Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 04-07-2017 Uruchomiony przez admin (administrator) ISAMUXPOMPA (05-07-2017 11:53:09) Uruchomiony z C:\Users\admin\Desktop Załadowane profile: admin (Dostępne profile: admin) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe () C:\Users\admin\AppData\Local\Temp\00017606\conhost.exe () C:\Users\admin\AppData\Local\Temp\00017606\msiql.exe () C:\Program Files\Windows Portable Devices\HKMF5SR2N63QWPVWZDPV3NQ30ZEII\TJTE49i-L3.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe () C:\Windows\Temp\g2EA1.tmp.exe () C:\Windows\Temp\g2EA2.tmp.exe (Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe () C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Login] => C:\Users\admin\AppData\Local\Temp\00017606\conhost.exe [1870848 2017-07-03] () <==== UWAGA HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6004512 2017-01-11] (IObit) HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id_FS9T] => C:\Program Files\Microsoft Games\M0PGGHNYEMMQJ5L\8cGytjk7By.exe [222208 2017-07-03] () HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA HKU\S-1-5-21-1693114668-2537149228-3336235061-1001\...\Run: [msiql] => C:\Users\admin\AppData\Local\Temp\00017606\msiql.exe [2072576 2017-07-03] () <==== UWAGA HKU\S-1-5-21-1693114668-2537149228-3336235061-1001\...\Run: [TQ5SLmX_Z-.exe] => C:\Program Files\Windows Portable Devices\HKMF5SR2N63QWPVWZDPV3NQ30ZEII\TQ5SLmX_Z-.exe [444416 2017-07-03] () HKU\S-1-5-21-1693114668-2537149228-3336235061-1001\...\RunOnce: [OVmfG0jVDn.exe] => C:\Program Files\Windows Portable Devices\HKMF5SR2N63QWPVWZDPV3NQ30ZEII\OVmfG0jVDn.exe 2 0 HKU\S-1-5-21-1693114668-2537149228-3336235061-1001\...\RunOnce: [zuSfQ4lSL.exe] => C:\ProgramData\9a07ad8ce41c49228bbf8a46c8fc4414\zuSfQ4lSL.exe [748032 2017-07-03] () HKU\S-1-5-21-1693114668-2537149228-3336235061-1001\...\RunOnce: [uninstall.exe] => C:\Users\admin\AppData\Local\Temp\{a767ed8f74244167b60647e75800afe3}\YQnSa7v0I1\uninstall.exe [748032 2017-07-03] () <==== UWAGA HKU\S-1-5-21-1693114668-2537149228-3336235061-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKU\S-1-5-21-1693114668-2537149228-3336235061-1001\...\MountPoints2: {1fd6adbd-1493-11e7-a5d0-c80aa90ece07} - F:\AutoRun.exe HKU\S-1-5-21-1693114668-2537149228-3336235061-1001\...\MountPoints2: {1fd6adc1-1493-11e7-a5d0-c80aa90ece07} - F:\AutoRun.exe ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\Windows\C_02iu47.dat [2001920 2017-07-02] (Micrasaft Carparation) BootExecute: autocheck autochk * SmartDefragBootTime.exe GroupPolicy: Ograniczenia - Chrome <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{0A6F6C4D-74A9-421C-A7F8-3846B8CF6A1F}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{A022C0B8-67B1-496C-8D30-EA5C1A70A46A}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{D8F0A4D8-62FF-4D5B-BC9B-39614E0CC36D}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-03-28] (IObit) BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.) FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rtbcgd5.default-1465042315559 [2017-07-03] FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rtbcgd5.default-1465042315559\user.js [2017-02-24] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\0rtbcgd5.default-1465042315559 -> Google FF Extension: (Firefox Hotfix) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rtbcgd5.default-1465042315559\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-03] FF Extension: (uBlock Origin) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rtbcgd5.default-1465042315559\Extensions\uBlock0@raymondhill.net.xpi [2017-02-25] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-03-29] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-19] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-19] () FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-11] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1693114668-2537149228-3336235061-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2017-07-05] CHR Extension: (Adblock Plus) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-23] CHR Extension: (Tampermonkey) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-12] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15] CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-27] CHR Extension: (easychrome) - C:\Users\admin\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-07-03] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit) S4 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [Brak podpisu cyfrowego] S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [241936 2016-07-29] (EasyAntiCheat Ltd) S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-03-28] (Hi-Rez Studios) [Brak podpisu cyfrowego] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] () S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1740576 2017-01-10] (IObit) S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2017-03-28] (IObit) S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit) S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5867216 2016-08-08] (INCA Internet Co., Ltd.) S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1286896 2016-05-19] (Overwolf LTD) S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-12-04] (IDT, Inc.) [Brak podpisu cyfrowego] S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 cfidsk; C:\Windows\System32\drivers\cfidsk.sys [196520 2017-06-20] () S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2017-02-24] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-08-04] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-08-04] (Disc Soft Ltd) S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [76800 2013-02-17] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-19] (REALiX(tm)) S4 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-12-16] (IObit) R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.) S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.) S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-12-16] (IObit.com) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1828736 2009-03-13] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2017-03-16] (Duplex Secure Ltd.) S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [551936 2013-12-04] (IDT, Inc.) [Brak podpisu cyfrowego] S3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain) [Brak podpisu cyfrowego] S2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain) [Brak podpisu cyfrowego] S2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain) [Brak podpisu cyfrowego] U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-07-05 11:53 - 2017-07-05 11:54 - 00019799 _____ C:\Users\admin\Desktop\FRST.txt 2017-07-05 11:51 - 2017-07-05 11:51 - 02436608 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe 2017-07-05 11:51 - 2017-07-05 11:51 - 02436608 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe 2017-07-03 20:18 - 2017-07-03 20:18 - 00002910 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_admin 2017-07-03 20:18 - 2017-07-03 20:18 - 00001370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk 2017-07-03 20:18 - 2017-07-03 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2017-07-03 19:42 - 2017-07-03 19:42 - 02679904 _____ (Gemius) C:\Users\admin\Downloads\npinstall.exe 2017-07-03 19:02 - 2017-07-05 11:44 - 00000000 ____D C:\Windows.old 2017-07-03 18:22 - 2017-07-03 18:23 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2017-07-03 18:22 - 2017-07-03 18:22 - 00000000 ____D C:\Users\admin\AppData\Local\UCBrowser 2017-07-03 18:21 - 2017-07-03 18:21 - 00000000 ____D C:\ProgramData\Microleaves 2017-07-03 18:21 - 2017-07-03 18:21 - 00000000 ____D C:\ProgramData\9a07ad8ce41c49228bbf8a46c8fc4414 2017-07-03 18:21 - 2017-07-03 18:21 - 00000000 ____D C:\Program Files (x86)\MediaSerchU 2017-07-03 18:20 - 2017-07-03 18:21 - 00002568 _____ C:\Windows\System32\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511 2017-07-03 18:20 - 2017-07-03 18:21 - 00000294 _____ C:\Windows\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511.job 2017-07-03 18:20 - 2017-07-03 18:20 - 00000266 __RSH C:\ProgramData\ntuser.pol 2017-07-03 18:20 - 2017-07-03 18:20 - 00000000 ____D C:\ProgramData\fa47f56a-6045-0 2017-07-03 18:20 - 2017-07-03 18:20 - 00000000 ____D C:\ProgramData\fa47f56a-1367-1 2017-07-03 18:20 - 2017-07-03 18:20 - 00000000 ____D C:\Program Files (x86)\pccleanplus 2017-07-03 18:20 - 2017-07-03 18:20 - 00000000 ____D C:\Program Files (x86)\PC Clean Plus 2017-07-03 18:19 - 2017-07-03 18:20 - 00000000 ____D C:\Users\admin\AppData\Roaming\UCChannel 2017-07-03 18:19 - 2017-07-03 18:19 - 01623552 _____ C:\ProgramData\service.exe 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\ProgramData\c5dbeb89-7067-1 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\ProgramData\c5dbeb89-18d3-0 2017-07-03 18:19 - 2017-07-02 01:40 - 02001920 ___SH (Micrasaft Carparation) C:\Windows\C_02iu47.dat 2017-07-03 18:18 - 2017-07-05 11:55 - 00016724 _____ C:\Windows\System32\Tasks\Krabbit Thesaurus 2017-07-03 18:18 - 2017-07-05 11:51 - 00000342 _____ C:\Windows\Tasks\Online Application V2G3.job 2017-07-03 18:18 - 2017-07-05 11:51 - 00000342 _____ C:\Windows\Tasks\Online Application V2G2.job 2017-07-03 18:18 - 2017-07-05 11:51 - 00000342 _____ C:\Windows\Tasks\Online Application V2G1.job 2017-07-03 18:18 - 2017-07-05 11:43 - 00000374 _____ C:\Windows\Tasks\Updater_Online_Application.job 2017-07-03 18:18 - 2017-07-03 18:18 - 00003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application 2017-07-03 18:18 - 2017-07-03 18:18 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G3 2017-07-03 18:18 - 2017-07-03 18:18 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G2 2017-07-03 18:18 - 2017-07-03 18:18 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G1 2017-07-03 18:18 - 2017-07-03 18:18 - 00000000 ____D C:\Users\Public\Documents\XMUpdate 2017-07-03 18:18 - 2017-07-03 18:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microleaves 2017-07-03 18:18 - 2017-07-03 18:18 - 00000000 ____D C:\Users\admin\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk 2017-07-03 18:18 - 2017-07-03 18:18 - 00000000 ____D C:\Users\admin\AppData\Local\AdvinstAnalytics 2017-07-03 18:18 - 2017-07-03 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk 2017-07-03 18:18 - 2017-07-03 18:18 - 00000000 ____D C:\Program Files (x86)\Microleaves 2017-07-03 18:18 - 2017-07-03 18:18 - 00000000 ____D C:\Program Files (x86)\mgdisk 2017-07-03 18:17 - 2017-07-03 18:17 - 11035447 _____ C:\Users\admin\Downloads\CSGO RedEye for Windows.zip 2017-07-03 18:16 - 2017-07-03 18:16 - 00001181 _____ C:\Users\admin\Downloads\CSGO_RedEye_for_Windows.xht 2017-07-02 20:56 - 2017-07-02 20:56 - 00639836 _____ C:\Users\admin\Downloads\KOPIA.rar 2017-06-23 17:31 - 2017-07-02 20:04 - 00000000 ____D C:\Users\admin\Desktop\bot 2017-06-20 08:42 - 2017-06-20 08:42 - 00196520 _____ C:\Windows\system32\Drivers\cfidsk.sys 2017-06-16 19:16 - 2017-06-16 19:16 - 00000000 ____D C:\Users\admin\AppData\Local\Targem 2017-06-16 14:10 - 2017-07-04 13:55 - 00000000 ____D C:\Users\admin\AppData\Local\Crossout 2017-06-16 14:10 - 2017-06-16 14:10 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout 2017-06-16 14:10 - 2017-06-16 14:10 - 00000000 ____D C:\ProgramData\Gaijin 2017-06-10 17:24 - 2017-06-16 01:31 - 00000000 ____D C:\Users\admin\AppData\Local\PAYDAY 2 2017-06-10 17:24 - 2017-06-10 17:24 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-06-10 17:24 - 2017-06-10 17:24 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2017-06-09 13:03 - 2017-06-09 13:03 - 00092672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2017-06-09 12:51 - 2017-06-09 12:51 - 01057296 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys 2017-06-09 12:51 - 2017-06-09 12:51 - 00131592 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-07-05 11:53 - 2016-06-03 22:42 - 00000000 ____D C:\FRST 2017-07-05 11:51 - 2009-07-14 06:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-07-05 11:51 - 2009-07-14 06:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-07-05 11:48 - 2016-06-27 14:43 - 00000000 ____D C:\Program Files (x86)\Steam 2017-07-05 11:48 - 2016-04-19 00:49 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-07-05 11:48 - 2016-04-19 00:46 - 00001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-07-05 11:48 - 2016-04-18 23:44 - 00001483 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-07-05 11:44 - 2017-04-21 19:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\foobar2000 2017-07-05 11:44 - 2016-04-19 21:30 - 00000000 ____D C:\Users\admin\AppData\Roaming\TS3Client 2017-07-04 13:14 - 2016-04-23 12:14 - 00000000 ___RD C:\Users\admin\Desktop\instalki 2017-07-03 20:18 - 2017-02-22 20:13 - 00000000 ____D C:\Program Files (x86)\IObit 2017-07-03 20:18 - 2016-04-19 00:55 - 00000000 ____D C:\ProgramData\ProductData 2017-07-03 20:14 - 2017-02-22 20:29 - 00002892 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (admin) 2017-07-03 20:01 - 2016-07-14 14:03 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks 2017-07-03 20:01 - 2016-04-23 14:48 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 2017-07-03 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2017-07-03 18:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Portable Devices 2017-07-03 18:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2017-07-03 18:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Microsoft Games 2017-07-03 18:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\GroupPolicy 2017-07-02 20:05 - 2011-02-04 19:20 - 00740672 _____ C:\Windows\system32\perfh015.dat 2017-07-02 20:05 - 2011-02-04 19:20 - 00156214 _____ C:\Windows\system32\perfc015.dat 2017-07-02 20:05 - 2009-07-14 07:13 - 01670518 _____ C:\Windows\system32\PerfStringBackup.INI 2017-07-02 20:04 - 2016-06-15 21:19 - 00000000 ____D C:\Users\admin\Documents\My Games 2017-07-02 19:52 - 2016-06-27 15:14 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-07-02 19:46 - 2016-12-14 01:33 - 00000000 ____D C:\Users\admin\AppData\Local\Ubisoft Game Launcher 2017-06-30 18:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-30 12:37 - 2016-04-19 21:29 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2017-06-18 15:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2017-06-15 22:05 - 2016-04-24 11:49 - 00000000 ____D C:\Users\admin\Documents\Klei 2017-06-09 15:12 - 2016-06-15 06:56 - 00000000 ____D C:\Windows\system32\MRT 2017-06-09 15:08 - 2016-06-15 06:56 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-06-09 14:28 - 2017-03-22 19:51 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics 2017-06-09 12:51 - 2016-04-18 23:49 - 00127536 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll 2017-06-08 19:45 - 2017-06-02 20:22 - 00000000 ____D C:\Program Files (x86)\WinRAR ==================== Pliki w katalogu głównym wybranych folderów ======= 2005-07-29 16:49 - 2005-07-30 21:03 - 0002321 _____ () C:\Program Files (x86)\Polonizacja - Readme.txt 2016-07-15 14:23 - 2016-07-15 14:23 - 0000045 _____ () C:\Users\admin\AppData\Roaming\WB.CFG 2016-04-20 16:19 - 2016-06-07 20:45 - 0007597 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg 2017-07-03 18:19 - 2017-07-03 18:19 - 1623552 _____ () C:\ProgramData\service.exe Pliki do przeniesienia lub usunięcia: ==================== C:\Users\admin\AppData\Local\Temp\00017606\conhost.exe C:\Users\admin\AppData\Local\Temp\00017606\msiql.exe C:\Users\admin\AppData\Local\Temp\{a767ed8f74244167b60647e75800afe3}\YQnSa7v0I1\uninstall.exe C:\ProgramData\service.exe Niektóre pliki w TEMP: ==================== 2017-07-03 18:21 - 2017-07-03 18:21 - 0013312 _____ () C:\Users\admin\AppData\Local\Temp\eolakavz.dll 2017-07-03 18:19 - 2017-07-03 18:19 - 0515072 ____H () C:\Users\admin\AppData\Local\Temp\ty6.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-07-04 13:36 ==================== Koniec FRST.txt ============================