Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-07-2016 01 Ran by LG (administrator) on LG-PC (11-07-2016 22:02:33) Running from C:\Users\LG\Desktop\JAROSLAW Loaded Profiles: LG (Available Profiles: LG) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: "C:\Program Files\Light\light.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Qihu Software Co. Limited) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1473656 2015-10-29] (QIHU 360 SOFTWARE CO. LIMITED) HKU\S-1-5-21-2271161697-3436941167-2169526998-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{3DE1CBF9-225F-4896-947C-2EB3439ED76B}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{E4EA9FD8-DD2B-42E9-97E2-5A7F5F855AD1}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2271161697-3436941167-2169526998-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ FireFox: ======== FF ProfilePath: C:\Users\LG\AppData\Roaming\Profiles\5fjs1l5u.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-30] () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\LG\AppData\Roaming\Profiles\5fjs1l5u.default\user.js [2016-07-06] FF SearchPlugin: C:\Users\LG\AppData\Roaming\Profiles\5fjs1l5u.default\searchplugins\u9to087w.xml [2016-07-06] FF Extension: Quick Locale Switcher - C:\Users\LG\AppData\Roaming\Profiles\5fjs1l5u.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi [2016-07-01] FF Extension: Quick Locale Switcher - C:\Users\LG\AppData\Roaming\Mozilla\Firefox\Profiles\p80yf1wn.default\Extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi [2016-07-01] FF Extension: GsearchFinder - C:\Users\LG\AppData\Roaming\Profiles\5fjs1l5u.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-07-06] FF HKLM\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files\360\Total Security\safemon\webprotection_firefox FF Extension: 360 Internet Protection - C:\Program Files\360\Total Security\safemon\webprotection_firefox [2016-07-07] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [863864 2015-10-29] (QIHU 360 SOFTWARE CO. LIMITED) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-01-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [121936 2015-10-29] (360.cn) R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [66128 2015-10-29] (360.cn) R1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [203856 2015-10-29] (360.cn) R1 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2015-10-29] (360.cn) R1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [179024 2015-10-29] (360安全中心) R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [174672 2015-10-29] (360.cn) R0 DsArk; C:\Windows\system32\Drivers\DsArk.sys [109136 2015-10-29] (360.cn) R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23248 2015-10-29] (360.cn) R0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [60112 2015-10-29] (360安全中心) R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [293840 2015-10-29] (360.cn) R1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [53960 2015-10-29] (360.cn) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-11 21:55 - 2016-07-11 21:55 - 00000000 ____D C:\Users\LG\AppData\Roaming\Light 2016-07-11 21:55 - 2016-07-11 21:55 - 00000000 ____D C:\Users\LG\AppData\Local\Light 2016-07-11 21:49 - 2015-06-07 01:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2016-07-11 21:49 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2016-07-11 21:47 - 2016-07-11 21:47 - 00000000 ____D C:\ProgramData\Package Cache 2016-07-08 22:53 - 2016-07-11 22:02 - 00000000 ____D C:\FRST 2016-07-08 22:49 - 2016-07-08 22:49 - 00267480 _____ C:\Windows\system32\FNTCACHE.DAT 2016-07-08 22:43 - 2016-07-08 22:47 - 00000000 ____D C:\AdwCleaner 2016-07-08 22:41 - 2016-07-11 22:02 - 00000000 ____D C:\Users\LG\Desktop\JAROSLAW 2016-07-08 04:37 - 2015-10-29 12:29 - 00109136 _____ (360.cn) C:\Windows\system32\Drivers\DsArk.sys 2016-07-07 23:56 - 2016-07-07 23:56 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-07-07 23:56 - 2016-07-07 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-07-07 23:56 - 2016-07-07 23:56 - 00000000 ____D C:\Program Files\CCleaner 2016-07-07 22:59 - 2016-07-08 04:39 - 00000000 __SHD C:\$360Section 2016-07-07 21:51 - 2016-07-07 22:01 - 00000000 _RSHD C:\360SANDBOX 2016-07-07 21:51 - 2015-10-29 12:29 - 00053960 _____ (360.cn) C:\Windows\system32\Drivers\qutmipc.sys 2016-07-07 21:47 - 2016-07-08 22:59 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Light.lnk 2016-07-07 21:47 - 2016-07-08 22:59 - 00000000 ____D C:\Program Files\Light 2016-07-07 20:54 - 2016-07-08 04:39 - 00000000 __SHD C:\ProgramData\360Quarant 2016-07-07 20:48 - 2016-07-11 21:53 - 00000000 ____D C:\Users\LG\AppData\LocalLow\360WD 2016-07-07 20:48 - 2016-07-07 21:53 - 00000000 ____D C:\Users\LG\AppData\Roaming\360safe 2016-07-07 20:48 - 2016-07-07 21:52 - 00000000 ____D C:\ProgramData\360safe 2016-07-07 20:48 - 2016-07-07 20:48 - 00000000 ____D C:\Windows\Tasks\360Disabled 2016-07-07 20:48 - 2016-07-07 20:48 - 00000000 ____D C:\Users\LG\AppData\Roaming\360TotalSecurity 2016-07-07 20:48 - 2016-07-07 20:48 - 00000000 ____D C:\ProgramData\360TotalSecurity 2016-07-07 20:47 - 2016-07-07 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center 2016-07-07 20:47 - 2016-07-07 20:47 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-07 20:47 - 2016-07-07 20:47 - 00000000 ____D C:\Program Files\360 2016-07-07 20:47 - 2015-10-29 12:29 - 00293840 _____ (360.cn) C:\Windows\system32\Drivers\qutmdrv.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00203856 _____ (360.cn) C:\Windows\system32\Drivers\360Box.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00179024 _____ (360安全中心) C:\Windows\system32\Drivers\360SelfProtection.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00174672 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV.SYS 2016-07-07 20:47 - 2015-10-29 12:29 - 00121936 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00066128 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00060112 _____ (360安全中心) C:\Windows\system32\Drivers\hookport.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00034888 _____ (360.cn) C:\Windows\system32\Drivers\360Camera.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00023248 _____ (360.cn) C:\Windows\system32\Drivers\efimon.sys 2016-07-07 20:13 - 2016-07-07 20:13 - 00000000 ____D C:\Users\LG\Desktop\Muza 2016-07-07 20:12 - 2016-07-07 20:13 - 00000000 ____D C:\Users\LG\Desktop\Pics 2016-07-06 22:15 - 2016-07-07 14:56 - 00000000 ____D C:\Users\LG\Doctor Web 2016-07-06 18:50 - 2016-07-06 18:50 - 00000000 __RSH C:\MSDOS.SYS 2016-07-06 18:50 - 2016-07-06 18:50 - 00000000 __RSH C:\IO.SYS 2016-07-06 18:49 - 2016-07-08 04:37 - 00000000 ____D C:\Users\LG\AppData\Local\Apps\2.0 2016-06-30 21:22 - 2016-06-30 21:22 - 00000000 ___RD C:\Users\LG\Documents\Notes ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-11 22:00 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-11 22:00 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-11 21:55 - 2015-03-14 15:03 - 00000000 ____D C:\Users\LG\AppData\Roaming\Skype 2016-07-11 21:53 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-11 21:51 - 2015-03-14 12:26 - 00000000 ____D C:\Users\LG 2016-07-11 21:47 - 2015-03-15 13:54 - 00739916 _____ C:\Windows\system32\perfh015.dat 2016-07-11 21:47 - 2015-03-15 13:54 - 00155458 _____ C:\Windows\system32\perfc015.dat 2016-07-11 21:47 - 2014-01-13 23:47 - 00736844 _____ C:\Windows\system32\perfh00A.dat 2016-07-11 21:47 - 2014-01-13 23:47 - 00157926 _____ C:\Windows\system32\perfc00A.dat 2016-07-11 21:47 - 2014-01-13 23:46 - 00731434 _____ C:\Windows\system32\perfh010.dat 2016-07-11 21:47 - 2014-01-13 23:46 - 00146298 _____ C:\Windows\system32\perfc010.dat 2016-07-11 21:47 - 2014-01-13 23:44 - 00688596 _____ C:\Windows\system32\perfh007.dat 2016-07-11 21:47 - 2014-01-13 23:44 - 00148568 _____ C:\Windows\system32\perfc007.dat 2016-07-11 21:47 - 2014-01-13 23:43 - 00737104 _____ C:\Windows\system32\perfh00C.dat 2016-07-11 21:47 - 2014-01-13 23:43 - 00149032 _____ C:\Windows\system32\perfc00C.dat 2016-07-11 21:47 - 2014-01-13 23:41 - 00705268 _____ C:\Windows\system32\prfh0416.dat 2016-07-11 21:47 - 2014-01-13 23:41 - 00147108 _____ C:\Windows\system32\prfc0416.dat 2016-07-11 21:47 - 2010-11-20 23:01 - 06015696 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-11 21:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf 2016-07-08 23:35 - 2016-01-16 16:57 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-08 22:33 - 2014-01-14 09:20 - 00000000 ____D C:\Windows\Panther 2016-07-08 22:21 - 2009-07-14 06:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-07-08 04:39 - 2015-03-14 12:26 - 00000992 _____ C:\Users\LG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-07-07 22:59 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-07-07 20:05 - 2015-03-14 14:49 - 00000000 ____D C:\Users\LG\AppData\Roaming\Notepad++ 2016-07-01 06:45 - 2016-01-08 18:06 - 00000000 ___RD C:\Program Files\Skype 2016-07-01 06:45 - 2015-03-14 14:50 - 00000000 ____D C:\ProgramData\Skype 2016-06-30 21:35 - 2016-01-16 16:57 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-06-30 21:35 - 2016-01-16 16:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-01 07:11 ==================== End of FRST.txt ============================