Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:18-04-2016 Uruchomiony przez Szymon (2016-04-24 13:32:28) Run:1 Uruchomiony z D:\Użytkownicy\Szymon\Desktop\frst Załadowane profile: Szymon (Dostępne profile: Szymon) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: CMD: fltmc detach bsdriver c: bsdriver S2 Dhrelrer; "C:\Users\Szymon\AppData\Roaming\Rikfootov\Rikfootov.exe" -cms [X] S2 Eruvwee; "C:\Users\Szymon\AppData\Roaming\LaexuGegobog\Reloace.exe" -cms [X] S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe /s GoogleChromeUpSvc /uid:51490 /local:br [X] R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2016-04-22] () R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [80768 2016-04-13] (Huorong Borui (Beijing) Technology Co., Ltd.) U3 idsvc; Brak ImagePath HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe HKU\S-1-5-21-4276424981-2713209067-288409091-1000\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" Task: {05C3600C-40EC-4E63-9A5F-2105F98D9B7C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {06F04607-BEF3-49C1-8CEC-D28E2865CBEE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {17CE9C82-49AF-4C53-AD91-69E85D5D3B5F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {315CC409-90DB-4AAB-940A-055383D449CD} - System32\Tasks\Uwewbiut => C:\PROGRA~1\Kajajugt\Eiomu.bat <==== UWAGA Task: {375AB520-D0BD-4F25-8066-0D276CCE3B1B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {38ACE4A9-F5C4-4F2D-BBA7-77CE0D4A2C13} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {47C8E20E-722F-4192-B6CC-CAE54108152F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {4BA4A0DB-FC09-4A23-A51E-DF348FC06427} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {533D014E-7401-45B0-AFCF-B4745737BAF4} - System32\Tasks\{09B6534A-E643-43AA-8FC4-53515065EFFB} => pcalua.exe -a C:\Users\Szymon\Desktop\lan.exe -d C:\Users\Szymon\Desktop Task: {53EEFA49-BDEA-4B34-8EA9-16035B9559AD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {6AD6E28B-DEE8-4F9C-A812-C94EBE95C5FE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {70DAA573-D6D9-4085-978B-526796BE8BF0} - System32\Tasks\{24698712-5384-45EA-B144-B7B90FFE497F} => pcalua.exe -a "C:\Program Files (x86)\CleanBrowser\uninstall.exe" -c /uninstall Task: {76694CB5-F0BE-4A30-A2DA-0CED42C4B3C4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {77F0CA31-1D3F-4B21-9724-62005C21BE02} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {7AE0A934-88EF-4BAE-9FFD-1EDAD36BCFF7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {7C642C6E-875A-41A6-A06B-B88C11C6E328} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {7E989495-7D7F-4DCC-94F9-15868417E469} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {820A1FEC-645D-4F32-9770-5779725ED0D4} - System32\Tasks\{4F06C048-A53C-4368-8C98-A1A003A76C1D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\QuoLex\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\QuoLex\uninstall.dat" -a uninstallme 858994B3-EC67-4B59-A854-860E92ED4256 DeviceId=d0601d40-484b-6a4c-1bb7-9b55d2e076ef BarcodeId=51129011 ChannelId=11 DistributerName=APSFSWAds Task: {8D312885-289B-4A98-A0A6-81DD3BC27FD8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {8EA848ED-229A-4F56-BC52-0E0CCD64845C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {8EF30688-F407-4FCA-9A53-CD9F276456C8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {B8EDD047-1D5C-4FF8-81A4-88A482C0BEFA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {BE72A21A-3886-4D8D-AA6E-F14415F58F31} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {E4AE84F3-6EEF-44AB-922B-6E44A3605B75} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {F3FA61AE-D7B8-4235-A979-445BA9E3095F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {F4A227C4-73BA-4C28-AD53-3F2061D5B5EE} - System32\Tasks\Redywo => C:\PROGRA~1\Ekeh\Uosietta.bat <==== UWAGA ShortcutWithArgument: C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Users\Szymon\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1461330738&a=1053638&src=sh&uuid=c332399b-d8a0-4ac9-b89e-fdbfe0b0dab8" ShortcutWithArgument: C:\Users\Szymon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\Szymon\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Szymon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome — skrót .lnk -> C:\Users\Szymon\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Szymon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838 HKU\S-1-5-21-4276424981-2713209067-288409091-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptCda34oDH3J6AA-hDRarDB3CVACuk0KVb1jT58tvXgYoxdmZM7aofMJRFp81ohoFw6j3CdQy7XOvnL6109Zhn43SbDXQ9MCKEAA08Yr734ywKfUil5tRy9cZ0O70ZM5FFOtBvkdPdscp8KN7CEKdvkFChK2zL&q={searchTerms} HKU\S-1-5-21-4276424981-2713209067-288409091-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838 HKU\S-1-5-21-4276424981-2713209067-288409091-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptCda34oDH3J6AA-hDRarDB3CVACuk0KVb1jT58tvXgYoxdmZM7aofMJRFp81ohoFw6j3CdQy7XOvnL6109Zhn43SbDXQ9MCKEAA08Yr734ywKfUil5tRy9cZ0O70ZM5FFOtBvkdPdscp8KN7CEKdvkFChK2zL&q={searchTerms} HKU\S-1-5-21-4276424981-2713209067-288409091-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptCda34oDH3J6AA-hDRarDB3CVACuk0KVb1jT58tvXgYoxdmZM7aofMJRFp81ohoFw6j3CdQy7XOvnL6109Zhn43SbDXQ9MCKEAA08Yr734ywKfUil5tRy9cZ0O70ZM5FFOtBvkdPdscp8KN7CEKdvkFChK2zL&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptCda34oDH3J6AA-hDRarDB3CVACuk0KVb1jT58tvXgYoxdmZM7aofMJRFp81ohoFw6j3CdQy7XOvnL6109Zhn43SbDXQ9MCKEAA08Yr734ywKfUil5tRy9cZ0O70ZM5FFOtBvkdPdscp8KN7CEKdvkFChK2zL&q={searchTerms} SearchScopes: HKU\S-1-5-21-4276424981-2713209067-288409091-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptCda34oDH3J6AA-hDRarDB3CVACuk0KVb1jT58tvXgYoxdmZM7aofMJRFp81ohoFw6j3CdQy7XOvnL6109Zhn43SbDXQ9MCKEAA08Yr734ywKfUil5tRy9cZ0O70ZM5FFOtBvkdPdscp8KN7CEKdvkFChK2zL&q={searchTerms} SearchScopes: HKU\S-1-5-21-4276424981-2713209067-288409091-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptCda34oDH3J6AA-hDRarDB3CVACuk0KVb1jT58tvXgYoxdmZM7aofMJRFp81ohoFw6j3CdQy7XOvnL6109Zhn43SbDXQ9MCKEAA08Yr734ywKfUil5tRy9cZ0O70ZM5FFOtBvkdPdscp8KN7CEKdvkFChK2zL&q={searchTerms} BHO-x32: Cash Kitten -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> Brak pliku CHR HomePage: Default -> search.mpc.am DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center C:\Program Files (x86)\badu C:\Program Files (x86)\osTip C:\Program Files (x86)\UCBrowser C:\ProgramData\hp.exe C:\ProgramData\webad.xml C:\ProgramData\AVG C:\ProgramData\Holdtams C:\ProgramData\Thunder Network C:\ProgramData\Windows Update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madVR.lnk C:\uninst C:\Users\Public\Thunder Network C:\Users\Szymon\AppData\Local\app C:\Users\Szymon\AppData\Local\Avg C:\Users\Szymon\AppData\Local\Tempfolder C:\Users\Szymon\AppData\Local\UCBrowser C:\Users\Szymon\AppData\Local\Yeaplayer C:\Users\Szymon\AppData\LocalLow\Company C:\Users\Szymon\AppData\Roaming\*.* C:\Users\Szymon\AppData\Roaming\gplyra C:\Users\Szymon\AppData\Roaming\LaexuGegobog C:\Users\Szymon\AppData\Roaming\Macromedia C:\Users\Szymon\AppData\Roaming\MCorp C:\Users\Szymon\AppData\Roaming\Rikfootov C:\Users\Szymon\AppData\Roaming\Tueasjey C:\Users\Szymon\AppData\Roaming\UPUpdata C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC??? C:\Windows\ehome C:\WINDOWS\system32\fufj C:\WINDOWS\system32\ire C:\WINDOWS\system32\jevy C:\WINDOWS\system32\kam C:\WINDOWS\system32\kin C:\WINDOWS\system32\kokd C:\WINDOWS\system32\lew C:\WINDOWS\system32\pyau C:\WINDOWS\system32\sisx C:\WINDOWS\system32\sok C:\WINDOWS\system32\sow C:\WINDOWS\system32\tew C:\WINDOWS\system32\ubav C:\WINDOWS\system32\zitk C:\WINDOWS\system32\Drivers\bsdriver.sys C:\WINDOWS\system32\Drivers\cherimoya.sys C:\WINDOWS\system32\Drivers\ucguard.sys C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys C:\WINDOWS\system32\Drivers\etc\hp.bak C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center CMD: ipconfig /flushdns CMD: netsh advfirewall reset Hosts: RemoveProxy: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. ========= fltmc detach bsdriver c: bsdriver ========= ========= Koniec CMD: ========= Dhrelrer => serwis pomyślnie usunięto Eruvwee => serwis pomyślnie usunięto GoogleChromeUpSvc => serwis pomyślnie usunięto bsdriver => Nie można zatrzymać usługi.