Win7 nie laduje pupitu, czarne tlo po ekranie "zapraszamy"

**Posty:** 11 · przez **kajtek77** 30 Maj 2015, 13:22

Witam, kiedy odpalam laptopa wczytuje mi się wszystko normalnie do momentu logowania na koncie użytkownika, po ekranie "Zapraszamy" zostaje czarne tło i kursor, można odpalić menadżera zadań i programy z okna "uruchom" (ale nie działa np. przeglądarka, bo nie ma połączenia z netem). Nie ma tez procesu explorer.exe a kiedy uruchamiam go ręcznie, zostaje w aktywnych procesach ale nadal nie pojawia się pulpit. Wczoraj włączyłem lapka w trybie awaryjnym i pobrałem combofixa, problem się rozwiązał do następnego wyłączenia komputera. Oprócz tego co jakiś czas samoistnie otwierają się zakładki w Operze i Chrome z reklamami. Gmer po dość długim skanowaniu, powiedział że nie znalazł żadnych modyfikacji systemu (?) i nie wygenerował loga. STPD mam odinstalowane a emulacji nie używam.

Kod: Zaznacz wszystko: OTL logfile created on: 2015-05-30 13:14:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Syll\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,79 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 43,03% Memory free 7,59 Gb Paging File | 5,28 Gb Available in Paging File | 69,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 168,48 Gb Total Space | 16,16 Gb Free Space | 9,59% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 27,96 Gb Free Space | 6,54% Space Free | Partition Type: NTFS Computer Name: SYLL-KOMPUTER | User Name: Syll | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015-05-30 13:13:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Syll\Downloads\OTL_[www.programosy.pl].exe PRC - [2015-05-30 12:26:41 | 000,380,416 | ---- | M] () -- C:\Users\Syll\Downloads\qrcwngrk.exe PRC - [2015-05-28 15:50:32 | 000,623,104 | ---- | M] (Price Fountain) -- C:\Users\Syll\AppData\Local\PriceFountain\pricefountain.exe PRC - [2015-05-20 11:19:54 | 056,025,208 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe PRC - [2015-05-20 11:19:54 | 000,479,352 | ---- | M] () -- C:\Program Files (x86)\Opera\29.0.1795.60\opera_crashreporter.exe PRC - [2015-05-01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe PRC - [2015-05-01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe PRC - [2014-10-13 07:57:46 | 000,743,688 | ---- | M] (DEVGURU Co., LTD.) -- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe PRC - [2014-09-12 11:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-09-05 02:35:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013-08-29 18:27:28 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010-10-07 09:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010-08-17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009-12-15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009-06-19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009-06-19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009-06-15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008-12-22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2015-05-30 12:26:41 | 000,380,416 | ---- | M] () -- C:\Users\Syll\Downloads\qrcwngrk.exe MOD - [2015-05-20 11:19:54 | 000,479,352 | ---- | M] () -- C:\Program Files (x86)\Opera\29.0.1795.60\opera_crashreporter.exe MOD - [2015-05-20 11:19:53 | 001,576,568 | ---- | M] () -- C:\Program Files (x86)\Opera\29.0.1795.60\libglesv2.dll MOD - [2015-05-20 11:19:53 | 000,081,016 | ---- | M] () -- C:\Program Files (x86)\Opera\29.0.1795.60\libegl.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (f44f894e) SRV - [2015-05-01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc) SRV - [2015-05-01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc) SRV - [2015-04-17 10:52:10 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015-02-18 19:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014-10-13 07:57:46 | 000,743,688 | ---- | M] (DEVGURU Co., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe -- (ss_conn_service) SRV - [2014-09-12 11:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-09-05 02:35:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-08-29 18:27:28 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009-06-15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014-10-13 07:57:48 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2014-10-13 07:57:48 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2013-09-05 02:37:00 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-06-27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2011-04-10 18:51:08 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010-10-12 10:49:16 | 000,131,552 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) DRV:[b]64bit:[/b] - [2010-08-30 04:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2010-02-26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2010-01-18 17:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:[b]64bit:[/b] - [2009-09-17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:[b]64bit:[/b] - [2009-08-19 07:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-06-05 18:15:58 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:[b]64bit:[/b] - [2009-05-13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-search.net/search?sid=476&aid=175&itype=n&ver=13396&tm=411&src=ds&p={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1414697835&from=cor&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1414697835&from=cor&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-search.net/search?sid=476&aid=175&itype=n&ver=13396&tm=411&src=ds&p={searchTerms} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/05&hid=15268355170663098515&lg=EN&cc=PL IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ IE - HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/05&hid=15268355170663098515&lg=EN&cc=PL IE - HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1 FF - prefs.js..browser.startup.homepage: "http://search.gboxapp.com/" FF - prefs.js..browser.search.order.1: "WebSearch" FF - prefs.js..browser.search.defaultenginename: "WebSearch" FF - prefs.js..browser.search.selectedEngine: "WebSearch" FF - prefs.js..browser.search.order.1,S: S", "WebSearch" FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch" FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch" FF - prefs.js..keyword.URL: "http://websearch.searchtheglobe.info/?pid=724&r=2015/02/05&hid=15268355170663098515&lg=EN&cc=PL&l=1&q=" FF - prefs.js..browser.search.defaulturl: "http://websearch.searchtheglobe.info/?pid=724&r=2015/02/05&hid=15268355170663098515&lg=EN&cc=PL&l=1&q=" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Syll\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) [2014-11-13 11:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Syll\AppData\Roaming\mozilla\Extensions [2015-05-29 00:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Syll\AppData\Roaming\mozilla\Firefox\Profiles\lhw568gl.default\extensions [2015-05-29 18:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Syll\AppData\Roaming\mozilla\Firefox\Profiles\lhw568gl.default\extensions\staged [2015-04-28 23:15:55 | 000,003,966 | ---- | M] () (No name found) -- C:\Users\Syll\AppData\Roaming\mozilla\firefox\profiles\lhw568gl.default\extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2015-04-28 23:15:55 | 000,003,966 | ---- | M] () (No name found) -- C:\Users\Syll\AppData\Roaming\mozilla\firefox\profiles\lhw568gl.default\extensions\staged\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2014-11-13 13:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\ CHR - Extension: No name found = C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\ CHR - Extension: No name found = C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\ CHR - Extension: No name found = C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.34_0\ CHR - Extension: No name found = C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik\2.2015.427.11450_0\ CHR - Extension: No name found = C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\ CHR - Extension: No name found = C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: No name found = C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2015-05-30 12:13:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (RoBoSaver) - {8c3f86bb-4d11-4909-a890-8c19fd163a19} - C:\Program Files (x86)\RoBoSaver\SFPgYTUCSyfOZt.x64.dll () O2:[b]64bit:[/b] - BHO: (RandomPricE) - {9c2c433a-d88f-48ea-8cb2-8363c3e29dd1} - C:\Program Files (x86)\RandomPricE\LJt0qvsZbJBHhm.x64.dll () O2:[b]64bit:[/b] - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (FindBeistDeal) - {bb259573-d0e5-48c7-9160-d13d7ca267ad} - C:\Program Files (x86)\FindBeistDeal\rfwBqYM5uhCtD9.x64.dll () O2 - BHO: (NewwSaver) - {377CFAF2-BE57-4CAA-95DB-09AF1D4C5896} - C:\Program Files (x86)\NewwSaver\PHwvCO7A9E5Jwy.dll File not found O2 - BHO: (FuNDeals) - {6CA03776-4DF7-49D1-BE4F-B5F5F5FC84F7} - C:\Program Files (x86)\FuNDeals\w8DjhmPPynxj8o.dll File not found O2 - BHO: (AllSaVer) - {7f31c878-6c4c-4758-9ef5-2acadfba5d0c} - C:\Program Files (x86)\AllSaVer\k3pzgomSoWINjK.dll File not found O2 - BHO: (RoBoSaver) - {8c3f86bb-4d11-4909-a890-8c19fd163a19} - C:\Program Files (x86)\RoBoSaver\SFPgYTUCSyfOZt.dll () O2 - BHO: (RandomPricE) - {9c2c433a-d88f-48ea-8cb2-8363c3e29dd1} - C:\Program Files (x86)\RandomPricE\LJt0qvsZbJBHhm.dll () O2 - BHO: (SaeveNEwaApupz) - {a45acd87-680f-42a3-9fa5-32a8ad47ea0b} - C:\Program Files (x86)\SaeveNEwaApupz\hUUgC76uHIRK2M.dll File not found O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (PriceFountain) - {b608cc98-54de-4775-96c9-097de398500c} - C:\Users\Syll\AppData\Local\PriceFountain\PriceFountainIE.dll () O2 - BHO: (FindBeistDeal) - {bb259573-d0e5-48c7-9160-d13d7ca267ad} - C:\Program Files (x86)\FindBeistDeal\rfwBqYM5uhCtD9.dll () O2 - BHO: (TakeTheCooUpon) - {d2cd6f06-37f2-43c4-b2f7-5efdcffe96df} - C:\Program Files (x86)\TakeTheCooUpon\oTVxTzr2PyjrMy.dll File not found O2 - BHO: (SaveNewaApapz) - {f57c7adc-b760-4f2b-a351-0f5d95da05ab} - C:\Program Files (x86)\SaveNewaApapz\zaBdrGhnSOkchV.dll File not found O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKU\S-1-5-21-1568802377-1154090777-4032204213-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [PriceFountain] C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Syll\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat" File not found O4 - HKU\S-1-5-21-1568802377-1154090777-4032204213-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1568802377-1154090777-4032204213-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9:[b]64bit:[/b] - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.233.233.233 87.204.204.204 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2C528C-90A7-481C-9A25-64E12BE742D7}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDAABED4-83B8-44AC-8CB4-6C22DF99FD4A}: DhcpNameServer = 62.233.233.233 87.204.204.204 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDAABED4-83B8-44AC-8CB4-6C22DF99FD4A}: NameServer = 8.8.8.8,8.8.4.4 O18:[b]64bit:[/b] - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2015-05-30 13:03:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\logs [2015-05-30 12:15:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2015-05-29 18:17:17 | 000,000,000 | ---D | C] -- C:\Windows\temp [2015-05-29 18:07:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2015-05-29 18:07:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2015-05-29 18:07:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2015-05-29 18:06:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2015-05-29 18:06:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2015-05-29 00:54:19 | 002,085,376 | ---- | C] (WXBGCQTVDXHSNAA) -- C:\Windows\SysWow64\setup.exe [2015-05-23 12:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigiCouupaon [2015-05-23 12:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Ball [2015-05-19 16:48:33 | 000,000,000 | ---D | C] -- C:\Users\Syll\Desktop\moje fotki [2015-05-03 13:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Send Page [2015-05-03 13:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoniCoUpon [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2015-05-30 12:59:29 | 000,000,024 | ---- | M] () -- C:\Users\Syll\AppData\Roaming\appdataFr25.bin [2015-05-30 12:59:16 | 000,000,089 | ---- | M] () -- C:\Users\Syll\AppData\Roaming\WB.CFG [2015-05-30 12:52:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015-05-30 12:25:16 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015-05-30 12:13:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2015-05-30 12:12:15 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1568802377-1154090777-4032204213-1001UA.job [2015-05-30 12:12:11 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015-05-30 12:12:11 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015-05-30 12:03:50 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015-05-30 12:02:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015-05-30 12:02:53 | 3054,870,528 | -HS- | M] () -- C:\hiberfil.sys [2015-05-29 00:54:19 | 002,085,376 | ---- | M] (WXBGCQTVDXHSNAA) -- C:\Windows\SysWow64\setup.exe [2015-05-28 23:09:01 | 000,077,593 | ---- | M] () -- C:\Users\Syll\Desktop\adsfsfdvbad.jpg [2015-05-28 18:12:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1568802377-1154090777-4032204213-1001Core.job [2015-05-26 00:27:09 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015-05-22 13:29:30 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015-05-22 13:29:30 | 000,697,912 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2015-05-22 13:29:30 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015-05-22 13:29:30 | 000,134,990 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2015-05-22 13:29:30 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015-05-13 22:34:33 | 005,994,044 | ---- | M] () -- C:\Users\Syll\Desktop\P5122802.JPG [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015-05-29 18:07:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2015-05-29 18:07:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2015-05-29 18:07:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2015-05-29 18:07:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2015-05-29 18:07:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2015-05-28 23:09:01 | 000,077,593 | ---- | C] () -- C:\Users\Syll\Desktop\adsfsfdvbad.jpg [2015-05-16 16:45:12 | 000,000,024 | ---- | C] () -- C:\Users\Syll\AppData\Roaming\appdataFr25.bin [2015-05-13 22:34:11 | 005,994,044 | ---- | C] () -- C:\Users\Syll\Desktop\P5122802.JPG [2015-02-10 09:13:59 | 000,000,020 | ---- | C] () -- C:\Users\Syll\AppData\Roaming\appdataFr3.bin [2015-01-29 17:54:02 | 000,000,089 | ---- | C] () -- C:\Users\Syll\AppData\Roaming\WB.CFG [2014-11-29 11:56:38 | 000,000,000 | ---- | C] () -- C:\Users\Syll\AppData\Local\{5901B4EF-5F8A-4383-90D5-F0FE0322C80F} [2014-10-29 22:21:54 | 000,003,584 | ---- | C] () -- C:\Users\Syll\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014-05-25 00:51:41 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2014-05-25 00:49:02 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2014-05-25 00:49:02 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2014-04-30 20:47:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2014-04-30 19:47:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2014-04-30 19:47:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2014-04-30 19:47:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2014-04-30 19:47:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014-05-16 13:06:31 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\AVG [2014-05-22 16:59:27 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\BESTplayer [2015-02-23 10:08:48 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\Canon [2015-02-23 11:05:47 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\Dropbox [2014-06-26 17:55:01 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\EurekaLog [2015-03-06 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\KTW [2014-05-25 20:08:46 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\MPC-HC [2014-05-16 17:45:41 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\NapiProjekt [2014-05-16 13:03:37 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\OpenCandy [2014-05-16 17:28:41 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\Opera Software [2015-04-28 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\Podatnik.info [2015-01-29 16:54:34 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\PriceFountain [2014-10-29 23:59:42 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\Publish Providers [2015-01-29 17:20:22 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\Samsung [2014-12-17 11:19:57 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\Sony [2014-10-30 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\Systweak [2015-05-25 21:42:49 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56E2E879 < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2015-05-30 13:14:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Syll\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,79 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 43,03% Memory free 7,59 Gb Paging File | 5,28 Gb Available in Paging File | 69,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 168,48 Gb Total Space | 16,16 Gb Free Space | 9,59% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 27,96 Gb Free Space | 6,54% Space Free | Partition Type: NTFS Computer Name: SYLL-KOMPUTER | User Name: Syll | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) [HKEY_USERS\S-1-5-21-1568802377-1154090777-4032204213-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{095BDAAD-8BFA-407B-B771-9E53E2D178EF}" = rport=445 | protocol=6 | dir=out | app=system | "{0D1951D8-8245-457E-92AB-EDA9A48DE6F8}" = lport=3390 | protocol=6 | dir=in | app=system | "{0EFD25F9-FF9A-40D1-A6E0-04C4F27BFC76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{19C0C7A2-7933-4A80-A651-FC4C61113563}" = lport=10244 | protocol=6 | dir=in | app=system | "{1C4656D9-F04C-4CEF-805C-733E797319C5}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1C74E658-AA11-463A-A18A-BA1935E0BC32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1F87C4DB-5730-4E75-8B12-EA545C948515}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{249E3835-C4F6-4E31-B670-5EAA54534B05}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{287009D9-F979-4E1A-B3FC-376E6DAC1FF0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{335724FB-B67F-45E2-B3C5-4EEA92B9A270}" = lport=445 | protocol=6 | dir=in | app=system | "{34247694-6655-4A79-B582-38A3980C5592}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{380BF060-BEA5-4836-B0A9-78E746F3BB32}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{38492A80-C759-423C-A4CB-DD084F5C99B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3A88A0C8-6CFD-4461-8A6B-098812C9CEA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3C8E8678-75C4-414E-B556-929BF0A09E6C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3CF60B02-E938-4A69-96AB-CB03F9F08E02}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{45CD0313-AF71-4B89-8FB2-FEA8FF7853E0}" = lport=139 | protocol=6 | dir=in | app=system | "{47325863-1EB3-441D-8ACE-86089F44EAF3}" = lport=3390 | protocol=6 | dir=in | app=system | "{4A7B1211-9936-4BCF-A6DB-F94001D965DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B4A60EF-090B-47F5-8810-7C56687130DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B4D1613-DFE4-4633-9E80-B6B15C905559}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{58EF282A-61F7-48F8-B4D6-A17F6E4B9C6C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{5D5BA49F-2F2E-4E88-81F2-BF755EDD40C1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{61A70FEA-C560-4251-909B-1AD1A51F0359}" = lport=2869 | protocol=6 | dir=in | app=system | "{6A0B1F7D-597D-413C-8391-CF20B27B9B80}" = lport=10243 | protocol=6 | dir=in | app=system | "{6AA502F0-D1E2-4D9A-BC86-FE532325012E}" = rport=138 | protocol=17 | dir=out | app=system | "{851E721F-D83F-4884-B6F9-A988AA222EF4}" = rport=139 | protocol=6 | dir=out | app=system | "{8DADCA7D-56F3-4B83-8C9C-C4A9AF943EE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{908B48F5-1C2A-4D36-A6DB-3737876A4F41}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8C9FD07-58A8-4A8A-A471-F6F5994FF02A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AA1AE20B-338C-4700-9CC3-53F0D3743912}" = lport=138 | protocol=17 | dir=in | app=system | "{AC51CB3E-3496-49EB-A0FD-DC665355A42B}" = lport=2869 | protocol=6 | dir=in | app=system | "{B1481B24-4DC8-4EE2-B345-8AE11F7D8252}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B2C8E221-30D8-4829-898B-81761E56736D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{B7D01F80-48F9-482E-97E8-96B8070AD836}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B82FCC09-947F-45DD-BA64-72A02D3A16C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BBC56697-35E7-4593-972E-E8CDB25325BB}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C2C21BA9-0CBF-4072-9E7C-6378206EE285}" = lport=2869 | protocol=6 | dir=in | app=system | "{C702D192-E96F-49F7-8364-16C88C887035}" = rport=10243 | protocol=6 | dir=out | app=system | "{CEF4719D-D18B-4062-944A-F43A7CA46460}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DA8B9D2F-B647-498E-A7D6-19912C0DC765}" = lport=137 | protocol=17 | dir=in | app=system | "{DFCBC7D2-DBB4-46D8-B4C1-0C917A01743B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E26062F1-6942-4B9B-8024-007126688A43}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E3088A2B-2D1F-49B3-A372-A23870C87634}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{ED85DD1F-8837-4E86-80C5-28CB21A6A7E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EFA339D2-C76F-4BFE-9F8B-622CD6BA7907}" = rport=137 | protocol=17 | dir=out | app=system | "{F87CC1A3-4048-4833-BF2A-5A810E12CDCF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FE56B5CF-D99C-473D-A4EC-02A577D2CB82}" = lport=10244 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0691438C-5BD1-4129-B270-2A2097C603FE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{0A32E825-A6EB-47D5-A50B-899EFFCA26D1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0A6207DE-7E00-4AF8-948A-797D33120BA0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0E85A595-FB8B-4F1B-8D12-4E7AF1876E9F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{11ECB21E-6F76-4AA7-96D3-72B173CFEC93}" = protocol=6 | dir=out | app=system | "{18AAEC8F-1839-4B77-AAD5-AA1964E101D5}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{1A5F11A1-CF1E-4B54-933C-36B4FCE81ADB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{26529EDF-4450-4B70-94B0-27F816861F09}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{3133BA69-0340-4CB8-81F8-B90996833629}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{36519C22-88E5-4D5E-9659-D6A876178E9A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3A6A2AC8-FBCE-4CB7-8CB3-D22C09D64263}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3B6ECBB7-D7F4-4ACC-8766-014AA270B05F}" = protocol=6 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe | "{467B93BD-BAB1-4228-B9BA-02B4B1876836}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4798A973-6B1B-4CE3-A763-EC202B82EAB2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{4E78890E-7C86-4449-9DAF-945D61799293}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{54A762A9-DA7A-4316-BD8F-F96A3573C093}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{5A98616E-2384-4D85-9C5B-963388EF2C21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{60E38ACE-CE10-4D97-9BDC-C7F24D943F7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{62811FD0-C632-46CD-80BA-CB6D138DB09B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{686E531C-C98A-4891-88DD-1E1711F03E20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{68F8946E-8C3D-4F92-A616-3A4DFAB773E9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{6CA2FC50-8941-4406-9479-AFF8E3700B80}" = protocol=17 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe | "{6D131EE8-A717-41ED-9D8E-113A8F3847A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{70F3F2B1-CF73-46AA-93EA-4983D1892F7B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{7467F2BB-5975-4178-8744-1E60D801FE0A}" = protocol=17 | dir=in | app=c:\users\syll\appdata\roaming\utorrent\utorrent.exe | "{7EDD3ACA-03F6-4A3A-A009-85EE12A220CF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8CE01F24-95F1-44D4-8562-DD6513E08EC8}" = dir=in | app=c:\users\syll\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{931A632D-4A43-4F92-9E68-A2E04FA1C6EE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{96F8F9C9-531A-4C24-A50B-474299B23F32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9981547A-7031-4B41-85E5-EB18AEF34C59}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{A52992E6-69AC-45FA-AED9-4E12D659BDA7}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{A5328A8C-E194-4902-8B0D-6B69AEB5E53C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AC71274D-FD3A-4EBD-81D4-755686B10EDE}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B05A4BF8-6433-4492-9F0E-F6ABED7F2610}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{BC9D799F-282C-4932-B6D8-1CB591B30A99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C9C8DCFA-A733-4725-AB00-06927B2D66ED}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{DD458A60-90BC-40CD-8809-590C6535078F}" = protocol=6 | dir=in | app=c:\users\syll\appdata\roaming\utorrent\utorrent.exe | "{E1FFF175-5FA0-4B60-A059-9863E391A20E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F0C92100-1229-4EBF-BACA-2060F53CD279}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F136FCB2-C7AD-4582-AD82-D41349111AA0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F6FA9EA5-7BFE-4A9C-8B5B-29DBC9BB00F1}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{86763EAF-C52F-47EC-AB05-9A029BFB3DB8}E:\easysetupassistant\wr720n\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\wr720n\easysetupassistant.exe | "UDP Query User{4D638D1A-FC47-4002-980A-8F646A180B3C}E:\easysetupassistant\wr720n\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\wr720n\easysetupassistant.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack "{5846E720-C188-478F-B501-45EA1ACC44D1}_is1" = MailShare "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 327.02 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 327.02 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 327.02 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.14.17 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.14.17 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA "USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam "WinRAR archiver" = WinRAR 5.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f44f894e}" = SystemAid "{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521 "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.4 "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{274E3C5C-178E-EAE2-A52F-2863C0EECD46}" = Send Page "{317D8BB4-16C3-CFBD-3777-AED69667DA46}" = NetaoCouuppon "{35E13884-BAC3-5F4A-799B-05F882E0BD9F}" = SSaveLaots "{37476589-E48E-439E-A706-56189E2ED4C4}_is1" = The AdBlocker "{478472F9-9E09-492A-BDAB-42EE595EF1AD}" = FuNDeals "{4820778D-AB0D-6D18-C316-52A6A0E1D507}" = youtubeadblocker "{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}" = unisALes "{51417852-174C-88D4-34A0-D0FE7858BE47}" = JoniCoUpon "{53B21E29-3967-C332-57EB-C02631658584}" = TakeTheCooUpon "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}" = NewwSaver "{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0 "{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call "{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists "{7304C9D1-98AD-55F0-636E-22D8DD57F176}" = SaeveNEwaApupz "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}" = RandomPricE "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver "{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}" = Papas Pizzeria "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) - Polish "{AD56ACD9-DB20-416C-80B9-674B80C53159}_is1" = Testy na prawo jazdy 2015 wersja 2015.1 "{B239B43B-3E99-40B0-80BF-1B1BCA868D4E}_is1" = Podatnik.info PIT pro 2014 wersja 2.1.9.17953 "{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}" = FindBeistDeal "{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}" = RoBoSaver "{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}" = TransferBigFilescom Gmail Extension "{C8AAF59A-6BAA-F68B-9470-A856460A8093}" = Ge tt "{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}" = DigiCouupaon "{D238A788-39B6-B97D-A5BA-13FE8E34E03C}" = tAkEsaVe "{E3E136D9-6714-1654-9C26-821A64C4D5E7}" = Jolidrive New Tab Page "{E957849A-94AC-6F46-4623-C31474E3C170}" = Deezer Mediakeys Reloaded "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}" = Mahjong "{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}" = Video Download Manager "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX "Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI "Adobe Flash Player PPAPI" = Adobe Flash Player 17 PPAPI "ALLPlayer_is1" = ALLPlayer V5.X "AQQ" = AQQ "Google Chrome" = Google Chrome "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "KLiteCodecPack_is1" = K-Lite Codec Pack 10.5.0 Full "NapiProjekt_is1" = NapiProjekt (2.2.0.2399) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 29.0.1795.60" = Opera Stable 29.0.1795.60 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1568802377-1154090777-4032204213-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec "Price Fountain" = Update for PriceFountain "PriceFountain" = PriceFountain (remove only) "uTorrent" = µTorrent [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2015-05-22 10:16:46 | Computer Name = Syll-Komputer | Source = .NET Runtime | ID = 1022 Description = Error - 2015-05-23 05:32:11 | Computer Name = Syll-Komputer | Source = .NET Runtime | ID = 1022 Description = Error - 2015-05-23 09:38:33 | Computer Name = Syll-Komputer | Source = .NET Runtime | ID = 1022 Description = Error - 2015-05-24 08:20:53 | Computer Name = Syll-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Syll\Downloads\Softonic-Windows Movie Maker 2012-Instalka.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 2015-05-24 08:20:53 | Computer Name = Syll-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Syll\Downloads\SoftonicDownloader_dla_bluestacks-app-player.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 2015-05-24 08:22:25 | Computer Name = Syll-Komputer | Source = .NET Runtime | ID = 1022 Description = Error - 2015-05-24 13:01:05 | Computer Name = Syll-Komputer | Source = .NET Runtime | ID = 1022 Description = Error - 2015-05-29 12:07:07 | Computer Name = Syll-Komputer | Source = VSS | ID = 18 Description = Error - 2015-05-29 12:07:07 | Computer Name = Syll-Komputer | Source = VSS | ID = 8193 Description = Error - 2015-05-29 12:07:07 | Computer Name = Syll-Komputer | Source = System Restore | ID = 8193 Description = Error - 2015-05-30 06:12:15 | Computer Name = Syll-Komputer | Source = Google Update | ID = 20 Description = [ Media Center Events ] Error - 2015-04-13 11:25:36 | Computer Name = Syll-Komputer | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = Error - 2015-04-13 11:25:46 | Computer Name = Syll-Komputer | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = Error - 2015-04-13 11:25:59 | Computer Name = Syll-Komputer | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = Error - 2015-04-13 11:26:12 | Computer Name = Syll-Komputer | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = Error - 2015-04-13 11:26:23 | Computer Name = Syll-Komputer | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = Error - 2015-04-22 09:59:33 | Computer Name = Syll-Komputer | Source = MCUpdate | ID = 0 Description = 15:59:33 - Nie można pobrać pakietu Directory (Błąd: Upłynął limit czasu operacji) Error - 2015-04-22 10:07:37 | Computer Name = Syll-Komputer | Source = MCUpdate | ID = 0 Description = 16:05:57 - Nie można pobrać pakietu MCEClientUX (Błąd: Upłynął limit czasu operacji) Error - 2015-04-22 10:08:59 | Computer Name = Syll-Komputer | Source = MCUpdate | ID = 0 Description = 16:08:53 - Nie można pobrać pakietu Broadband (Błąd: Połączenie podstawowe zostało zakończone: Wystąpił nieoczekiwany błąd przy wysyłaniu.) Error - 2015-05-30 06:10:58 | Computer Name = Syll-Komputer | Source = MCUpdate | ID = 0 Description = 12:10:58 - Błąd podczas nawiązywania połączenia z Internetem. 12:10:58 - Nie można skontaktować się z serwerem.. Error - 2015-05-30 06:11:16 | Computer Name = Syll-Komputer | Source = MCUpdate | ID = 0 Description = 12:11:04 - Błąd podczas nawiązywania połączenia z Internetem. 12:11:04 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2015-05-30 06:14:39 | Computer Name = Syll-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2015-05-30 06:14:39 | Computer Name = Syll-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error - 2015-05-30 06:14:40 | Computer Name = Syll-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2015-05-30 06:14:40 | Computer Name = Syll-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error - 2015-05-30 06:15:39 | Computer Name = Syll-Komputer | Source = PNRPSvc | ID = 102 Description = Error - 2015-05-30 06:15:39 | Computer Name = Syll-Komputer | Source = PNRPSvc | ID = 102 Description = Error - 2015-05-30 06:15:39 | Computer Name = Syll-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2015-05-30 06:15:39 | Computer Name = Syll-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error - 2015-05-30 06:15:39 | Computer Name = Syll-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2015-05-30 06:15:39 | Computer Name = Syll-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 < End of report >

Kod: Zaznacz wszystko: ComboFix 15-05-28.01 - Syll 2015-05-30 12:07:20.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3884.2751 [GMT 2:00] Uruchomiony z: c:\users\Syll\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\logs c:\windows\SysWow64\logs\myeasylog.log . . ((((((((((((((((((((((((( Pliki utworzone od 2015-04-28 do 2015-05-30 ))))))))))))))))))))))))))))))) . . 2015-05-30 10:13 . 2015-05-30 10:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2015-05-30 10:13 . 2015-05-30 10:13 -------- d-----w- c:\users\Mcx1-SYLL-KOMPUTER\AppData\Local\temp 2015-05-30 10:13 . 2015-05-30 10:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-05-28 22:54 . 2015-05-28 22:54 2085376 ----a-w- c:\windows\SysWow64\setup.exe 2015-05-23 10:09 . 2015-05-23 10:09 -------- d-----w- c:\program files (x86)\DigiCouupaon 2015-05-23 10:09 . 2015-05-23 10:09 -------- d-----w- c:\program files (x86)\Red Ball 2015-05-16 14:45 . 2015-05-27 09:59 24 ----a-w- c:\users\Syll\AppData\Roaming\appdataFr25.bin 2015-05-03 11:14 . 2015-05-03 11:14 -------- d-----w- c:\program files (x86)\Send Page 2015-05-03 11:13 . 2015-05-03 11:13 -------- d-----w- c:\program files (x86)\JoniCoUpon . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-22 15:09 . 2014-12-18 21:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2015-04-17 08:52 . 2014-05-16 10:09 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-04-17 08:52 . 2014-05-16 10:09 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-03-03 07:54 . 2015-01-06 12:46 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{377CFAF2-BE57-4CAA-95DB-09AF1D4C5896}] c:\program files (x86)\NewwSaver\PHwvCO7A9E5Jwy.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6CA03776-4DF7-49D1-BE4F-B5F5F5FC84F7}] c:\program files (x86)\FuNDeals\w8DjhmPPynxj8o.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7f31c878-6c4c-4758-9ef5-2acadfba5d0c}] c:\program files (x86)\AllSaVer\k3pzgomSoWINjK.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8c3f86bb-4d11-4909-a890-8c19fd163a19}] 2015-03-07 19:57 587264 ----a-w- c:\program files (x86)\RoBoSaver\SFPgYTUCSyfOZt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1}] 2015-03-24 11:08 624640 ----a-w- c:\program files (x86)\RandomPricE\LJt0qvsZbJBHhm.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{a45acd87-680f-42a3-9fa5-32a8ad47ea0b}] c:\program files (x86)\SaeveNEwaApupz\hUUgC76uHIRK2M.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{b608cc98-54de-4775-96c9-097de398500c}] 2015-04-28 21:15 88064 ----a-w- c:\users\Syll\AppData\Local\PriceFountain\PriceFountainIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bb259573-d0e5-48c7-9160-d13d7ca267ad}] 2015-03-24 11:08 624640 ----a-w- c:\program files (x86)\FindBeistDeal\rfwBqYM5uhCtD9.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d2cd6f06-37f2-43c4-b2f7-5efdcffe96df}] c:\program files (x86)\TakeTheCooUpon\oTVxTzr2PyjrMy.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f57c7adc-b760-4f2b-a351-0f5d95da05ab}] c:\program files (x86)\SaveNewaApapz\zaBdrGhnSOkchV.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "PriceFountain"="c:\windows\SysWOW64\wscript.exe" [2009-07-14 141824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 f44f894e;StormSaver;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-05-25 22:26 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2015-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16 08:52] . 2015-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1568802377-1154090777-4032204213-1001Core.job - c:\users\Syll\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-26 16:07] . 2015-05-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1568802377-1154090777-4032204213-1001UA.job - c:\users\Syll\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-26 16:07] . 2015-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24 09:12] . 2015-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24 09:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8c3f86bb-4d11-4909-a890-8c19fd163a19}] 2015-03-07 19:57 660480 ----a-w- c:\program files (x86)\RoBoSaver\SFPgYTUCSyfOZt.x64.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1}] 2015-03-24 11:08 698368 ----a-w- c:\program files (x86)\RandomPricE\LJt0qvsZbJBHhm.x64.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb259573-d0e5-48c7-9160-d13d7ca267ad}] 2015-03-24 11:08 698368 ----a-w- c:\program files (x86)\FindBeistDeal\rfwBqYM5uhCtD9.x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.gboxapp.com/ mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1414697835&from=cor&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} mDefault_Page_URL = about:blank mStart Page = hxxp://search.gboxapp.com/ mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1414697835&from=cor&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} TCP: DhcpNameServer = 62.233.233.233 87.204.204.204 TCP: Interfaces\{CDAABED4-83B8-44AC-8CB4-6C22DF99FD4A}: NameServer = 8.8.8.8,8.8.4.4 . - - - - USUNIĘTO PUSTE WPISY - - - - . ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-{317D8BB4-16C3-CFBD-3777-AED69667DA46} - c:\program files (x86)\NetaoCouuppon\NetaoCouuppon.exe AddRemove-{478472F9-9E09-492A-BDAB-42EE595EF1AD} - c:\program files (x86)\FuNDeals\w8DjhmPPynxj8o.exe AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\program files (x86)\youtubeadblocker\9i22y3AIhdIBCu.exe AddRemove-{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E} - c:\program files (x86)\unisALes\6L9ZkSBhlnBxJf.exe AddRemove-{53B21E29-3967-C332-57EB-C02631658584} - c:\program files (x86)\TakeTheCooUpon\oTVxTzr2PyjrMy.exe AddRemove-{6824985F-31D5-9CBE-1EB7-3D7ECDC6356E} - c:\program files (x86)\copunKi\m3M6mUfjnky6C3.exe AddRemove-{6A08B379-76FB-B4CF-0C70-CAFCD3635A77} - c:\program files (x86)\NewwSaver\PHwvCO7A9E5Jwy.exe AddRemove-{7304C9D1-98AD-55F0-636E-22D8DD57F176} - c:\program files (x86)\SaeveNEwaApupz\hUUgC76uHIRK2M.exe AddRemove-{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5} - c:\program files (x86)\Papas Pizzeria\Papas Pizzeria.exe AddRemove-{B81F9CCF-7FCD-416F-893F-5EAA65087A58} - c:\program files (x86)\77sAVe\s6tbLxPgKmVvpG.exe AddRemove-{C637A71C-A4B2-4B47-1B2A-1042A8D525A3} - c:\program files (x86)\TransferBigFilescom Gmail Extension\TransferBigFilescom Gmail Extension.exe AddRemove-{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62} - c:\program files (x86)\AllSaVer\k3pzgomSoWINjK.exe AddRemove-{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A} - c:\program files (x86)\Mahjong\Mahjong.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.17" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2015-05-30 12:15:27 ComboFix-quarantined-files.txt 2015-05-30 10:15 ComboFix2.txt 2015-05-29 16:32 ComboFix3.txt 2015-05-29 16:17 . Przed: 17 337 638 912 bajtów wolnych Po: 17 262 813 184 bajtów wolnych . - - End Of File - - 8319A9ED52B5F511872F37C157C56B46 A36C5E4F47E84449FF07ED3517B43A31

**Posty:** 4765 · przez **ordynat** 30 Maj 2015, 15:36

1) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt

2) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2015-01-29 16:54:34 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\PriceFountain
[2014-05-16 13:03:37 | 000,000,000 | ---D | M] -- C:\Users\Syll\AppData\Roaming\OpenCandy
[2015-05-23 12:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigiCouupaon
[2015-05-03 13:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Send Page
[2015-05-03 13:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoniCoUpon
O4 - HKLM..\RunOnce: [PriceFountain] C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Syll\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat" File not found
O2 - BHO: (PriceFountain) - {b608cc98-54de-4775-96c9-097de398500c} - C:\Users\Syll\AppData\Local\PriceFountain\PriceFountainIE.dll ()
O2 - BHO: (FindBeistDeal) - {bb259573-d0e5-48c7-9160-d13d7ca267ad} - C:\Program Files (x86)\FindBeistDeal\rfwBqYM5uhCtD9.dll ()
O2 - BHO: (TakeTheCooUpon) - {d2cd6f06-37f2-43c4-b2f7-5efdcffe96df} - C:\Program Files (x86)\TakeTheCooUpon\oTVxTzr2PyjrMy.dll File not found
O2 - BHO: (SaveNewaApapz) - {f57c7adc-b760-4f2b-a351-0f5d95da05ab} - C:\Program Files (x86)\SaveNewaApapz\zaBdrGhnSOkchV.dll File not found
O2:64bit: - BHO: (FindBeistDeal) - {bb259573-d0e5-48c7-9160-d13d7ca267ad} - C:\Program Files (x86)\FindBeistDeal\rfwBqYM5uhCtD9.x64.dll ()
O2 - BHO: (NewwSaver) - {377CFAF2-BE57-4CAA-95DB-09AF1D4C5896} - C:\Program Files (x86)\NewwSaver\PHwvCO7A9E5Jwy.dll File not found
O2 - BHO: (FuNDeals) - {6CA03776-4DF7-49D1-BE4F-B5F5F5FC84F7} - C:\Program Files (x86)\FuNDeals\w8DjhmPPynxj8o.dll File not found
O2 - BHO: (AllSaVer) - {7f31c878-6c4c-4758-9ef5-2acadfba5d0c} - C:\Program Files (x86)\AllSaVer\k3pzgomSoWINjK.dll File not found
O2 - BHO: (RoBoSaver) - {8c3f86bb-4d11-4909-a890-8c19fd163a19} - C:\Program Files (x86)\RoBoSaver\SFPgYTUCSyfOZt.dll ()
O2 - BHO: (RandomPricE) - {9c2c433a-d88f-48ea-8cb2-8363c3e29dd1} - C:\Program Files (x86)\RandomPricE\LJt0qvsZbJBHhm.dll ()
O2 - BHO: (SaeveNEwaApupz) - {a45acd87-680f-42a3-9fa5-32a8ad47ea0b} - C:\Program Files (x86)\SaeveNEwaApupz\hUUgC76uHIRK2M.dll File not found
O2:64bit: - BHO: (RoBoSaver) - {8c3f86bb-4d11-4909-a890-8c19fd163a19} - C:\Program Files (x86)\RoBoSaver\SFPgYTUCSyfOZt.x64.dll ()
O2:64bit: - BHO: (RandomPricE) - {9c2c433a-d88f-48ea-8cb2-8363c3e29dd1} - C:\Program Files (x86)\RandomPricE\LJt0qvsZbJBHhm.x64.dll ()
FF - prefs.js..browser.startup.homepage: "http://search.gboxapp.com/"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.searchtheglobe.info/?pid=724&r=2015/02/05&hid=15268355170663098515&lg=EN&cc=PL&l=1&q="
FF - prefs.js..browser.search.defaulturl: "http://websearch.searchtheglobe.info/?pid=724&r=2015/02/05&hid=15268355170663098515&lg=EN&cc=PL&l=1&q="
IE - HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/05&hid=15268355170663098515&lg=EN&cc=PL
IE - HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-search.net/search?sid=476&aid=175&itype=n&ver=13396&tm=411&src=ds&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1414697835&from=cor&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1414697835&from=cor&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-search.net/search?sid=476&aid=175&itype=n&ver=13396&tm=411&src=ds&p={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/05&hid=15268355170663098515&lg=EN&cc=PL

:Services
f44f894e

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

3) Zrób logi z FRST > http://forum.programosy.pl/frst-otl-zoek-vt139692.html
Przed skanem zaznacz "Additional"
.

**Posty:** 11 · przez **kajtek77** 30 Maj 2015, 18:13

Kod: Zaznacz wszystko: # AdwCleaner v4.111 - Logfile created 30/05/2015 at 17:54:44 # Updated 18/02/2015 by Xplode # Database : 2015-05-25.3 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Syll - SYLL-KOMPUTER # Running from : C:\Users\Syll\Downloads\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\IePluginServices Folder Deleted : C:\ProgramData\systemk Folder Deleted : C:\ProgramData\WindowsMangerProtect Folder Deleted : C:\ProgramData\The AdBlocker Folder Deleted : C:\ProgramData\Yellow AdBlocker Folder Deleted : C:\ProgramData\b0585386378f9c6d Folder Deleted : C:\Program Files (x86)\globalUpdate Folder Deleted : C:\Program Files (x86)\Settings Manager Folder Deleted : C:\Program Files (x86)\YouTube Accelerator Folder Deleted : C:\Program Files (x86)\RoboSaver Folder Deleted : C:\Program Files (x86)\StormSaver Folder Deleted : C:\Program Files (x86)\77sAVe Folder Deleted : C:\Program Files (x86)\AAllCHeapPrice Folder Deleted : C:\Program Files (x86)\DigiCouupaon Folder Deleted : C:\Program Files (x86)\DowwnSave Folder Deleted : C:\Program Files (x86)\FindBeistDeal Folder Deleted : C:\Program Files (x86)\FindBestDEial Folder Deleted : C:\Program Files (x86)\FindBestiDDeeal Folder Deleted : C:\Program Files (x86)\FInndBestDeAl Folder Deleted : C:\Program Files (x86)\FUn2SSaVE Folder Deleted : C:\Program Files (x86)\Happpy2Saave Folder Deleted : C:\Program Files (x86)\JoniCoUpon Folder Deleted : C:\Program Files (x86)\NetaoCouuppon Folder Deleted : C:\Program Files (x86)\RandomPricE Folder Deleted : C:\Program Files (x86)\SaveNaewaAppz Folder Deleted : C:\Program Files (x86)\SSaveLaots Folder Deleted : C:\Program Files (x86)\SSaveLLots Folder Deleted : C:\Program Files (x86)\takesaVe Folder Deleted : C:\Program Files (x86)\TakeTheeCouupoN Folder Deleted : C:\Program Files (x86)\unisALes Folder Deleted : C:\Program Files (x86)\unisiallEESa Folder Deleted : C:\Users\Syll\AppData\Local\globalUpdate Folder Deleted : C:\Users\Syll\AppData\Local\PriceFountain Folder Deleted : C:\Users\Syll\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Syll\AppData\Roaming\Systweak Folder Deleted : C:\Users\Syll\AppData\Roaming\PriceFountain Folder Deleted : C:\Users\Syll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain Folder Deleted : C:\ProgramData\hbppdmpjgoakggnddphpaoeffnlgdepg File Deleted : C:\Users\Syll\AppData\Roaming\Mozilla\Firefox\Profiles\lhw568gl.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi File Deleted : C:\Windows\System32\roboot64.exe ***** [ Scheduled tasks ] ***** Task Deleted : Price Fountain ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} Key Deleted : HKLM\SOFTWARE\Classes\P1aeaf425_ebfa_4028_98c4_4b26b9be5776_.P1aeaf425_ebfa_4028_98c4_4b26b9be5776_ Key Deleted : HKLM\SOFTWARE\Classes\P1aeaf425_ebfa_4028_98c4_4b26b9be5776_.P1aeaf425_ebfa_4028_98c4_4b26b9be5776_.9 Key Deleted : HKLM\SOFTWARE\Classes\P308216aa_38af_48ce_b721_f39b1cda1e98_.P308216aa_38af_48ce_b721_f39b1cda1e98_ Key Deleted : HKLM\SOFTWARE\Classes\P308216aa_38af_48ce_b721_f39b1cda1e98_.P308216aa_38af_48ce_b721_f39b1cda1e98_.10 Key Deleted : HKLM\SOFTWARE\Classes\P377CFAF2_BE57_4CAA_95DB_09AF1D4C5896_.P377CFAF2_BE57_4CAA_95DB_09AF1D4C5896_ Key Deleted : HKLM\SOFTWARE\Classes\P377CFAF2_BE57_4CAA_95DB_09AF1D4C5896_.P377CFAF2_BE57_4CAA_95DB_09AF1D4C5896_.9 Key Deleted : HKLM\SOFTWARE\Classes\P48e1bd1f_df1b_4548_a58c_839af048d1ef_.P48e1bd1f_df1b_4548_a58c_839af048d1ef_ Key Deleted : HKLM\SOFTWARE\Classes\P48e1bd1f_df1b_4548_a58c_839af048d1ef_.P48e1bd1f_df1b_4548_a58c_839af048d1ef_.9 Key Deleted : HKLM\SOFTWARE\Classes\P6CA03776_4DF7_49D1_BE4F_B5F5F5FC84F7_.P6CA03776_4DF7_49D1_BE4F_B5F5F5FC84F7_ Key Deleted : HKLM\SOFTWARE\Classes\P6CA03776_4DF7_49D1_BE4F_B5F5F5FC84F7_.P6CA03776_4DF7_49D1_BE4F_B5F5F5FC84F7_.9 Key Deleted : HKLM\SOFTWARE\Classes\P706eba21_fb56_437b_8b14_4a6d0af8998c_.P706eba21_fb56_437b_8b14_4a6d0af8998c_ Key Deleted : HKLM\SOFTWARE\Classes\P706eba21_fb56_437b_8b14_4a6d0af8998c_.P706eba21_fb56_437b_8b14_4a6d0af8998c_.9 Key Deleted : HKLM\SOFTWARE\Classes\P7f31c878_6c4c_4758_9ef5_2acadfba5d0c_.P7f31c878_6c4c_4758_9ef5_2acadfba5d0c_ Key Deleted : HKLM\SOFTWARE\Classes\P7f31c878_6c4c_4758_9ef5_2acadfba5d0c_.P7f31c878_6c4c_4758_9ef5_2acadfba5d0c_.9 Key Deleted : HKLM\SOFTWARE\Classes\P828303d9_be35_4f3f_845f_3ad91b68e593_.P828303d9_be35_4f3f_845f_3ad91b68e593_ Key Deleted : HKLM\SOFTWARE\Classes\P828303d9_be35_4f3f_845f_3ad91b68e593_.P828303d9_be35_4f3f_845f_3ad91b68e593_.9 Key Deleted : HKLM\SOFTWARE\Classes\P8c3f86bb_4d11_4909_a890_8c19fd163a19_.P8c3f86bb_4d11_4909_a890_8c19fd163a19_ Key Deleted : HKLM\SOFTWARE\Classes\P8c3f86bb_4d11_4909_a890_8c19fd163a19_.P8c3f86bb_4d11_4909_a890_8c19fd163a19_.9 Key Deleted : HKLM\SOFTWARE\Classes\P8ea497ec_0110_48be_a30c_810ea51691d1_.P8ea497ec_0110_48be_a30c_810ea51691d1_ Key Deleted : HKLM\SOFTWARE\Classes\P8ea497ec_0110_48be_a30c_810ea51691d1_.P8ea497ec_0110_48be_a30c_810ea51691d1_.9 Key Deleted : HKLM\SOFTWARE\Classes\P9c2c433a_d88f_48ea_8cb2_8363c3e29dd1_.P9c2c433a_d88f_48ea_8cb2_8363c3e29dd1_ Key Deleted : HKLM\SOFTWARE\Classes\P9c2c433a_d88f_48ea_8cb2_8363c3e29dd1_.P9c2c433a_d88f_48ea_8cb2_8363c3e29dd1_.9 Key Deleted : HKLM\SOFTWARE\Classes\Pa45acd87_680f_42a3_9fa5_32a8ad47ea0b_.Pa45acd87_680f_42a3_9fa5_32a8ad47ea0b_ Key Deleted : HKLM\SOFTWARE\Classes\Pa45acd87_680f_42a3_9fa5_32a8ad47ea0b_.Pa45acd87_680f_42a3_9fa5_32a8ad47ea0b_.9 Key Deleted : HKLM\SOFTWARE\Classes\Pbb259573_d0e5_48c7_9160_d13d7ca267ad_.Pbb259573_d0e5_48c7_9160_d13d7ca267ad_ Key Deleted : HKLM\SOFTWARE\Classes\Pbb259573_d0e5_48c7_9160_d13d7ca267ad_.Pbb259573_d0e5_48c7_9160_d13d7ca267ad_.9 Key Deleted : HKLM\SOFTWARE\Classes\Pd2cd6f06_37f2_43c4_b2f7_5efdcffe96df_.Pd2cd6f06_37f2_43c4_b2f7_5efdcffe96df_ Key Deleted : HKLM\SOFTWARE\Classes\Pd2cd6f06_37f2_43c4_b2f7_5efdcffe96df_.Pd2cd6f06_37f2_43c4_b2f7_5efdcffe96df_.9 Key Deleted : HKLM\SOFTWARE\Classes\Pf57c7adc_b760_4f2b_a351_0f5d95da05ab_.Pf57c7adc_b760_4f2b_a351_0f5d95da05ab_ Key Deleted : HKLM\SOFTWARE\Classes\Pf57c7adc_b760_4f2b_a351_0f5d95da05ab_.Pf57c7adc_b760_4f2b_a351_0f5d95da05ab_.9 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f44f894e} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B608CC98-54DE-4775-96C9-097DE398500C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1aeaf425-ebfa-4028-98c4-4b26b9be5776} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{308216aa-38af-48ce-b721-f39b1cda1e98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{377CFAF2-BE57-4CAA-95DB-09AF1D4C5896} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48e1bd1f-df1b-4548-a58c-839af048d1ef} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CA03776-4DF7-49D1-BE4F-B5F5F5FC84F7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{706eba21-fb56-437b-8b14-4a6d0af8998c} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7f31c878-6c4c-4758-9ef5-2acadfba5d0c} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{828303d9-be35-4f3f-845f-3ad91b68e593} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8c3f86bb-4d11-4909-a890-8c19fd163a19} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8ea497ec-0110-48be-a30c-810ea51691d1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a45acd87-680f-42a3-9fa5-32a8ad47ea0b} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{bb259573-d0e5-48c7-9160-d13d7ca267ad} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d2cd6f06-37f2-43c4-b2f7-5efdcffe96df} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f57c7adc-b760-4f2b-a351-0f5d95da05ab} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2105FE20-DEBD-4084-A306-61C5DA001CCA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{999A70CB-7657-4A48-A92A-BE29FF9D5443} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B608CC98-54DE-4775-96C9-097DE398500C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377CFAF2-BE57-4CAA-95DB-09AF1D4C5896} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CA03776-4DF7-49D1-BE4F-B5F5F5FC84F7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f31c878-6c4c-4758-9ef5-2acadfba5d0c} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c3f86bb-4d11-4909-a890-8c19fd163a19} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a45acd87-680f-42a3-9fa5-32a8ad47ea0b} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb259573-d0e5-48c7-9160-d13d7ca267ad} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2cd6f06-37f2-43c4-b2f7-5efdcffe96df} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f57c7adc-b760-4f2b-a351-0f5d95da05ab} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c3f86bb-4d11-4909-a890-8c19fd163a19} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8c3f86bb-4d11-4909-a890-8c19fd163a19} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1aeaf425-ebfa-4028-98c4-4b26b9be5776} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{308216aa-38af-48ce-b721-f39b1cda1e98} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{377CFAF2-BE57-4CAA-95DB-09AF1D4C5896} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{48e1bd1f-df1b-4548-a58c-839af048d1ef} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CA03776-4DF7-49D1-BE4F-B5F5F5FC84F7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{706eba21-fb56-437b-8b14-4a6d0af8998c} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7f31c878-6c4c-4758-9ef5-2acadfba5d0c} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{828303d9-be35-4f3f-845f-3ad91b68e593} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8c3f86bb-4d11-4909-a890-8c19fd163a19} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8ea497ec-0110-48be-a30c-810ea51691d1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a45acd87-680f-42a3-9fa5-32a8ad47ea0b} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bb259573-d0e5-48c7-9160-d13d7ca267ad} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d2cd6f06-37f2-43c4-b2f7-5efdcffe96df} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f57c7adc-b760-4f2b-a351-0f5d95da05ab} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1aeaf425-ebfa-4028-98c4-4b26b9be5776} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{308216aa-38af-48ce-b721-f39b1cda1e98} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{48e1bd1f-df1b-4548-a58c-839af048d1ef} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{706eba21-fb56-437b-8b14-4a6d0af8998c} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{828303d9-be35-4f3f-845f-3ad91b68e593} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8c3f86bb-4d11-4909-a890-8c19fd163a19} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8ea497ec-0110-48be-a30c-810ea51691d1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{bb259573-d0e5-48c7-9160-d13d7ca267ad} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c3f86bb-4d11-4909-a890-8c19fd163a19} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb259573-d0e5-48c7-9160-d13d7ca267ad} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\Goobzo Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Myfree Codec Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\SupHpUISoft Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\PriceFountain Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\Myfree Codec Key Deleted : HKLM\SOFTWARE\SupTab Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect Key Deleted : HKLM\SOFTWARE\sweet-pageSoftware Key Deleted : HKLM\SOFTWARE\SystemK Key Deleted : HKLM\SOFTWARE\systweak Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceFountain Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Fountain Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D238A788-39B6-B97D-A5BA-13FE8E34E03C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{317D8BB4-16C3-CFBD-3777-AED69667DA46} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E13884-BAC3-5F4A-799B-05F882E0BD9F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{478472F9-9E09-492A-BDAB-42EE595EF1AD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51417852-174C-88D4-34A0-D0FE7858BE47} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7304C9D1-98AD-55F0-636E-22D8DD57F176} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B} ***** [ Web browsers ] ***** -\\ Internet Explorer v9.0.8112.16545 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v [lhw568gl.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.gboxapp.com/"); -\\ Google Chrome v43.0.2357.81 [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1414614570&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1414614570&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1414697835&from=cor&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.pl/s/{searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1414614570&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1414614570&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1414697835&from=cor&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} -\\ Opera v29.0.1795.60 [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1414614570&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1414614570&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1414697835&from=cor&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.pl/s/{searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1414614570&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1414614570&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} [C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1414697835&from=cor&uid=WDCXWD6400BEVT-80A0RT0_WD-WXG1A30V6650V6650&q={searchTerms} ************************* AdwCleaner[R0].txt - [16666 bytes] - [24/02/2015 12:07:45] AdwCleaner[R1].txt - [23050 bytes] - [30/05/2015 17:51:39] AdwCleaner[R2].txt - [22318 bytes] - [30/05/2015 17:53:15] AdwCleaner[S0].txt - [22504 bytes] - [30/05/2015 17:54:44] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22564 bytes] ##########

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Folder C:\Users\Syll\AppData\Roaming\PriceFountain\ not found. Folder C:\Users\Syll\AppData\Roaming\OpenCandy\ not found. Folder C:\Program Files (x86)\DigiCouupaon\ not found. C:\Program Files (x86)\Send Page folder moved successfully. Folder C:\Program Files (x86)\JoniCoUpon\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\PriceFountain not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b608cc98-54de-4775-96c9-097de398500c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b608cc98-54de-4775-96c9-097de398500c}\ not found. File C:\Users\Syll\AppData\Local\PriceFountain\PriceFountainIE.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb259573-d0e5-48c7-9160-d13d7ca267ad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb259573-d0e5-48c7-9160-d13d7ca267ad}\ not found. File C:\Program Files (x86)\FindBeistDeal\rfwBqYM5uhCtD9.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2cd6f06-37f2-43c4-b2f7-5efdcffe96df}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2cd6f06-37f2-43c4-b2f7-5efdcffe96df}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f57c7adc-b760-4f2b-a351-0f5d95da05ab}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f57c7adc-b760-4f2b-a351-0f5d95da05ab}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb259573-d0e5-48c7-9160-d13d7ca267ad}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb259573-d0e5-48c7-9160-d13d7ca267ad}\ not found. File C:\Program Files (x86)\FindBeistDeal\rfwBqYM5uhCtD9.x64.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377CFAF2-BE57-4CAA-95DB-09AF1D4C5896}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377CFAF2-BE57-4CAA-95DB-09AF1D4C5896}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CA03776-4DF7-49D1-BE4F-B5F5F5FC84F7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CA03776-4DF7-49D1-BE4F-B5F5F5FC84F7}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f31c878-6c4c-4758-9ef5-2acadfba5d0c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f31c878-6c4c-4758-9ef5-2acadfba5d0c}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c3f86bb-4d11-4909-a890-8c19fd163a19}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3f86bb-4d11-4909-a890-8c19fd163a19}\ not found. File C:\Program Files (x86)\RoBoSaver\SFPgYTUCSyfOZt.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1}\ not found. File C:\Program Files (x86)\RandomPricE\LJt0qvsZbJBHhm.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a45acd87-680f-42a3-9fa5-32a8ad47ea0b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a45acd87-680f-42a3-9fa5-32a8ad47ea0b}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c3f86bb-4d11-4909-a890-8c19fd163a19}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3f86bb-4d11-4909-a890-8c19fd163a19}\ not found. File C:\Program Files (x86)\RoBoSaver\SFPgYTUCSyfOZt.x64.dll not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c2c433a-d88f-48ea-8cb2-8363c3e29dd1}\ not found. File C:\Program Files (x86)\RandomPricE\LJt0qvsZbJBHhm.x64.dll not found. Prefs.js: "http://search.gboxapp.com/" removed from browser.startup.homepage Prefs.js: "WebSearch" removed from browser.search.order.1 Prefs.js: "WebSearch" removed from browser.search.defaultenginename Prefs.js: "WebSearch" removed from browser.search.selectedEngine Prefs.js: S", "WebSearch" removed from browser.search.order.1,S Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S Prefs.js: "http://websearch.searchtheglobe.info/?pid=724&r=2015/02/05&hid=15268355170663098515&lg=EN&cc=PL&l=1&q=" removed from keyword.URL Prefs.js: "http://websearch.searchtheglobe.info/?pid=724&r=2015/02/05&hid=15268355170663098515&lg=EN&cc=PL&l=1&q=" removed from browser.search.defaulturl Registry key HKEY_USERS\S-1-5-21-1568802377-1154090777-4032204213-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}\ not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. ========== SERVICES/DRIVERS ========== Service f44f894e stopped successfully! Service f44f894e deleted successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mcx1-SYLL-KOMPUTER ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Public ->Temp folder emptied: 0 bytes User: Syll ->Temp folder emptied: 2121879 bytes ->Temporary Internet Files folder emptied: 7603702 bytes ->FireFox cache emptied: 3757040 bytes ->Google Chrome cache emptied: 287088062 bytes ->Flash cache emptied: 13724 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 312 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46500944 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 331,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05302015_180109 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...

Kod: Zaznacz wszystko: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015 Ran by Syll (administrator) on SYLL-KOMPUTER on 30-05-2015 18:05:23 Running from C:\Users\Syll\Downloads Loaded Profiles: Syll & UpdatusUser (Available Profiles: Syll & UpdatusUser & Mcx1-SYLL-KOMPUTER) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe () C:\Program Files (x86)\Opera\29.0.1795.60\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1568802377-1154090777-4032204213-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 62.233.233.233 87.204.204.204 Tcpip\..\Interfaces\{CDAABED4-83B8-44AC-8CB4-6C22DF99FD4A}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Syll\AppData\Roaming\Mozilla\Firefox\Profiles\lhw568gl.default FF SearchEngineOrder.1: FF DefaultSearchEngine: FF SelectedSearchEngine: FF SearchEngineOrder.user_pref("browser.search.order.1,"");: user_pref("browser.search.order.1,""); FF DefaultSearchEngineuser_pref("browser.search.defaultenginename,"");: user_pref("browser.search.defaultenginename,""); FF SelectedSearchEngineuser_pref("browser.search.selectedEngine,"");: user_pref("browser.search.selectedEngine,""); FF DefaultSearchUrl: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1568802377-1154090777-4032204213-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Syll\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] FF Extension: PriceFountain - C:\Users\Syll\AppData\Roaming\Mozilla\Firefox\Profiles\lhw568gl.default\extensions\staged\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2015-05-29] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-24] CHR Extension: (Google Docs) - C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-24] CHR Extension: (Google Drive) - C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-24] CHR Extension: (YouTube) - C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-24] CHR Extension: (Google Search) - C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-24] CHR Extension: (Google Sheets) - C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-24] CHR Extension: (AdBlock) - C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-21] CHR Extension: (Bookmark Manager) - C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17] CHR Extension: (Skype Click to Call) - C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-24] CHR Extension: (Google Wallet) - C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24] CHR Extension: (Gmail) - C:\Users\Syll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-24] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] Opera: ======= OPR StartupUrls: "hxxp://www.gazeta.pl/0,0.html?p=164" ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-30 18:05 - 2015-05-30 18:06 - 00011957 _____ () C:\Users\Syll\Downloads\FRST.txt 2015-05-30 18:05 - 2015-05-30 18:05 - 00000000 ____D () C:\FRST 2015-05-30 18:04 - 2015-05-30 18:04 - 02108928 _____ (Farbar) C:\Users\Syll\Downloads\FRST64.exe 2015-05-30 18:01 - 2015-05-30 18:01 - 00000000 ____D () C:\_OTL 2015-05-30 18:00 - 2015-05-30 17:54 - 00022729 _____ () C:\Users\Syll\Desktop\AdwCleaner[S0].txt 2015-05-30 17:50 - 2015-05-30 17:50 - 02222592 _____ () C:\Users\Syll\Downloads\AdwCleaner (1).exe 2015-05-30 13:11 - 2015-05-30 13:11 - 00619688 _____ (Duplex Secure Ltd) C:\Users\Syll\Downloads\SPTDinst-v187-x64.exe 2015-05-30 12:26 - 2015-05-30 12:26 - 00380416 _____ () C:\Users\Syll\Downloads\qrcwngrk.exe 2015-05-29 18:06 - 2015-05-29 18:16 - 00000000 ____D () C:\Windows\erdnt 2015-05-29 00:54 - 2015-05-29 00:54 - 02085376 _____ (WXBGCQTVDXHSNAA) C:\Windows\SysWOW64\setup.exe 2015-05-29 00:54 - 2015-05-29 00:54 - 00003598 _____ () C:\Windows\System32\Tasks\PFExe 2015-05-23 12:09 - 2015-05-23 12:09 - 00000000 ____D () C:\Program Files (x86)\Red Ball 2015-05-19 16:48 - 2015-05-26 08:30 - 00000000 ____D () C:\Users\Syll\Desktop\moje fotki 2015-05-16 16:45 - 2015-05-30 12:59 - 00000024 _____ () C:\Users\Syll\AppData\Roaming\appdataFr25.bin ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-30 18:05 - 2014-05-16 11:25 - 02001620 _____ () C:\Windows\WindowsUpdate.log 2015-05-30 18:02 - 2015-02-24 11:13 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-30 18:02 - 2015-02-23 13:58 - 00014130 _____ () C:\Windows\setupact.log 2015-05-30 18:02 - 2014-05-16 12:19 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-30 18:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-30 18:01 - 2014-05-16 17:28 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-05-30 18:01 - 2009-07-14 06:45 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-30 18:01 - 2009-07-14 06:45 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-30 18:00 - 2014-05-20 18:35 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6708F5AE-662E-4383-9A80-FFACEAECC401} 2015-05-30 17:56 - 2015-02-23 13:58 - 00428366 _____ () C:\Windows\PFRO.log 2015-05-30 17:54 - 2015-02-24 12:07 - 00000000 ____D () C:\AdwCleaner 2015-05-30 17:52 - 2014-05-16 12:09 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-30 17:40 - 2014-05-16 16:51 - 00000000 ____D () C:\Users\Syll\AppData\Roaming\Skype 2015-05-30 17:25 - 2015-02-24 11:13 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-30 15:12 - 2014-06-26 18:07 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1568802377-1154090777-4032204213-1001UA.job 2015-05-30 12:59 - 2015-01-29 17:54 - 00000089 _____ () C:\Users\Syll\AppData\Roaming\WB.CFG 2015-05-30 12:13 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-05-29 00:08 - 2014-09-07 17:27 - 00000000 ____D () C:\Users\Syll\Desktop\SYLL 2015-05-28 18:12 - 2014-06-26 18:07 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1568802377-1154090777-4032204213-1001Core.job 2015-05-27 17:33 - 2014-05-16 16:51 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-05-26 00:27 - 2015-02-24 11:13 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-25 21:42 - 2014-05-16 12:58 - 00000000 ____D () C:\Users\Syll\AppData\Roaming\uTorrent 2015-05-24 11:57 - 2015-01-29 17:58 - 00000000 ____D () C:\Users\Syll\Desktop\Odin3-v1.85 2015-05-22 13:29 - 2009-07-14 19:55 - 00697912 _____ () C:\Windows\system32\perfh015.dat 2015-05-22 13:29 - 2009-07-14 19:55 - 00134990 _____ () C:\Windows\system32\perfc015.dat 2015-05-22 13:29 - 2009-07-14 07:13 - 01549696 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-20 18:17 - 2014-05-16 16:51 - 00000000 ____D () C:\ProgramData\Skype 2015-05-20 15:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-05-20 11:20 - 2014-06-03 12:25 - 00003882 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1400254119 2015-05-15 21:20 - 2015-02-24 11:13 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-15 21:20 - 2015-02-24 11:13 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-04-30 23:43 - 2015-01-31 15:33 - 00000000 ____D () C:\Users\Syll\Desktop\posegrogowac koniecznie! ==================== Files in the root of some directories ======= 2015-05-16 16:45 - 2015-05-30 12:59 - 0000024 _____ () C:\Users\Syll\AppData\Roaming\appdataFr25.bin 2015-02-10 09:13 - 2015-02-24 09:12 - 0000020 _____ () C:\Users\Syll\AppData\Roaming\appdataFr3.bin 2015-01-29 17:54 - 2015-05-30 12:59 - 0000089 _____ () C:\Users\Syll\AppData\Roaming\WB.CFG 2014-10-29 22:21 - 2014-10-29 22:21 - 0003584 _____ () C:\Users\Syll\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-29 11:56 - 2014-11-29 11:56 - 0000000 _____ () C:\Users\Syll\AppData\Local\{5901B4EF-5F8A-4383-90D5-F0FE0322C80F} ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-24 00:53 ==================== End of log ============================

Kod: Zaznacz wszystko: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by Syll at 2015-05-30 18:06:47 Running from C:\Users\Syll\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1568802377-1154090777-4032204213-500 - Administrator - Disabled) Gość (S-1-5-21-1568802377-1154090777-4032204213-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1568802377-1154090777-4032204213-1002 - Limited - Enabled) Mcx1-SYLL-KOMPUTER (S-1-5-21-1568802377-1154090777-4032204213-1004 - Limited - Enabled) => C:\Users\Mcx1-SYLL-KOMPUTER Syll (S-1-5-21-1568802377-1154090777-4032204213-1001 - Administrator - Enabled) => C:\Users\Syll UpdatusUser (S-1-5-21-1568802377-1154090777-4032204213-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Aktualizacje NVIDIA 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) ALLPlayer V5.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) AQQ (HKLM-x32\...\AQQ) (Version: 2.6.0.50 - Creative Team S.A.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.63 - Conexant) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Ge tt (HKLM-x32\...\{C8AAF59A-6BAA-F68B-9470-A856460A8093}) (Version: - "") <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation) JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.) Jolidrive New Tab Page (HKLM-x32\...\{E3E136D9-6714-1654-9C26-821A64C4D5E7}) (Version: - "") K-Lite Codec Pack 10.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - ) Mahjong (HKLM-x32\...\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}) (Version: - "") <==== ATTENTION MailShare (HKLM\...\{5846E720-C188-478F-B501-45EA1ACC44D1}_is1) (Version: 2.1.5 - MailShare.pl) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Module linguistique Microsoft .NET Framework 4 Client Profile FRA (HKLM\...\Microsoft .NET Framework 4 Client Profile FRA Language Pack) (Version: 4.0.30320 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\...\MyFreeCodec) (Version: - ) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NVIDIA Sterownik 3D Vision 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation) NVIDIA Sterownik graficzny 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA) Panel sterowania NVIDIA 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden Papas Pizzeria (HKLM-x32\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version: - "") <==== ATTENTION Podatnik.info PIT pro 2014 wersja 2.1.9.17953 (HKLM-x32\...\{B239B43B-3E99-40B0-80BF-1B1BCA868D4E}_is1) (Version: 2.1.9.17953 - Podatnik.info Sp. z o.o.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Send Page (HKLM-x32\...\{274E3C5C-178E-EAE2-A52F-2863C0EECD46}) (Version: - "") <==== ATTENTION Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) Testy na prawo jazdy 2015 wersja 2015.1 (HKLM-x32\...\{AD56ACD9-DB20-416C-80B9-674B80C53159}_is1) (Version: 2015.1 - KTW) TransferBigFilescom Gmail Extension (HKLM-x32\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version: - "") <==== ATTENTION USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - ) Vegas Pro 11.0 (HKLM-x32\...\{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}) (Version: 11.0.682 - Sony) Video Download Manager (HKLM-x32\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version: - "") <==== ATTENTION WinRAR 5.01 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1568802377-1154090777-4032204213-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Syll\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File ==================== Restore Points ========================= 06-02-2015 17:51:19 Zaplanowany punkt kontrolny 17-02-2015 16:08:18 Zaplanowany punkt kontrolny 23-02-2015 10:49:37 avast! antivirus system restore point 24-02-2015 11:00:22 avast! antivirus system restore point 03-03-2015 14:26:46 Zaplanowany punkt kontrolny 12-03-2015 14:03:17 Zaplanowany punkt kontrolny 20-03-2015 17:17:52 Zaplanowany punkt kontrolny 28-03-2015 12:08:52 Zaplanowany punkt kontrolny 04-04-2015 16:09:34 Zaplanowany punkt kontrolny 12-04-2015 10:30:44 Zaplanowany punkt kontrolny 21-04-2015 10:19:10 Zaplanowany punkt kontrolny 28-04-2015 16:11:51 Zaplanowany punkt kontrolny 07-05-2015 13:06:04 Zaplanowany punkt kontrolny 14-05-2015 14:14:56 Zaplanowany punkt kontrolny 21-05-2015 17:18:25 Zaplanowany punkt kontrolny 29-05-2015 14:36:49 Zaplanowany punkt kontrolny ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-05-30 12:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0AADEFA7-4F1E-49C2-844D-105DE92D83E7} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS) Task: {1388DB3B-EC6A-4499-A4EA-E657481B6BAC} - System32\Tasks\{CE4E08E1-7E76-48D2-ABD7-3554AA24222F} => pcalua.exe -a C:\Users\Syll\Downloads\mp140swin64106ea24.exe -d C:\Users\Syll\Downloads Task: {3F5EDF71-7157-4901-8A17-160846E17424} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated) Task: {5A287402-401B-4F3D-8D37-0668A1897218} - System32\Tasks\PFExe => C:\Users\Syll\AppData\Local\PriceFountain\pricefountain.exe Task: {5F767A2B-AD06-4B38-BAD3-6A84FF1365E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24] (Google Inc.) Task: {6B19AF58-264B-47D6-9E3E-C9AA433C7A78} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1568802377-1154090777-4032204213-1001UA => C:\Users\Syll\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-26] (Facebook Inc.) Task: {6F68639A-3DCF-4276-8D04-C2ACC526954E} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-SYLL-KOMPUTER => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation) Task: {8534F6D5-E59F-427A-8CEA-376AE010CB77} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1568802377-1154090777-4032204213-1001Core => C:\Users\Syll\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-26] (Facebook Inc.) Task: {9587A8E3-70C2-4C3E-B743-F0E3C28CD696} - System32\Tasks\{03444BA0-4B42-4058-9716-9B612B388D5B} => pcalua.exe -a C:\Users\Syll\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt Task: {B07EB35C-57E6-4F36-A24B-6636A4449E88} - System32\Tasks\{530EADC4-22BC-4992-83C4-9FE31AC77F36} => pcalua.exe -a C:\Users\Syll\Downloads\Camera_Azurewave_VS011_WIN7_64_z5854000207\snuninst.exe -d C:\Users\Syll\Downloads\Camera_Azurewave_VS011_WIN7_64_z5854000207 Task: {C630CEFD-8BF7-4D91-8E25-7D4124D0F1F1} - System32\Tasks\Opera scheduled Autoupdate 1400254119 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software) Task: {D2756DFC-FD56-48F5-8B06-3F89E99407BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd) Task: {D5E1C92D-A475-4C4D-8A35-01329474D402} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-05-17] (Microsoft Corporation) Task: {D7BADFFD-8A2C-4885-821F-BBBB2F06CA64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1568802377-1154090777-4032204213-1001Core.job => C:\Users\Syll\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1568802377-1154090777-4032204213-1001UA.job => C:\Users\Syll\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-05-17 17:04 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-04-10 17:40 - 2011-04-10 17:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-05-20 11:19 - 2015-05-20 11:19 - 00479352 _____ () C:\Program Files (x86)\Opera\29.0.1795.60\opera_crashreporter.exe 2015-05-20 11:19 - 2015-05-20 11:19 - 01576568 _____ () C:\Program Files (x86)\Opera\29.0.1795.60\libglesv2.dll 2015-05-20 11:19 - 2015-05-20 11:19 - 00081016 _____ () C:\Program Files (x86)\Opera\29.0.1795.60\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\...\skype.com -> hxxps://apps.skype.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Syll\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{909B3193-20C4-4E87-8A7C-1EB4658F20D7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{8740E3AD-2C23-4D9A-99E2-4B7490B856C2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{DD458A60-90BC-40CD-8809-590C6535078F}] => (Allow) C:\Users\Syll\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7467F2BB-5975-4178-8744-1E60D801FE0A}] => (Allow) C:\Users\Syll\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3B6ECBB7-D7F4-4ACC-8766-014AA270B05F}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{6CA2FC50-8941-4406-9479-AFF8E3700B80}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{0A6207DE-7E00-4AF8-948A-797D33120BA0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{BE9FE859-3D1A-4710-AA17-0EA73E5A23F5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{03EE3190-3DF9-4D6E-8E93-71ACA2F542EE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{8CE01F24-95F1-44D4-8562-DD6513E08EC8}] => (Allow) C:\Users\Syll\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [TCP Query User{86763EAF-C52F-47EC-AB05-9A029BFB3DB8}E:\easysetupassistant\wr720n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr720n\easysetupassistant.exe FirewallRules: [UDP Query User{4D638D1A-FC47-4002-980A-8F646A180B3C}E:\easysetupassistant\wr720n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr720n\easysetupassistant.exe FirewallRules: [{18AAEC8F-1839-4B77-AAD5-AA1964E101D5}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{26529EDF-4450-4B70-94B0-27F816861F09}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{3CF60B02-E938-4A69-96AB-CB03F9F08E02}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/30/2015 05:58:40 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2” w wierszu C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/30/2015 05:58:40 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2” w wierszu C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/30/2015 02:24:25 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program chrome.exe w wersji 43.0.2357.81 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 13bc Godzina rozpoczęcia: 01d09acf250f6620 Godzina zakończenia: 3 Ścieżka aplikacji: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Identyfikator raportu: cd8805ad-06c6-11e5-a0dc-20cf30714a22 Error: (05/30/2015 00:12:15 PM) (Source: Google Update) (EventID: 20) (User: Syll-Komputer) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s Error: (05/29/2015 06:07:07 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Nie można utworzyć punktu przywracania (Proces = C:\Windows\system32\wbem\wmiprvse.exe; Opis = ComboFix created restore point; Błąd = 0x8007043c). Error: (05/29/2015 06:07:07 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury CoCreateInstance. hr = 0x8007043c, Tej usługi nie można uruchomić w trybie awaryjnym . Operacja: Tworzenie wystąpienia serwera VSS Error: (05/29/2015 06:07:07 PM) (Source: VSS) (EventID: 18) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: W trybie awaryjnym nie można uruchomić serwera usługi COM z identyfikatorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} i nazwą IVssCoordinatorEx2. W trybie awaryjnym nie można uruchomić Usługi kopiowania woluminów w tle. [0x8007043c, Tej usługi nie można uruchomić w trybie awaryjnym ] Operacja: Tworzenie wystąpienia serwera VSS Error: (05/24/2015 07:01:05 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.1 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3524. Message ID: [0x2509]. Error: (05/24/2015 02:22:25 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.1 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2324. Message ID: [0x2509]. Error: (05/24/2015 02:20:53 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2” w wierszu C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (05/30/2015 06:02:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error: (05/30/2015 06:02:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error: (05/30/2015 06:02:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error: (05/30/2015 06:02:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error: (05/30/2015 06:02:55 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (05/30/2015 06:02:55 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (05/30/2015 06:02:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error: (05/30/2015 06:02:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error: (05/30/2015 06:02:45 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (05/30/2015 06:01:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Microsoft Office: ========================= Error: (05/30/2015 05:58:40 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Syll\Downloads\SoftonicDownloader_dla_bluestacks-app-player.exe Error: (05/30/2015 05:58:40 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Syll\Downloads\Softonic-Windows Movie Maker 2012-Instalka.exe Error: (05/30/2015 02:24:25 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: chrome.exe43.0.2357.8113bc01d09acf250f66203C:\Program Files (x86)\Google\Chrome\Application\chrome.execd8805ad-06c6-11e5-a0dc-20cf30714a22 Error: (05/30/2015 00:12:15 PM) (Source: Google Update) (EventID: 20) (User: Syll-Komputer) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s Error: (05/29/2015 06:07:07 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c Error: (05/29/2015 06:07:07 PM) (Source: VSS) (EventID: 8193) (User: ) Description: CoCreateInstance0x8007043c, Tej usługi nie można uruchomić w trybie awaryjnym Operacja: Tworzenie wystąpienia serwera VSS Error: (05/29/2015 06:07:07 PM) (Source: VSS) (EventID: 18) (User: ) Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Tej usługi nie można uruchomić w trybie awaryjnym Operacja: Tworzenie wystąpienia serwera VSS Error: (05/24/2015 07:01:05 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.1 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3524. Message ID: [0x2509]. Error: (05/24/2015 02:22:25 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.1 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2324. Message ID: [0x2509]. Error: (05/24/2015 02:20:53 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Syll\Downloads\SoftonicDownloader_dla_bluestacks-app-player.exe CodeIntegrity Errors: =================================== Date: 2015-05-30 12:13:01.491 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 12:13:01.460 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 12:13:01.428 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 12:13:01.397 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-29 18:29:35.065 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-29 18:29:35.034 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-29 18:29:35.003 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-29 18:29:34.971 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-29 18:14:11.789 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-29 18:14:11.757 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz Percentage of memory in use: 38% Total physical RAM: 3884.47 MB Available physical RAM: 2381.69 MB Total Pagefile: 7767.13 MB Available Pagefile: 6117.29 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:168.48 GB) (Free:16.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:427.59 GB) (Free:27.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D) Partition 1: (Active) - (Size=168.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=427.6 GB) - (Type=OF Extended) ==================== End of log ============================

**Posty:** 4765 · przez **ordynat** 30 Maj 2015, 20:31

Ge tt (HKLM-x32\...\{C8AAF59A-6BAA-F68B-9470-A856460A8093}) (Version: - "") <==== ATTENTION
Mahjong (HKLM-x32\...\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}) (Version: - "") <==== ATTENTION
Papas Pizzeria (HKLM-x32\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version: - "") <==== ATTENTION
Send Page (HKLM-x32\...\{274E3C5C-178E-EAE2-A52F-2863C0EECD46}) (Version: - "") <==== ATTENTION
TransferBigFilescom Gmail Extension (HKLM-x32\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version: - "") <==== ATTENTION
Video Download Manager (HKLM-x32\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version: - "") <==== ATTENTION

Jeśli nie znasz tych programów - to odinstaluj.

Otwórz Notatnik i wklej w nim:

FF Extension: PriceFountain - C:\Users\Syll\AppData\Roaming\Mozilla\Firefox\Profiles\lhw568gl.default\extensions\staged\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2015-05-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1568802377-1154090777-4032204213-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Task: {9587A8E3-70C2-4C3E-B743-F0E3C28CD696} - System32\Tasks\{03444BA0-4B42-4058-9716-9B612B388D5B} => pcalua.exe -a C:\Users\Syll\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
Task: {5A287402-401B-4F3D-8D37-0668A1897218} - System32\Tasks\PFExe => C:\Users\Syll\AppData\Local\PriceFountain\pricefountain.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.

Potem będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
.

=======================================================

kiedy odpalam laptopa wczytuje mi się wszystko normalnie do momentu logowania na koncie użytkownika, po ekranie "Zapraszamy" zostaje czarne tło i kursor, można odpalić menadżera zadań i programy z okna "uruchom" (ale nie działa np. przeglądarka, bo nie ma połączenia z netem). Nie ma tez procesu explorer.exe a kiedy uruchamiam go ręcznie, zostaje w aktywnych procesach ale nadal nie pojawia się pulpit.

Jeśli ten problem jest dalej aktualny, to założysz temat w dziale system-windows-vf10.html
.

Autor postu otrzymał pochwałę

**Posty:** 11 · przez **kajtek77** 31 Maj 2015, 17:16

Ge tt (HKLM-x32\...\{C8AAF59A-6BAA-F68B-9470-A856460A8093}) (Version: - "") <==== ATTENTION
Mahjong (HKLM-x32\...\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}) (Version: - "") <==== ATTENTION
Papas Pizzeria (HKLM-x32\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version: - "") <==== ATTENTION
Send Page (HKLM-x32\...\{274E3C5C-178E-EAE2-A52F-2863C0EECD46}) (Version: - "") <==== ATTENTION
TransferBigFilescom Gmail Extension (HKLM-x32\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version: - "") <==== ATTENTION
Video Download Manager (HKLM-x32\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version: - "") <==== ATTENTION

niektorych nie da sie usunac z panelu sterowania a pozatym wszystko dziala, dziekuje

**Posty:** 4765 · przez **ordynat** 31 Maj 2015, 18:38

Których nie da się odinstalować (nieznanych Ci)?

**Posty:** 11 · przez **kajtek77** 31 Maj 2015, 18:57

Ge tt (HKLM-x32\...\{C8AAF59A-6BAA-F68B-9470-A856460A8093}) (Version: - "") <==== ATTENTION

oprócz tego jest jeszcze

Jolidrive New Tab Page

którego nie było na Twojej liście

**Posty:** 4765 · przez **ordynat** 31 Maj 2015, 22:25

Otwórz Notatnik i wklej w nim:

Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3E136D9-6714-1654-9C26-821A64C4D5E7}" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jolidrive New Tab Page" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8AAF59A-6BAA-F68B-9470-A856460A8093}" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge tt" /f
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
.

Kto jest na forum