Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 23-04-2017 01 Uruchomiony przez Zosia (administrator) ZOSIA-KOMPUTER (26-04-2017 11:54:08) Uruchomiony z D:\ Załadowane profile: Zosia (Dostępne profile: Zosia) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe () C:\ProgramData\service.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe () C:\Users\Zosia\AppData\Local\Temp\00013077\msiql.exe (Vested Development, Inc) C:\Users\Zosia\AppData\Roaming\VDI\Shared\Product Updater\produpd.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe (Vested Development, Inc) C:\Users\Zosia\AppData\Roaming\VDI\Shared\Product Updater\monhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe (ASUS) C:\Windows\AsScrPro.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (深圳市猫哈网络科技发展有限公司) C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Users\Zosia\AppData\Local\Google\Update\GoogleUpdate.exe (Microleaves) C:\Windows\Temp\297adb65036e9306052eeab78033fb74\Traffic Exchange Updater.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [926880 2011-05-31] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [792736 2011-05-31] (Atheros Commnucations) HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.) HKLM-x32\...\Winlogon: [Userinit] HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== UWAGA Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-768316886-3322345698-439868918-1000\...\Run: [Google Update] => C:\Users\Zosia\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.) HKU\S-1-5-21-768316886-3322345698-439868918-1000\...\Run: [UWmedia] => C:\Users\Zosia\AppData\Local\UWmedia\01cbcaa0c4a1ab8923145543e2ed625e.exe [117462 2017-01-04] (PortableApps.com) HKU\S-1-5-21-768316886-3322345698-439868918-1000\...\Run: [YgvPack] => regsvr32.exe C:\Users\Zosia\AppData\Local\YgvPack\vrmgumjq.dll <===== UWAGA HKU\S-1-5-21-768316886-3322345698-439868918-1000\...\Run: [msiql] => C:\Users\Zosia\AppData\Local\Temp\00013077\msiql.exe [2071552 2017-01-04] () <===== UWAGA HKU\S-1-5-21-768316886-3322345698-439868918-1000\...\Run: [produpd] => C:\Users\Zosia\AppData\Roaming\VDI\Shared\Product Updater\produpd.exe [514048 2017-01-04] (Vested Development, Inc) <===== UWAGA HKU\S-1-5-21-768316886-3322345698-439868918-1000\...\Run: [Ojdics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Zosia\AppData\Local\UWmedia\hdpnatnr.dll <===== UWAGA HKU\S-1-5-21-768316886-3322345698-439868918-1000\...\Run: [ComputerZ-Tray] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe [2977704 2016-12-12] () HKU\S-1-5-21-768316886-3322345698-439868918-1000\...\MountPoints2: {e025da76-b7f1-11e1-8e9f-806e6f6e6963} - E:\InstAll.exe HKU\S-1-5-18\...\Run: [] => [X] HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-30] (Microsoft Corporation) HKLM\...\Providers\wvb0l68a: C:\Program Files (x86)\Nuwaghrezph Controls\local64spl.dll [292352 2017-01-04] () AppInit_DLLs: C:\ProgramData\Hotfresh\X-Dom.dll => C:\ProgramData\Hotfresh\X-Dom.dll [358912 2017-01-04] () ShellExecuteHooks: Brak nazwy - {5E5DD81E-CC36-11E6-A1DE-64006A5CFC23} - C:\Users\Zosia\AppData\Roaming\Ghiduryljesy\Propedomninely.dll [144896 2017-01-04] () ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll [965120 2016-12-26] () ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll -> Brak pliku Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2012-06-22] ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe () Startup: C:\Users\Zosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monhost.lnk [2017-01-04] <===== UWAGA ShortcutTarget: monhost.lnk -> C:\Users\Zosia\AppData\Roaming\VDI\Shared\Product Updater\monhost.exe (Vested Development, Inc) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 31.11.202.254 37.8.214.2 Tcpip\..\Interfaces\{33566670-32F5-4EC9-9A4C-009262B715E8}: [DhcpNameServer] 31.11.202.254 37.8.214.2 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-768316886-3322345698-439868918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYondQp0NEPUpTUCKZeiWpXfkWhU93uwTIrKDpCLW9cO3_qBuDztmOzfG0SZn_G9-eD4SxOxvY0xvmiLE18xSax3mYzyred0DgtcFQ4aBwodL6g6jqoEnqMG4Kf0kDV98b1GUxDr4JhzjiXuSLLeAaf79wRnA,,&q={searchTerms} HKU\S-1-5-21-768316886-3322345698-439868918-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYondQp0NEPUpTUCKZeiWpXfkWhU93uwTIrKDpCLW9cO3_qBuDztmOzfG0SZn_G9-ePKdSWHivQ8g_OIu7_bhIrm-ni48b-cNUDtJ0pEH38mtZvEF7eZXwhkAi3hrolT5G_qNr1_38TgrqwPxGoxw_wOJ0TpA,, SearchScopes: HKLM-x32 -> DefaultScope - brak wartości SearchScopes: HKU\S-1-5-21-768316886-3322345698-439868918-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYondQp0NEPUpTUCKZeiWpXfkWhU93uwTIrKDpCLW9cO3_qBuDztmOzfG0SZn_G9-eD4SxOxvY0xvmiLE18xSax3mYzyred0DgtcFQ4aBwodL6g6jqoEnqMG4Kf0kDV98b1GUxDr4JhzjiXuSLLeAaf79wRnA,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-768316886-3322345698-439868918-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYondQp0NEPUpTUCKZeiWpXfkWhU93uwTIrKDpCLW9cO3_qBuDztmOzfG0SZn_G9-eD4SxOxvY0xvmiLE18xSax3mYzyred0DgtcFQ4aBwodL6g6jqoEnqMG4Kf0kDV98b1GUxDr4JhzjiXuSLLeAaf79wRnA,,&q={searchTerms} BHO: TinyBHO Class -> {00e71626-0bef-11dc-8314-0864264c9a64} -> C:\Users\Zosia\AppData\Roaming\DownloaderGold\ieplug.dll [2013-07-10] () BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.) BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17] (Trend Micro Inc.) DefaultPrefix-x32: => <==== UWAGA Prefixes-x32: [home]=> <==== UWAGA Prefixes-x32: [www]=> <==== UWAGA FireFox: ======== FF Plugin HKU\S-1-5-21-768316886-3322345698-439868918-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Zosia\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-768316886-3322345698-439868918-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Zosia\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR Profile: C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-26] <==== UWAGA CHR Extension: (Dokumenty Google) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-26] CHR Extension: (Dysk Google) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-04] CHR Extension: (YouTube) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-04] CHR Extension: (Adblock Plus) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-23] CHR Extension: (Dokumenty Google offline) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-04] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10] CHR Extension: (Gmail) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-04] CHR Extension: (Chrome Media Router) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07] CHR Profile: C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\Default [2017-04-22] CHR Extension: (YouTube) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Google Search) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06] CHR Extension: (Gmail) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01] CHR Extension: (Chrome Media Router) - C:\Users\Zosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-22] StartMenuInternet: Google Chrome - C:\Users\Zosia\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-05-31] (Atheros) [Brak podpisu cyfrowego] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [97952 2011-05-31] (Atheros Commnucations) [Brak podpisu cyfrowego] S2 backlh; C:\ProgramData\Logic Handler\set.exe [3786752 2016-12-28] () [Brak podpisu cyfrowego] S2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [629760 2017-01-04] () [Brak podpisu cyfrowego] R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-01-04] () [Brak podpisu cyfrowego] <==== UWAGA S2 Hotfresh; C:\ProgramData\\Hotfresh\\Hotfresh.exe [629760 2017-01-04] () [Brak podpisu cyfrowego] S2 HpSvc; C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll [252328 2016-11-18] () <==== UWAGA R2 MaohaWifiSvr; C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe [168992 2016-11-26] (深圳市猫哈网络科技发展有限公司) S2 Phiblysuputher; C:\Program Files (x86)\Jerqerthervnaly\SerpocultCnf.dll [181248 2017-01-04] () [Brak podpisu cyfrowego] S2 SaFiSvc; C:\Program Files\SaFiPlayer\SaFiSvc.dll [324336 2017-01-03] () R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X] S2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [420896 2011-05-31] (Atheros) S3 dtldrvhelp; c:\program files\safiplayer\dtldrvhelp64.sys [58960 2016-12-29] () R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-01-04] (WinMount International Inc) R1 MaohaWifiNetPro; C:\Program Files (x86)\Maoha\MaohaAP\MaoHaWiFiNet64.sys [1030496 2016-11-26] () R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.) R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.) R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-04-26 11:36 - 2017-04-26 11:54 - 00000000 ____D C:\FRST 2017-04-26 11:11 - 2017-04-26 10:12 - 04102600 _____ C:\Users\Zosia\Downloads\adwcleaner_6.046.exe 2017-04-26 11:01 - 2017-04-26 11:01 - 00340309 __RSH C:\NYJSA 2017-04-26 10:47 - 2017-04-26 10:47 - 00000000 ___RD C:\Users\Zosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-04-26 10:35 - 2017-04-26 10:35 - 00000000 ____D C:\Users\Zosia\Desktop\RemoveWAT.v2.2.6 2017-04-26 10:29 - 2017-04-26 10:35 - 01414933 _____ C:\Windows\wat.MSU 2017-04-25 14:03 - 2017-04-25 14:03 - 00000000 ____D C:\Program Files\f09er35s 2017-04-25 10:03 - 2017-04-25 10:03 - 00000000 ____D C:\Program Files\wvb0l68a 2017-04-22 23:17 - 2017-04-26 10:49 - 00245280 _____ C:\Windows\SysWOW64\KuaizipSetup_zzlm_014.exe 2017-04-22 21:02 - 2017-04-22 21:02 - 00000000 ____D C:\ProgramData\Microleaves 2017-04-09 09:57 - 2017-04-09 09:57 - 01265731 _____ C:\Users\Zosia\Downloads\350 Recept zielarzy rosyjskich.pdf 2017-04-02 11:30 - 2017-04-02 11:30 - 00584043 _____ C:\Users\Zosia\Downloads\instrukcja-obsługi-OLYMPUS-WS-210S-O.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-04-26 11:55 - 2017-01-04 12:00 - 00000274 ____H C:\Windows\Tasks\NC.job 2017-04-26 11:53 - 2017-01-04 12:00 - 00000316 ____H C:\Windows\Tasks\Traffic Exchange v2.job 2017-04-26 11:53 - 2017-01-04 12:00 - 00000316 ____H C:\Windows\Tasks\Traffic Exchange v2 On Guard.job 2017-04-26 11:53 - 2017-01-04 12:00 - 00000316 ____H C:\Windows\Tasks\Traffic Exchange v2 OG.job 2017-04-26 11:53 - 2017-01-04 12:00 - 00000316 ____H C:\Windows\Tasks\Traffic Exchange v2 Guardian.job 2017-04-26 11:53 - 2017-01-04 12:00 - 00000316 ____H C:\Windows\Tasks\Traffic Exchange v2 Guard.job 2017-04-26 11:48 - 2012-07-01 15:11 - 00001467 _____ C:\Users\Zosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-04-26 11:48 - 2012-06-22 20:42 - 00002712 _____ C:\Users\Zosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-04-26 11:11 - 2017-01-04 13:31 - 00000000 ____D C:\AdwCleaner 2017-04-26 11:06 - 2009-07-14 06:45 - 00018752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-04-26 11:06 - 2009-07-14 06:45 - 00018752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-04-26 11:03 - 2017-01-04 12:00 - 00000366 ____H C:\Windows\Tasks\Traffic Exchange Updater.job 2017-04-26 10:58 - 2012-08-25 22:47 - 00000000 ____D C:\Users\Zosia\AppData\Local\CrashDumps 2017-04-26 10:51 - 2009-07-14 19:55 - 00698146 _____ C:\Windows\system32\perfh015.dat 2017-04-26 10:51 - 2009-07-14 19:55 - 00135224 _____ C:\Windows\system32\perfc015.dat 2017-04-26 10:51 - 2009-07-14 07:13 - 01550136 _____ C:\Windows\system32\PerfStringBackup.INI 2017-04-26 10:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2017-04-26 10:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-04-25 12:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2017-04-25 10:05 - 2017-01-04 12:02 - 00000857 _____ C:\Users\Zosia\Desktop\żěŃą.lnk 2017-04-22 23:16 - 2012-06-16 23:15 - 00000000 ____D C:\Users\Zosia 2017-04-22 21:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2017-04-22 21:18 - 2017-01-04 12:35 - 00000000 ____D C:\Windows\SysWOW64\Ludashi 2017-04-22 21:18 - 2017-01-04 12:35 - 00000000 ____D C:\Users\Zosia\AppData\Roaming\Ludashi 2017-04-22 21:18 - 2017-01-04 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaFiPlayer 2017-04-22 21:18 - 2017-01-04 12:03 - 00000000 ____D C:\Program Files (x86)\LuDaShi 2017-04-22 21:18 - 2017-01-04 12:02 - 00000000 __SHD C:\ProgramData\WindowsMsg 2017-04-22 21:18 - 2017-01-04 12:02 - 00000000 ____D C:\Program Files\żěŃą 2017-04-22 21:18 - 2017-01-04 12:02 - 00000000 ____D C:\Program Files\SaFiPlayer 2017-04-22 21:18 - 2017-01-04 12:00 - 00000000 __SHD C:\Users\Zosia\AppData\Local\svchost 2017-04-22 21:18 - 2017-01-04 12:00 - 00000000 ____D C:\Users\Zosia\AppData\Roaming\VDI 2017-04-22 21:18 - 2017-01-04 12:00 - 00000000 ____D C:\Users\Zosia\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk 2017-04-22 21:18 - 2017-01-04 12:00 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-04-22 21:18 - 2017-01-04 12:00 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-04-22 21:18 - 2017-01-04 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaohaWiFi 2017-04-22 21:18 - 2017-01-04 12:00 - 00000000 ____D C:\Program Files (x86)\Nuwaghrezph Controls 2017-04-22 21:18 - 2017-01-04 11:59 - 00000000 ____D C:\Users\Zosia\AppData\Local\YgvPack 2017-04-22 21:18 - 2017-01-04 11:59 - 00000000 ____D C:\ProgramData\Logic Handler 2017-04-22 21:18 - 2017-01-04 11:59 - 00000000 ____D C:\ProgramData\Hotfresh 2017-04-22 21:18 - 2017-01-04 11:59 - 00000000 ____D C:\ProgramData\CloudPrinter 2017-04-22 21:18 - 2017-01-04 11:58 - 00000000 ____D C:\Users\Zosia\AppData\Roaming\Ghiduryljesy 2017-04-22 21:18 - 2017-01-04 11:58 - 00000000 ____D C:\Users\Zosia\AppData\Local\UWmedia 2017-04-22 21:18 - 2017-01-04 11:58 - 00000000 ____D C:\Program Files (x86)\Jerqerthervnaly 2017-04-22 21:18 - 2017-01-04 11:57 - 00000000 ____D C:\Program Files (x86)\Windows Loader 2017-04-22 21:18 - 2017-01-04 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO 2017-04-22 21:18 - 2017-01-04 11:56 - 00000000 ____D C:\Program Files\PowerISO 2017-04-22 21:18 - 2013-09-22 00:12 - 00000000 ____D C:\ProgramData\P4G 2017-04-22 21:18 - 2012-12-22 18:02 - 00000000 ____D C:\Windows\Minidump 2017-04-22 21:18 - 2012-06-22 20:40 - 00000000 ____D C:\Users\Zosia\AppData\Local\Google 2017-04-22 21:18 - 2012-06-22 20:18 - 00000000 ____D C:\Program Files (x86)\Atheros 2017-04-22 21:18 - 2012-06-22 20:17 - 00000000 ____D C:\ProgramData\Atheros 2017-04-22 21:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing 2017-04-22 21:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat 2017-04-22 21:18 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-04-22 21:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2017-04-22 21:09 - 2017-01-04 12:01 - 00000000 ____D C:\Program Files (x86)\Microleaves 2017-04-22 21:09 - 2017-01-04 12:00 - 00000000 ____D C:\Program Files (x86)\Maoha 2017-04-22 21:09 - 2017-01-04 11:58 - 00000000 ____D C:\Users\Zosia\AppData\Local\Chuqokguqas 2017-04-22 21:02 - 2012-06-22 20:15 - 00000000 ____D C:\Users\Zosia\Documents\Bluetooth Folder 2017-04-22 16:59 - 2017-01-04 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2017-04-22 16:59 - 2017-01-04 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-04-22 16:59 - 2017-01-04 13:56 - 00000000 ____D C:\Users\Zosia\Downloads\Windows Loader 2.2.1 by Daz 2017-04-22 16:59 - 2017-01-04 13:56 - 00000000 ____D C:\Users\Zosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-04-22 16:59 - 2017-01-04 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-04-22 16:59 - 2017-01-04 13:55 - 00000000 ____D C:\Program Files (x86)\WinRAR 2017-04-21 19:45 - 2012-06-22 20:25 - 00000000 ___HD C:\ASUS.DAT ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-01-04 11:59 - 2017-01-04 11:59 - 7316480 _____ () C:\Users\Zosia\AppData\Roaming\agent.dat 2017-01-04 11:59 - 2017-01-04 11:59 - 0054272 _____ () C:\Users\Zosia\AppData\Roaming\ApplicationHosting.dat 2017-01-04 11:59 - 2017-01-04 11:59 - 0070704 _____ () C:\Users\Zosia\AppData\Roaming\Config.xml 2017-01-04 11:58 - 2017-01-04 11:59 - 0016560 _____ () C:\Users\Zosia\AppData\Roaming\InstallationConfiguration.xml 2017-01-04 11:58 - 2017-01-04 11:58 - 0140288 _____ () C:\Users\Zosia\AppData\Roaming\Installer.dat 2017-01-04 11:59 - 2017-01-04 11:59 - 0126464 _____ () C:\Users\Zosia\AppData\Roaming\lobby.dat 2017-01-04 11:59 - 2017-01-04 11:59 - 0018432 _____ () C:\Users\Zosia\AppData\Roaming\Main.dat 2017-01-04 11:59 - 2017-01-04 11:59 - 0005568 _____ () C:\Users\Zosia\AppData\Roaming\md.xml 2017-01-04 11:59 - 2017-01-04 11:59 - 0126464 _____ () C:\Users\Zosia\AppData\Roaming\noah.dat 2017-01-04 11:59 - 2017-01-04 11:58 - 0629760 _____ () C:\Users\Zosia\AppData\Roaming\Salthome.exe 2017-01-04 11:59 - 2017-01-04 11:59 - 0072787 _____ () C:\Users\Zosia\AppData\Roaming\Salthome.tst 2017-01-04 11:59 - 2017-01-04 11:59 - 1938535 _____ () C:\Users\Zosia\AppData\Roaming\Strongsolit.bin 2017-01-04 11:59 - 2017-01-04 11:59 - 0032038 _____ () C:\Users\Zosia\AppData\Roaming\uninstall_temp.ico 2017-01-04 11:59 - 2017-01-04 11:58 - 0629760 _____ () C:\Users\Zosia\AppData\Roaming\Unitrax.exe 2017-01-04 11:59 - 2017-01-04 11:59 - 1907952 _____ () C:\Users\Zosia\AppData\Roaming\Unitrax.tst 2017-01-04 12:00 - 2016-12-26 16:58 - 0965120 ___SH () C:\ProgramData\igfxDH.dll 2017-01-04 12:00 - 2017-01-04 12:00 - 1620992 _____ () C:\ProgramData\service.exe Pliki do przeniesienia lub usunięcia: ==================== C:\Users\Zosia\AppData\Local\Temp\00013077\msiql.exe C:\Users\Zosia\AppData\Roaming\VDI\Shared\Product Updater\produpd.exe C:\ProgramData\igfxDH.dll C:\ProgramData\service.exe Niektóre pliki w TEMP: ==================== 2017-01-04 11:57 - 2017-01-04 11:57 - 0061440 _____ (The Gentee Group) C:\Users\Zosia\AppData\Local\Temp\genteert.dll 2017-01-04 12:02 - 2017-01-04 12:02 - 0971920 _____ (Capuga ) C:\Users\Zosia\AppData\Local\Temp\ICReinstall_Registry_Activation.exe 2016-12-15 08:06 - 2016-12-15 08:06 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Zosia\AppData\Local\Temp\libeay32.dll 2017-01-04 12:01 - 2017-01-04 12:02 - 48845632 _____ (www.ludashi.com) C:\Users\Zosia\AppData\Local\Temp\ludashisetup.exe 2016-12-15 08:06 - 2016-12-15 08:06 - 0970912 _____ (Microsoft Corporation) C:\Users\Zosia\AppData\Local\Temp\msvcr120.dll 2016-12-15 08:06 - 2016-12-15 08:06 - 0772672 _____ () C:\Users\Zosia\AppData\Local\Temp\sqlite3.dll 2006-05-24 05:10 - 2006-05-24 05:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Zosia\AppData\Local\Temp\_isC4C4.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-04-25 12:22 ==================== Koniec FRST.txt ============================