Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:09-06-2016 Uruchomiony przez Ja (2016-06-09 21:24:06) Run:5 Uruchomiony z C:\Users\Ja\Downloads\fix Załadowane profile: Ja (Dostępne profile: Ja & UpdatusUser) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: AppInit_DLLs: C:\ProgramData\Konksolex\Ranksunlex.dll => C:\ProgramData\Konksolex\Ranksunlex.dll [363008 2016-06-05] () AppInit_DLLs-x32: C:\ProgramData\Konksolex\Fixtrax.dll => C:\ProgramData\Konksolex\Fixtrax.dll [257536 2016-06-05] () HKLM-x32\...\RunOnce: [systwin] => C:\Windows\systwin.exe [305893 2016-06-05] ( ) HKLM-x32\...\RunOnce: [AdBlock2] => [X] HKU\S-1-5-21-601893080-2870670082-4129359601-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-06-05] () [Brak podpisu cyfrowego] R2 ProntSpooler; C:\Users\Ja\AppData\Local\Apps\2.0\abril.exe [134656 2016-06-05] () [Brak podpisu cyfrowego] S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-05] () R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [80768 2016-04-25] (Huorong Borui (Beijing) Technology Co., Ltd.) S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] Task: {0752864D-3EDE-4798-AD13-740E5DCE5E56} - System32\Tasks\VirusRemover => C:\Users\Ja\AppData\Local\Temp\VirusRemover.exe [2016-06-05] ( ) <==== UWAGA Task: {119FD585-EDEF-4C52-9625-B048D4F4D1CF} - System32\Tasks\{F7AAFFFB-C7D7-479D-BF99-D9CFDBD66686} => pcalua.exe -a C:\Users\Ja\AppData\Local\Temp\Temp1_RegCleaner.zip\RegCleaner.exe Task: {7F2E7115-6E7A-47DF-B40E-FF1837E1DD9C} - System32\Tasks\{CE95EC23-332A-45BE-91B2-B23197BAE6F7} => pcalua.exe -a "C:\Users\Ja\AppData\Local\Temp\Temp1_NokiaFREE_v310_Nokia_unlock_codes_calculator (1).zip\NokiaFREE_v310_Setup.exe" Task: {7FF91FD7-47C7-488D-9998-197D0925B33A} - System32\Tasks\{052750AA-11AE-48A8-90FE-E6D2AC95B021} => pcalua.exe -a "G:\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8" -c -silent Task: {9FCD3C57-2967-4CEE-BA91-49FB50E16388} - System32\Tasks\Doroghtshejas Module => C:\Program Files (x86)\Doroghtshejas\doroghtshejasmoduletask.exe [2016-06-05] () <==== UWAGA Task: {D0F120EF-FE56-4436-A5B5-3C95985286F7} - System32\Tasks\MPC AdCleaner => C:\Program Files (x86)\MPC AdCleaner\AdCleaner.exe [2016-03-10] (DotC United Inc) <==== UWAGA Task: {DEBCE895-4980-40E3-BD86-73A05E8AEE01} - System32\Tasks\{DBA6B979-1F8A-46F3-ADF3-C68ED12032FF} => pcalua.exe -a "C:\Program Files (x86)\Hostify\uninstaller.exe" Task: {DF39A546-1661-4B70-8776-CDCFA959F6B2} - System32\Tasks\AdBlock => C:\Windows\AdBlock.exe [2016-06-04] ( ) Task: {F809FFBA-0714-49BC-8BA0-56DC9D3D59DA} - System32\Tasks\psv_Cof-Tom => /c regedit.exe /s "C:\ProgramData\Ronzap\Bluetip.reg" & del "C:\ProgramData\Ronzap\Bluetip.reg" & SCHTASKS /Delete /TN "psv_Cof-Tom" /F <==== UWAGA ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-601893080-2870670082-4129359601-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUHXRX8JzCb_5MCvt2pVkGXricavWxw9YX5xNv44zr4YRvaAjeusOwOn3Rv6fJx1uibsNukl1mOWrkUkCvew4Trl_8CsZZYZoX-PQBOZ1zLh87TJmgzo_Fy6XmTyu-Zi2qhq4SUE455yC-qUgX&q={searchTerms} HKU\S-1-5-21-601893080-2870670082-4129359601-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUHXRX8JzCb_5MCvt2pVkGXricavWxw9YX5xNv44zr4YRvaAjeusOwOn3Rv6fJx1uibsNukl1mOWrkUkCvew4Trl_8CsZZYZoX-PQBOZ1zLh87TJmgzo_Fy6XmTyu-Zi2qhq4SUE455yC-qUgX&q={searchTerms} HKU\S-1-5-21-601893080-2870670082-4129359601-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUHXRX8JzCb_5MCvt2pVkGXricavWxw9YX5xNv44zr4YRvaAjeusOwOn3Rv6fJx1uibsNukl1mOWrkUkCvew4Trl_8CsZZYZoX-PQBOZ1zLh87TJmgzo_Fy6XmTyu-Zi2qhq4SUE455yC-qUgX&q={searchTerms} SearchScopes: HKLM -> DefaultScope {F154C596-75A9-4028-90E8-9752BD7CA05B} URL = SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUHXRX8JzCb_5MCvt2pVkGXricavWxw9YX5xNv44zr4YRvaAjeusOwOn3Rv6fJx1uibsNukl1mOWrkUkCvew4Trl_8CsZZYZoX-PQBOZ1zLh87TJmgzo_Fy6XmTyu-Zi2qhq4SUE455yC-qUgX&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-601893080-2870670082-4129359601-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchab.com/?aff=7&uid=99d00908-6ded-11e2-9e49-b870f4e84ff6&q={searchTerms} SearchScopes: HKU\S-1-5-21-601893080-2870670082-4129359601-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=92DA9439E502445D&affID=119357&tsp=4986 SearchScopes: HKU\S-1-5-21-601893080-2870670082-4129359601-1000 -> {11E6CFD8-21BC-40A7-84CB-DEF708E0614E} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-601893080-2870670082-4129359601-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUHXRX8JzCb_5MCvt2pVkGXricavWxw9YX5xNv44zr4YRvaAjeusOwOn3Rv6fJx1uibsNukl1mOWrkUkCvew4Trl_8CsZZYZoX-PQBOZ1zLh87TJmgzo_Fy6XmTyu-Zi2qhq4SUE455yC-qUgX&q={searchTerms} HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Program Files (x86)\8E5BBBB9-1465107894-E011-9617-B870F4E84FF6 C:\Program Files (x86)\Doroghtshejas C:\Program Files (x86)\Mozilla Firefox C:\Program Files (x86)\MPC AdCleaner C:\Program Files (x86)\MPC Cleaner C:\ProgramData\CloudPrinter C:\ProgramData\Konksolex C:\ProgramData\Konksolexs C:\ProgramData\Logic Handler C:\ProgramData\Mozilla C:\ProgramData\Ronzaps C:\ProgramData\UniqueId C:\ProgramData\VsTelemetry C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2+2 v.2.1a C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Kiosk Reader C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HideIPVPN C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NokiaFREE Calculator C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\SWTOR Customer Support.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View License.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View Readme.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mForex Trader\Pomoc mForex Trader.lnk C:\Users\Ja\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 C:\Users\Ja\AppData\Local\csdi_monetize_120160604 C:\Users\Ja\AppData\Local\Host Service C:\Users\Ja\AppData\Local\UCBrowser C:\Users\Ja\AppData\Local\Apps\2.0\abril.exe C:\Users\Ja\AppData\Local\Mozilla C:\Users\Ja\AppData\Roaming\*.* C:\Users\Ja\AppData\Roaming\az0hU C:\Users\Ja\AppData\Roaming\cpuminer C:\Users\Ja\AppData\Roaming\gplyra C:\Users\Ja\AppData\Roaming\MCorp C:\Users\Ja\AppData\Roaming\Media-Assistant C:\Users\Ja\AppData\Roaming\Mozilla C:\Users\Ja\AppData\Roaming\USvbT C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASHER C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 C:\Users\Ja\Desktop\MPC AdCleaner.lnk C:\Users\Ja\Downloads\SpyHunter-Installer.exe C:\Users\UpdatusUser\Desktop\*.lnk C:\Windows\AdBlock.exe C:\Windows\systwin.exe C:\Windows\System32\Drivers\EsgScanner.sys C:\Windows\System32\Drivers\ucguard.sys C:\Windows\SysWOW64\Number of results CMD: netsh advfirewall reset Hosts: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "C:\ProgramData\Konksolex\Ranksunlex.dll" => Dane wartości nie znaleziono. "C:\ProgramData\Konksolex\Fixtrax.dll" => Dane wartości nie znaleziono. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\systwin => Wartość nie znaleziono. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AdBlock2 => Wartość pomyślnie usunięto HKU\S-1-5-21-601893080-2870670082-4129359601-1000\Control Panel\Desktop\\SCRNSAVE.EXE => Wartość nie znaleziono. backlh => serwis nie znaleziono. ProntSpooler => serwis nie znaleziono. EsgScanner => serwis nie znaleziono.