Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:19-12-2015 Uruchomiony przez fff (administrator) LOLO (20-12-2015 11:25:20) Uruchomiony z C:\ Załadowane profile: fff (Dostępne profile: fff) Platform: Windows 8.1 Connected (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Safe Mode (minimal) Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor) HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe" HKLM-x32\...\Run: [gmsd_pl_005010137] => [X] HKLM-x32\...\Run: [gmsd_pl_005010140] => [X] HKLM-x32\...\Run: [rec_en_77] => [X] HKLM-x32\...\Run: [gmsd_pl_005010141] => [X] HKLM-x32\...\Run: [gmsd_pl_005010142] => [X] HKLM-x32\...\Run: [qewr2342] => C:\Users\fff\AppData\Roaming\yjexq-a.exe HKLM-x32\...\Run: [Orange_Poland LINKS ModemListener] => C:\Program Files (x86)\Airbox\Y858_Poland\BackgroundService\ModemListener.exe start HKLM-x32\...\Winlogon: [Shell] Explorer.exe, [ ] () <=== UWAGA HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Atheros Communications) HKLM\...\Policies\Explorer\Run: [82120755] => C:\ProgramData\msuhqbqc.exe [78848 2014-10-29] () HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1296088152-1995581241-2128387976-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638256 2015-10-23] (Electronic Arts) HKU\S-1-5-21-1296088152-1995581241-2128387976-1001\...\Run: [GG] => C:\Users\fff\AppData\Local\GG\Application\gghub.exe [4078144 2015-06-17] (GG Network S.A.) HKU\S-1-5-21-1296088152-1995581241-2128387976-1001\...\Run: [GoogleChromeAutoLaunch_9A416E56DFA36904EDC88884BFAAD356] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window HKU\S-1-5-21-1296088152-1995581241-2128387976-1001\...\Run: [qewr2342] => C:\Users\fff\AppData\Roaming\yjexq-a.exe HKU\S-1-5-21-1296088152-1995581241-2128387976-1001\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-21-1296088152-1995581241-2128387976-1001\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1296088152-1995581241-2128387976-1001\...\MountPoints2: {7763f465-79f7-11e4-8260-f8a963dd368d} - "E:\AutoRun.exe" HKU\S-1-5-21-1296088152-1995581241-2128387976-1001\...\MountPoints2: {af5e8163-8f82-11e5-8294-0c5b8f279a64} - "E:\autorun.exe" HKU\S-1-5-21-1296088152-1995581241-2128387976-1001\...\MountPoints2: {b42a0e80-e8e3-11e4-827d-f8a963dd368d} - "E:\LG_PC_Programs.exe" ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog9 01 C:\Windows\SysWOW64\Conivew.dll [289136 2015-11-06] () Winsock: Catalog9 02 C:\Windows\SysWOW64\Conivew.dll [289136 2015-11-06] () Winsock: Catalog9 03 C:\Windows\SysWOW64\Conivew.dll [289136 2015-11-06] () Winsock: Catalog9 04 C:\Windows\SysWOW64\Conivew.dll [289136 2015-11-06] () Winsock: Catalog9 16 C:\Windows\SysWOW64\Conivew.dll [289136 2015-11-06] () Winsock: Catalog9-x64 01 C:\Windows\system32\Conivew64.dll [375152 2015-11-06] () Winsock: Catalog9-x64 02 C:\Windows\system32\Conivew64.dll [375152 2015-11-06] () Winsock: Catalog9-x64 03 C:\Windows\system32\Conivew64.dll [375152 2015-11-06] () Winsock: Catalog9-x64 04 C:\Windows\system32\Conivew64.dll [375152 2015-11-06] () Winsock: Catalog9-x64 16 C:\Windows\system32\Conivew64.dll [375152 2015-11-06] () Tcpip\Parameters: [DhcpNameServer] 213.241.79.38 208.67.220.220 Tcpip\..\Interfaces\{370A509D-358C-49CF-B9C4-60654869EF22}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{DB0E7124-1850-4FB9-9D71-002D771C5F0A}: [DhcpNameServer] 213.241.79.38 208.67.220.220 Tcpip\..\Interfaces\{F735A4E4-EDF3-4DD8-975C-A6DFA8041326}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54EVS09_WDCWD5000LPVX-22V0TT0&tm=1446831381 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54EVS09_WDCWD5000LPVX-22V0TT0&tm=1446831381 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437063217&z=c7905f569a0147f9749f980gcz2c0m5e1q5c4gfgeq&from=cornl&uid=WDCXWD5000LPVX-22V0TT0_WD-WX21E54EVS09EVS09&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437063217&z=c7905f569a0147f9749f980gcz2c0m5e1q5c4gfgeq&from=cornl&uid=WDCXWD5000LPVX-22V0TT0_WD-WX21E54EVS09EVS09&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54EVS09_WDCWD5000LPVX-22V0TT0&tm=1446831381 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54EVS09_WDCWD5000LPVX-22V0TT0&tm=1446831381 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437063217&z=c7905f569a0147f9749f980gcz2c0m5e1q5c4gfgeq&from=cornl&uid=WDCXWD5000LPVX-22V0TT0_WD-WX21E54EVS09EVS09&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437063217&z=c7905f569a0147f9749f980gcz2c0m5e1q5c4gfgeq&from=cornl&uid=WDCXWD5000LPVX-22V0TT0_WD-WX21E54EVS09EVS09&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1296088152-1995581241-2128387976-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54EVS09_WDCWD5000LPVX-22V0TT0&tm=1446831381 HKU\S-1-5-21-1296088152-1995581241-2128387976-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54EVS09_WDCWD5000LPVX-22V0TT0&tm=1446831381 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1296088152-1995581241-2128387976-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD5000LPVX-22V0TT0_WD-WX21E54EVS09EVS09&ts=1437063398&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1296088152-1995581241-2128387976-1001 -> {6D32925A-EC0E-4E01-B14F-5C4D2AC47F99} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD5000LPVX-22V0TT0_WD-WX21E54EVS09EVS09&ts=1437063398&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1296088152-1995581241-2128387976-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD5000LPVX-22V0TT0_WD-WX21E54EVS09EVS09&ts=1437063398&type=default&q={searchTerms} BHO-x32: Hard Case 1.0.0.7 -> {129adec8-a002-44a1-880a-7bd8518798c3} -> C:\Program Files (x86)\Hard Case\HardCasebho.dll [2015-08-21] (Hard Case) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1418328914&from=cor&uid=WDCXWD5000LPVX-22V0TT0_WD-WX21E54EVS09EVS09 FireFox: ======== FF ProfilePath: C:\Users\fff\AppData\Roaming\Mozilla\Firefox\Profiles\cc8296vg.default-1448564275732 FF Homepage: www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54EVS09_WDCWD5000LPVX-22V0TT0&tm=1446831381 FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku] FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono FF HKLM\...\Firefox\Extensions: [{1004631C-2843-4B62-8C97-1A08E065D1F7}] - C:\Program Files\shopperz061120151826\Firefox\{1004631C-2843-4B62-8C97-1A08E065D1F7}.xpi => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [{1004631C-2843-4B62-8C97-1A08E065D1F7}] - C:\Program Files\shopperz061120151826\Firefox\{1004631C-2843-4B62-8C97-1A08E065D1F7}.xpi => nie znaleziono Chrome: ======= CHR HomePage: Default -> search.ask.com/?gct=hp CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1446831372&z=9348db651df4b86b8d81d57g6z7z1qbb1cegdefb7m&from=cmi&uid=WDCXWD5000LPVX-22V0TT0_WD-WX21E54EVS09EVS09" CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1446831372&z=9348db651df4b86b8d81d57g6z7z1qbb1cegdefb7m&from=cmi&uid=WDCXWD5000LPVX-22V0TT0_WD-WX21E54EVS09EVS09&q={searchTerms} CHR DefaultSearchKeyword: Default -> mystartsearch CHR Profile: C:\Users\fff\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Hard Case) - C:\Users\fff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflfiihnlmnadbnmldknnbapmkeihgoi [2015-11-12] [UpdateUrl: hxxp://wwwhardcasesoftw-a.akamaihd.net/update/chrome] <==== UWAGA CHR Extension: (SiteAdvisor) - C:\Users\fff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-12] CHR Extension: (AdBlock) - C:\Users\fff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-12] CHR Extension: (glicbealjcpdfcnkjeeememcglfoafbo) - C:\Users\fff\AppData\Local\Google\Chrome\User Data\Default\Extensions\glicbealjcpdfcnkjeeememcglfoafbo [2015-11-12] CHR Extension: (Shortcuts for All Google™) - C:\Users\fff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf [2015-11-12] CHR Extension: (Brak nazwy) - C:\Users\fff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmnkcdkbhabigheoklmodcikehppnlg [2015-11-12] CHR Extension: (Brak nazwy) - C:\Users\fff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-12] CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\fff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07] CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\fff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [Brak podpisu cyfrowego] S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation) S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-10-23] (Electronic Arts) S2 Update Hard Case; C:\Program Files (x86)\Hard Case\updateHardCase.exe [651504 2015-12-20] () S2 Util Hard Case; C:\Program Files (x86)\Hard Case\bin\utilHardCase.exe [651504 2015-12-20] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) S2 WinNetSvc; C:\Users\fff\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () S3 Huawei E3372; "C:\ProgramData\MobileBrServ\mbbservice.exe" -service [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2010-06-09] (Windows (R) Codename Longhorn DDK provider) S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros) R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation) S3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation) S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) S3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S1 {1792ab0b-c92b-49ed-ad87-bb9f82f84827}Gw64; C:\Windows\System32\drivers\{1792ab0b-c92b-49ed-ad87-bb9f82f84827}Gw64.sys [48776 2015-12-19] (StdLib) S1 {3b4731ea-9539-4c87-9264-ef1fb223f684}Gw64; C:\Windows\System32\drivers\{3b4731ea-9539-4c87-9264-ef1fb223f684}Gw64.sys [48776 2015-11-11] (StdLib) S3 RTSPER; \SystemRoot\system32\DRIVERS\RtsPer.sys [X] S1 {078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64; system32\drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64.sys [X] S1 {27899312-155f-40f3-8661-fb6675d82b4b}Gw64; system32\drivers\{27899312-155f-40f3-8661-fb6675d82b4b}Gw64.sys [X] S1 {3abcaa2c-a48f-4cd5-9f1d-4ba001bc6de2}Gw64; system32\drivers\{3abcaa2c-a48f-4cd5-9f1d-4ba001bc6de2}Gw64.sys [X] S1 {40d1e549-9fca-4f25-a19d-d845842dd635}Gw64; system32\drivers\{40d1e549-9fca-4f25-a19d-d845842dd635}Gw64.sys [X] S1 {8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64; system32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys [X] S1 {91975f83-f39c-43cf-aad4-0b3396b0f6db}w64; system32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}w64.sys [X] S1 {a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64; system32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64.sys [X] S1 {c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64; system32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys [X] S1 {ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw64; system32\drivers\{ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw64.sys [X] S1 {fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64; system32\drivers\{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-20 11:25 - 2015-12-20 11:25 - 00018305 _____ C:\FRST.txt 2015-12-20 11:25 - 2015-12-20 11:25 - 00000000 ____D C:\FRST 2015-12-20 11:23 - 2015-12-20 11:23 - 00000000 ____D C:\Windows\pss 2015-12-20 11:17 - 2015-12-20 11:16 - 02370048 _____ (Farbar) C:\FRST64.exe 2015-12-20 11:14 - 2015-12-20 11:13 - 00380416 _____ C:\lhq11jj2.exe 2015-12-20 11:12 - 2015-12-20 11:16 - 02370048 _____ (Farbar) C:\Users\fff\Downloads\FRST64.exe 2015-12-20 11:12 - 2015-12-20 11:13 - 00380416 _____ C:\Users\fff\Downloads\lhq11jj2.exe 2015-12-20 11:11 - 2015-12-19 22:32 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{1792ab0b-c92b-49ed-ad87-bb9f82f84827}Gw64.sys 2015-12-20 11:09 - 2015-12-20 11:09 - 00000000 ____D C:\Users\fff\AppData\Local\CrashDumps 2015-12-20 11:05 - 2015-12-20 11:05 - 00000000 ____D C:\Users\fff\AppData\Roaming\WinNetSvc 2015-12-20 11:03 - 2015-12-20 11:03 - 00000000 ____D C:\AdwCleaner 2015-12-20 11:01 - 2015-12-20 11:05 - 00007498 _____ C:\Users\fff\Desktop\Rkill.txt 2015-12-20 11:00 - 2015-12-20 11:02 - 01740288 _____ C:\Users\fff\Downloads\adwcleaner_5.025.exe 2015-12-20 11:00 - 2015-12-20 11:01 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\fff\Downloads\rkill.exe 2015-12-20 10:53 - 2015-07-12 10:42 - 00380416 _____ C:\Users\fff\Desktop\48z28tmn.exe 2015-12-20 10:53 - 2015-02-27 22:38 - 02126848 _____ C:\Users\fff\Desktop\AdwCleaner.exe 2015-12-20 10:50 - 2015-12-20 11:05 - 00001209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\zf3i4r6e6f5o4x.lnk 2015-12-20 10:50 - 2015-12-20 10:50 - 00000000 ____D C:\Users\fff\AppData\Local\VirtualStore 2015-11-26 19:57 - 2015-12-20 11:05 - 00001307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-11-26 19:57 - 2015-12-20 11:05 - 00001295 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-11-26 19:57 - 2015-11-26 19:57 - 00000000 ____D C:\Users\fff\Desktop\Old Firefox Data 2015-11-26 19:57 - 2015-11-26 19:57 - 00000000 ____D C:\ProgramData\Mozilla 2015-11-26 19:57 - 2015-11-26 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-26 19:57 - 2015-11-26 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-25 18:34 - 2015-11-25 18:34 - 00002010 _____ C:\Users\Public\Desktop\Airbox.lnk 2015-11-25 18:34 - 2015-11-25 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airbox 2015-11-25 18:34 - 2015-11-25 18:34 - 00000000 ____D C:\Program Files (x86)\Airbox 2015-11-25 18:34 - 2013-06-18 11:33 - 00123776 _____ (TCT International Mobile Ltd.) C:\Windows\system32\Drivers\jrdusbser.sys 2015-11-25 18:34 - 2010-06-09 18:15 - 00025088 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\AlcatelUsb.sys 2015-11-23 19:40 - 2015-11-23 19:41 - 00000006 _____ C:\Users\fff\Documents\Dokument.txt ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-20 11:25 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-12-20 11:23 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-20 11:21 - 2015-11-06 18:44 - 00003110 _____ C:\Windows\Tasks\88118583-7e73-4f09-aba4-90a2eac0cb7a-1-7.job 2015-12-20 11:21 - 2015-11-06 18:44 - 00003110 _____ C:\Windows\Tasks\88118583-7e73-4f09-aba4-90a2eac0cb7a-1-6.job 2015-12-20 11:21 - 2015-11-06 18:44 - 00002418 _____ C:\Windows\Tasks\88118583-7e73-4f09-aba4-90a2eac0cb7a-5_user.job 2015-12-20 11:21 - 2015-11-06 18:44 - 00002418 _____ C:\Windows\Tasks\88118583-7e73-4f09-aba4-90a2eac0cb7a-5.job 2015-12-20 11:21 - 2015-11-06 18:43 - 00005490 _____ C:\Windows\Tasks\88118583-7e73-4f09-aba4-90a2eac0cb7a-7.job 2015-12-20 11:21 - 2015-11-06 18:43 - 00005490 _____ C:\Windows\Tasks\88118583-7e73-4f09-aba4-90a2eac0cb7a-6.job 2015-12-20 11:21 - 2015-11-06 18:38 - 00000996 _____ C:\Windows\Tasks\Q6lLXq4SUDC.job 2015-12-20 11:21 - 2015-11-06 18:36 - 00001062 _____ C:\Windows\Tasks\Crossbrowse.job 2015-12-20 11:21 - 2015-11-06 18:23 - 00000940 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-12-20 11:21 - 2014-12-26 15:44 - 00000000 ____D C:\Users\fff\AppData\Roaming\GG 2015-12-20 11:19 - 2015-11-08 17:12 - 00000000 ____D C:\Program Files (x86)\Hard Case 2015-12-20 11:19 - 2013-08-22 14:25 - 00000226 _____ C:\Windows\win.ini 2015-12-20 11:18 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-20 11:14 - 2014-11-27 06:24 - 00003960 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{20DBC035-980D-4D13-8856-D4E7C529F9B0} 2015-12-20 11:10 - 2014-11-27 06:18 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1296088152-1995581241-2128387976-1001 2015-12-20 11:05 - 2014-11-27 06:12 - 00001089 _____ C:\Users\fff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-12-20 11:04 - 2015-10-19 18:47 - 00000000 ____D C:\Users\fff\AppData\Local\Foxit Reader 2015-12-20 10:55 - 2015-07-25 12:52 - 00000000 ____D C:\ProgramData\Origin 2015-12-20 10:54 - 2014-07-29 15:05 - 00807160 _____ C:\Windows\system32\perfh015.dat 2015-12-20 10:54 - 2014-07-29 15:05 - 00163478 _____ C:\Windows\system32\perfc015.dat 2015-12-20 10:54 - 2014-03-18 10:47 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-20 10:54 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-12-20 10:43 - 2015-01-12 17:01 - 00000000 ____D C:\Users\fff\AppData\LocalLow\Temp 2015-12-20 10:41 - 2014-11-27 06:11 - 00000000 ____D C:\Users\fff 2015-12-16 21:14 - 2015-07-15 19:18 - 00000000 ____D C:\Users\fff\AppData\Roaming\AIMP3 2015-12-16 18:48 - 2015-11-06 18:23 - 00000944 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-12-12 22:11 - 2014-12-01 09:41 - 00000000 ____D C:\Users\fff\AppData\Roaming\Skype 2015-11-27 19:32 - 2015-10-07 07:06 - 00751616 ___SH C:\Users\fff\Downloads\Thumbs.db 2015-11-27 13:42 - 2015-10-07 14:51 - 00990208 ___SH C:\Users\fff\Desktop\Thumbs.db 2015-11-26 19:57 - 2014-12-26 15:45 - 00000000 ____D C:\Users\fff\AppData\Roaming\Mozilla ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-11-11 19:35 - 2015-11-11 19:35 - 0005716 _____ () C:\Program Files\howto_recover_file_crfkv.html 2015-11-11 19:35 - 2015-11-11 19:35 - 0002570 _____ () C:\Program Files\howto_recover_file_crfkv.txt 2015-11-11 19:34 - 2015-11-11 19:34 - 0005716 _____ () C:\Program Files\Common Files\howto_recover_file_crfkv.html 2015-11-11 19:34 - 2015-11-11 19:34 - 0002570 _____ () C:\Program Files\Common Files\howto_recover_file_crfkv.txt 2015-11-11 19:47 - 2015-11-11 19:47 - 0005716 _____ () C:\Users\fff\AppData\Roaming\Microsoft\howto_recover_file_crfkv.html 2015-11-11 19:47 - 2015-11-11 19:47 - 0002570 _____ () C:\Users\fff\AppData\Roaming\Microsoft\howto_recover_file_crfkv.txt 2015-11-12 20:27 - 2015-11-12 20:27 - 0005716 _____ () C:\Users\fff\AppData\Roaming\Microsoft\howto_recover_file_feioy.html 2015-11-12 20:27 - 2015-11-12 20:27 - 0002570 _____ () C:\Users\fff\AppData\Roaming\Microsoft\howto_recover_file_feioy.txt 2015-11-11 19:36 - 2015-11-11 19:36 - 0005716 _____ () C:\ProgramData\howto_recover_file_crfkv.html 2015-11-11 19:36 - 2015-11-11 19:36 - 0002570 _____ () C:\ProgramData\howto_recover_file_crfkv.txt 2015-11-12 20:17 - 2015-11-12 20:17 - 0005716 _____ () C:\ProgramData\howto_recover_file_feioy.html 2015-11-12 20:17 - 2015-11-12 20:17 - 0002570 _____ () C:\ProgramData\howto_recover_file_feioy.txt 2015-03-12 17:43 - 2014-10-29 02:52 - 0078848 ___SH () C:\ProgramData\msuhqbqc.exe Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\msuhqbqc.exe Niektóre pliki w TEMP: ==================== C:\Users\fff\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll [2015-03-12 17:49] - [2015-03-12 17:49] - 0498688 ____A (Microsoft Corporation) FCCFE68BC69954111293AD556B240675 C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo safeboot: Minimalbootmenupolicy Standard bootstatuspolicy IgnoreAllFailures detecthal Yes => Ustawiony trwały rozruch w Trybie awaryjnym <===== UWAGA LastRegBack: 2015-12-12 13:40 ==================== Koniec FRST.txt ============================