Witam serdecznie! Bardzo proszę o pomoc w usunięci Dynamo Combo. Mam ten syf na dwóch komputerach. Zrobiłam już logi, dodaję w załącznikach i bardzo proszę o informacje , co dalej. Z góry dzięki!!
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Ania (administrator) on ANIA-KOMPUTER on 17-02-2015 14:28:22
Running from C:\Users\Ania\Desktop
Loaded Profiles: Ania (Available profiles: Ania)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polski (Polska)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(ABBYY Production LLC) C:\Program Files\ABBYY PDF Transformer+\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SearchProtect) C:\Program Files\XTab\CmdShell.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Ania\AppData\Roaming\Dropbox\bin\Dropbox.exe
(XTab system) C:\Program Files\XTab\HPNotify.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
() C:\Program Files\Opera\27.0.1689.69\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
() C:\Program Files\Solution Real\updateSolutionReal.exe
() C:\Program Files\Solution Real\bin\utilSolutionReal.exe
() C:\Program Files\Solution Real\bin\SolutionReal.expext.exe
() C:\Program Files\Solution Real\bin\SolutionReal.PurBrowse.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
() C:\Program Files\Solution Real\bin\SolutionReal.BOASHelper.exe
() C:\Program Files\Solution Real\bin\SolutionReal.BrowserAdapter.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.69\opera.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BCSSync] = & gt; C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] = & gt; C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [vProt] = & gt; C:\Program Files\AVG Secure Search\vprot.exe [1046984 2013-01-11] ()
HKLM\...\Run: [AvastUI.exe] = & gt; C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] = & gt; C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-1606769842-2728666525-136106045-1000\...\MountPoints2: {3b46dca1-74c0-11e4-b4fc-0025644b71ae} - G:\Startme.exe
HKU\S-1-5-21-1606769842-2728666525-136106045-1000\...\MountPoints2: {6296fa8d-fd0d-11e2-b891-0025644b71ae} - F:\Autorun.exe
Startup: C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk - & gt; C:\Users\Ania\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected & lt; ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction & lt; ======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp & q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp & q={searchTerms}
HKU\S-1-5-21-1606769842-2728666525-136106045-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
SearchScopes: HKU\S-1-5-21-1606769842-2728666525-136106045-1000 - & gt; DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp & q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606769842-2728666525-136106045-1000 - & gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b & utm_medium=cor & utm_campaign=install_ie & utm_content=ds & from=cor & uid=WDCXWD3200BEVT-75ZCT2_WD-WX50A796881268812 & ts=1422613733 & type=default & q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606769842-2728666525-136106045-1000 - & gt; {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b & utm_medium=cor & utm_campaign=install_ie & utm_content=ds & from=cor & uid=WDCXWD3200BEVT-75ZCT2_WD-WX50A796881268812 & ts=1422613733 & type=default & q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606769842-2728666525-136106045-1000 - & gt; {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp & q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606769842-2728666525-136106045-1000 - & gt; {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = http://isearch.omiga-plus.com/web/?utm_source=b & utm_medium=cor & utm_campaign=install_ie & utm_content=ds & from=cor & uid=WDCXWD3200BEVT-75ZCT2_WD-WX50A796881268812 & ts=1422613733 & type=default & q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606769842-2728666525-136106045-1000 - & gt; {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.omiga-plus.com/web/?utm_source=b & utm_medium=cor & utm_campaign=install_ie & utm_content=ds & from=cor & uid=WDCXWD3200BEVT-75ZCT2_WD-WX50A796881268812 & ts=1422613733 & type=default & q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606769842-2728666525-136106045-1000 - & gt; {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b & utm_medium=cor & utm_campaign=install_ie & utm_content=ds & from=cor & uid=WDCXWD3200BEVT-75ZCT2_WD-WX50A796881268812 & ts=1422613733 & type=default & q={searchTerms}
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO: AVG Security Toolbar - & gt; {95B7759C-8C7F-4BF1-B163-73684A933233} - & gt; C:\Program Files\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll No File
BHO: Skype Click to Call for Internet Explorer - & gt; {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - & gt; C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll ()
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 109.196.112.130
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b & utm_medium=cor & utm_campaign=rg & utm_content=sc & from=cor & uid=WDCXWD3200BEVT-75ZCT2_WD-WX50A796881268812 & ts=1384179878
FireFox:
========
FF ProfilePath: C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\n2mct6kq.default
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Homepage: ?type=hppp
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - & gt; C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - & gt; C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll (AVG Technologies)
FF Plugin: @cuminas.jp/DjVuPlugin - & gt; C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll (Cuminas Corporation)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - & gt; C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - & gt; C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - & gt; disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - & gt; C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - & gt; C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - & gt; C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! = & gt; C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\n2mct6kq.default\user.js
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\n2mct6kq.default\Extensions\pavel.sherbakov@gmail.com [2015-01-30]
FF Extension: DownloadHelper - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\n2mct6kq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-16]
FF Extension: Solution Real 1.0.1 - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\n2mct6kq.default\Extensions\{371bcf01-e691-44bf-9345-60788e5d16a5}.xpi [2015-01-30]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\13.3.0.17
FF Extension: No Name - C:\ProgramData\AVG Secure Search\FireFoxExt\13.3.0.17 [2013-01-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-20]
FF Extension: No Name - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\n2mct6kq.default\extensions\fftoolbar2014@etech.com [Not Found]
FF Extension: No Name - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\n2mct6kq.default\extensions\faststartff@gmail.com [Not Found]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Profile: C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dysk Google) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-09]
CHR Extension: (YouTube) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-09]
CHR Extension: (Szukaj w Google) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-09]
CHR Extension: (Gmail) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-09]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\13.3.0.17\avg.crx [Not Found]
Opera:
=======
OPR Extension: (Instapaper) - C:\Users\Ania\AppData\Roaming\Opera Software\Opera Stable\Extensions\ajemblipckokpnipmbldeggjjkknhbjp [2014-06-20]
OPR Extension: (avast! Online Security) - C:\Users\Ania\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2014-06-20]
OPR Extension: (WOT) - C:\Users\Ania\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2014-06-20]
OPR Extension: (Google™ Translator) - C:\Users\Ania\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgnebchahhepphmokjeohhoebakpfggp [2014-06-20]
OPR Extension: (Adblock Plus) - C:\Users\Ania\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-06-20]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.PDFTransformer.Classic.4.0; C:\Program Files\ABBYY PDF Transformer+\NetworkLicenseServer.exe [822072 2013-11-22] (ABBYY Production LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2013-01-09] () [File not signed]
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [114800 2015-01-23] (Mozilla Foundation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S4 vToolbarUpdater13.3.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [894920 2013-01-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [26984 2013-01-11] (AVG Technologies)
U0 dlno; C:\Windows\System32\drivers\tyqfiwti.sys [52440 2015-02-17] (Malwarebytes Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-08-04] (Disc Soft Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-02-14] (Sony Mobile Communications)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-17 14:28 - 2015-02-17 14:29 - 00018903 _____ () C:\Users\Ania\Desktop\FRST.txt
2015-02-17 14:27 - 2015-02-17 14:28 - 00000000 ____D () C:\FRST
2015-02-17 14:27 - 2015-02-17 14:27 - 02112512 _____ () C:\Users\Ania\Desktop\AdwCleaner.exe
2015-02-17 14:26 - 2015-02-17 14:26 - 01125888 _____ (Farbar) C:\Users\Ania\Desktop\FRST.exe
2015-02-17 13:36 - 2015-02-17 13:36 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\tyqfiwti.sys
2015-02-17 12:50 - 2015-02-17 13:09 - 00000000 ____D () C:\Users\Ania\Desktop\konferencja
2015-02-14 09:40 - 2015-02-14 09:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-02-14 09:40 - 2015-02-14 09:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-02-14 09:30 - 2015-02-14 09:30 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-02-14 09:30 - 2015-02-14 09:30 - 00026328 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-02-14 09:30 - 2015-02-14 09:30 - 00013528 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-02-14 09:29 - 2015-02-14 09:29 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-02-14 09:29 - 2015-02-14 09:29 - 00000000 ____D () C:\Program Files\Sony Mobile
2015-02-14 09:25 - 2015-02-14 09:25 - 00002006 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-01-31 11:26 - 2015-02-14 02:30 - 00000000 ____D () C:\Users\Ania\Desktop\GRY PLANSZOWE
2015-01-31 10:12 - 2015-01-31 10:12 - 00000472 __RSH () C:\ProgramData\ntuser.pol
2015-01-30 11:38 - 2015-02-15 22:05 - 00024134 _____ () C:\Windows\PFRO.log
2015-01-30 11:29 - 2015-02-17 14:08 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 11:28 - 2015-02-17 13:35 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-30 11:28 - 2015-02-17 13:35 - 00000000 ____D () C:\Program Files\XTab
2015-01-30 11:26 - 2015-02-17 13:35 - 00000000 ____D () C:\Program Files\Solution Real
2015-01-30 11:26 - 2015-01-30 11:26 - 18126512 _____ (Adobe Systems Incorporated) C:\Users\Ania\Downloads\install_flash_player_16_plugin.exe
2015-01-30 11:18 - 2015-01-30 11:18 - 00243616 _____ () C:\Users\Ania\Downloads\Firefox Setup Stub 35.0.1.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-17 13:35 - 2014-02-24 12:12 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\systweak
2015-02-17 13:35 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2015-02-17 13:14 - 2014-05-01 07:38 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 13:13 - 2014-05-01 07:37 - 00001022 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-17 13:13 - 2014-05-01 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-17 13:13 - 2014-05-01 07:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-17 12:50 - 2013-01-09 11:11 - 01785769 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 12:47 - 2009-07-14 05:34 - 00010288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 12:47 - 2009-07-14 05:34 - 00010288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 12:41 - 2014-11-08 12:10 - 00000000 ___RD () C:\Users\Ania\Dropbox
2015-02-17 12:40 - 2014-08-02 21:06 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Dropbox
2015-02-17 12:39 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 12:39 - 2009-07-14 05:39 - 00082881 _____ () C:\Windows\setupact.log
2015-02-14 10:04 - 2014-01-04 13:32 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\AIMP3
2015-02-14 09:27 - 2014-11-25 20:12 - 00281960 _____ () C:\Windows\DPINST.LOG
2015-02-14 09:25 - 2014-11-25 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-02-14 09:24 - 2013-08-04 15:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-14 02:08 - 2013-01-09 11:19 - 00767152 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-14 02:08 - 2013-01-09 11:19 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-13 23:28 - 2013-01-09 20:52 - 00000000 ____D () C:\Program Files\Opera
2015-01-31 19:02 - 2013-01-09 11:24 - 01558380 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 19:02 - 2009-07-14 09:07 - 00701260 _____ () C:\Windows\system32\perfh015.dat
2015-01-31 19:02 - 2009-07-14 09:07 - 00136246 _____ () C:\Windows\system32\perfc015.dat
2015-01-31 18:54 - 2015-01-05 23:45 - 00000000 ____D () C:\Users\Ania\Desktop\Dokumenty bieżące
2015-01-31 11:26 - 2014-12-19 17:39 - 00000000 ____D () C:\Users\Ania\Desktop\ksiazki
2015-01-31 11:25 - 2014-10-06 12:45 - 00000000 ____D () C:\Users\Ania\Desktop\Fryzjer-stylista
2015-01-31 01:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-30 12:26 - 2014-12-19 17:38 - 00000000 ____D () C:\Users\Ania\Desktop\magisterka
2015-01-30 11:20 - 2014-08-27 18:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-30 11:20 - 2013-11-11 15:52 - 00001079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-30 11:20 - 2013-11-11 15:52 - 00001067 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-30 11:20 - 2013-11-11 15:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-30 10:25 - 2013-01-10 17:11 - 00000000 ____D () C:\Users\Ania\AppData\Local\Adobe
2015-01-28 08:16 - 2014-07-15 18:54 - 00000000 ____D () C:\Program Files\Odkurzacz
2015-01-18 16:39 - 2015-01-07 10:54 - 00000000 ____D () C:\Users\Ania\Desktop\zdjecia rodzinne
2015-01-18 16:39 - 2014-12-19 17:35 - 00000000 ____D () C:\Users\Ania\Desktop\obrona
==================== Files in the root of some directories =======
2014-08-27 18:38 - 2014-08-27 18:57 - 0000002 _____ () C:\Users\Ania\AppData\Local\SendToWorkFiles.txt
Some content of TEMP:
====================
C:\Users\Ania\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxl5jcx.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\system32\winlogon.exe = & gt; File is digitally signed
C:\Windows\system32\wininit.exe = & gt; File is digitally signed
C:\Windows\system32\svchost.exe = & gt; File is digitally signed
C:\Windows\system32\services.exe = & gt; File is digitally signed
C:\Windows\system32\User32.dll = & gt; File is digitally signed
C:\Windows\system32\userinit.exe = & gt; File is digitally signed
C:\Windows\system32\rpcss.dll = & gt; File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys = & gt; File is digitally signed
testsigning: == & gt; testsigning is on. Check for possible unsigned rootkit driver & lt; ===== ATTENTION!
nointegritychecks: == & gt; Integrity Checks is disabled & lt; ===== ATTENTION!
LastRegBack: 2015-01-25 17:34
==================== End Of Log ============================