Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 21-10-2017 Uruchomiony przez Stas (administrator) STAS-KOMPUTER (23-10-2017 00:19:10) Uruchomiony z C:\Users\Stas\Downloads Załadowane profile: Stas (Dostępne profile: Stas) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe (CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (SDI) C:\Users\Stas\Downloads\SDI_R1790\SDI_R1790.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1704028 2013-12-04] (IDT, Inc.) HKLM\...\RunOnce: [IDTstacsvApp] => %ProgramFiles%\IDT\WDM\STacSV -r HKU\S-1-5-21-4113310034-2617919798-1752997-1000\...\Run: [Facebook Update] => C:\Users\Stas\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-12-02] (Facebook Inc.) HKU\S-1-5-21-4113310034-2617919798-1752997-1000\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-4113310034-2617919798-1752997-1000\...\MountPoints2: {240c18cc-999b-11e3-8ac3-806e6f6e6963} - E:\start.exe HKU\S-1-5-21-4113310034-2617919798-1752997-1000\...\MountPoints2: {7830a817-0a7a-11e4-935a-80c16e419071} - F:\iLinker.exe HKU\S-1-5-21-4113310034-2617919798-1752997-1000\...\MountPoints2: {ce36efe5-8d8f-11e7-910e-80c16e419071} - F:\autorun.exe HKU\S-1-5-21-4113310034-2617919798-1752997-1000\...\MountPoints2: {db3bdd11-e94a-11e3-8882-80c16e419071} - F:\LGAutoRun.exe HKU\S-1-5-21-4113310034-2617919798-1752997-1000\...\MountPoints2: {efd7f91e-307c-11e7-ad75-80c16e419071} - F:\autorun.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: Kod HTML wykryty w pliku Hosts. Sprawdź sekcję Hosts w Addition.txt <==== UWAGA Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8B43164B-795C-4E75-9C1A-919E788788F5}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{8B43164B-795C-4E75-9C1A-919E788788F5}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\S-1-5-21-4113310034-2617919798-1752997-1000\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-4113310034-2617919798-1752997-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4113310034-2617919798-1752997-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2017-10-22] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2017-10-22] (AO Kaspersky Lab) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2017-10-22] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-22] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin HKU\S-1-5-21-4113310034-2617919798-1752997-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Stas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) Chrome: ======= CHR DefaultProfile: Default CHR DefaultSearchURL: Default -> hxxps://s6.otomoto.pl/static/otomotopl/naspersclassifieds-regional/verticals-cars-atlas-web-otomotopl/static/img/favicon.ico?v=4 CHR Profile: C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default [2017-10-23] CHR Extension: (Prezentacje) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Dokumenty) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Dysk Google) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Arkusze) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Dokumenty Google offline) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31] CHR Extension: (Skype) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-22] CHR Extension: (Używane Alfa Romeo 159 - 16 500 PLN, ...) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\menclggflcbafeioijcdcngcgnijfbgn [2016-12-14] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-23] CHR Extension: (Chrome Media Router) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ALG; C:\Windows\System32\alg.exe [59392 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2017-09-01] (AMD) [Brak podpisu cyfrowego] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2017-09-01] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-12-07] (Kaspersky Lab ZAO) S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes) S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 Spooler; C:\Windows\System32\spoolsv.exe [317440 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [319570 2013-12-04] (IDT, Inc.) [Brak podpisu cyfrowego] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [241752 2017-08-24] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH) S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 vds; C:\Windows\System32\vds.exe [453632 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2017-09-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [73928 2015-03-30] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-03-30] (Advanced Micro Devices) R0 CD8ABCCD; C:\Windows\System32\drivers\CD8ABCCD.sys [153784 2017-09-01] (Kaspersky Lab ZAO) R0 CD8ABCCD6; C:\Windows\System32\drivers\CD8ABCCD6.sys [153784 2017-05-06] (Kaspersky Lab ZAO) R0 CD8ABCCD61; C:\Windows\System32\drivers\CD8ABCCD61.sys [153784 2017-09-01] (Kaspersky Lab ZAO) R0 CD8ABCCD614; C:\Windows\System32\drivers\CD8ABCCD614.sys [153784 2017-09-01] (Kaspersky Lab ZAO) R0 CD8ABCCD6142; C:\Windows\System32\drivers\CD8ABCCD6142.sys [153784 2017-09-01] (Kaspersky Lab ZAO) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [66976 2017-10-22] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2015-12-07] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [53168 2017-10-22] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [785328 2017-10-22] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [44120 2017-10-22] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2015-12-07] (AO Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-10-22] (Malwarebytes) R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [299488 2017-05-25] (Realtek Semiconductor Corp.) S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [982120 2011-07-19] (Realtek Semiconductor Corporation ) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3175128 2015-01-06] (Realtek Semiconductor Corporation ) S0 61162978; system32\drivers\91686485.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-10-23 00:19 - 2017-10-23 00:19 - 000015901 _____ C:\Users\Stas\Downloads\FRST.txt 2017-10-23 00:14 - 2017-10-23 00:17 - 000016662 _____ C:\Users\Stas\Desktop\Kaspersky.txt 2017-10-23 00:10 - 2017-10-23 00:19 - 000000000 ____D C:\FRST 2017-10-23 00:09 - 2017-10-23 00:09 - 001799168 _____ (Farbar) C:\Users\Stas\Downloads\FRST.exe 2017-10-23 00:06 - 2017-10-23 00:06 - 000002104 _____ C:\MalwareBytes_22.10.2017_15;00.txt 2017-10-22 23:55 - 2012-08-03 12:49 - 000034800 _____ (CyberLink Corporation) C:\Windows\system32\Drivers\clwvd.sys 2017-10-22 23:54 - 2017-10-22 23:54 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2017-10-22 23:54 - 2017-10-22 23:54 - 000000000 ____D C:\Program Files\Synaptics 2017-10-22 23:54 - 2015-01-06 11:41 - 003175128 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys 2017-10-22 23:53 - 2017-08-24 03:21 - 001629040 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll 2017-10-22 23:53 - 2017-08-24 03:21 - 000534616 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys 2017-10-22 23:53 - 2017-08-24 03:21 - 000278104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo59.dll 2017-10-22 23:53 - 2017-08-24 03:21 - 000228952 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll 2017-10-22 23:53 - 2017-08-24 03:21 - 000050264 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynRMIHID_Aux.sys 2017-10-22 23:53 - 2017-08-24 03:20 - 000428632 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2017-10-22 23:53 - 2017-08-24 03:20 - 000038488 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel_Aux.sys 2017-10-22 23:53 - 2017-08-24 03:20 - 000037464 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF_Aux.sys 2017-10-22 23:51 - 2013-12-04 23:32 - 008157184 _____ (IDT, Inc.) C:\Windows\system32\IDTNHP.dll 2017-10-22 23:51 - 2013-12-04 23:32 - 008131584 _____ (IDT, Inc.) C:\Windows\system32\IDTNGUI.exe 2017-10-22 23:51 - 2013-12-04 23:32 - 006164480 _____ (IDT, Inc.) C:\Windows\system32\stlang.dll 2017-10-22 23:51 - 2013-12-04 23:32 - 002233344 _____ (IDT, Inc.) C:\Windows\system32\IDTNX.dll 2017-10-22 23:51 - 2013-12-04 23:32 - 001862656 _____ (IDT, Inc.) C:\Windows\system32\IDTNCPL.cpl 2017-10-22 23:51 - 2013-12-04 23:32 - 001704028 _____ (IDT, Inc.) C:\Windows\sttray.exe 2017-10-22 23:51 - 2013-12-04 23:32 - 000571392 ____N (IDT, Inc.) C:\Windows\system32\stapi32.dll 2017-10-22 23:51 - 2013-12-04 23:32 - 000536576 _____ (IDT, Inc.) C:\Windows\system32\idtmini1.exe 2017-10-22 23:51 - 2013-12-04 23:32 - 000253952 _____ (IDT, Inc.) C:\Windows\system32\IDTNJ.exe 2017-10-22 23:51 - 2012-02-23 14:31 - 000086544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW73.sys 2017-10-22 23:50 - 2017-10-22 23:51 - 000000000 ____D C:\Program Files\IDT 2017-10-22 23:50 - 2017-10-22 23:50 - 000000000 ____D C:\Windows\system32\SRSLabs 2017-10-22 23:49 - 2013-12-04 23:32 - 001478656 _____ (IDT, Inc.) C:\Windows\system32\stapo.dll 2017-10-22 23:49 - 2013-12-04 23:32 - 000459264 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt.sys 2017-10-22 23:49 - 2013-12-04 23:32 - 000454656 _____ (IDT, Inc.) C:\Windows\system32\stcplx.dll 2017-10-22 23:49 - 2013-12-04 23:32 - 000211968 _____ (IDT, Inc.) C:\Windows\system32\st326498.dll 2017-10-22 23:48 - 2015-03-30 03:38 - 000073928 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys 2017-10-22 23:48 - 2015-03-30 03:38 - 000036040 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys 2017-10-22 23:46 - 2017-10-22 23:55 - 000000000 ____D C:\Windows\LastGood 2017-10-22 23:46 - 2017-10-22 23:46 - 000000000 ____D C:\Windows\system32\sda 2017-10-22 23:46 - 2017-09-19 01:07 - 000805856 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys 2017-10-22 23:46 - 2017-09-19 01:07 - 000109024 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll 2017-10-22 23:46 - 2017-05-25 04:23 - 009890816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsCRIcon.dll 2017-10-22 23:46 - 2017-05-25 04:23 - 003570176 _____ (Realtek Semiconductor Corp.) C:\Windows\RtCRU32.exe 2017-10-22 23:46 - 2017-05-25 04:23 - 000299488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys 2017-10-22 23:46 - 2017-05-25 04:23 - 000074752 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX.dll 2017-10-22 23:38 - 2017-10-22 23:38 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-10-22 23:34 - 2017-10-22 23:45 - 000000000 ____D C:\Users\Stas\Downloads\SDI_R1790 2017-10-22 23:33 - 2017-10-22 23:33 - 004206193 _____ C:\Users\Stas\Downloads\SDI_R1790.zip 2017-10-22 17:15 - 2017-10-22 18:10 - 000000000 ____D C:\Program Files\Common Files\AV 2017-10-22 17:03 - 2017-10-22 17:03 - 000002374 _____ C:\Users\Stas\Desktop\Bezpieczne pieniądze.lnk 2017-10-22 17:02 - 2017-10-22 17:02 - 000002114 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2017-10-22 17:02 - 2017-10-22 17:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2017-10-22 17:01 - 2017-10-23 00:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-10-22 17:01 - 2017-10-22 17:15 - 000785328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2017-10-22 17:01 - 2017-10-22 17:01 - 000000000 ____D C:\Windows\ELAMBKUP 2017-10-22 17:01 - 2017-10-22 17:01 - 000000000 ____D C:\Program Files\Kaspersky Lab 2017-10-22 17:01 - 2015-12-07 19:54 - 000147328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2017-10-22 14:54 - 2017-10-22 15:56 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-10-22 14:54 - 2017-10-22 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-10-22 14:54 - 2017-10-22 14:54 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-10-22 14:54 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys 2017-10-22 14:02 - 2017-10-22 14:02 - 000000000 ____D C:\Program Files\Malwarebytes 2017-10-22 14:00 - 2017-10-22 14:01 - 071535032 _____ (Malwarebytes ) C:\Users\Stas\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe 2017-10-22 13:46 - 2016-04-01 20:56 - 162692312 _____ (Kaspersky Lab) C:\kis16.0.0.614pl-pl.exe 2017-10-22 13:46 - 2016-03-31 19:08 - 002892288 _____ (Collective Intelligence forum.ru-board) C:\KRT_5.0.0.112.exe 2017-10-05 09:00 - 2017-10-05 09:00 - 000000940 _____ C:\Windows\system32\Underwear_ white jacket, white bra, white lace, lingerie, white lingerie, sexy lingerie, bralette, lace bralette, top, bra, white, lace bra, pantys, set, lace, white sexy laced, lingerie set, thong, la.lnk 2017-10-05 08:59 - 2017-10-05 08:59 - 000029468 _____ C:\Users\Stas\Desktop\d63f11db414086b96d64c37f4c19 2017-10-05 08:58 - 2017-10-05 08:58 - 000029468 _____ C:\Users\Stas\Desktop\d63f11db414086b96d64c37f4c19 (1) 2017-10-05 08:57 - 2017-10-05 08:57 - 000029468 _____ C:\Users\Stas\Downloads\d63f11db414086b96d64c37f4c19 ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-10-23 00:14 - 2009-07-14 06:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-10-23 00:14 - 2009-07-14 06:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-10-22 23:55 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf 2017-10-22 23:31 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-22 23:28 - 2017-05-06 17:22 - 000000000 ____D C:\AdwCleaner 2017-10-22 22:22 - 2014-12-02 13:59 - 000000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4113310034-2617919798-1752997-1000UA.job 2017-10-22 17:15 - 2015-06-11 19:32 - 000044120 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys 2017-10-22 17:14 - 2015-06-06 08:48 - 000066976 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldisk.sys 2017-10-22 17:07 - 2014-12-13 22:20 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-10-22 17:07 - 2014-12-13 22:20 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-10-22 17:07 - 2014-12-13 22:20 - 000000000 ____D C:\Windows\system32\Macromed 2017-10-22 17:05 - 2015-12-07 19:54 - 000053168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2017-10-22 16:56 - 2017-05-04 20:59 - 003275928 _____ C:\Windows\ntbtlog.txt 2017-10-22 12:09 - 2009-07-14 01:57 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe 2017-10-22 12:02 - 2010-11-20 23:29 - 000941568 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe 2017-10-22 12:02 - 2009-07-14 01:25 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\colorcpl.exe 2017-10-22 12:02 - 2009-07-14 01:16 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\dinotify.exe 2017-10-22 12:02 - 2009-07-14 01:12 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\BdeUnlockWizard.exe 2017-10-22 12:01 - 2009-07-14 01:41 - 000179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2017-10-22 11:30 - 2014-12-02 14:30 - 000000000 ____D C:\Users\Stas\Documents\Youcam 2017-10-22 11:30 - 2014-02-18 22:45 - 000000000 ____D C:\Users\Stas\Documents\My Skype Pictures 2017-10-11 13:22 - 2014-12-02 13:59 - 000000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4113310034-2617919798-1752997-1000Core.job 2017-09-26 23:21 - 2015-05-23 19:50 - 000002151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-08-30 16:35 - 2017-08-30 16:35 - 000044584 _____ () C:\Users\Stas\AppData\Local\ListHost12.txt 2017-05-06 18:24 - 2017-05-06 18:24 - 000000000 _____ () C:\Users\Stas\AppData\Local\{4D0D53BC-8020-4CFC-A836-98E698BE785C} 2015-10-31 01:43 - 2015-10-31 01:47 - 000000000 _____ () C:\Users\Stas\AppData\Local\{62F2F5BD-6207-4A6C-A538-F4B66EC5732D} 2014-12-30 08:56 - 2014-12-30 08:56 - 000000000 _____ () C:\Users\Stas\AppData\Local\{731C0073-2E7F-456F-833B-84D0784B8759} 2015-01-10 22:03 - 2015-01-10 22:08 - 000000000 _____ () C:\Users\Stas\AppData\Local\{7F3114ED-3D54-4B0F-9987-4E0F99001DD6} 2016-05-30 12:28 - 2016-05-30 12:28 - 000000000 _____ () C:\Users\Stas\AppData\Local\{9FCE8B92-A4F0-4510-9E3D-A51180107852} Niektóre pliki w TEMP: ==================== 2014-06-30 22:39 - 2015-02-14 20:11 - 000000000 ____D () C:\Users\Stas\AppData\Local\Temp\avgnt.exe 2017-10-22 14:01 - 2017-10-22 14:01 - 071535032 _____ (Malwarebytes ) C:\Users\Stas\AppData\Local\Temp\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe 2015-03-12 12:42 - 2015-03-18 08:47 - 045209696 _____ (Skype Technologies S.A.) C:\Users\Stas\AppData\Local\Temp\SkypeSetup.exe 2017-03-02 15:58 - 2017-03-02 15:58 - 014456872 _____ (Microsoft Corporation) C:\Users\Stas\AppData\Local\Temp\vc_redist.x86.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe [2011-05-11 17:31] - [2017-09-01 11:59] - 002616320 _____ (Microsoft Corporation) D8A1D0FE047B04255AA0B5E6C90AF8D3 C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe [2010-11-20 23:29] - [2017-09-01 11:59] - 000026624 _____ (Microsoft Corporation) 22127B5ACD77C1FEE22A0FC936C5A6AE C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-07-25 10:42 ==================== Koniec FRST.txt ============================