19:50 - 2017-01-01 14:54 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2017-05-24 19:50 - 2016-11-13 16:16 - 00000000 ____D C:\ProgramData\Adobe 2017-05-24 19:50 - 2016-11-13 16:16 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-05-24 19:50 - 2016-10-06 12:23 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe 2017-05-24 19:50 - 2016-10-06 09:07 - 00000000 ____D C:\Users\admin\AppData\Roaming\Adobe 2017-05-24 19:50 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF 2017-05-24 18:19 - 2016-10-12 11:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-05-24 07:48 - 2016-10-06 13:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent 2017-05-23 20:05 - 2016-10-12 12:03 - 00000000 ____D C:\Users\admin 2017-05-22 17:18 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-05-18 16:42 - 2016-10-09 20:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-05-16 17:30 - 2016-11-07 14:42 - 00000000 ____D C:\Users\admin\AppData\Local\MEGAsync 2017-05-15 16:12 - 2016-10-06 13:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\HpUpdate 2017-05-15 16:07 - 2016-10-06 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2017-05-15 16:07 - 2016-10-06 13:46 - 00000000 ____D C:\Program Files (x86)\HP 2017-05-15 16:07 - 2016-10-06 13:41 - 00000000 ____D C:\Users\admin\AppData\Local\HP 2017-05-15 16:07 - 2016-10-06 13:37 - 00000000 ____D C:\ProgramData\HP 2017-05-14 10:41 - 2017-02-06 08:59 - 00000135 _____ C:\Users\admin\Desktop\Nowy dokument tekstowy.txt 2017-05-07 14:49 - 2016-10-06 09:07 - 00000000 ____D C:\Users\admin\AppData\Local\Packages 2017-05-01 07:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-05-01 07:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-05-01 07:12 - 2015-09-19 05:42 - 00000000 ___RD C:\Users\admin\OneDrive ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-12-09 18:16 - 2017-05-24 21:03 - 0000165 _____ () C:\Users\admin\AppData\Roaming\sp_data.sys 2016-11-13 19:41 - 2016-11-13 19:41 - 0000017 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg 2017-05-15 16:06 - 2017-05-15 16:06 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-10-12 12:00 - 2016-10-12 12:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Pliki do przeniesienia lub usunięcia: ==================== C:\Program Files (x86)\eyaphvt55iq\DOYPNQ3TAXZUD99.exe Niektóre pliki w TEMP: ==================== 2017-05-24 20:08 - 2017-05-24 20:22 - 2530671 _____ () C:\Users\admin\AppData\Local\Temp\adb.exe 2017-05-24 20:08 - 2017-05-24 20:22 - 0096256 _____ (Google, inc) C:\Users\admin\AppData\Local\Temp\AdbWinApi.dll 2017-05-24 20:08 - 2017-05-24 20:22 - 0060928 _____ (Google, inc) C:\Users\admin\AppData\Local\Temp\AdbWinUsbApi.dll 2017-05-24 20:41 - 2017-05-24 20:41 - 0913815 _____ ( ) C:\Users\admin\AppData\Local\Temp\Bestziper.exe 2017-05-24 20:41 - 2017-05-24 20:41 - 3020288 _____ (isMiner worker and updater for windows of isMiner inc ) C:\Users\admin\AppData\Local\Temp\isminer.exe 2017-05-24 20:41 - 2017-05-24 20:41 - 0142848 _____ () C:\Users\admin\AppData\Local\Temp\load.exe 2017-05-24 20:41 - 2017-05-24 20:41 - 0584749 _____ ( ) C:\Users\admin\AppData\Local\Temp\Setup.exe 2017-05-21 11:59 - 2017-05-21 11:59 - 5352888 _____ () C:\Users\admin\AppData\Local\Temp\Tibia_Setup_51fa-5487-076c-b095.exe 2017-05-21 11:59 - 2017-05-21 11:59 - 5352888 _____ () C:\Users\admin\AppData\Local\Temp\Tibia_Setup_8122-d2f8-7265-76fa.exe 2017-05-24 20:41 - 2017-05-24 20:41 - 1199825 _____ () C:\Users\admin\AppData\Local\Temp\unins000.exe 2017-05-24 20:41 - 2017-05-24 20:41 - 0596382 _____ (VideoBox ) C:\Users\admin\AppData\Local\Temp\vbsetup.exe 2017-05-24 20:41 - 2017-05-24 20:41 - 1909694 _____ (WeMonetize ) C:\Users\admin\AppData\Local\Temp\VFLA5E6.exe 2017-05-24 20:42 - 2017-05-24 20:44 - 0131070 _____ ( ) C:\Users\admin\AppData\Local\Temp\webfriend.exe 2017-05-24 20:58 - 2017-05-24 20:58 - 3191520 _____ (Microleaves) C:\Users\admin\AppData\Local\Temp\ww-Online.IO-installer.exe 2017-05-24 20:42 - 2017-05-24 20:42 - 5624536 _____ ( ) C:\Users\admin\AppData\Local\Temp\yeadesktop.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-05-19 16:16 ==================== Koniec FRST.txt ============================