Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 31-08-2016 Uruchomiony przez Stefan (08-09-2016 20:15:46) Run:3 Uruchomiony z C:\Users\Stefan\Desktop Załadowane profile: Stefan (Dostępne profile: Stefan) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: (Microsoft Corporation) C:\Windows\explorer.exe ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2016-09-08] () ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => Brak pliku ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2016-09-07] () ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll [2016-09-07] () Winlogon\Notify\txtpass: C:\Users\Stefan\AppData\Local\txtpass.dll [2016-09-08] () HKU\S-1-5-21-2469171809-464102732-1853336734-1001\...\Run: [msiql] => C:\Users\Stefan\AppData\Local\Temp\msiql.exe /RUNNING <===== UWAGA HKU\S-1-5-21-2469171809-464102732-1853336734-1001\...\Run: [Iwfbsoft] => C:\Users\Stefan\AppData\Local\Iwfbsoft\tmp548B.exe [155309 2016-09-08] () HKU\S-1-5-21-2469171809-464102732-1853336734-1001\...\Run: [Uwwlmedia] => regsvr32.exe C:\Users\Stefan\AppData\Local\Uwwlmedia\trkgyqww.dll <===== UWAGA HKU\S-1-5-21-2469171809-464102732-1853336734-1001\...\Run: [Igklsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Stefan\AppData\Local\Iwfbsoft\lpjjiqtv.dll HKU\S-1-5-21-2469171809-464102732-1853336734-1001\...\Run: [txtpass] => C:\Users\Stefan\AppData\Local\txtpass.dll [41472 2016-09-08] () <===== UWAGA HKU\S-1-5-21-2469171809-464102732-1853336734-1001\...\Policies\Explorer: [RestrictRun] 0 HKLM\...\Policies\Explorer: [RestrictRun] 0 R2 jinyvymuzbt; C:\Program Files (x86)\30393644-1473274685-3043-3041-363831314531\kns9024.tmp [439296 2016-09-08] () [Brak podpisu cyfrowego] R2 bebomiquzbt; C:\Program Files (x86)\30393644-1473333862-3043-3041-363831314531\knsjED95.tmpfs [X] R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== UWAGA S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] NETSVCx32: HpSvc -> Brak ścieżki do pliku. Task: {00083533-60EC-4C15-BA52-EFA455DC414E} - System32\Tasks\{5DC0F6A7-3172-4D09-A1E0-14D850336455} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe" Task: {3CA2C85C-5810-4CF0-B93B-62DA0ACAA9F5} - System32\Tasks\UnregisterNonABICompliantCodeRange => C:\PROGRA~2\8js1E8B\i0o1E8B.bat <==== UWAGA Task: {5AF3E7FB-C40A-4373-A8D5-F2CE44FFE6DC} - System32\Tasks\Drogoghtsocerse Helper => C:\Program Files (x86)\Woctioncogesh\DrgHelperKlc.exe Task: {5F2B5512-FA12-44B2-9EF3-265F22FD5179} - System32\Tasks\{9D940323-563F-4E1C-9180-680B6CF4C100} => pcalua.exe -a "C:\Program Files (x86)\EasyHotspot\uninstaller.exe" Task: {7E55B478-CC77-4672-BAC1-B1ACD22319D9} - System32\Tasks\KuaiZip_Update => C:\Program Files\żěŃą\X86\Update.exe [2016-09-07] (Shanghai Guangle Network Technology Ltd ) <==== UWAGA Task: {BDE61454-24C8-4F7F-B81C-FB2270245133} - System32\Tasks\{42EF222B-6DE4-40BF-9D91-F141719A754B} => pcalua.exe -a "C:\Program Files (x86)\MPC Cleaner\Uninstall.exe" -c /xuninstall Task: {F266B8A1-FFF9-4640-92BE-5EE2781C175B} - System32\Tasks\{C54ED715-26DF-4DDF-A85E-43143223D61F} => pcalua.exe -a "C:\Program Files\SpaceSoundPro\uninstaller.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA ShortcutWithArgument: C:\Users\Stefan\Desktop\Skróty\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g97zamobl2140bu,1adabb25-6e16-4bd3-b316-b5c3449df784, ShortcutWithArgument: C:\Users\Stefan\Desktop\Dysk D\SAMSUNG\sol\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g97zamobl2140bu,1adabb25-6e16-4bd3-b316-b5c3449df784, ShortcutWithArgument: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g97zamobl2140bu,1adabb25-6e16-4bd3-b316-b5c3449df784, ShortcutWithArgument: C:\Users\Stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Stefan\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Stefan\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Stefan\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\S-1-5-21-2469171809-464102732-1853336734-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = DeleteKey: HKCU\Software\Google\Chrome\Extensions DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f CMD: ipconfig /flushdns CMD: netsh advfirewall reset CMD: regsvr32 /u /s "C:\Program Files\żěŃą\X64\KZipShell.dll" CMD: regsvr32 /u /s "C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll" CMD: regsvr32 /u /s "C:\Program Files (x86)\LuDaShi\ComputerZ7_x64.dll" C:\Program Files\SpaceSoundPro C:\Program Files\ZipTool C:\Program Files\żěŃą D:\Program Files\MS.Default C:\Program Files (x86)\30393644-1473274685-3043-3041-363831314531 C:\Program Files (x86)\30393644-1473333862-3043-3041-363831314531 C:\Program Files (x86)\GreatMaker C:\Program Files (x86)\KuaiZip C:\Program Files (x86)\LDSGameCenter C:\Program Files (x86)\LuDaShi C:\Program Files (x86)\Mozilla Firefox C:\Program Files (x86)\MPC Cleaner C:\Program Files (x86)\mpck C:\Program Files (x86)\SOEasy.3 C:\Program Files (x86)\SOEasy.4 C:\Program Files (x86)\SOEasy.5 C:\Program Files (x86)\SOEasy.6 C:\Program Files (x86)\UCBrowser C:\Program Files (x86)\WeatherChickn C:\Program Files (x86)\Woctioncogesh C:\ProgramData\ArcSoft C:\ProgramData\AVG C:\ProgramData\Avira C:\ProgramData\AVAST Software C:\ProgramData\cosun C:\ProgramData\Mozilla C:\ProgramData\Microsoft\Performance C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compress C:\uninst C:\Users\Stefan\AppData\Local\txtpass.dll C:\Users\Stefan\AppData\Local\30393644-1473281992-3043-3041-363831314531 C:\Users\Stefan\AppData\Local\app C:\Users\Stefan\AppData\Local\Apps\2.0\abril.exe C:\Users\Stefan\AppData\Local\ArcSoft C:\Users\Stefan\AppData\Local\Iwfbsoft C:\Users\Stefan\AppData\Local\jervitheranaqientviriied C:\Users\Stefan\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk C:\Users\Stefan\AppData\Local\Mozilla C:\Users\Stefan\AppData\Local\Poker at bet365 C:\Users\Stefan\AppData\Local\Tempfolder C:\Users\Stefan\AppData\Local\UCBrowser C:\Users\Stefan\AppData\Local\Uwwlmedia C:\Users\Stefan\AppData\Roaming\*.* C:\Users\Stefan\AppData\Roaming\ArcSoft C:\Users\Stefan\AppData\Roaming\Geunfy C:\Users\Stefan\AppData\Roaming\KuaiZip C:\Users\Stefan\AppData\Roaming\KZMount C:\Users\Stefan\AppData\Roaming\Ludashi C:\Users\Stefan\AppData\Roaming\Mozilla C:\Users\Stefan\AppData\Roaming\Profiles C:\Users\Stefan\AppData\Roaming\Softlink C:\Users\Stefan\AppData\Roaming\VDI C:\Users\Stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MaohaWiFi.lnk C:\Users\Stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk C:\Users\Stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\UC浏览器.lnk C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\KuaiZip.lnk C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome C:\Users\Stefan\Desktop\żěŃą.lnk C:\Users\Stefan\Desktop\Arcsoft TotalMedia 3.5.7.359 keygen.zip C:\Users\Stefan\Desktop\ArcSoft TotalMedia C:\Users\Stefan\Downloads\Arcsoft_totalmedia_3_serial_key_downloader.exe C:\Users\Stefan\Downloads\ArcSoft TotalMedia.torrent C:\Users\Stefan\Downloads\TotalMedia Extreme3.gz C:\Windows\system32\bi3.exe C:\Windows\system32\Drivers\EsgScanner.sys C:\Windows\system32\Drivers\KuaiZipDrive.sys C:\Windows\system32\Drivers\KuaiZipDrive2.sys C:\Windows\system32\Drivers\ucguard.sys C:\Windows\system32\Drivers\VirtualizerDDK.sys C:\Windows\system32\sik C:\Windows\SysWOW64\Drivers\afc.sys Hosts: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. [1628] C:\Windows\explorer.exe => proces pomyślnie zamknięty. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor => klucz nie znaleziono. HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => klucz nie znaleziono. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\JzShlobj => klucz nie znaleziono. HKCR\CLSID\{7B286609-DA97-47E1-AC6B-33B8B4732C95} => klucz nie znaleziono. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => klucz nie znaleziono. HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => klucz nie znaleziono. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj2 => klucz nie znaleziono. HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => klucz nie znaleziono. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\txtpass => klucz nie znaleziono. HKU\S-1-5-21-2469171809-464102732-1853336734-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msiql => Wartość nie znaleziono. HKU\S-1-5-21-2469171809-464102732-1853336734-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Iwfbsoft => Wartość nie znaleziono. HKU\S-1-5-21-2469171809-464102732-1853336734-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Uwwlmedia => Wartość nie znaleziono. HKU\S-1-5-21-2469171809-464102732-1853336734-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Igklsoft => Wartość nie znaleziono. HKU\S-1-5-21-2469171809-464102732-1853336734-1001\Software\Microsoft\Windows\CurrentVersion\Run\\txtpass => Wartość nie znaleziono. HKU\S-1-5-21-2469171809-464102732-1853336734-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => Wartość nie znaleziono. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => Wartość nie znaleziono. jinyvymuzbt => serwis nie znaleziono. bebomiquzbt => serwis nie znaleziono.