ADVERTISEMENT

FRST.txt

Jak usunąć infekcję Yoursites123? Logi z FRST załączone

Drodzy forumowicze, uprzejmie proszę o pomoc z usunięciem yoursites123. Załączam logi z FRST:


Download file - link to post

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:13-12-2015
Uruchomiony przez Asder (administrator) ASDER-TOSHIBA (14-12-2015 09:14:05)
Uruchomiony z C:\Users\Asder\Downloads
Załadowane profile: Asder & (Dostępne profile: Asder)
Platform: Windows 10 Home (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Edge)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(tsvr.com) C:\Users\Asder\AppData\Roaming\TSv\TSvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(TODO: & lt; 公司名 & gt; ) C:\Program Files (x86)\SFK\SSFK.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TFuns LIMITED) C:\ProgramData\yWdMy\WdMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Plus Internet\Plus Internet.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RtHDVCpl] = & gt; C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] = & gt; C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] = & gt; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] = & gt; C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] = & gt; C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] = & gt; C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] = & gt; C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] = & gt; C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] = & gt; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] = & gt; C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] = & gt; C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] = & gt; C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] = & gt; C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] = & gt; C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-10-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = & gt; C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] = & gt; C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] = & gt; C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [TOSDCR] = & gt; %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
HKLM-x32\...\Run: [TSleepSrv] = & gt; C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [APSDaemon] = & gt; C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR11] = & gt; C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1348176 2012-09-17] (ABBYY)
HKLM-x32\...\Run: [AvastUI.exe] = & gt; C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-07] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] = & gt; C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] = & gt; C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] = & gt; C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] = & gt; [X]
HKLM-x32\...\Run: [BCSSync] = & gt; C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Plus Internet] = & gt; C:\Program Files (x86)\Plus Internet\PlusInternetChecker.exe [476480 2011-11-12] ()
HKLM-x32\...\Run: [Dropbox] = & gt; C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\...\Run: [TOPI.EXE] = & gt; C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\...\Run: [ccleaner] = & gt; C:\Program Files\CCleaner\CCleaner64.exe [5379936 2012-09-24] (Piriform Ltd)
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\...\Run: [Xvid] = & gt; C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\...\Run: [GoogleDriveSync] = & gt; C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\...\Run: [DAEMON Tools Pro Agent] = & gt; C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4807952 2015-01-30] (Disc Soft Ltd)
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\...\MountPoints2: {347ee28c-c1f0-11e4-b146-9cb70d96e541} - " E:\AutoRun.exe "
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] = & gt; C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ccleaner] = & gt; C:\Program Files\CCleaner\CCleaner64.exe [5379936 2012-09-24] (Piriform Ltd)
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Xvid] = & gt; C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] = & gt; C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Pro Agent] = & gt; C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4807952 2015-01-30] (Disc Soft Ltd)
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {347ee28c-c1f0-11e4-b146-9cb70d96e541} - " E:\AutoRun.exe "
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} = & gt; C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} = & gt; C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} = & gt; C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] - & gt; {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] - & gt; {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] - & gt; {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] - & gt; {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] - & gt; {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] - & gt; {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] - & gt; {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] - & gt; {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-08] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} = & gt; Brak pliku
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] - & gt; {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] - & gt; {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] - & gt; {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] - & gt; {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] - & gt; {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] - & gt; {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] - & gt; {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] - & gt; {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-09-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk - & gt; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk [2012-08-19]
ShortcutTarget: Toshiba Places Icon Utility.lnk - & gt; C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Asder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\William Hill Poker notification.lnk [2015-10-15]
ShortcutTarget: William Hill Poker notification.lnk - & gt; C:\Users\Asder\AppData\Local\William Hill Poker notification\notification_center.exe (William Hill Poker)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012-03-01]
ShortcutTarget: TRDCReminder.lnk - & gt; C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012-03-01]
ShortcutTarget: TRDCReminder.lnk - & gt; C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\..\Interfaces\{10aa1e02-14b3-43b5-a298-55130c21e875}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8ee8811c-f7dd-4f0d-b822-3db1803a2775}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{a68b5f70-5af3-4c59-89c2-d41afea63356}: [NameServer] 212.2.96.51 212.2.96.52
Tcpip\..\Interfaces\{AE1864F8-980B-4CEE-8D31-400E958529E6}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ
HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
SearchScopes: HKLM - & gt; DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
SearchScopes: HKLM - & gt; {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
SearchScopes: HKLM - & gt; {5E9392EE-FE86-4F2E-93B6-601CFBB9A6AD} URL = hxxp://www.google.com/search?sourceid=ie7 & q={searchTerms} & rls=com.microsoft:{language}:{referrer:source?} & ie={inputEncoding} & oe={outputEncoding} & rlz=1I7TEUA;
SearchScopes: HKLM-x32 - & gt; DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
SearchScopes: HKLM-x32 - & gt; {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
SearchScopes: HKLM-x32 - & gt; {5E9392EE-FE86-4F2E-93B6-601CFBB9A6AD} URL = hxxp://www.google.com/search?sourceid=ie7 & q={searchTerms} & rls=com.microsoft:{language}:{referrer:source?} & ie={inputEncoding} & oe={outputEncoding} & rlz=1I7TEUA;
SearchScopes: HKU\S-1-5-21-1122624269-3075082320-2171656928-1000 - & gt; DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
SearchScopes: HKU\S-1-5-21-1122624269-3075082320-2171656928-1000 - & gt; {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
SearchScopes: HKU\S-1-5-21-1122624269-3075082320-2171656928-1000 - & gt; {5E9392EE-FE86-4F2E-93B6-601CFBB9A6AD} URL = hxxp://www.google.com/search?sourceid=ie7 & q={searchTerms} & rls=com.microsoft:{language}:{referrer:source?} & ie={inputEncoding} & oe={outputEncoding} & rlz=1I7TEUA_plPL524
SearchScopes: HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - & gt; DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
SearchScopes: HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - & gt; {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ & q={searchTerms}
SearchScopes: HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - & gt; {5E9392EE-FE86-4F2E-93B6-601CFBB9A6AD} URL = hxxp://www.google.com/search?sourceid=ie7 & q={searchTerms} & rls=com.microsoft:{language}:{referrer:source?} & ie={inputEncoding} & oe={outputEncoding} & rlz=1I7TEUA_plPL524
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-08] (AVAST Software)
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in - & gt; {F3C88694-EFFA-4d78-B409-54B7B2535B14} - & gt; C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] ( & lt; TOSHIBA & gt; )
BHO-x32: HP Print Enhancer - & gt; {0347C33E-8762-4905-BF09-768834316C61} - & gt; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - & gt; {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - & gt; C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll = & gt; Brak pliku
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-08] (AVAST Software)
BHO-x32: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - & gt; {F3C88694-EFFA-4d78-B409-54B7B2535B14} - & gt; C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] ( & lt; TOSHIBA & gt; )
BHO-x32: HP Smart BHO Class - & gt; {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - & gt; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
Toolbar: HKU\S-1-5-21-1122624269-3075082320-2171656928-1000 - & gt; Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
Toolbar: HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - & gt; Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1122624269-3075082320-2171656928-1000 - & gt; hxxp://www.yoursites123.com/?type=hp & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ

FireFox:
========
FF ProfilePath: C:\Users\Asder\AppData\Roaming\Mozilla\Firefox\Profiles\xt5g4s7a.default
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: yoursites123
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - & gt; C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - & gt; C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2011-07-22] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - & gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - & gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - & gt; C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - & gt; C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2012-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-30] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Asder\AppData\Roaming\Mozilla\Firefox\Profiles\xt5g4s7a.default\extensions\defsearchp@gmail.com = & gt; nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Asder\AppData\Roaming\Mozilla\Firefox\Profiles\xt5g4s7a.default\extensions\deskCutv2@gmail.com = & gt; nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Asder\AppData\Roaming\Mozilla\Firefox\Profiles\xt5g4s7a.default\extensions\default_newtabff@gmail.com = & gt; nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Asder\AppData\Roaming\Mozilla\Firefox\Profiles\xt5g4s7a.default\extensions\yahooprotected@gmail.com = & gt; nie znaleziono
FF HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [Brak podpisu cyfrowego]
FF HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ

Chrome:
=======
CHR Profile: C:\Users\Asder\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Asder\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (Avast Online Security) - C:\Users\Asder\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Asder\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Asder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Asder\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-12-04]
CHR HKU\S-1-5-21-1122624269-3075082320-2171656928-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Asder\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-12-04]
CHR HKU\S-1-5-21-1122624269-3075082320-2171656928-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-20]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc & ts=1450070146 & z=bab0e207b7f2958957102e1gcz3wce5ecm4e7g7zaz & from=wpm07173 & uid=TOSHIBAXTHNSNB128GMCJ_12OS11CWTTEZ11CWTTEZ

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821840 2012-07-19] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-08] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-29] (Dropbox, Inc.)
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe [1275152 2015-01-30] (Disc Soft Ltd)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego]
R2 IhPul; C:\Users\Asder\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: & lt; 公司名 & gt; )
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 WdMan; C:\ProgramData\yWdMy\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [711344 2015-12-14] (Taiwan Shui Mu Chih Ching Technology Limited) & lt; ==== UWAGA

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-08] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2015-02-25] (Disc Soft Ltd)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-14] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-08-25] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; Brak ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; Brak ImagePath

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-12-14 09:14 - 2015-12-14 09:14 - 00039043 _____ C:\Users\Asder\Downloads\FRST.txt
2015-12-14 09:14 - 2015-12-14 09:14 - 00000000 ____D C:\FRST
2015-12-14 09:13 - 2015-12-14 09:13 - 02369536 _____ (Farbar) C:\Users\Asder\Downloads\FRST64.exe
2015-12-14 09:10 - 2015-12-14 09:10 - 00016148 _____ C:\WINDOWS\system32\ASDER-TOSHIBA_Asder_HistoryPrediction.bin
2015-12-14 09:03 - 2015-12-14 09:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-14 09:02 - 2015-12-14 09:02 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-14 09:02 - 2015-12-14 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-14 09:02 - 2015-12-14 09:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-14 09:02 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-14 09:02 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-14 09:02 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-14 09:01 - 2015-12-14 09:02 - 22908888 _____ (Malwarebytes ) C:\Users\Asder\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-14 08:42 - 2015-12-14 08:46 - 01740288 _____ C:\Users\Asder\Downloads\adwcleaner_5.025.exe
2015-12-14 06:17 - 2015-12-14 09:00 - 00000000 ____D C:\Program Files (x86)\WinZipper
2015-12-14 06:17 - 2015-12-14 08:56 - 00000000 ____D C:\Program Files (x86)\SFK
2015-12-14 06:17 - 2015-12-14 06:18 - 00000000 ____D C:\ProgramData\yWdMy
2015-12-14 06:17 - 2015-12-14 06:17 - 00000000 ____D C:\Users\Asder\AppData\Roaming\WinZipper
2015-12-14 06:17 - 2015-12-14 06:17 - 00000000 ____D C:\Users\Asder\AppData\Roaming\TSv
2015-12-14 06:17 - 2015-12-14 06:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
2015-12-14 06:15 - 2015-12-14 06:16 - 00000000 ____D C:\ProgramData\cWdMc
2015-12-14 06:15 - 2015-12-14 06:15 - 00000384 _____ C:\WINDOWS\SysWOW64\data.bin
2015-12-12 08:11 - 2015-12-12 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-12 08:01 - 2015-12-12 08:05 - 410963354 _____ C:\Users\Asder\Downloads\S03E02.rar
2015-12-12 08:01 - 2015-12-12 08:04 - 486984254 _____ C:\Users\Asder\Downloads\S03E01.rar
2015-12-11 23:00 - 2015-12-11 23:00 - 00024246 _____ C:\Users\Asder\Downloads\Homeland S02E12.txt
2015-12-11 23:00 - 2015-12-11 23:00 - 00024217 _____ C:\Users\Asder\Downloads\Homeland S02E11.txt
2015-12-11 22:56 - 2014-11-26 15:13 - 545283600 _____ C:\Users\Asder\Downloads\Homeland S02E12.avi
2015-12-11 22:56 - 2014-11-26 15:11 - 443063514 _____ C:\Users\Asder\Downloads\Homeland S02E11.avi
2015-12-10 17:55 - 2015-12-10 17:55 - 00000000 ____D C:\Users\Asder\Desktop\15 11 23 [MRL] Baza wiedzy
2015-12-09 21:13 - 2015-12-09 21:13 - 00022391 _____ C:\Users\Asder\Downloads\Homeland S02E10.txt
2015-12-09 21:12 - 2014-11-26 15:11 - 408758950 _____ C:\Users\Asder\Downloads\Homeland S02E10.avi
2015-12-06 20:45 - 2015-12-06 20:45 - 00000000 ____D C:\Users\Asder\AppData\Roaming\Opera Software
2015-12-06 20:45 - 2015-12-06 20:45 - 00000000 ____D C:\Users\Asder\AppData\Local\Opera Software
2015-12-05 21:18 - 2015-12-05 21:26 - 00000000 ____D C:\Users\Asder\Desktop\15 12 05 [MWRL] Wesele - zdjęcia do albumu
2015-11-25 20:17 - 2015-11-25 20:18 - 56722170 _____ C:\Users\Asder\Downloads\foty slub.rar
2015-11-23 19:35 - 2014-10-27 10:31 - 471468332 _____ C:\Users\Asder\Downloads\Boardwalk Empire S05E08.avi
2015-11-23 19:35 - 2014-10-20 05:08 - 471662878 _____ C:\Users\Asder\Downloads\Boardwalk Empire S05E07.avi

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-12-14 09:14 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-12-14 09:08 - 2015-05-29 20:58 - 00001150 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-14 09:04 - 2015-08-25 00:45 - 02120730 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-14 09:04 - 2015-07-10 17:30 - 00918804 _____ C:\WINDOWS\system32\perfh015.dat
2015-12-14 09:04 - 2015-07-10 17:30 - 00202422 _____ C:\WINDOWS\system32\perfc015.dat
2015-12-14 09:04 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-14 09:01 - 2014-10-27 18:07 - 00000000 ___RD C:\Users\Asder\Dysk Google
2015-12-14 08:59 - 2015-08-25 00:42 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-14 08:58 - 2015-05-29 20:58 - 00001146 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-14 08:58 - 2011-10-19 19:29 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-14 08:57 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-14 08:53 - 2015-02-25 02:32 - 00000000 ____D C:\AdwCleaner
2015-12-14 08:52 - 2015-08-25 00:46 - 00000000 ____D C:\Users\Asder
2015-12-14 08:46 - 2011-10-19 19:29 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-14 07:24 - 2012-07-16 23:05 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-14 06:17 - 2015-11-11 20:45 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-12-14 06:15 - 2015-11-11 20:45 - 00001445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-14 06:15 - 2015-11-11 20:45 - 00000000 ____D C:\ProgramData\7WMiniPro7
2015-12-14 06:15 - 2012-07-16 22:59 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-14 06:14 - 2012-10-25 23:01 - 00000000 ____D C:\Users\Asder\AppData\Roaming\Media Player Classic
2015-12-13 22:35 - 2012-07-16 22:56 - 00000000 ____D C:\Users\Asder\AppData\Roaming\SoftGrid Client
2015-12-13 08:39 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-12 09:09 - 2015-09-05 08:36 - 01396062 _____ C:\WINDOWS\ProcessedPackets.KTL
2015-12-12 09:09 - 2015-09-05 08:36 - 00146570 _____ C:\WINDOWS\Packet.KTL
2015-12-12 09:09 - 2015-09-05 08:36 - 00043661 _____ C:\WINDOWS\SentOSPackets.KTL
2015-12-12 09:09 - 2015-09-05 08:36 - 00009858 _____ C:\WINDOWS\Control.KTL
2015-12-12 08:11 - 2015-05-29 20:58 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-12 07:56 - 2015-10-15 20:04 - 00000000 ____D C:\Users\Asder\AppData\Local\William Hill Poker
2015-12-10 20:58 - 2015-05-29 21:01 - 00000000 ___RD C:\Users\Asder\Dropbox
2015-12-10 20:58 - 2015-05-29 20:58 - 00000000 ____D C:\Users\Asder\AppData\Local\Dropbox
2015-12-09 22:20 - 2015-08-25 06:29 - 00002466 _____ C:\Users\Asder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-09 22:20 - 2015-08-25 06:29 - 00000000 ___RD C:\Users\Asder\OneDrive
2015-12-09 20:42 - 2015-11-11 20:45 - 00004008 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1447271108
2015-12-09 20:42 - 2015-11-11 20:44 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-06 14:12 - 2012-09-30 17:21 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-12-05 22:41 - 2011-10-19 19:29 - 00004142 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 22:41 - 2011-10-19 19:29 - 00003910 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 22:27 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-29 18:59 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-25 20:30 - 2015-10-20 21:38 - 00000000 ____D C:\Users\Asder\Desktop\15 10 20 [MWRL] Wesele - zdjęcia i filmy
2015-11-21 14:21 - 2013-02-04 21:56 - 00000000 ____D C:\Programer_archiwa
2015-11-17 06:42 - 2014-10-27 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-14 06:59 - 2015-09-08 21:28 - 00000000 ____D C:\Users\Asder\Desktop\Essentials

==================== Pliki w katalogu głównym wybranych folderów =======

2014-08-26 21:27 - 2012-08-21 10:12 - 6516280 _____ (AVAST Software) C:\Program Files\AVA
2012-10-25 22:27 - 2012-10-25 22:27 - 0003584 _____ () C:\Users\Asder\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-21 23:00 - 2013-02-21 23:00 - 0002430 _____ () C:\Users\Asder\AppData\Local\unins000.dat
2013-02-21 23:00 - 2013-02-21 23:00 - 0707504 _____ () C:\Users\Asder\AppData\Local\unins000.exe
2013-02-21 23:00 - 2013-02-21 23:00 - 0011761 _____ () C:\Users\Asder\AppData\Local\unins000.msg
2015-08-25 00:40 - 2015-08-25 00:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-09-30 06:38 - 2013-02-22 19:43 - 0001886 _____ () C:\ProgramData\hpzinstall.log
2015-11-11 20:45 - 2015-12-14 06:17 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Pliki do przeniesienia lub usunięcia:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Niektóre pliki w TEMP:
====================
C:\Users\Asder\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\WINDOWS\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\explorer.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo


LastRegBack: 2015-12-10 19:42

==================== Koniec FRST.txt ============================