Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:21-10-2015 Uruchomiony przez Kacper (administrator) KACPER-KOMPUTER (21-10-2015 20:07:32) Uruchomiony z D:\Downloads Załadowane profile: Kacper (Dostępne profile: Kacper) Platform: Windows 7 Ultimate (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) ==================== Rejestr (filtrowane) =========================== CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) ProxyEnable: [.DEFAULT] => Proxy [funkcja włączona] ProxyServer: [.DEFAULT] => http=127.0.0.1:51809;https=127.0.0.1:51809; Tcpip\Parameters: [DhcpNameServer] 84.208.20.110 84.208.20.111 Tcpip\..\Interfaces\{40F2F0B7-1EEE-47E5-91DF-009E53F252DE}: [NameServer] 192.168.1.1,10.0.0.1 Tcpip\..\Interfaces\{64A0A142-E826-403E-9050-F9DC4C7656AA}: [DhcpNameServer] 84.208.20.110 84.208.20.111 Tcpip\..\Interfaces\{B22D0D40-B715-449B-9DAA-16F102118409}: [NameServer] 69.147.228.58,8.8.8.8 Tcpip\..\Interfaces\{BC3ECC4D-8F1A-475C-840F-C154069D0FCC}: [DhcpNameServer] 84.208.20.110 84.208.20.111 Tcpip\..\Interfaces\{C175304C-6008-4EA9-8E45-203C1AC46F71}: [DhcpNameServer] 84.208.20.110 84.208.20.111 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2488489995-2560081317-1656668189-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/ HKU\S-1-5-21-2488489995-2560081317-1656668189-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = SearchScopes: HKLM-x32 -> DefaultScope - brak wartości SearchScopes: HKU\S-1-5-21-2488489995-2560081317-1656668189-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2488489995-2560081317-1656668189-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = SearchScopes: HKU\S-1-5-21-2488489995-2560081317-1656668189-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-05] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-05] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Kacper\AppData\Roaming\Mozilla\Firefox\Profiles\bbv8mllt.default-1445375156999 FF Homepage: www.google.pl FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] () FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] () FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [Brak pliku] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Kacper\Desktop\Mamy\Picasa3\npPicasa3.dll [Brak pliku] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [Brak pliku] FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2009-10-09] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2009-10-09] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-20] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2488489995-2560081317-1656668189-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kacper\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-12] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2488489995-2560081317-1656668189-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Brak pliku] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono Chrome: ======= CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPA94A2380-908F-4064-8803-E4021CD4D670&SSPV= CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M1514F82F-3FD3-4CF5-9F9C-6568A346E33F&SearchSource=55&CUI=&UM=5&UP=SPA94A2380-908F-4064-8803-E4021CD4D670&SSPV=","hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M1514F82F-3FD3-4CF5-9F9C-6568A346E33F&SearchSource=55&CUI=&UM=5&UP=SPA94A2380-908F-4064-8803-E4021CD4D670&SSPV=","hxxp://start.mysearchdial.com/?f=1&a=ir_14_15_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BzytA0AzztDtByDyC0AyCtN0D0Tzu0SzztAyEtN1L2XzutBtFtCzztFtBtFzztN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCyDyD0D0AtDyCzytGtAtC0B0DtGtD0EyB0CtG0EyB0FtDtGyEtAyEtA0DzzyE0FtByE0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtAtAyByD0D0FtGyDtAzzzztG0EyByEyDtGyEyEtByEtGtAyDtAyCtD0A0FyD0DyC0CtD2Q&cr=1556606026&ir=","hxxp://www.search.ask.com/?tpid=VDJ-V7&o=APN10966&pf=V7&trgb=CR&p2=%5EB2J%5EYYYYYY%5EYY%5ENO&gct=hp&apn_ptnrs=%5EB2J&apn_dtid=%5EYYYYYY%5EYY%5ENO&apn_dbr=cr_33.0.1750.154&apn_uid=D887897F-29E4-46A1-BE53-68B2387FCB07&itbv=12.10.6.4903&doi=2014-04-29&psv=","hxxp://start.mysearchdial.com/?f=1&a=ir_14_20_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0DyCyEtAyC0Dzzzz0FyDyDyC0AyCtN0D0Tzu0SzzyCyEtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyBzy0AtD0FyDyBtG0AtCyDyCtGzzyEyD0AtGyE0DtC0EtGtCyE0D0DtBtBtByDyD0EtA0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtAtAyByD0D0FtGyDtAzzzztG0EyByEyDtGyEyEtByEtGtAyDtAyCtD0A0FyD0DyC0CtD2Q&cr=672615074&ir=","hxxp://www.search.ask.com/?o=APN11459&gct=hp&d=488-210&v=n12521-375&t=4","hxxp://speedial.com/?f=1&a=spd_ir_14_25_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0DyCyEtAyC0Dzzzz0FyDyDyC0AyCtN0D0Tzu0SzytDtDtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0F0CtD0AyE0CtGyE0BtA0EtGyCtB0DyBtGtAtAtByEtGyDyD0E0D0FzytCtCyB0DyE0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtAtAyByD0D0FtGyDtAzzzztG0EyByEyDtGyEyEtByEtGtAyDtAyCtD0A0FyD0DyC0CtD2Q&cr=885616633&ir=","hxxp://Lasaoren.com/?f=7&a=lrn_ir_14_38_ff&cd=2XzuyEtN2Y1L1Qzu0CyCyE0AtDtDtB0B0Czz0CyDyDyC0AyCtN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtByC0D0F0DyC0BtG0EyEyC0AtGyE0CyDtBtGyDtDzy0EtGyCyE0C0Azz0AtAtCzyzyzyyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0CyBzyyB0FyEtG0ByE0D0FtGyE0BtC0BtG0AyD0FzztGzytCyDyBtC0FtByByDtC0EyD2Q&cr=1015743748&ir=","hxxps://www.google.pl/" CHR Profile: C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dysk Google) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20] CHR Extension: (YouTube) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20] CHR Extension: (Szukaj w Google) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-20] CHR Extension: (AdBlock) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-21] CHR Extension: (Into The Mist) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2015-10-21] CHR Extension: (Gmail) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-20] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2488489995-2560081317-1656668189-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Usługi (filtrowane) ======================== ===================== Sterowniki (filtrowane) ========================== ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-07-11 14:30 - 2014-07-11 14:30 - 0000039 _____ () C:\Users\Kacper\AppData\Roaming\TheHunterSettings_steam_live.cfg 2015-10-12 21:49 - 2015-10-12 21:49 - 0000000 _____ () C:\Users\Kacper\AppData\Local\{001FC27F-1103-4658-ACB5-561D389372A5} 2015-03-02 07:47 - 2015-03-02 07:47 - 0000000 _____ () C:\Users\Kacper\AppData\Local\{111AB8AB-4B23-482A-99B0-E160909A7C8A} 2015-01-03 20:15 - 2015-01-03 20:15 - 0000000 _____ () C:\Users\Kacper\AppData\Local\{1399B566-E9EC-4066-A914-089C08590507} 2015-03-03 09:29 - 2015-03-03 09:29 - 0000000 _____ () C:\Users\Kacper\AppData\Local\{CB8D7B5E-36DD-42E3-BAB7-122C77946953} 2015-10-14 19:54 - 2015-10-14 19:54 - 0000000 _____ () C:\Users\Kacper\AppData\Local\{FDE62299-10B0-49D8-BC55-49628A3A4848} 2015-02-01 19:06 - 2014-12-03 19:06 - 0000032 _____ () C:\ProgramData\hash.dat ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo UWAGA: ==> Nie można uzyskać dostępu do BCD. LastRegBack: 2015-10-11 02:12 ==================== Koniec FRST.txt ============================