Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20-08-2017 Uruchomiony przez Tomek (administrator) TOMEK-KOMPUTER (04-09-2017 22:07:58) Uruchomiony z C:\Users\Tomek\Downloads Załadowane profile: Tomek (Dostępne profile: Tomek) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Valve Corporation) D:\steam\Steam.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Valve Corporation) D:\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) D:\steam\bin\cef\cef.win7\steamwebhelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (www.lfs-tweak.com) D:\Gry\LFS\LFS-Tweak.com 0.6E Pro Tweaker\LFS-Tweak.com 0.6E Pro Tweaker.exe () D:\Gry\LFS\LFS.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [DAEMON Tools Lite] => D:\programy\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [Steam] => D:\steam\steam.exe [3071776 2017-08-28] (Valve Corporation) HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [on3f1c3jwi5] => "C:\Users\Tomek\AppData\Roaming\fng3ammect4\zw2bw0bc1v5.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [iyoh3yencby] => "C:\Users\Tomek\AppData\Roaming\1mnyobt23do\vvl5cvrxs5d.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [K5NNX2J9LHGZ4RJ] => "C:\Program Files\8A7KCHW0XC\MHJSCOO4L.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [g0tdt0qwxh5] => "C:\Users\Tomek\AppData\Roaming\s3i4kqqj3ku\k2yoqhzaal4.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [dctis5jevdt] => "C:\Users\Tomek\AppData\Roaming\c2d4jnmhenw\xfddpxpzrbl.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [IGU2XSH5UI3169J] => "C:\Program Files\D9XAU4M10O\X2SB27OMT.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [gw64-core2 save settings] => "C:\Users\Tomek\AppData\Roaming\isMiner\minerstart.vbs" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [qrqnkf0w3os] => "C:\Users\Tomek\AppData\Roaming\4ngqvmda5xc\ibm0vzxnjk2.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [ZQLY33ALITFFR65] => "C:\Program Files\UP9GUVJJPD\UP9GUVJJP.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [qnod4hhloph] => "C:\Users\Tomek\AppData\Roaming\owxkdvmcxd0\f42jjogenlt.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [LittleHaze] => C:\Windows\rss\csrss.exe [4602880 2017-09-03] () <==== UWAGA HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [lvzeuwwpgl1] => "C:\Users\Tomek\AppData\Roaming\ayyuwp3ke53\1fpvysxpvdt.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [HC00M4RLRS1DHGW] => "C:\Program Files\4IEY1D11CY\4IEY1D11C.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [AJHONPMFNKNBU0I] => "C:\Program Files\H3F8JN6V2K\H3F8JN6V2.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [u4loubbsuwk] => "C:\Users\Tomek\AppData\Roaming\1upctjwyfha\3ywiw5gbmuj.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [JLQHXGEF754O4FZ] => "C:\Program Files\ACF4M44MYW\8CMETEZBF.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [ygd5hzk1rgm] => "C:\Users\Tomek\AppData\Roaming\vvndzg1lb01\ddifkhl2goq.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [ik5qu0vzrur] => "C:\Users\Tomek\AppData\Roaming\cey2muphv01\hezu5b4diim.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [2LCR2O9AV8BBEO7] => "C:\Program Files\P86AZRTKZT\LQ7QFT26S.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [RSAIZZPCQUE49PG] => "C:\Program Files\82O5Z0I1I2\F6CRZ3ELC.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [zasxmnrgaxu] => "C:\Users\Tomek\AppData\Roaming\2oquqheqtcf\zrebufnjbx3.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [7AQ9DSKH16HN4R8] => "C:\Program Files\80QUJRBTMI\CLGWZWGZ8.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [1pfdagkm4qj] => "C:\Users\Tomek\AppData\Roaming\dwhrs5jucoe\n1wriuqoxnp.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [OCTACKB92G1XEJP] => C:\Program Files\RLBDO0Y59X\RLBDO0Y59.exe [1208320 2017-09-04] () HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [1kvfkom1mnd] => "C:\Users\Tomek\AppData\Roaming\sloc4d5c13b\erlapa3omce.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [WEYP1B2N48ZV1NG] => "C:\Program Files\S2UIN36URS\IG7C32IWQ.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [odr3llyvcrj] => "C:\Users\Tomek\AppData\Roaming\xempzpe3ry4\u0wxvisdx3t.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [ka2vmxgv1wy] => "C:\Users\Tomek\AppData\Roaming\lbszcje53i0\ifmzr2bixkf.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [b3xnqcokvyp] => "C:\Users\Tomek\AppData\Roaming\iab5zkn0jdw\1y3szo23mru.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\Run: [kfdl0kcgxms] => "C:\Users\Tomek\AppData\Roaming\1evalye2rea\alraayfd2af.exe" HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\MountPoints2: {5225d3a7-ee06-11e6-8a08-806e6f6e6963} - E:\ZToolBar.exe HKU\S-1-5-21-4185380531-2055773481-192677435-1000\...\MountPoints2: {ad666b2a-ee9f-11e6-aeb2-bc5ff47c6761} - F:\m.exe AppInit_DLLs: C:\ProgramData\Voyasollam\S-light.dll => Brak pliku AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Y-touch.dll => Brak pliku GroupPolicy: Ograniczenia - Chrome <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{8EEF67B9-10A8-4964-AB58-BAAC0EBCE9DE}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-4185380531-2055773481-192677435-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldvM_sEGJZAe-CxDx_iciSYWgpVmtODLvBznCkry5b_0kh6FB4AJfxtv9n_YIsX3b_9sTZ2dX0LcJuRDMRRVHTQMfPz3URaCK9UrmmBo1JhAAQBRGzUx0a6BdBfj0ac0N_jpPO4qtMrjf62BqD6AAIG4jWRThwUGvPhKJeUow,,&q={searchTerms} HKU\S-1-5-21-4185380531-2055773481-192677435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldvM_sEGJZAe-CxDx_iciSYWgpVmtODLvBznCkry5b_0kh6FB4AJfxtv9n_YIsX3b_9sTZ2dX0LcJuduwBQtNVf-xdIpKPhsqN0fSrqJ2jr1ojlZOAAsYkSYaXaqaQaKT7NSFmmPq-eUyVoyAMIQMa-UyDPA2hSz6skmnFbCg,, HKU\S-1-5-21-4185380531-2055773481-192677435-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope - brak wartości BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-26] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-26] (Oracle Corporation) BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\QYERbvxRHIE\kcEh0LrZ.dll => Brak pliku Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: eytgr7lm.default FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\eytgr7lm.default [2017-09-04] FF Extension: (Adblocker for Youtube™) - C:\Program Files\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} [2017-09-04] [Brak podpisu cyfrowego] FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-26] (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://google.pl/ CHR StartupUrls: Default -> "hxxp://www.google.pl/" CHR Profile: C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default [2017-09-04] CHR Extension: (Prezentacje Google) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-08] CHR Extension: (Dokumenty Google) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-08] CHR Extension: (Dysk Google) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-08] CHR Extension: (YouTube) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-08] CHR Extension: (Adblocker for Youtube™) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl [2017-09-04] CHR Extension: (Arkusze Google) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-08] CHR Extension: (Dokumenty Google offline) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09] CHR Extension: (SoundCloud) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2017-02-08] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-08] CHR Extension: (Chrome Media Router) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] () R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2017-06-12] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 Windows; C:\Windows\svchost.exe [177152 2017-09-03] () [Brak podpisu cyfrowego] S2 WinDefender; C:\Windows\windefender.exe [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2017-02-09] (Disc Soft Ltd) S3 WinMon; C:\Windows\System32\drivers\Winmon.sys [9352 2017-09-03] () [Brak podpisu cyfrowego] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-04 21:31 - 2017-09-04 21:45 - 000000000 ____D C:\Users\Tomek\Doctor Web 2017-09-04 21:31 - 2017-09-04 21:31 - 000000000 ____D C:\ProgramData\Doctor Web 2017-09-04 21:19 - 2017-09-04 21:19 - 000000004 _____ C:\ProgramData\_lg.3sap 2017-09-04 21:17 - 2017-09-04 21:22 - 157639120 _____ C:\Users\Tomek\Downloads\launch.exe 2017-09-04 19:33 - 2017-09-04 19:33 - 000953288 _____ (Malwarebytes) C:\Users\Tomek\Downloads\mb-clean-3.1.0.1023.exe 2017-09-04 19:19 - 2017-09-04 19:41 - 000032613 _____ C:\Users\Tomek\Downloads\Shortcut.txt 2017-09-04 19:18 - 2017-09-04 22:07 - 000028214 _____ C:\Users\Tomek\Downloads\Addition.txt 2017-09-04 19:18 - 2017-09-04 22:07 - 000013953 _____ C:\Users\Tomek\Downloads\FRST.txt 2017-09-04 19:18 - 2017-09-04 22:07 - 000000000 ____D C:\FRST 2017-09-04 19:16 - 2017-09-04 19:16 - 002395648 _____ (Farbar) C:\Users\Tomek\Downloads\FRST64.exe 2017-09-04 19:15 - 2017-09-04 19:15 - 000000000 ____D C:\Users\Tomek\AppData\Local\AdvinstAnalytics 2017-09-04 19:09 - 2017-09-04 21:45 - 000000000 ____D C:\Program Files\93328ONT5B 2017-09-04 19:09 - 2017-09-04 19:09 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\1evalye2rea 2017-09-04 18:59 - 2017-09-04 19:01 - 066347240 _____ (Malwarebytes ) C:\Users\Tomek\Downloads\mb3-setup-consumer-3.2.2.2018.exe 2017-09-04 18:55 - 2017-09-04 21:45 - 000000000 ____D C:\Program Files\HMYCFYVI9T 2017-09-04 18:55 - 2017-09-04 21:45 - 000000000 ____D C:\Program Files\BMJEOYU81X 2017-09-04 18:55 - 2017-09-04 18:55 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\iab5zkn0jdw 2017-09-04 18:54 - 2017-09-04 19:32 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\lbszcje53i0 2017-09-04 18:53 - 2017-09-04 21:45 - 000000000 ____D C:\Program Files\CWK6ZK7DYE 2017-09-04 18:53 - 2017-09-04 18:53 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\xempzpe3ry4 2017-09-04 08:26 - 2017-09-04 08:26 - 000024256 _____ C:\Windows\System32\Tasks\{0E790D47-0E09-0A04-7E11-087F7E7F117A} 2017-09-04 08:24 - 2017-09-04 19:32 - 000000000 ____D C:\Program Files\S2UIN36URS 2017-09-04 08:24 - 2017-09-04 08:24 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\sloc4d5c13b 2017-09-04 08:23 - 2017-09-04 19:31 - 000000000 ____D C:\Program Files\80QUJRBTMI 2017-09-04 08:23 - 2017-09-04 08:24 - 000000000 ____D C:\Program Files\RLBDO0Y59X 2017-09-04 08:23 - 2017-09-04 08:23 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\dwhrs5jucoe 2017-09-04 08:23 - 2017-09-04 08:23 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\2oquqheqtcf 2017-09-04 08:20 - 2017-09-04 19:06 - 000000000 ____D C:\AdwCleaner 2017-09-04 08:19 - 2017-09-04 08:20 - 008182736 _____ (Malwarebytes) C:\Users\Tomek\Downloads\adwcleaner_7.0.2.1_www.INSTALKI.pl.exe 2017-09-04 08:14 - 2017-09-04 08:14 - 000003166 _____ C:\Windows\System32\Tasks\{6DBBCAF7-ED92-427B-A744-3831A426ABC7} 2017-09-04 08:10 - 2017-09-04 19:31 - 000000000 ____D C:\Program Files\P86AZRTKZT 2017-09-04 08:10 - 2017-09-04 19:31 - 000000000 ____D C:\Program Files\82O5Z0I1I2 2017-09-04 08:10 - 2017-09-04 08:10 - 000000266 __RSH C:\Users\Tomek\ntuser.pol 2017-09-04 08:10 - 2017-09-04 08:10 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\vvndzg1lb01 2017-09-04 08:10 - 2017-09-04 08:10 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\cey2muphv01 2017-09-04 08:09 - 2017-09-04 19:31 - 000000000 ____D C:\Program Files\ACF4M44MYW 2017-09-04 08:09 - 2017-09-04 08:09 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\1upctjwyfha 2017-09-03 15:42 - 2017-09-04 19:31 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\owxkdvmcxd0 2017-09-03 15:42 - 2017-09-04 19:31 - 000000000 ____D C:\Program Files\H3F8JN6V2K 2017-09-03 15:42 - 2017-09-04 19:31 - 000000000 ____D C:\Program Files\4IEY1D11CY 2017-09-03 15:42 - 2017-09-04 19:30 - 000003190 _____ C:\Windows\System32\Tasks\csrss 2017-09-03 15:42 - 2017-09-03 15:42 - 007327744 _____ C:\Users\Tomek\AppData\Local\agent.dat 2017-09-03 15:42 - 2017-09-03 15:42 - 001900814 _____ C:\Users\Tomek\AppData\Local\Saostock.tst 2017-09-03 15:42 - 2017-09-03 15:42 - 001895382 _____ C:\Users\Tomek\AppData\Local\VivaIng.bin 2017-09-03 15:42 - 2017-09-03 15:42 - 000278509 _____ C:\Users\Tomek\AppData\Local\Duoplus.bin 2017-09-03 15:42 - 2017-09-03 15:42 - 000126464 _____ C:\Users\Tomek\AppData\Local\noah.dat 2017-09-03 15:42 - 2017-09-03 15:42 - 000070800 _____ C:\Users\Tomek\AppData\Local\Config.xml 2017-09-03 15:42 - 2017-09-03 15:42 - 000009352 _____ C:\Windows\system32\Drivers\Winmon.sys 2017-09-03 15:42 - 2017-09-03 15:42 - 000005568 _____ C:\Users\Tomek\AppData\Local\md.xml 2017-09-03 15:42 - 2017-09-03 15:42 - 000002700 __RSH C:\ProgramData\ntuser.pol 2017-09-03 15:42 - 2017-09-03 15:42 - 000000000 ____D C:\Windows\rss 2017-09-03 15:42 - 2017-09-03 15:42 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\ayyuwp3ke53 2017-09-03 15:42 - 2017-09-03 15:41 - 002554368 _____ (TODO: ) C:\Users\Tomek\AppData\Local\Saostock.exe 2017-09-03 15:40 - 2017-09-04 19:31 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\4ngqvmda5xc 2017-09-03 15:40 - 2017-09-04 19:31 - 000000000 ____D C:\Program Files\UP9GUVJJPD 2017-09-03 12:59 - 2017-09-04 19:31 - 000000000 ____D C:\Program Files\D9XAU4M10O 2017-09-03 12:59 - 2017-09-04 19:30 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\s3i4kqqj3ku 2017-09-03 12:59 - 2017-09-04 19:30 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\c2d4jnmhenw 2017-09-03 12:59 - 2017-09-03 12:59 - 000140800 _____ C:\Users\Tomek\AppData\Local\installer.dat 2017-09-03 12:59 - 2017-09-03 12:59 - 000000000 ____D C:\Program Files\R50ODERWZW 2017-09-03 12:58 - 2017-09-04 19:30 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\1mnyobt23do 2017-09-03 12:58 - 2017-09-04 19:30 - 000000000 ____D C:\Program Files\8A7KCHW0XC 2017-09-03 12:57 - 2017-09-04 19:30 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\fng3ammect4 2017-09-03 12:57 - 2017-09-04 19:30 - 000000000 ____D C:\Program Files (x86)\t1esgai42uq 2017-09-03 12:57 - 2017-09-03 13:03 - 000002068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk 2017-09-03 12:57 - 2017-09-03 13:03 - 000001678 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk 2017-09-03 12:57 - 2017-09-03 13:02 - 000002056 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk 2017-09-03 12:57 - 2017-09-03 13:02 - 000001914 _____ C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk 2017-09-03 12:57 - 2017-09-03 13:02 - 000001914 _____ C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk 2017-09-03 12:57 - 2017-09-03 13:02 - 000001666 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk 2017-09-03 12:57 - 2017-09-03 12:57 - 000177152 _____ C:\Windows\svchost.exe 2017-09-03 12:57 - 2017-09-03 12:57 - 000073216 _____ C:\Windows\taskmgr.exe 2017-09-03 12:57 - 2017-09-03 12:57 - 000000000 ____D C:\Windows\Azart 2017-09-03 12:57 - 2017-09-03 12:57 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\jhs2pvoajbg 2017-09-03 12:57 - 2017-09-03 12:57 - 000000000 ____D C:\Program Files\BA0KWHAXQB 2017-09-03 12:57 - 2017-09-03 12:57 - 000000000 ____D C:\Program Files\6GYMPOIZ1M 2017-09-02 14:02 - 2017-09-02 14:02 - 000335652 _____ C:\Users\Tomek\Downloads\XRT_supra.eng 2017-08-31 23:32 - 2017-08-31 23:32 - 000222730 _____ C:\Users\Tomek\Downloads\LFS Toyota Supra MKIV.rar 2017-08-31 23:29 - 2017-08-31 23:29 - 009736197 _____ C:\Users\Tomek\Downloads\20160715202528.rar 2017-08-30 22:51 - 2017-08-30 22:51 - 000116302 _____ C:\Users\Tomek\Downloads\Live_for_Speed_-_Only_New_Layouts.zip 2017-08-27 11:02 - 2017-08-27 11:02 - 000666178 _____ C:\Users\Tomek\Downloads\Mafia_1.1_-_1.3_-_polska_nakladka_jezykowa[www.instalki.pl].exe 2017-08-27 10:56 - 2017-08-27 10:56 - 000872540 _____ C:\Users\Tomek\Downloads\MAFIA_CRACK_NO-CD.rar 2017-08-27 10:55 - 2017-08-27 10:55 - 000204029 _____ C:\Users\Tomek\Downloads\vorbis (1).zip 2017-08-27 10:55 - 2016-08-14 21:03 - 000307200 _____ (Microsoft Corporation) C:\Windows\system\msvcr70.dll 2017-08-27 10:54 - 2017-08-27 10:54 - 000156798 _____ C:\Users\Tomek\Downloads\msvcr70.zip 2017-08-27 10:54 - 2016-09-23 17:37 - 000118784 _____ C:\Windows\system\vorbis.dll 2017-08-27 10:53 - 2017-08-27 10:53 - 000061038 _____ C:\Users\Tomek\Downloads\vorbis.zip 2017-08-27 10:48 - 2017-08-27 10:48 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mafia 2017-08-27 10:48 - 2017-08-27 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mafia 2017-08-27 10:48 - 1998-10-29 16:45 - 000306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2017-08-27 10:44 - 2017-08-27 10:44 - 003577600 _____ C:\Users\Tomek\Downloads\WinRAR 5.40 (x64).exe crack.key.7z 2017-08-27 10:43 - 2016-09-25 17:07 - 000036864 _____ C:\Windows\system\ogg.dll 2017-08-27 10:42 - 2017-08-27 10:42 - 000017276 _____ C:\Users\Tomek\Downloads\ogg.zip 2017-08-27 10:42 - 2016-08-10 16:06 - 000028952 _____ (Xiph.Org Foundation) C:\Windows\system\vorbisfile.dll 2017-08-27 10:41 - 2016-08-10 16:06 - 000028952 _____ (Xiph.Org Foundation) C:\Windows\system32\vorbisfile.dll 2017-08-27 10:39 - 2017-08-27 10:39 - 000017064 _____ C:\Users\Tomek\Downloads\vorbisfile.zip 2017-08-27 10:38 - 2016-08-23 11:36 - 000851968 _____ C:\Windows\system32\LS3DF.dll 2017-08-27 10:38 - 2016-08-23 11:36 - 000851968 _____ C:\Windows\system\LS3DF.dll 2017-08-27 10:35 - 2017-08-27 10:35 - 000360279 _____ C:\Users\Tomek\Downloads\ls3df.zip 2017-08-26 18:44 - 2017-08-26 18:44 - 001204208 _____ (Adobe Systems Incorporated) C:\Users\Tomek\Downloads\flashplayer26ppau_ha_install.exe 2017-08-25 23:50 - 2017-08-25 23:50 - 000021160 _____ C:\Users\Tomek\Downloads\Mafia- The City of Lost Heaven.torrent 2017-08-25 23:48 - 2017-08-25 23:48 - 000093852 _____ C:\Users\Tomek\Downloads\Mafia_ The City of Lost Heaven [PL].torrent 2017-08-25 18:58 - 2017-08-25 18:58 - 000147932 _____ C:\Users\Tomek\Downloads\Mafia The City Lost Heaven [PL][Torrenty.org].torrent 2017-08-25 18:47 - 2017-08-25 18:47 - 003780326 _____ C:\Users\Tomek\Downloads\20141110144213.rar 2017-08-25 18:42 - 2017-08-25 18:42 - 015423320 _____ C:\Users\Tomek\Downloads\20160715023955.rar 2017-08-25 18:34 - 2017-08-25 18:34 - 000019711 _____ C:\Users\Tomek\Downloads\Real car setups.zip 2017-08-25 18:22 - 2017-08-25 18:22 - 000003102 _____ C:\Windows\System32\Tasks\{513EE0BA-408A-448F-99C3-2E2385119AC4} 2017-08-25 16:09 - 2017-08-25 16:09 - 000093852 _____ C:\Users\Tomek\Downloads\Mafia _The_City_of_Lost_Heaven_[PL][Torrenty.org].torrent 2017-08-06 13:57 - 2017-08-26 19:05 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-08-06 13:57 - 2017-08-26 19:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-06 13:57 - 2017-08-26 19:05 - 000004586 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-08-06 13:57 - 2017-08-26 19:05 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-06 13:56 - 2017-08-26 19:15 - 000000000 ____D C:\Users\Tomek\AppData\Local\Adobe 2017-08-06 12:53 - 2017-09-03 15:43 - 000000000 ____D C:\Users\Tomek\AppData\LocalLow\Mozilla 2017-08-06 12:50 - 2017-09-03 15:43 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-08-06 12:50 - 2017-08-06 12:58 - 000000000 ____D C:\Users\Tomek\AppData\Local\Mozilla 2017-08-06 12:50 - 2017-08-06 12:53 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\Mozilla 2017-08-06 12:47 - 2017-08-06 12:47 - 000266360 _____ (Mozilla) C:\Users\Tomek\Downloads\Firefox Setup Stub 54.0.1.exe 2017-08-06 12:47 - 2017-08-06 12:47 - 000266360 _____ (Mozilla) C:\Users\Tomek\Downloads\Firefox Setup Stub 54.0.1 (1).exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-04 21:50 - 2017-02-08 16:27 - 000000000 ____D C:\ProgramData\NVIDIA 2017-09-04 21:50 - 2017-02-08 16:08 - 000000000 ____D C:\Users\Tomek 2017-09-04 21:50 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-04 21:48 - 2009-07-14 06:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-04 21:48 - 2009-07-14 06:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-03 15:41 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\GroupPolicy 2017-09-03 10:47 - 2017-02-22 20:07 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-08-27 10:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system 2017-08-27 10:49 - 2017-02-22 20:10 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2017-08-27 10:46 - 2017-02-09 10:48 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\WinRAR 2017-08-26 21:01 - 2017-02-09 01:05 - 000000000 ____D C:\Users\Tomek\AppData\Roaming\uTorrent 2017-08-10 16:28 - 2009-07-14 07:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-08-07 10:15 - 2017-04-18 16:47 - 000000000 ____D C:\Users\Tomek\AppData\Local\ElevatedDiagnostics 2017-08-07 10:14 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF ==================== Pliki w katalogu głównym wybranych folderów ======= 2003-04-09 05:28 - 2003-04-09 05:28 - 000233472 ____R () C:\Users\Tomek\AppData\Roaming\MafiaSetup.exe 2017-09-03 15:42 - 2017-09-03 15:42 - 007327744 _____ () C:\Users\Tomek\AppData\Local\agent.dat 2017-09-03 15:42 - 2017-09-03 15:42 - 000070800 _____ () C:\Users\Tomek\AppData\Local\Config.xml 2017-09-03 15:42 - 2017-09-03 15:42 - 000278509 _____ () C:\Users\Tomek\AppData\Local\Duoplus.bin 2017-09-03 12:59 - 2017-09-03 12:59 - 000140800 _____ () C:\Users\Tomek\AppData\Local\installer.dat 2017-09-03 15:42 - 2017-09-03 15:42 - 000005568 _____ () C:\Users\Tomek\AppData\Local\md.xml 2017-09-03 15:42 - 2017-09-03 15:42 - 000126464 _____ () C:\Users\Tomek\AppData\Local\noah.dat 2017-09-03 15:42 - 2017-09-03 15:41 - 002554368 _____ (TODO: ) C:\Users\Tomek\AppData\Local\Saostock.exe 2017-09-03 15:42 - 2017-09-03 15:42 - 001900814 _____ () C:\Users\Tomek\AppData\Local\Saostock.tst 2017-09-03 15:43 - 2017-09-03 15:43 - 000032038 _____ () C:\Users\Tomek\AppData\Local\uninstall_temp.ico 2017-09-03 15:42 - 2017-09-03 15:42 - 001895382 _____ () C:\Users\Tomek\AppData\Local\VivaIng.bin 2017-09-04 21:19 - 2017-09-04 21:19 - 000000004 _____ () C:\ProgramData\_lg.3sap C:\Windows\svchost.exe UWAGA ====> Check for partition/boot infection. Pliki do przeniesienia lub usunięcia: ==================== C:\Windows\rss\csrss.exe Niektóre pliki w TEMP: ==================== 2003-12-13 12:43 - 2003-12-13 12:43 - 000618496 _____ (Electronic Arts Inc.) C:\Users\Tomek\AppData\Local\Temp\AutoRun.exe 2017-02-22 20:06 - 2003-12-13 12:43 - 000811008 _____ (Electronic Arts Inc.) C:\Users\Tomek\AppData\Local\Temp\AutoRunGUI.dll 2017-09-03 12:57 - 2017-09-03 12:57 - 000725845 _____ (rawtayetkgk ) C:\Users\Tomek\AppData\Local\Temp\Bestziper.exe 2017-08-27 10:49 - 2017-08-27 10:52 - 000043520 _____ () C:\Users\Tomek\AppData\Local\Temp\CmdLineExt03.dll 2017-09-03 15:42 - 2017-09-03 15:42 - 001527488 _____ (Microsoft Corporation) C:\Users\Tomek\AppData\Local\Temp\dbghelp.dll 2017-09-03 12:57 - 2017-09-03 12:57 - 001711832 _____ ( ) C:\Users\Tomek\AppData\Local\Temp\enjoyWIFI.exe 2017-07-01 13:31 - 2017-07-01 13:31 - 001487248 _____ ( ) C:\Users\Tomek\AppData\Local\Temp\ICReinstall_Icy-Tower-13960-AsystentPobierania_0822022028.exe 2017-09-03 12:57 - 2017-09-03 12:57 - 001443051 _____ () C:\Users\Tomek\AppData\Local\Temp\installer_campaign_20522.exe 2017-09-03 15:42 - 2010-11-21 05:24 - 005563776 _____ (Microsoft Corporation) C:\Users\Tomek\AppData\Local\Temp\ntkrnlmp.exe 2017-09-03 15:42 - 2010-11-21 05:24 - 000605552 _____ (Microsoft Corporation) C:\Users\Tomek\AppData\Local\Temp\osloader.exe 2017-09-03 12:57 - 2017-09-03 12:57 - 000097280 _____ () C:\Users\Tomek\AppData\Local\Temp\setup.exe 2017-08-27 10:49 - 2017-08-27 10:52 - 000012305 _____ () C:\Users\Tomek\AppData\Local\Temp\SIntf16.dll 2017-08-27 10:49 - 2017-08-27 10:52 - 000020020 _____ () C:\Users\Tomek\AppData\Local\Temp\SIntf32.dll 2017-08-27 10:49 - 2017-08-27 10:52 - 000024744 _____ () C:\Users\Tomek\AppData\Local\Temp\SIntfNT.dll 2017-09-03 15:42 - 2017-09-03 15:42 - 000167616 _____ (Microsoft Corporation) C:\Users\Tomek\AppData\Local\Temp\symsrv.dll 2017-09-03 12:57 - 2017-09-03 12:57 - 001199825 _____ () C:\Users\Tomek\AppData\Local\Temp\unins000.exe 2017-07-13 15:45 - 2017-04-22 22:42 - 000186253 _____ () C:\Users\Tomek\AppData\Local\Temp\Uninstall.exe 2017-09-03 12:57 - 2017-09-03 12:57 - 000707434 _____ (VideoBox ) C:\Users\Tomek\AppData\Local\Temp\v-b.exe 2017-08-24 22:54 - 2017-08-24 22:54 - 015301888 _____ (Microsoft Corporation) C:\Users\Tomek\AppData\Local\Temp\vcredist_x64.exe 2017-09-03 12:57 - 2017-09-03 12:57 - 000458745 _____ () C:\Users\Tomek\AppData\Local\Temp\webfriend.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll [2010-11-21 05:24] - [2010-11-21 05:24] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E C:\Windows\SysWOW64\User32.dll [2017-03-20 21:47] - [2017-03-20 21:47] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356 C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-08-25 16:30 ==================== Koniec FRST.txt ============================