Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 25-01-2017 01 Uruchomiony przez Adam (administrator) ADAM-KOMPUTER (26-01-2017 13:48:24) Uruchomiony z C:\Users\Adam\Downloads\antywirusy Załadowane profile: Adam (Dostępne profile: Adam & Ogrodnictwo) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe (Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) C:\Windows\System32\HPSIsvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmservice.exe () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn.exe (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn64.exe (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM-x32\...\Run: [Orange_Poland LINKS ModemListener] => C:\Program Files (x86)\Airbox\Y858_Poland\BackgroundService\ModemListener.exe start HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd) HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\...\MountPoints2: L - L:\Setup.exe HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\...\MountPoints2: {037f210d-bb9b-11e5-b41c-46c46400d0da} - G:\AutoRun.exe HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\...\MountPoints2: {0cbda6a5-b14c-11e4-9b61-bc5ff41f1675} - F:\AutoRun.exe HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\...\MountPoints2: {1b4bc078-b558-11e4-ad09-bc5ff41f1675} - E:\AutoRun.exe HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\...\MountPoints2: {1b4bc122-b558-11e4-ad09-bc5ff41f1675} - F:\.\StartModem.exe HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\...\MountPoints2: {357a5f8d-baab-11e4-bce1-806e6f6e6963} - E:\autorun.exe HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\...\MountPoints2: {7d202014-b326-11e4-ae1f-bc5ff41f1675} - L:\Setup.exe HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\...\MountPoints2: {99a84a69-b752-11e5-b91c-bc5ff41f1675} - K:\autorun.exe HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\...\MountPoints2: {f332dab1-65cf-11e5-82bb-bc5ff41f1675} - F:\AutoRun.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku GroupPolicy: Ograniczenia - Chrome <======= UWAGA GroupPolicyScripts-x32: Ograniczenia <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{288A73ED-8E3E-471A-BB37-54A454618348}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{37E63E3C-03E3-41B7-BA23-5B9C1D038FAD}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{474E61FA-38AF-4233-B04C-FB94A8A037FF}: [NameServer] 212.113.0.3 66.28.0.45 Tcpip\..\Interfaces\{7F572D91-81F6-4616-BDE3-B304D28E3EE6}: [NameServer] 194.204.152.34 194.204.159.1 Tcpip\..\Interfaces\{FC280F78-7411-4455-9A70-87F039F77E5B}: [NameServer] 89.108.195.20 89.108.202.20 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1438283286&z=0b1bfe4a24b08a9d7a9448fg4z4c2b1obb0cdoac0g&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1438283286&z=0b1bfe4a24b08a9d7a9448fg4z4c2b1obb0cdoac0g&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1438283363&z=df9f3771dbf51faf301f6c0gbz3cbb3o9b3c0c2eam&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1438283363&z=df9f3771dbf51faf301f6c0gbz3cbb3o9b3c0c2eam&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1438283286&z=0b1bfe4a24b08a9d7a9448fg4z4c2b1obb0cdoac0g&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1438283286&z=0b1bfe4a24b08a9d7a9448fg4z4c2b1obb0cdoac0g&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&q={searchTerms} HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=dspp&ts=1438283363&z=df9f3771dbf51faf301f6c0gbz3cbb3o9b3c0c2eam&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&q={searchTerms} HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1438283363&z=df9f3771dbf51faf301f6c0gbz3cbb3o9b3c0c2eam&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_25&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtC0FtCyCyByDtA0EzyyEtN0D0Tzu0StCtByCtCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0F0FtA0A0CyCyDtGtByB0CtBtG0CtCzz0CtGyC0E0D0FtGzzyEyEtAtB0C0BtD0AyDyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtB0AyByByByCtGzytCtA0CtGyEtA0E0BtG0A0DtA0BtGzzzz0EtA0AyEzztBzz0CtAtA2QtN0A0LzutBtN1B2Z1V1T1S1NzuzztByD&cr=1346100435&ir= SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3211495807-2250388596-1896275332-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-3211495807-2250388596-1896275332-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Brak pliku BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-09] (Google Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-08] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-09] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-08] (Oracle Corporation) BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-09] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-09] (Google Inc.) Toolbar: HKU\S-1-5-21-3211495807-2250388596-1896275332-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-09] (Google Inc.) FireFox: ======== FF DefaultProfile: gxhmdvrx.default FF ProfilePath: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\gxhmdvrx.default [2017-01-26] FF user.js: detected! => C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\gxhmdvrx.default\user.js [2015-08-03] FF NewTab: Mozilla\Firefox\Profiles\gxhmdvrx.default -> chrome://quick_start/content/index.html FF DefaultSearchEngine: Mozilla\Firefox\Profiles\gxhmdvrx.default -> istartsurf FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gxhmdvrx.default -> istartsurf FF Homepage: Mozilla\Firefox\Profiles\gxhmdvrx.default -> hxxp://www.gazeta.pl/0,0.html?p=137 FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\gxhmdvrx.default\extensions\defsearchp@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\gxhmdvrx.default\extensions\deskCutv2@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox FF Extension: (Brak nazwy) - C:\Program Files (x86)\PremierOpinion\firefox [2016-12-30] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-07] (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] () FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-08] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 4 CHR HomePage: Profile 4 -> hxxp://www.google.pl/ CHR StartupUrls: Profile 4 -> "hxxp://www.onet.pl/","chrome://history/" CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-26] CHR Extension: (RescueTime for Chrome ChromeOS) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\bdakmnplckeopfghnlpocafcepegjeap [2015-07-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Smart Pause for YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\dcflkimagfnicklojfonbbcppnikogih [2015-07-29] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (InstaBrowser) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\ighkeghglkbljjmoineeppdkailinjii [2015-08-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Adblock for Pirate Bay) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2015-07-22] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (RDS bar seo pagerank dmoz alexa pr) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho [2015-07-23] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-01-26] CHR Extension: (dregol New Tab) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2016-10-30] CHR Extension: (myTaste Browser Button) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kmfnnmioagmcopmmbdfpodhcpnehddbi [2017-01-26] CHR Extension: (Palikan New Tab) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ljibkigjccbegnbeojkoafejpoiachej [2016-10-30] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Chrome Media Router) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15] CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3211495807-2250388596-1896275332-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files (x86)\PremierOpinion\pmcm.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2016-10-05] (Byte Technologies LLC) R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [Brak podpisu cyfrowego] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2011-06-17] () R2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe [205760 2016-09-23] (VoiceFive, Inc.) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254280 2016-10-30] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2010-06-09] (Windows (R) Codename Longhorn DDK provider) S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-13] (Disc Soft Ltd) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2015-02-21] (FNet Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.) R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation) S3 mtkmbim; C:\Windows\System32\DRIVERS\mtkmbim7_x64.sys [208896 2012-12-13] (MediaTek Inc.) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S1 prodrv06; C:\Windows\SysWOW64\drivers\prodrv06.sys [79488 2004-05-13] (Protection Technology) [Brak podpisu cyfrowego] S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [111808 2004-05-13] (Protection Technology) [Brak podpisu cyfrowego] S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [Brak podpisu cyfrowego] S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [Brak podpisu cyfrowego] S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2007-12-03] (Windows (R) Codename Longhorn DDK provider) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [81408 2013-02-21] (MediaTek Inc.) U0 aswVmm; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-26 13:47 - 2017-01-26 13:48 - 00000000 ____D C:\FRST 2017-01-26 13:39 - 2017-01-26 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion 2017-01-26 09:01 - 2017-01-26 13:48 - 00000000 ____D C:\Users\Adam\Downloads\antywirusy 2017-01-26 08:56 - 2017-01-26 08:56 - 04977796 _____ C:\Users\Adam\Downloads\Oferta ważna od 24.01 do 05.02.2017.pdf 2017-01-26 08:35 - 2017-01-26 08:35 - 00003304 ____N C:\bootsqm.dat 2017-01-25 01:06 - 2017-01-25 01:06 - 00000000 ____D C:\Users\Adam\Desktop\Raport zgodności z systemem Windows_files 2017-01-25 00:22 - 2017-01-25 00:22 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys 2017-01-24 15:29 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2017-01-24 15:29 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2017-01-24 15:29 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2017-01-24 15:29 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2017-01-24 15:29 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2017-01-24 15:28 - 2017-01-24 15:28 - 00001171 _____ C:\Users\Adam\Desktop\Farming Simulator 17 .lnk 2017-01-24 15:28 - 2017-01-24 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 2017 2017-01-24 15:18 - 2017-01-24 15:28 - 00000000 ____D C:\Program Files (x86)\Farming Simulator 2017 2017-01-24 07:43 - 2017-01-24 07:43 - 04977796 _____ C:\Users\Adam\Documents\Oferta ważna od 24.01 do 05.02.2017.pdf 2017-01-22 23:12 - 2017-01-22 23:12 - 00059821 _____ C:\Users\Adam\Documents\10445905_F_30062412_12_16_F.pdf 2017-01-19 17:02 - 2017-01-19 17:02 - 00001043 _____ C:\Users\Public\Desktop\PIT-Y.pl 2017.lnk 2017-01-19 17:02 - 2017-01-19 17:02 - 00000000 ____D C:\Users\Adam\AppData\Roaming\PIT-Y.pl 2017 2017-01-19 17:02 - 2017-01-19 17:02 - 00000000 ____D C:\ProgramData\PIT-Y.pl 2017 2017-01-19 17:02 - 2017-01-19 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIT-Y 2017-01-19 17:02 - 2017-01-19 17:02 - 00000000 ____D C:\Program Files (x86)\PIT-Y.pl 2017 2017-01-19 17:01 - 2017-01-19 17:01 - 05162720 _____ (GP SOFT ) C:\Users\Adam\Documents\PIT-Y2017Setup.exe 2017-01-19 16:57 - 2017-01-19 16:57 - 24332048 _____ (e-file sp. z o.o. sp.k. ) C:\Users\Adam\Documents\setup_e-pity2016_lpabcp36.exe 2017-01-16 21:45 - 2017-01-16 21:45 - 09062431 _____ C:\Users\Adam\Documents\Oferta ważna od 17.01 do 22.01.2017 (1).pdf 2017-01-16 11:59 - 2017-01-16 11:59 - 09062431 _____ C:\Users\Adam\Documents\Oferta ważna od 17.01 do 22.01.2017.pdf 2017-01-09 14:37 - 2017-01-09 14:37 - 05362486 _____ C:\Users\Adam\Documents\Oferta ważna od 10.01.2017 do 22.01.2017.pdf 2017-01-08 07:55 - 2017-01-08 08:05 - 00000000 ____D C:\Users\Adam\AppData\Local\Microsoft Games 2017-01-04 22:38 - 2017-01-04 22:38 - 07641692 _____ C:\Users\Adam\Documents\Oferta ważna od 03.01.2017 do 08.01.2017.pdf 2017-01-03 21:30 - 2017-01-03 21:30 - 00056269 _____ C:\Users\Adam\Downloads\smime (14).p7m 2017-01-03 21:29 - 2017-01-03 21:29 - 00041501 _____ C:\Users\Adam\Downloads\WYCIAG_BANKOWY_6134_5X409G_001_M_0001-2016_WRE_2016-12-02.pdf 2017-01-03 21:25 - 2017-01-03 21:26 - 00041501 _____ C:\Users\Adam\Downloads\WYCIAG_BANKOWY_6134_5X409G_001_M_0002-2016_WRE_2017-01-02.pdf 2017-01-01 18:04 - 2017-01-01 18:04 - 07642767 _____ C:\Users\Adam\Downloads\Oferta ważna od 28.12.2016 do 08.01.2017 (1).pdf 2016-12-30 18:09 - 2016-12-31 00:23 - 00524288 ___SH C:\Users\Adam\ntuser.dat{247bcd98-ce9f-11e6-a9cd-bc5ff41f1675}.TMContainer00000000000000000002.regtrans-ms 2016-12-30 18:09 - 2016-12-31 00:23 - 00524288 ___SH C:\Users\Adam\ntuser.dat{247bcd98-ce9f-11e6-a9cd-bc5ff41f1675}.TMContainer00000000000000000001.regtrans-ms 2016-12-30 18:09 - 2016-12-31 00:23 - 00065536 ___SH C:\Users\Adam\ntuser.dat{247bcd98-ce9f-11e6-a9cd-bc5ff41f1675}.TM.blf 2016-12-30 12:25 - 2016-12-30 12:25 - 00504972 _____ C:\Users\Adam\Downloads\F004668328101216.zip 2016-12-28 05:34 - 2016-12-28 05:34 - 07642767 _____ C:\Users\Adam\Downloads\Oferta ważna od 28.12.2016 do 08.01.2017.pdf 2016-12-27 06:16 - 2016-12-27 06:16 - 00502561 _____ C:\Users\Adam\Downloads\56348590_F_30001938_12_16_F.pdf 2016-12-27 06:10 - 2016-12-27 06:10 - 00254707 _____ C:\Users\Adam\Downloads\F004668328101016 (1).zip 2016-12-27 06:09 - 2017-01-26 13:45 - 02230102 _____ C:\Users\Adam\Downloads\F004668328101116 (1).zip 2016-12-27 06:09 - 2016-12-27 06:09 - 00313837 _____ C:\Users\Adam\Downloads\F004668328101116.zip ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-26 13:43 - 2015-08-16 13:29 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-26 13:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2017-01-26 13:42 - 2009-07-14 18:55 - 00738970 _____ C:\Windows\system32\perfh015.dat 2017-01-26 13:42 - 2009-07-14 18:55 - 00155080 _____ C:\Windows\system32\perfc015.dat 2017-01-26 13:42 - 2009-07-14 06:13 - 01666088 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-26 13:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-01-26 13:39 - 2015-08-18 17:04 - 00000000 ____D C:\Users\Adam\AppData\Roaming\AIMP3 2017-01-26 13:39 - 2015-02-15 04:56 - 00000000 ____D C:\Windows\Minidump 2017-01-26 13:37 - 2016-10-30 07:53 - 00000000 ____D C:\Program Files\ByteFence 2017-01-26 13:37 - 2015-04-04 20:34 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2017-01-26 13:36 - 2015-03-31 13:42 - 00000356 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2017-01-26 13:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-26 08:51 - 2009-07-14 05:45 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-26 08:51 - 2009-07-14 05:45 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-26 08:39 - 2015-09-09 17:58 - 00000000 ____D C:\Program Files (x86)\PremierOpinion 2017-01-25 16:44 - 2015-03-31 13:42 - 00002720 _____ C:\Windows\System32\Tasks\DriverToolkit Autorun 2017-01-25 08:03 - 2015-02-23 11:20 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-25 01:06 - 2016-01-05 19:17 - 00067260 _____ C:\Users\Adam\Desktop\Raport zgodności z systemem Windows.htm 2017-01-25 00:09 - 2016-05-12 21:17 - 00000000 ____D C:\Gratka 2017-01-24 20:22 - 2015-10-17 21:05 - 00000000 ____D C:\Users\Adam\Documents\My Games 2017-01-22 21:58 - 2016-10-30 07:59 - 00099384 _____ C:\Users\Adam\AppData\Roaming\inst.exe 2017-01-22 21:58 - 2016-10-30 07:59 - 00082816 _____ (VSO Software) C:\Users\Adam\AppData\Roaming\pcouffin.sys 2017-01-22 21:58 - 2016-10-30 07:59 - 00007859 _____ C:\Users\Adam\AppData\Roaming\pcouffin.cat 2017-01-22 21:58 - 2016-10-30 07:59 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Vso 2017-01-21 17:37 - 2015-11-01 16:13 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-01-13 09:40 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-01-12 15:04 - 2015-03-03 16:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2017-01-11 20:00 - 2015-10-22 17:02 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-01-10 17:44 - 2015-11-01 16:13 - 00003994 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-01-10 17:44 - 2015-08-16 13:29 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-01-10 17:44 - 2015-08-16 13:29 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-01-10 17:44 - 2015-08-16 13:29 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-01-10 17:43 - 2015-02-11 21:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-10 17:43 - 2015-02-11 21:08 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-30 23:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\config\TxR 2016-12-30 18:09 - 2015-03-30 12:21 - 00000000 ____D C:\Users\Ogrodnictwo 2016-12-30 18:09 - 2015-02-10 17:49 - 00000000 ____D C:\Users\Adam 2016-12-30 18:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Tasks 2016-12-30 18:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\wbem 2016-12-30 18:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\config\systemprofile 2016-12-30 18:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2016-12-30 18:00 - 2015-02-19 06:39 - 00000000 ____D C:\Users\Adam\AppData\Local\ElevatedDiagnostics 2016-12-29 19:55 - 2015-02-11 21:07 - 00000000 ___SD C:\Users\Adam\AppData\LocalLow\Microsoft 2016-12-29 19:51 - 2016-10-30 07:57 - 00000000 ____D C:\ProgramData\VSO ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-08-01 11:08 - 2015-08-01 11:08 - 0000079 _____ () C:\Program Files (x86)\prefs.js 2015-07-13 14:06 - 2015-07-31 10:18 - 0000024 _____ () C:\Users\Adam\AppData\Roaming\appdataFr25.bin 2015-07-30 20:07 - 2015-07-30 20:07 - 0031564 _____ () C:\Users\Adam\AppData\Roaming\ICSW_1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1ItJ1V0O1E1P1C1T1V0I0C.txt 2016-10-30 07:59 - 2017-01-22 21:58 - 0099384 _____ () C:\Users\Adam\AppData\Roaming\inst.exe 2016-10-30 07:59 - 2017-01-22 21:58 - 0007859 _____ () C:\Users\Adam\AppData\Roaming\pcouffin.cat 2016-10-30 07:59 - 2017-01-22 21:58 - 0001167 _____ () C:\Users\Adam\AppData\Roaming\pcouffin.inf 2016-10-30 07:59 - 2017-01-22 21:58 - 0000055 _____ () C:\Users\Adam\AppData\Roaming\pcouffin.log 2016-10-30 07:59 - 2017-01-22 21:58 - 0082816 _____ (VSO Software) C:\Users\Adam\AppData\Roaming\pcouffin.sys 2015-03-17 23:58 - 2015-03-17 23:58 - 0000764 _____ () C:\Users\Adam\AppData\Local\recently-used.xbel 2016-01-04 21:42 - 2016-01-04 21:42 - 0007602 _____ () C:\Users\Adam\AppData\Local\Resmon.ResmonCfg 2015-03-31 23:20 - 2015-03-31 23:20 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip 2015-02-16 15:10 - 2012-08-31 09:49 - 0024772 _____ () C:\ProgramData\P1210DEF.css 2015-02-16 15:10 - 2016-11-20 15:48 - 0015169 _____ () C:\ProgramData\P1210OS.HTM 2015-02-16 15:10 - 2012-08-31 09:49 - 0002944 _____ () C:\ProgramData\P1210SIG.GIF Niektóre zerobajtowe pliki/foldery: ========================== C:\Windows\SysWOW64\mfc100jpn.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-01-05 06:17 ==================== Koniec FRST.txt ============================