Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 17-08-2017 Uruchomiony przez Ania (administrator) ANNA (18-08-2017 12:49:01) Uruchomiony z C:\Users\Ania\Desktop Załadowane profile: Ania (Dostępne profile: Ania) Platform: Windows 10 Home Wersja 1511 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Edge) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Spotify Ltd) C:\Users\Ania\AppData\Roaming\Spotify\SpotifyWebHelper.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (ZTE) C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-02] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4263544 2016-05-17] (Synaptics Incorporated) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4133072 2012-07-04] (ESET) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507144 2014-09-02] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKU\S-1-5-21-3900642790-3964556960-2634687529-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team) HKU\S-1-5-21-3900642790-3964556960-2634687529-1001\...\Run: [Spotify Web Helper] => C:\Users\Ania\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-28] (Spotify Ltd) HKU\S-1-5-21-3900642790-3964556960-2634687529-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe HKU\S-1-5-21-3900642790-3964556960-2634687529-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd) HKU\S-1-5-21-3900642790-3964556960-2634687529-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-12] (SUPERAntiSpyware) HKU\S-1-5-21-3900642790-3964556960-2634687529-1001\...\MountPoints2: {4113b6b8-c13e-11e6-828e-346895463ac0} - "G:\AutoRun.exe" HKU\S-1-5-21-3900642790-3964556960-2634687529-1001\...\MountPoints2: {a0d9d8bf-569c-11e6-8284-346895463ac0} - "F:\AutoRun.exe" HKU\S-1-5-21-3900642790-3964556960-2634687529-1001\...\MountPoints2: {d91a80d7-123e-11e7-8298-5cb901b5566b} - "G:\AutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mcserver.lnk [2015-12-21] ShortcutTarget: mcserver.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{0abfa0a8-97ee-4bab-9074-a087cc2fe2b8}: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{3fb41698-db9e-4497-84b5-cbd11adca352}: [DhcpNameServer] 192.168.8.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com HKU\S-1-5-21-3900642790-3964556960-2634687529-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/?gws_rd=ssl HKU\S-1-5-21-3900642790-3964556960-2634687529-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com SearchScopes: HKLM-x32 -> {ECDA82C0-DF2B-425D-90B8-132FB7A617DD} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3900642790-3964556960-2634687529-1001 -> {14B9F8CA-1351-4852-AA7E-4243A7202C0E} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3900642790-3964556960-2634687529-1001 -> {ECDA82C0-DF2B-425D-90B8-132FB7A617DD} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files\Ipswitch\iMacros\iMacrosBHO.dll [2016-10-07] () BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files (x86)\Ipswitch\iMacros\iMacrosBHO.dll [2016-10-07] () BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-06] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-06] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) FireFox: ======== FF DefaultProfile: y4t0wpod.default FF ProfilePath: C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\y4t0wpod.default [2017-08-18] FF Homepage: Mozilla\Firefox\Profiles\y4t0wpod.default -> www.google.pl FF Session Restore: Mozilla\Firefox\Profiles\y4t0wpod.default -> [funkcja włączona] FF Extension: (ADB Helper) - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\y4t0wpod.default\Extensions\adbhelper@mozilla.org [2017-03-18] FF Extension: (Easy PHP) - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\y4t0wpod.default\Extensions\easyphp@john.anderson [2017-01-01] FF Extension: (FirePHP) - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\y4t0wpod.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2017-01-01] FF Extension: (Valence) - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\y4t0wpod.default\Extensions\fxdevtools-adapters@mozilla.org [2017-02-21] FF Extension: (iMacros for Firefox) - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\y4t0wpod.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-12-18] FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon => nie znaleziono FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird FF Extension: (ESET Endpoint Security Extension) - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2015-12-10] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-13] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-13] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-06] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.) Chrome: ======= CHR Session Restore: Default -> [funkcja włączona] CHR Profile: C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default [2017-08-03] CHR Extension: (Prezentacje Google) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-14] CHR Extension: (Dokumenty Google) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-14] CHR Extension: (Dysk Google) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-14] CHR Extension: (YouTube) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-14] CHR Extension: (iMacros for Chrome) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2016-07-14] CHR Extension: (Group Invite All) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeajicmampllnpkmfimkhefbndkfeloo [2017-05-04] CHR Extension: (Toolkit For Facebook) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcachklhcihfinmagjnlomehfdhndhep [2017-03-12] CHR Extension: (Arkusze Google) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-14] CHR Extension: (Dokumenty Google offline) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-14] CHR Extension: (Invite All Friends on Facebook) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2017-05-24] CHR Extension: (RoboInsta.com) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\nidfkgegefehfpfedinekkeldjjijjpc [2017-05-24] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11] CHR Extension: (Gmail) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-14] CHR Extension: (Chrome Media Router) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-24] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com) S4 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [99712 2015-12-04] (Alcohol Soft Development Team) S4 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [35720 2012-07-04] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [999704 2012-07-04] (ESET) S4 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190208 2012-07-04] (ESET) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.) S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [509192 2014-09-02] (Hewlett-Packard Development Company, L.P.) S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () S4 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation) S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Brak podpisu cyfrowego] S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) S4 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [678480 2013-12-19] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7801944 2016-10-20] (INCA Internet Co., Ltd.) S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-19] (Realtek Semiconductor) S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Brak podpisu cyfrowego] S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268920 2016-05-17] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-29] (Microsoft Corporation) S4 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [202752 2015-10-30] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S0 BMLoad; C:\WINDOWS\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] S0 BMLoad; C:\Windows\SysWOW64\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [213416 2012-07-10] (ESET) R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [179920 2012-07-10] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [152136 2012-03-29] (ESET) S2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [140752 2012-03-29] (ESET) R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation) S3 hwusb_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_cdcacm.sys [121728 2013-12-19] (Huawei Technologies Co., Ltd.) S3 hwusb_wwanecm; C:\WINDOWS\system32\DRIVERS\ew_wwanecm.sys [376448 2013-12-19] (Huawei Technologies Co., Ltd.) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-18] (Malwarebytes) R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation) R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.) R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] () S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [32496 2014-09-17] (Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-09-17] (Synaptics Incorporated) R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [203832 2016-09-09] (Duplex Secure Ltd) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.) R1 tcpipBM; C:\Windows\System32\Drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) R1 tcpipBM; C:\Windows\SysWow64\Drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-08-02] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-08-02] (Zemana Ltd.) S3 zte_cdc_acm; C:\WINDOWS\system32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-10] (ZTE) S3 zte_cpo; C:\WINDOWS\system32\DRIVERS\zte_cpo.sys [14336 2011-08-10] (ZTE) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-08-18 12:49 - 2017-08-18 12:50 - 000020633 _____ C:\Users\Ania\Desktop\FRST.txt 2017-08-18 12:47 - 2017-08-18 12:49 - 000000000 ____D C:\FRST 2017-08-18 12:46 - 2017-08-18 12:41 - 002395648 _____ (Farbar) C:\Users\Ania\Desktop\FRST64.exe 2017-08-18 12:23 - 2017-08-18 12:23 - 010927964 _____ C:\Users\Ania\Desktop\LOGSEVT.zip 2017-08-18 12:17 - 2017-08-18 12:17 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-08-04 17:01 - 2017-08-04 17:01 - 000365264 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-08-03 09:10 - 2017-08-03 09:10 - 000000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z.ZZ.Z..ZZ..Z 2017-08-03 04:03 - 2017-08-03 04:03 - 000000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z..ZZ.ZZZ.Z..ZZZ 2017-08-03 02:40 - 2017-08-03 04:02 - 000000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z.Z..ZZ.Z..ZZ 2017-08-03 01:16 - 2017-08-03 02:39 - 000000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZ.Z.Z.Z.ZZZ.Z 2017-08-03 00:12 - 2017-08-03 00:12 - 000000000 ____D C:\ProgramData\AVAST Software 2017-08-02 23:40 - 2017-08-18 12:49 - 000051287 _____ C:\WINDOWS\ZAM.krnl.trace 2017-08-02 23:40 - 2017-08-18 12:49 - 000017654 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-08-02 23:40 - 2017-08-02 23:40 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2017-08-02 23:40 - 2017-08-02 23:40 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2017-08-02 23:40 - 2017-08-02 23:40 - 000001188 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-08-02 23:40 - 2017-08-02 23:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-08-02 23:40 - 2017-08-02 23:40 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-08-02 23:39 - 2017-08-18 11:31 - 000000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d18f29d6-098f-485b-a9f3-b4f1389fe6b3.job 2017-08-02 23:39 - 2017-08-18 11:31 - 000000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 179c1b23-1c0e-4ebc-80b9-7d828d579914.job 2017-08-02 23:39 - 2017-08-02 23:39 - 000003734 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d18f29d6-098f-485b-a9f3-b4f1389fe6b3 2017-08-02 23:39 - 2017-08-02 23:39 - 000003652 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 179c1b23-1c0e-4ebc-80b9-7d828d579914 2017-08-02 23:39 - 2017-08-02 23:39 - 000000000 ____D C:\Users\Ania\AppData\Roaming\SUPERAntiSpyware.com 2017-08-02 23:39 - 2017-08-02 23:39 - 000000000 ____D C:\Users\Ania\AppData\Local\Zemana 2017-08-02 23:38 - 2017-08-02 23:39 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2017-08-02 23:38 - 2017-08-02 23:38 - 000001856 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2017-08-02 23:38 - 2017-08-02 23:38 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2017-08-02 23:38 - 2017-08-02 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2017-08-02 23:37 - 2017-08-02 23:37 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-08-02 23:37 - 2017-08-02 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-02 23:37 - 2017-08-02 23:37 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-02 23:37 - 2017-08-02 23:37 - 000000000 ____D C:\Program Files\Malwarebytes 2017-08-02 23:37 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-08-02 23:36 - 2017-08-02 23:36 - 000000000 ____D C:\ProgramData\HitmanPro ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-08-18 12:47 - 2016-07-28 23:54 - 002046684 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-08-18 12:47 - 2016-04-27 07:04 - 000889558 _____ C:\WINDOWS\system32\perfh015.dat 2017-08-18 12:47 - 2016-04-27 07:04 - 000193172 _____ C:\WINDOWS\system32\perfc015.dat 2017-08-18 12:47 - 2015-10-30 09:21 - 000000000 ____D C:\WINDOWS\INF 2017-08-18 12:19 - 2015-12-10 14:02 - 000000000 ____D C:\Users\Ania\Documents\Youcam 2017-08-18 12:17 - 2016-04-27 07:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-08-18 12:16 - 2015-10-30 08:28 - 000524288 ___SH C:\WINDOWS\system32\config\BBI 2017-08-18 12:06 - 2016-07-28 23:54 - 000000000 ____D C:\Users\Ania 2017-08-04 17:44 - 2016-12-15 22:22 - 000000000 ____D C:\Users\Ania\AppData\Roaming\.minecraft 2017-08-03 01:13 - 2015-12-26 00:53 - 000000000 ____D C:\Users\Ania\AppData\Roaming\TS3Client 2017-08-03 01:10 - 2017-05-09 13:39 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-08-03 00:20 - 2017-05-29 01:15 - 000000000 ____D C:\AdwCleaner 2017-08-03 00:07 - 2017-05-06 03:59 - 000000000 ____D C:\Users\Ania\Desktop\WineD3DForWindows_1.7.52 ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-05-29 14:26 - 2017-05-29 14:26 - 000000017 _____ () C:\Users\Ania\AppData\Local\resmon.resmoncfg 2016-12-24 02:48 - 2016-11-23 15:37 - 000000570 _____ () C:\Users\Ania\AppData\Local\TroubleshooterConfig.json ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-05-28 16:51 ==================== Koniec FRST.txt ============================