Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:15-09-2015 Uruchomiony przez Stefan (administrator) STEFAN-HP (20-09-2015 19:17:38) Uruchomiony z C:\Users\Stefan\Desktop Załadowane profile: Stefan (Dostępne profile: Stefan) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (BIGDOG) C:\Windows\VM_STI.EXE (AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\osk.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2014-10-05] (Synaptics Incorporated) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-10-05] (IDT, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2014-10-05] (Renesas Electronics Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [VM_STI] => C:\Windows\VM_STI.exe [40960 2004-06-09] (BIGDOG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2469171809-464102732-1853336734-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-2469171809-464102732-1853336734-1001\...\Run: [Viber] => C:\Users\Stefan\AppData\Local\Viber\Viber.exe [72389840 2015-08-12] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2015-09-20] ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CB4FEB3C-233B-4B8F-A52C-D2A217A47E69}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-2469171809-464102732-1853336734-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggScw8ABQ4TRBhHdwtdTA1FRAUOIl0LAxQSRwYTcF0PAgxARQIFIk0FA1ADB0VXfVBdFElXTwh0IVdcBEszVEdQNA== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2469171809-464102732-1853336734-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2469171809-464102732-1853336734-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggScw8ABQ4TRBhHdwtdTA1FRAUOIl0LAxQSRwYTcF0PAgxARQIFIk0FA1ADB0VXfVBdFElXTwh0IVdcBEszVEdQNA== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgLVwEVFldGbV0PU1xcFQFGcBRaBQoTDFZFcwkIBQ4SFARHdx9aFQQTSEcFME0FCFwEURNNfW5ZD10UU3dWMkpM&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgLVwEVFldGbV0PU1xcFQFGcBRaBQoTDFZFcwkIBQ4SFARHdx9aFQQTSEcFME0FCFwEURNNfW5ZD10UU3dWMkpM&q={searchTerms} SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2469171809-464102732-1853336734-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgLVwEVFldGbV0PU1xcFQFGcBRaBQoTDFZFcwkIBQ4SFARHdx9aFQQTSEcFME0FCFwEURNNfW5ZD10UU3dWMkpM&q={searchTerms} SearchScopes: HKU\S-1-5-21-2469171809-464102732-1853336734-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgLVwEVFldGbV0PU1xcFQFGcBRaBQoTDFZFcwkIBQ4SFARHdx9aFQQTSEcFME0FCFwEURNNfW5ZD10UU3dWMkpM&q={searchTerms} BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-26] (Oracle Corporation) BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-17] (HP) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation) BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-28] (Oracle Corporation) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-17] (HP) BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-28] (Oracle Corporation) DPF: HKLM-x32 {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-09-04] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-09-04] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-09-04] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-09-04] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-28] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-30] () FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-30] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-30] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-30] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-30] FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-30] Chrome: ======= CHR dev: Chrome dev build wykryto! <======= UWAGA CHR StartupUrls: Default -> "hxxps://www.google.pl/" CHR Profile: C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Przelewy24) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2015-05-04] CHR Extension: (Kaspersky Protection) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-30] CHR Extension: (Transferuj.pl) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamjcgdmfcciglelnlngnknalhbhmkif [2015-05-04] CHR Extension: (AdBlock) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-04] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-04] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-29] (Kaspersky Lab ZAO) R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [Brak podpisu cyfrowego] S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [Brak podpisu cyfrowego] S2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [Brak podpisu cyfrowego] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2014-10-05] (Realsil Microelectronics Inc.) [Brak podpisu cyfrowego] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] () S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-29] (Kaspersky Lab UK Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-07-26] (Sony Mobile Communications) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-29] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-29] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-29] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-29] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [850608 2015-06-29] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-29] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-29] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-29] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-29] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-29] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-29] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-06-29] (Kaspersky Lab ZAO) S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [432512 2006-06-06] (VM) U3 catchme; \??\C:\ComboFix\catchme.sys [X] U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] U3 uxdcrpob; \??\C:\Users\Stefan\AppData\Local\Temp\uxdcrpob.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-09-20 19:17 - 2015-09-20 19:17 - 00020488 _____ C:\Users\Stefan\Desktop\FRST.txt 2015-09-20 19:17 - 2015-09-20 19:17 - 00000000 ____D C:\FRST 2015-09-20 19:16 - 2015-09-20 19:17 - 00220521 _____ C:\Users\Stefan\Desktop\GMER.txt 2015-09-20 19:02 - 2015-09-20 19:02 - 02191360 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe 2015-09-20 19:02 - 2015-09-20 19:02 - 00380416 _____ C:\Users\Stefan\Desktop\4zy1lmjm.exe 2015-09-20 18:56 - 2015-09-20 18:56 - 00019084 _____ C:\ComboFix.txt 2015-09-20 18:27 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-09-20 18:27 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-09-20 18:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-09-20 18:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-09-20 18:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-09-20 18:27 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-09-20 18:27 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-09-20 18:27 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-09-20 18:22 - 2015-09-20 18:22 - 00000056 _____ C:\Windows\setupact.log 2015-09-20 18:22 - 2015-09-20 18:22 - 00000000 _____ C:\Windows\setuperr.log 2015-09-20 18:18 - 2015-09-20 18:18 - 00000000 ____D C:\Users\Stefan\AppData\Local\AdFender 2015-09-20 18:18 - 2015-09-20 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender 2015-09-20 18:18 - 2015-09-20 18:18 - 00000000 ____D C:\ProgramData\AdFender 2015-09-20 18:18 - 2015-09-20 18:18 - 00000000 ____D C:\Program Files (x86)\AdFender 2015-09-20 18:13 - 2015-09-20 18:56 - 00000000 ____D C:\Qoobox 2015-09-20 18:12 - 2015-09-20 18:55 - 00000000 ____D C:\Windows\erdnt 2015-09-20 17:59 - 2015-09-20 17:59 - 05635119 ____R (Swearware) C:\Users\Stefan\Desktop\ComboFix.exe 2015-09-20 17:51 - 2015-09-20 17:51 - 00000000 _____ C:\autoexec.bat 2015-09-20 16:09 - 2015-09-20 16:11 - 00000000 ____D C:\AdwCleaner 2015-09-18 19:59 - 2015-09-18 20:02 - 00000000 ____D C:\Users\Stefan\Desktop\hh 2015-09-17 23:13 - 2015-09-20 18:22 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-17 23:13 - 2015-09-20 18:20 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-17 23:13 - 2015-09-17 23:15 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-17 23:13 - 2015-09-17 23:15 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-17 23:13 - 2015-09-17 23:13 - 00000000 ____D C:\Program Files (x86)\GUMB4BE.tmp 2015-09-05 10:44 - 2015-09-05 10:53 - 69248100 _____ C:\Users\Stefan\Desktop\20150830_124255.mp4 2015-08-30 10:26 - 2015-08-30 10:26 - 00002330 _____ C:\Users\Stefan\Desktop\Bezpieczne pieniądze.lnk 2015-08-30 10:17 - 2015-08-30 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-08-30 10:17 - 2015-08-30 10:16 - 00002140 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2015-08-30 10:16 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2015-08-30 10:15 - 2015-09-20 18:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-08-30 10:15 - 2015-08-30 10:15 - 00000000 ____D C:\Windows\ELAMBKUP 2015-08-30 10:15 - 2015-08-30 10:15 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2015-08-30 10:15 - 2015-06-29 21:15 - 00850608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-08-30 10:15 - 2015-06-29 21:15 - 00225976 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-08-30 10:15 - 2015-06-29 21:15 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-08-30 10:06 - 2015-08-30 10:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2015-08-29 23:00 - 2015-08-29 23:22 - 00000000 ____D C:\Users\Stefan\Desktop\MAD.MAX.2015.PL.RAV.1.37GB 2015-08-29 19:37 - 2015-08-29 23:01 - 00000000 ____D C:\Users\Stefan\Desktop\[ DARMOWE-TORENTY.PL ] Harry Potter i Insygnia Śmierci Część II 2015-08-23 10:12 - 2015-08-23 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Odkurzacz ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-09-20 19:06 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-20 19:06 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-20 18:56 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-09-20 18:54 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-09-20 18:43 - 2014-10-04 12:54 - 01606596 _____ C:\Windows\WindowsUpdate.log 2015-09-20 18:29 - 2011-09-04 09:25 - 00697912 _____ C:\Windows\system32\perfh015.dat 2015-09-20 18:29 - 2011-09-04 09:25 - 00134990 _____ C:\Windows\system32\perfc015.dat 2015-09-20 18:29 - 2009-07-14 07:13 - 01549696 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-20 18:23 - 2015-06-16 19:03 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\ViberPC 2015-09-20 18:22 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-20 17:50 - 2014-10-04 13:26 - 00000000 ____D C:\Users\Stefan 2015-09-20 17:01 - 2014-10-04 13:36 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2015-09-20 16:18 - 2014-10-06 12:14 - 00000000 ____D C:\Users\Stefan\Desktop\Skróty 2015-09-18 11:02 - 2014-10-04 13:29 - 00000000 ____D C:\Users\Stefan\AppData\Local\Google 2015-09-16 23:50 - 2015-07-05 16:08 - 00000000 ____D C:\Users\Stefan\.dreamstream 2015-09-03 19:48 - 2015-03-27 18:42 - 00000000 ____D C:\Users\Stefan\Desktop\Ola 2015-09-03 17:34 - 2014-10-06 12:33 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\uTorrent 2015-08-30 21:54 - 2014-10-09 07:37 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\vlc 2015-08-30 11:33 - 2015-07-26 15:11 - 00000000 ____D C:\Program Files (x86)\LiveReader 2015-08-23 10:22 - 2011-09-06 22:24 - 00000000 ____D C:\Users\Stefan\Desktop\Paulinka 2015-08-23 10:21 - 2012-07-19 20:23 - 00000000 ____D C:\Users\Stefan\Desktop\Dysk D 2015-08-23 10:12 - 2015-05-04 13:35 - 00000000 ____D C:\Program Files (x86)\Odkurzacz 2015-08-23 09:47 - 2015-06-16 19:03 - 00000998 _____ C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk 2015-08-23 09:47 - 2015-06-16 19:03 - 00000000 ____D C:\Users\Stefan\AppData\Local\Viber ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-10-05 15:34 - 2014-10-05 15:34 - 0000000 _____ () C:\Users\Stefan\AppData\Roaming\monFDE.log 2015-01-14 13:49 - 2015-05-04 12:29 - 0000088 _____ () C:\Users\Stefan\AppData\Roaming\WB.CFG 2015-03-24 13:17 - 2015-05-04 11:22 - 0006144 _____ () C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-09-11 10:10 ==================== Koniec FRST.txt ============================