Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

firefox - ads/virus? [Closed]

firefox virus ads mozilla

  • This topic is locked This topic is locked

#1
zdrapek5

zdrapek5

    New Member

  • Member
  • Pip
  • 7 posts
http://www.wklej.org/id/1789953/

I need help.

I need script. :)

 

OTL Extras logfile created on: 2015-09-04 12:59:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\admin\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,34% Memory free
5,00 Gb Paging File | 3,73 Gb Available in Paging File | 74,69% Paging File free
Paging file location(s): c:\pagefile.sys 3070 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 84,86 Gb Total Space | 60,95 Gb Free Space | 71,82% Space Free | Partition Type: NTFS
Drive D: | 190,40 Gb Total Space | 189,54 Gb Free Space | 99,55% Space Free | Partition Type: NTFS
Drive E: | 190,40 Gb Total Space | 150,80 Gb Free Space | 79,20% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-KOMPUTER | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.inf [@ = inffile] -- Reg Error: Key error. File not found
.ini [@ = inifile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-260202698-669789434-1290222812-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Value error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Value error.
cmdfile [edit] -- Reg Error: Value error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Value error.
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- Reg Error: Key error.
inffile [print] -- Reg Error: Key error.
inifile [open] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Value error.
jsfile [print] -- Reg Error: Value error.
jsefile [edit] -- Reg Error: Value error.
jsefile [print] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Value error.
vbefile [print] -- Reg Error: Value error.
vbsfile [edit] -- Reg Error: Value error.
vbsfile [print] -- Reg Error: Value error.
wsffile [edit] -- Reg Error: Value error.
wsffile [print] -- Reg Error: Value error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{177790AD-5FDC-42AB-AF8D-0B748FA718A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{248A5B49-0C3C-4AB3-AB03-B5DA0A0BFFB5}" = lport=139 | protocol=6 | dir=in | app=system |
"{25B4C8A8-345F-4042-A03F-CD62E1138512}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D3F4555-7DED-4101-99C5-8D4A9CE4673A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31F73107-7BDC-489B-ADAE-80C50A0C3F7C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{463B1879-27CE-4F7E-B34F-BF11B80DDBFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{567D4A04-5EB7-4454-9703-82DAB74C0C75}" = rport=10243 | protocol=6 | dir=out | app=system |
"{629757E5-C329-49E2-88E2-85EE5F129664}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7D031ED7-89A3-4DCC-B93E-7CC2EAEE4FF5}" = lport=445 | protocol=6 | dir=in | app=system |
"{A6BDEA85-9844-4E5C-97DD-66917F7CDE00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFAE319C-24D2-4C4D-9020-64D2CCFCCC54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B53400C0-4CBE-46F6-8AE8-AA1EDA39A4BB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CF3E2A75-5BC5-40EE-81F4-75D06DEE8498}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3CDCCE6-C7CB-4FED-9CD6-DE5DEC8F880F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D42F6AEA-F5C6-4D0F-AAEE-626B32EE8B15}" = rport=445 | protocol=6 | dir=out | app=system |
"{D5DBDA35-746D-4F46-94E4-A01E7B39F749}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0C5399E-9DAC-457F-8C2E-B6A00CE0C027}" = rport=138 | protocol=17 | dir=out | app=system |
"{E34FA677-5C6B-443E-B1A4-4AFD08A7C893}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2ED3CC5-0D91-42AA-8F21-EDF79CBCAE42}" = lport=138 | protocol=17 | dir=in | app=system |
"{F7AF0111-F506-4A63-A79B-8F7241E58DC2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9ED52D7-6257-4A06-8D1D-51835D6F6F53}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FE85ABD8-1A6D-4B00-AADC-A8555729293E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02ABCA82-D625-44F1-921C-05544655A61D}" = protocol=6 | dir=out | app=system |
"{2371E322-6A19-41FA-95F1-DEEA1297F3AF}" = protocol=58 | dir=in | app=system |
"{42F9386A-64E7-4567-A252-C131CDBE3DBA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{47BE513A-F709-4930-A828-3F0891EF6815}" = protocol=1 | dir=out | [email protected],-28544 |
"{68581D1A-6E36-4D60-8843-27B83916D5FF}" = protocol=58 | dir=in | [email protected],-28545 |
"{68F5676E-F8A0-4E92-B590-59DE2555EFE7}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{6D4DAA72-A5C3-4C9B-98BB-DFA7FDC27F4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A53AD51-3BE2-47DB-8C5F-25374AEBBEE6}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{7FB4403A-92B0-4815-933B-7393A5912ADD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8289F4D8-6181-43F4-8014-A905E0E77951}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{86E62FDB-C40B-47FB-B6A2-3956AC9BFE7D}" = protocol=58 | dir=out | [email protected],-28546 |
"{89A7392B-73B0-4B0D-AC97-5A4B99574BA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{95AE0FCB-A40D-422C-8856-1DD31F868711}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AF01CAB-E2D8-4C2C-9BF4-AB8B3923C4A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F35627C-9DD1-4476-90D5-C68DB95B4968}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{A78F5BEB-B9DA-41FB-ACF4-44F5582EE05B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BED3E2D3-68F3-4CCA-A572-C32AF11B7EB6}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{C2188788-68A9-48B5-8AE6-67409544CFA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA28CEA1-25EF-47AF-B01B-597341445722}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4E52AFC-6C84-41C7-A128-E6DB5E306FFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D57E42EC-BC0F-4FB6-9475-0601BDF71DD5}" = protocol=58 | dir=out | [email protected],-503 |
"{E2059B5E-1BF2-409C-9D62-386B7FC96074}" = protocol=1 | dir=in | [email protected],-28543 |
"{EBBAB095-B5E6-488D-AEDE-DA7CE65012B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FADD22B6-0A79-4F5A-91E3-D2701A0207D5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCA40726-6D47-4DD6-A6B1-B1051BA147AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FEFC2463-7A32-452A-BF68-BFE646BF6896}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"TCP Query User{5A7DFCE8-B36C-491F-9A68-B083915F03D1}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{EC7C2DBF-CF3E-47E2-84BA-F74AB155AD1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{513A8CD9-4440-485D-8FD9-3F0C8F485613}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A1AA21DA-E0AD-4238-8F47-D5E24914EDAF}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026BAC3A-EE38-F6D5-17E4-A853C21A0433}" = Catalyst Control Center Graphics Previews Vista
"{058F6CF1-8E0E-229E-F89C-F0F69F86F87E}" = ATI Catalyst Install Manager
"{147BC97D-D937-2FDC-C7CC-B5162C831289}" = WMV9/VC-1 Video Playback
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.6
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Obsługa programów Apple
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6056E2B9-D87C-3F7C-09AB-10237E8A17DF}" = ccc-utility
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}" = Setup
"{7EFC7E3C-5C8E-43AB-9F24-106D9FCDC542}" = LibreOffice 3.4 Help Pack (Polish)
"{852B928B-042E-4555-B59B-3473734906FF}" = DRUKI Gofin 2.2.19.0
"{86E281A2-789D-E9CD-2876-EEE146AC5E08}" = Catalyst Control Center InstallProxy
"{87C753BB-81E3-403B-BD87-6293F870B20B}" = LibreOffice 4.3.3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91B33C97-280F-B76D-E27B-E712D7041B76}_is1" = Ashampoo Burning Studio 2014 v.12.0.5
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{C5A56170-0EEC-A6A2-7E06-14CEE439279A}" = ccc-core-static
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D1626BCB-9C3B-0E8F-853F-573180C42607}" = CCC Help English
"{ED387D9B-9B10-D971-6A8B-74F8094D4EA2}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player NPAPI" = Adobe Flash Player 18 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 16 PPAPI
"Avast" = Avast Free Antivirus
"CCleaner" = CCleaner
"Foxit Reader_is1" = Foxit Reader
"Gadu-Gadu 10" = Gadu-Gadu 10
"gmsd_pl_005010068_is1" = GamesDesktop 008.005010068
"gmsd_pl_005010069_is1" = GamesDesktop 008.005010069
"gmsd_pl_005010070_is1" = GamesDesktop 008.005010070
"Google Chrome" = Google Chrome
"ipla" = ipla 2.8.4
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.9.0 Full
"LSI Soft Modem" = LSI HDA Modem
"Mozilla Firefox 40.0.3 (x86 pl)" = Mozilla Firefox 40.0.3 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 31.0.1889.174" = Opera Stable 31.0.1889.174
"Picasa 3" = Picasa 3
"PIT Format 2014_is1" = PIT Format 2014
"RealPlayer 16.0" = RealPlayer
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.11 (32-bitowy)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-260202698-669789434-1290222812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2014-12-20 12:00:27 | Computer Name = admin-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
 aktualizacji z: <http://www.download....throotstl.cab>,
 wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
 bieżącego zegara systemowego lub sygnatury czasowej.  .
 
Error - 2014-12-20 12:10:24 | Computer Name = admin-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
 aktualizacji z: <http://www.download....throotstl.cab>,
 wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
 bieżącego zegara systemowego lub sygnatury czasowej.  .
 
Error - 2014-12-20 12:20:34 | Computer Name = admin-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
 aktualizacji z: <http://www.download....throotstl.cab>,
 wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
 bieżącego zegara systemowego lub sygnatury czasowej.  .
 
Error - 2014-12-20 12:36:24 | Computer Name = admin-Komputer | Source = MsiInstaller | ID = 11935
Description =
 
Error - 2014-12-20 12:51:07 | Computer Name = admin-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
 Usługi kryptograficzne nie powiodło się.  Details: AddLegacyDriverFiles: Unable to
 back up image of binary nyihheqi.  System Error: Nie można odnaleźć określonego pliku.
.
 
Error - 2014-12-20 12:52:51 | Computer Name = admin-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
 Usługi kryptograficzne nie powiodło się.  Details: AddLegacyDriverFiles: Unable to
 back up image of binary nyihheqi.  System Error: Nie można odnaleźć określonego pliku.
.
 
Error - 2014-12-20 14:03:41 | Computer Name = admin-Komputer | Source = MsiInstaller | ID = 11935
Description =
 
Error - 2014-12-20 14:16:22 | Computer Name = admin-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Nie
 można odnaleźć zestawu zależnego rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2014-12-20 14:16:22 | Computer Name = admin-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Nie
 można odnaleźć zestawu zależnego rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2015-09-04 06:53:49 | Computer Name = admin-Komputer | Source = WinMgmt | ID = 10
Description =
 
[ Media Center Events ]
Error - 2013-03-10 03:44:53 | Computer Name = admin-Komputer | Source = MCUpdate | ID = 0
Description = 08:44:50 - Błąd podczas nawiązywania połączenia z Internetem.  08:44:50
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-09-17 10:58:23 | Computer Name = admin-Komputer | Source = MCUpdate | ID = 0
Description = 16:58:23 - Błąd podczas nawiązywania połączenia z Internetem.  16:58:23
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-09-17 10:58:54 | Computer Name = admin-Komputer | Source = MCUpdate | ID = 0
Description = 16:58:53 - Błąd podczas nawiązywania połączenia z Internetem.  16:58:53
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-09-29 01:51:00 | Computer Name = admin-Komputer | Source = MCUpdate | ID = 0
Description = 07:51:00 - Błąd podczas nawiązywania połączenia z Internetem.  07:51:00
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-09-29 01:51:33 | Computer Name = admin-Komputer | Source = MCUpdate | ID = 0
Description = 07:51:29 - Błąd podczas nawiązywania połączenia z Internetem.  07:51:29
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-10-07 02:04:57 | Computer Name = admin-Komputer | Source = MCUpdate | ID = 0
Description = 08:04:57 - Błąd podczas nawiązywania połączenia z Internetem.  08:04:57
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-10-07 02:05:06 | Computer Name = admin-Komputer | Source = MCUpdate | ID = 0
Description = 08:05:02 - Błąd podczas nawiązywania połączenia z Internetem.  08:05:02
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-10-07 03:25:58 | Computer Name = admin-Komputer | Source = MCUpdate | ID = 0
Description = 09:25:57 - Błąd podczas nawiązywania połączenia z Internetem.  09:25:58
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-10-07 03:26:07 | Computer Name = admin-Komputer | Source = MCUpdate | ID = 0
Description = 09:26:03 - Błąd podczas nawiązywania połączenia z Internetem.  09:26:03
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-11-16 13:24:49 | Computer Name = admin-Komputer | Source = MCUpdate | ID = 0
Description = 18:24:48 - Nie można pobrać pakietu Directory (Błąd: Upłynął limit
 czasu operacji)  
 
[ System Events ]
Error - 2015-09-04 06:27:53 | Computer Name = admin-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa Skype Click to Call Updater niespodziewanie zakończyła pracę.
 Wystąpiło to razy: 1.
 
Error - 2015-09-04 06:27:53 | Computer Name = admin-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa Skype Click to Call PNR Service niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.
 
Error - 2015-09-04 06:27:53 | Computer Name = admin-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa Foxit Cloud Safe Update Service niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.
 
Error - 2015-09-04 06:27:53 | Computer Name = admin-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa RealNetworks Downloader Resolver Service niespodziewanie zakończyła
 pracę. Wystąpiło to razy: 1.
 
Error - 2015-09-04 06:27:54 | Computer Name = admin-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna:
 Uruchom usługę ponownie.
 
Error - 2015-09-04 06:27:54 | Computer Name = admin-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Usługa udostępniania w sieci programu Windows Media Player
niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund
 zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error - 2015-09-04 06:28:05 | Computer Name = admin-Komputer | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka
 modułu: C:\Windows\System32\bcmihvsrv.dll  
 
Error - 2015-09-04 06:28:06 | Computer Name = admin-Komputer | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka
 modułu: C:\Windows\System32\bcmihvsrv.dll  
 
Error - 2015-09-04 06:28:06 | Computer Name = admin-Komputer | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka
 modułu: C:\Windows\System32\bcmihvsrv.dll  
 
Error - 2015-09-04 06:28:43 | Computer Name = admin-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Harmonogram zadań zależy od usługi Dziennik zdarzeń systemu
 Windows, której nie można uruchomić z powodu następującego błędu:   %%1058
 
 
< End of report >
 


  • 0

Advertisements


#2
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, zdrapek5. Cześć :)
Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started :)

 
There should be another log named OTL.txt in your Downloads folder. Please paste it's content here.

If it's not there, use the instructions below to produce a new log.

New OTL Log
  • Launch OTL from the desktop
  • Make sure all other windows are closed
  • Check Scan All Users at the top of the OTL window
    UQ0bvKm.png
  • Make sure that the Output at the top is set to Standard Output
    kevRXy8.png
  • Check the boxes next to LOP Check and Purity Check
    WbMCfFa.png
  • Do NOT change any other settings
  • Click the V1sfhWG.png button
  • Wait for OTL to finish the scan.
  • When the scan is done, a new OTL.txt will be opened. If it won't, you should be able to find it in the same folder OTL was ran from.
  • Select all (CTRL+A) the content of OTL.txt, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Also, please tell me what exactly is happening with your computer.
  • 0

#3
zdrapek5

zdrapek5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

When using ads showing up . It does not matter whether Firefox is turned on or not.
If it is off, it switches itself and opens a dozen or so bookmarks from ads.


  • 0

#4
zdrapek5

zdrapek5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

OTL logfile created on: 2015-09-04 14:16:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\admin\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,52% Memory free
5,00 Gb Paging File | 3,70 Gb Available in Paging File | 74,15% Paging File free
Paging file location(s): c:\pagefile.sys 3070 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 84,86 Gb Total Space | 60,87 Gb Free Space | 71,74% Space Free | Partition Type: NTFS
Drive D: | 190,40 Gb Total Space | 189,54 Gb Free Space | 99,55% Space Free | Partition Type: NTFS
Drive E: | 190,40 Gb Total Space | 150,80 Gb Free Space | 79,20% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-KOMPUTER | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015-09-04 14:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
PRC - [2015-08-28 09:29:24 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2015-08-24 11:47:53 | 003,980,432 | ---- | M] () -- C:\Program Files\gmsd_pl_005010070\gmsd_pl_005010070.exe
PRC - [2015-08-23 11:27:20 | 003,979,408 | ---- | M] () -- C:\Program Files\gmsd_pl_005010069\gmsd_pl_005010069.exe
PRC - [2015-08-22 12:06:13 | 003,334,288 | ---- | M] () -- C:\Users\admin\AppData\Local\gmsd_pl_005010068\upgmsd_pl_005010068.exe
PRC - [2015-08-22 12:06:09 | 003,977,648 | ---- | M] () -- C:\Program Files\gmsd_pl_005010068\gmsd_pl_005010068.exe
PRC - [2015-07-16 16:28:02 | 000,244,392 | ---- | M] (Foxit Software Inc.) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2015-05-31 08:31:10 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015-05-06 20:50:38 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015-05-06 20:50:26 | 003,207,800 | ---- | M] (Avast Software) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
PRC - [2015-05-01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015-05-01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015-04-07 21:34:52 | 000,144,008 | ---- | M] (© 2015 Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
PRC - [2014-12-20 18:40:35 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014-12-20 18:02:31 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2014-12-12 14:11:38 | 021,360,736 | ---- | M] (Redefine Sp z o.o.) -- C:\Program Files\ipla\ipla.exe
PRC - [2014-11-21 20:41:50 | 005,282,584 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2013-08-14 16:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013-08-02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011-05-11 17:44:06 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-10-27 04:51:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-10-27 04:51:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009-03-27 19:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015-08-24 11:47:53 | 003,980,432 | ---- | M] () -- C:\Program Files\gmsd_pl_005010070\gmsd_pl_005010070.exe
MOD - [2015-08-23 11:27:20 | 003,979,408 | ---- | M] () -- C:\Program Files\gmsd_pl_005010069\gmsd_pl_005010069.exe
MOD - [2015-08-22 12:06:13 | 003,334,288 | ---- | M] () -- C:\Users\admin\AppData\Local\gmsd_pl_005010068\upgmsd_pl_005010068.exe
MOD - [2015-08-22 12:06:09 | 003,977,648 | ---- | M] () -- C:\Program Files\gmsd_pl_005010068\gmsd_pl_005010068.exe
MOD - [2015-05-06 20:50:44 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015-05-06 20:50:39 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015-05-06 20:50:38 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2014-12-20 20:50:39 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014-12-20 20:50:27 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll
MOD - [2014-12-20 20:49:08 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014-12-20 20:38:43 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014-12-20 20:38:09 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014-12-20 20:38:04 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014-12-20 20:38:02 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014-12-20 20:37:16 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014-12-12 14:11:44 | 000,299,528 | ---- | M] () -- C:\Program Files\ipla\MediaFileScanner.dll
MOD - [2014-12-12 14:11:42 | 000,068,104 | ---- | M] () -- C:\Program Files\ipla\ziplib.dll
MOD - [2014-12-12 14:11:40 | 000,392,200 | ---- | M] () -- C:\Program Files\ipla\jabberoo.dll
MOD - [2014-11-22 02:03:52 | 000,047,104 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1045.dll
MOD - [2014-10-03 11:15:16 | 037,022,328 | ---- | M] () -- C:\Program Files\ipla\libcef.dll
MOD - [2011-07-13 13:56:43 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pl_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2011-04-13 16:41:31 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-10-26 23:45:26 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2015-09-04 14:11:59 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015-08-28 09:29:23 | 000,149,160 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015-08-28 06:45:00 | 000,640,000 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E041\knsv596A.tmp -- (funimilo)
SRV - [2015-07-16 16:28:02 | 000,244,392 | ---- | M] (Foxit Software Inc.) [Auto | Running] -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2015-06-03 16:42:38 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015-05-06 20:50:38 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015-05-06 20:50:26 | 003,207,800 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2015-05-01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015-05-01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014-12-20 18:42:16 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013-08-14 16:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013-05-27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010-10-27 04:51:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-03-27 19:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\admin\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - [2015-07-18 20:26:55 | 000,428,120 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2015-05-06 20:50:48 | 000,106,912 | ---- | M] (Avast Software s.r.o.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2015-05-06 20:50:47 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015-05-06 20:50:47 | 000,081,728 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2015-05-06 20:50:47 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015-05-06 20:50:47 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015-05-06 20:50:47 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015-05-06 20:50:31 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2015-05-06 20:50:26 | 000,220,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2010-11-20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010-11-20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-10-27 05:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-10-27 04:14:02 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-09-10 22:17:20 | 000,066,176 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2010-09-10 22:17:20 | 000,031,872 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2009-09-02 10:59:42 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009-06-11 14:18:30 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-260202698-669789434-1290222812-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.p...taller_instalki
IE - HKU\S-1-5-21-260202698-669789434-1290222812-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-260202698-669789434-1290222812-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-260202698-669789434-1290222812-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "PL"
FF - prefs.js..browser.search.region: "PL"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.2.0.187
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.3
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014-12-20 18:02:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-06 20:50:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-20 18:02:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: install
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\Market: pl-pl
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\Package: DefaultPack
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\OSVersion: 6.1.7601.1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\LVersion: 1.7.46.0
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\MFVersion: MF37.0.2 (x86 pl)
 
[2011-12-30 16:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2015-09-04 11:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\7ip2qljr.default-1424709137278\extensions
[2015-09-04 11:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\aijsq4bo.default-1440617259547\extensions
[2015-08-28 09:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015-08-28 09:29:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015-05-06 20:50:49 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2011-12-30 13:15:35 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [gmsd_pl_005010068] C:\Program Files\gmsd_pl_005010068\gmsd_pl_005010068.exe ()
O4 - HKLM..\Run: [gmsd_pl_005010069] C:\Program Files\gmsd_pl_005010069\gmsd_pl_005010069.exe ()
O4 - HKLM..\Run: [gmsd_pl_005010070] C:\Program Files\gmsd_pl_005010070\gmsd_pl_005010070.exe ()
O4 - HKLM..\Run: [mbot_pl_014010068]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-260202698-669789434-1290222812-1000..\Run: [BingSvc] C:\Users\admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
O4 - HKU\S-1-5-21-260202698-669789434-1290222812-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-260202698-669789434-1290222812-1000..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
O4 - HKLM..\RunOnce: [upgmsd_pl_005010068.exe] C:\Users\admin\AppData\Local\gmsd_pl_005010068\upgmsd_pl_005010068.exe ()
O4 - HKLM..\RunOnce: [upgmsd_pl_005010069.exe] C:\Users\admin\AppData\Local\gmsd_pl_005010069\upgmsd_pl_005010069.exe ()
O4 - HKLM..\RunOnce: [upgmsd_pl_005010070.exe] C:\Users\admin\AppData\Local\gmsd_pl_005010070\upgmsd_pl_005010070.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-260202698-669789434-1290222812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E23689C-C8C9-4C8F-918F-00BBE6677154}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5facf438-2f17-11e3-b0e6-00262d9c25d9}\Shell - "" = AutoRun
O33 - MountPoints2\{5facf438-2f17-11e3-b0e6-00262d9c25d9}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 180 Days ==========
 
[2015-09-04 11:41:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015-08-28 09:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015-08-26 19:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DWinManProD
[2015-08-25 10:28:41 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\gmsd_pl_005010070
[2015-08-25 10:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\gmsd_pl_005010070
[2015-08-24 10:34:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\gmsd_pl_005010069
[2015-08-24 10:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\gmsd_pl_005010069
[2015-08-23 10:35:33 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\gmsd_pl_005010068
[2015-08-23 10:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\gmsd_pl_005010068
[2015-08-23 09:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\6949a848-fd16-4950-ad3a-5f859cf2add1
[2015-08-23 09:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E041
[2015-08-23 09:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\update
[2015-08-23 09:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\OWinManProO
[2015-07-13 20:04:01 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\wesele
[2015-05-25 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Ashampoo Burning Studio 2014
[2015-05-08 21:14:52 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Nowy folder (2)
[2015-05-06 20:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015-05-06 20:50:50 | 000,291,312 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe
[2015-05-06 20:50:40 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015-04-27 22:08:54 | 000,000,000 | ---D | C] -- C:\extensions
[2015-04-23 07:19:27 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Nowy folder
[2015-03-17 18:58:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2015-03-17 18:57:43 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2015-03-17 18:57:43 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2015-03-17 18:57:43 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2015-03-17 18:57:43 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2015-03-17 18:57:42 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2015-03-17 18:57:42 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2015-03-17 18:57:41 | 001,265,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2015-03-17 18:57:41 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2015-03-17 18:57:41 | 000,052,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2015-03-17 18:57:40 | 002,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2015-03-17 18:57:39 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2015-03-17 18:57:39 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2015-03-17 18:57:39 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2015-03-17 18:57:39 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2015-03-17 18:57:39 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2015-03-17 18:57:37 | 000,266,240 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2015-03-17 18:57:37 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2015-03-17 18:57:37 | 000,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2015-03-17 18:57:35 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2015-03-17 18:57:34 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2015-03-17 18:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2015-03-17 18:56:57 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\WinRAR
[2015-03-17 18:47:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\TeamViewer
[2015-03-14 14:40:48 | 000,000,000 | ---D | C] -- C:\Users\admin\Tracing
[3 C:\Users\admin\AppData\Local\*.tmp files -> C:\Users\admin\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 180 Days ==========
 
[2015-09-04 14:12:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015-09-04 14:12:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job
[2015-09-04 14:11:58 | 000,778,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015-09-04 14:11:58 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015-09-04 13:56:15 | 000,031,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015-09-04 13:56:15 | 000,031,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015-09-04 13:48:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015-09-04 13:48:11 | 1609,322,496 | -HS- | M] () -- C:\hiberfil.sys
[2015-09-04 11:14:26 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015-09-04 11:10:48 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0e6f196cd8682.job
[2015-09-04 11:10:48 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0bf89d38df321.job
[2015-09-04 11:03:59 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Opera 31.lnk
[2015-09-04 11:03:59 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015-09-04 11:03:58 | 000,000,951 | ---- | M] () -- C:\Users\admin\Desktop\Mozilla Firefox.lnk
[2015-09-01 14:07:20 | 000,000,000 | ---- | M] () -- C:\ProgramData\temp
[2015-08-29 08:00:09 | 000,000,464 | ---- | M] () -- C:\Windows\System32\ScannerSettings
[2015-08-26 19:04:09 | 000,000,124 | ---- | M] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[2015-08-25 15:21:25 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
[2015-08-25 15:21:25 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2015-08-25 15:21:25 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2015-08-23 10:43:17 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\Opera scheduled Autoupdate 1419090702.job
[2015-08-23 10:34:48 | 000,000,862 | ---- | M] () -- C:\Windows\tasks\SmartWeb Upgrade Trigger Task.job
[2015-08-23 10:34:25 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\WordSurfer Auto Updater 1.10.0.19 Core.job
[2015-08-23 09:58:52 | 000,000,484 | ---- | M] () -- C:\Windows\tasks\B034E4DE-F959-4289-9CDE-821E262C615.job
[2015-08-23 09:58:41 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\70u8DEbO6VurusO.job
[2015-08-23 09:58:40 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\ED9LQt0xEB9HY7EmP.job
[2015-08-23 09:58:37 | 000,002,428 | ---- | M] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-5_user.job
[2015-08-23 09:58:36 | 000,002,428 | ---- | M] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-5.job
[2015-08-23 09:58:23 | 000,003,120 | ---- | M] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-1-6.job
[2015-08-23 09:58:22 | 000,003,120 | ---- | M] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-1-7.job
[2015-08-23 09:58:15 | 000,004,140 | ---- | M] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-4.job
[2015-08-23 09:58:03 | 000,005,500 | ---- | M] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-6.job
[2015-08-23 09:58:02 | 000,005,500 | ---- | M] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-7.job
[2015-08-23 09:57:55 | 000,005,166 | ---- | M] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-11.job
[2015-08-23 09:57:47 | 000,004,140 | ---- | M] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-3.job
[2015-08-23 09:57:47 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2015-08-23 09:57:43 | 000,002,094 | ---- | M] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-10_user.job
[2015-08-23 09:57:30 | 000,687,828 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2015-08-23 09:57:30 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015-08-23 09:57:30 | 000,131,382 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2015-08-23 09:57:30 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015-08-23 09:55:14 | 000,000,000 | ---- | M] () -- C:\Windows\prleth.sys
[2015-08-23 09:55:14 | 000,000,000 | ---- | M] () -- C:\Windows\hgfs.sys
[2015-08-07 08:47:08 | 000,014,059 | ---- | M] () -- C:\Users\admin\Desktop\BOLESTRASZYCE_SZKOLA.pdf
[2015-07-18 20:26:55 | 000,428,120 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswsp.sys
[2015-07-16 07:39:47 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d08fa7c1661f42.job
[2015-06-22 19:16:56 | 000,757,558 | ---- | M] () -- C:\Users\admin\Desktop\2015-06-22 19.10.41.jpg
[2015-06-22 19:16:32 | 000,697,191 | ---- | M] () -- C:\Users\admin\Desktop\2015-06-22 19.06.09.jpg
[2015-06-22 19:10:16 | 000,743,307 | ---- | M] () -- C:\Users\admin\Desktop\2015-06-22 19.10.16.jpg
[2015-06-22 19:09:32 | 000,791,309 | ---- | M] () -- C:\Users\admin\Desktop\2015-06-22 19.09.32.jpg
[2015-06-22 19:09:00 | 000,490,354 | ---- | M] () -- C:\Users\admin\Desktop\2015-06-22 19.09.01.jpg
[2015-06-22 19:07:14 | 000,652,167 | ---- | M] () -- C:\Users\admin\Desktop\2015-06-22 19.07.14.jpg
[2015-06-22 19:06:54 | 000,779,184 | ---- | M] () -- C:\Users\admin\Desktop\2015-06-22 19.06.54.jpg
[2015-05-24 10:43:16 | 014,538,930 | ---- | M] () -- C:\Users\admin\Desktop\MOV00946.3gp
[2015-05-16 09:13:06 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0882f13c33775.job
[2015-05-06 21:01:37 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015-05-06 20:50:48 | 000,106,912 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswStm.sys
[2015-05-06 20:50:47 | 000,209,048 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2015-05-06 20:50:47 | 000,081,728 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswRdr2.sys
[2015-05-06 20:50:47 | 000,074,976 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2015-05-06 20:50:47 | 000,049,904 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2015-05-06 20:50:47 | 000,024,144 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2015-05-06 20:50:40 | 000,291,312 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe
[2015-05-06 20:50:40 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015-05-06 20:50:31 | 000,787,760 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSnx.sys
[2015-04-20 16:05:14 | 001,579,520 | ---- | M] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP.exe
[2015-04-20 16:05:14 | 001,246,720 | ---- | M] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO.exe
[2015-04-19 14:20:16 | 000,005,872 | ---- | M] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP
[2015-04-14 18:28:56 | 000,004,387 | ---- | M] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO
[2015-04-04 17:26:49 | 000,001,533 | ---- | M] () -- C:\Users\admin\Desktop\TeamViewer_Setup — skrót.lnk
[3 C:\Users\admin\AppData\Local\*.tmp files -> C:\Users\admin\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015-09-04 11:10:48 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0e6f196cd8682.job
[2015-09-01 14:07:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\temp
[2015-08-29 08:00:08 | 000,000,464 | ---- | C] () -- C:\Windows\System32\ScannerSettings
[2015-08-26 21:42:39 | 000,000,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015-08-26 21:42:39 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015-08-26 19:04:09 | 000,000,124 | ---- | C] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[2015-08-23 11:25:19 | 000,000,951 | ---- | C] () -- C:\Users\admin\Desktop\Mozilla Firefox.lnk
[2015-08-23 10:39:01 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job
[2015-08-23 10:39:01 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job
[2015-08-23 10:39:00 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job
[2015-08-23 10:34:48 | 000,000,862 | ---- | C] () -- C:\Windows\tasks\SmartWeb Upgrade Trigger Task.job
[2015-08-23 10:34:25 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\WordSurfer Auto Updater 1.10.0.19 Core.job
[2015-08-23 09:58:52 | 000,000,484 | ---- | C] () -- C:\Windows\tasks\B034E4DE-F959-4289-9CDE-821E262C615.job
[2015-08-23 09:58:41 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\70u8DEbO6VurusO.job
[2015-08-23 09:58:40 | 000,001,006 | ---- | C] () -- C:\Windows\tasks\ED9LQt0xEB9HY7EmP.job
[2015-08-23 09:58:37 | 000,002,428 | ---- | C] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-5_user.job
[2015-08-23 09:58:36 | 000,002,428 | ---- | C] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-5.job
[2015-08-23 09:58:23 | 000,003,120 | ---- | C] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-1-6.job
[2015-08-23 09:58:22 | 000,003,120 | ---- | C] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-1-7.job
[2015-08-23 09:58:15 | 000,004,140 | ---- | C] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-4.job
[2015-08-23 09:58:03 | 000,005,500 | ---- | C] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-6.job
[2015-08-23 09:58:02 | 000,005,500 | ---- | C] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-7.job
[2015-08-23 09:57:55 | 000,005,166 | ---- | C] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-11.job
[2015-08-23 09:57:47 | 000,004,140 | ---- | C] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-3.job
[2015-08-23 09:57:47 | 000,000,958 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2015-08-23 09:57:43 | 000,002,094 | ---- | C] () -- C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-10_user.job
[2015-08-23 09:55:14 | 000,000,000 | ---- | C] () -- C:\Windows\prleth.sys
[2015-08-23 09:55:14 | 000,000,000 | ---- | C] () -- C:\Windows\hgfs.sys
[2015-08-07 08:47:07 | 000,014,059 | ---- | C] () -- C:\Users\admin\Desktop\BOLESTRASZYCE_SZKOLA.pdf
[2015-07-16 07:39:47 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0bf89d38df321.job
[2015-06-22 19:17:09 | 000,791,309 | ---- | C] () -- C:\Users\admin\Desktop\2015-06-22 19.09.32.jpg
[2015-06-22 19:17:09 | 000,779,184 | ---- | C] () -- C:\Users\admin\Desktop\2015-06-22 19.06.54.jpg
[2015-06-22 19:17:09 | 000,757,558 | ---- | C] () -- C:\Users\admin\Desktop\2015-06-22 19.10.41.jpg
[2015-06-22 19:17:09 | 000,743,307 | ---- | C] () -- C:\Users\admin\Desktop\2015-06-22 19.10.16.jpg
[2015-06-22 19:17:09 | 000,697,191 | ---- | C] () -- C:\Users\admin\Desktop\2015-06-22 19.06.09.jpg
[2015-06-22 19:17:09 | 000,652,167 | ---- | C] () -- C:\Users\admin\Desktop\2015-06-22 19.07.14.jpg
[2015-06-22 19:17:09 | 000,490,354 | ---- | C] () -- C:\Users\admin\Desktop\2015-06-22 19.09.01.jpg
[2015-05-24 15:52:34 | 014,538,930 | ---- | C] () -- C:\Users\admin\Desktop\MOV00946.3gp
[2015-05-16 09:13:06 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d08fa7c1661f42.job
[2015-05-06 21:01:37 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0882f13c33775.job
[2015-05-06 20:58:16 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015-05-06 20:57:12 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015-04-20 16:05:14 | 001,579,520 | ---- | C] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP.exe
[2015-04-20 16:05:14 | 001,246,720 | ---- | C] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO.exe
[2015-04-19 14:20:16 | 000,005,872 | ---- | C] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP
[2015-04-14 18:28:56 | 000,004,387 | ---- | C] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO
[2015-03-17 18:59:08 | 000,001,533 | ---- | C] () -- C:\Users\admin\Desktop\TeamViewer_Setup — skrót.lnk
[2015-03-17 18:57:44 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2015-03-17 18:57:44 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2015-03-17 18:57:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2015-03-17 18:57:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2015-03-17 18:57:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2015-03-17 18:57:44 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2014-12-20 18:46:31 | 000,209,048 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014-12-20 18:46:31 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014-12-20 18:46:31 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014-12-03 09:39:01 | 000,003,951 | ---- | C] () -- C:\Users\admin\AppData\Roaming\C5C18FE1D82F4BB7F86E28860CE82AE7
[2014-11-28 13:57:22 | 000,235,348 | ---- | C] () -- C:\Users\admin\AppData\Roaming\906F7D600B4E574A1AA55C353BB6C948
[2014-11-12 11:37:56 | 000,000,191 | ---- | C] () -- C:\Users\admin\AppData\Roaming\hNUpv8W6fTq9DSEoNXIgpr5pwk
[2014-11-06 19:43:34 | 000,233,878 | ---- | C] () -- C:\Users\admin\AppData\Roaming\4ED62FBB88120ACF19637B80059756A2
[2014-10-27 03:05:53 | 000,233,878 | ---- | C] () -- C:\Users\admin\AppData\Roaming\905CCF79278916E91590A8BAEDE53B11
[2014-09-25 01:54:13 | 000,000,016 | ---- | C] () -- C:\Users\admin\AppData\Roaming\UXFKTkPgyk7mHcaAHlZzHGwPI1a3zsM
[2014-08-03 20:21:02 | 000,003,951 | ---- | C] () -- C:\Users\admin\AppData\Roaming\F6E244C4484D18AF95FFD2EB6D0DAC6C
[2014-05-30 18:37:19 | 000,000,538 | ---- | C] () -- C:\Users\admin\AppData\Roaming\2YplpIcfiT30Bc7aFbBeJ0p
[2014-05-29 20:25:16 | 000,288,937 | ---- | C] () -- C:\Users\admin\AppData\Roaming\CFEE7ADD9DAB7D3D84D0081B8E64C659
[2014-05-29 20:25:16 | 000,000,315 | ---- | C] () -- C:\Users\admin\AppData\Roaming\MyRxSSBFZ6SaaKk934Be4MX93LE
[2014-05-29 20:25:10 | 000,288,937 | ---- | C] () -- C:\Users\admin\AppData\Roaming\F38F8A1EAD8B6C42A4DC220CDF125C5D
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014-12-20 02:39:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\1F937E41EAD6DD5DC5DD0C78F622A7A7
[2014-12-20 02:44:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\381CA6F558DE9812B92074CF883033C2
[2014-12-20 02:45:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\39EA476E748DFFD02B8B678FE70CA310
[2014-12-20 03:28:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\9CBB388D85531EF33145DFD9673939A9
[2014-12-20 03:31:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\A757C1D23CCA29FF4C926BDBF1877467
[2014-12-20 17:59:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ashampoo
[2014-12-20 18:47:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\AVAST Software
[2011-12-30 16:06:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Canneverbe Limited
[2014-12-20 03:41:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\D92339BB111C30F4CF12F4FE6F761B0D
[2014-12-20 17:58:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Foxit Software
[2012-03-22 21:49:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Gadu-Gadu 10
[2011-12-30 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GHISLER
[2014-11-30 14:39:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GofinDruki
[2014-12-20 03:41:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\InstallDir
[2015-09-04 13:49:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ipla
[2015-01-08 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LibreOffice
[2014-12-16 09:51:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\miniupnpc
[2012-03-22 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenFM
[2011-12-30 15:06:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Opera
[2014-12-20 17:51:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Opera Software
[2014-09-25 01:55:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\sqlite3
[2015-03-17 18:47:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TeamViewer
[2014-01-25 21:52:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\{d9217b2c-880e-0d76-5251-a8d8d9217b2c}
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

#5
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, zdrapek5.

Let's begin the removal.

Step #1
4lSuPAR.pngUninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:
  • Setup
  • GamesDesktop 008.005010068
  • GamesDesktop 008.005010069
  • GamesDesktop 008.005010070
 
Step #2
OTL Fix

HgL6oYt.png

  • Launch OTL from your desktop
  • Copy and paste the following into the Custom Scans/Fixes box:
    :Commands
    [CreateRestorePoint]
    
    MOD - [2015-08-24 11:47:53 | 003,980,432 | ---- | M] () -- C:\Program Files\gmsd_pl_005010070\gmsd_pl_005010070.exe
    MOD - [2015-08-23 11:27:20 | 003,979,408 | ---- | M] () -- C:\Program Files\gmsd_pl_005010069\gmsd_pl_005010069.exe
    MOD - [2015-08-22 12:06:13 | 003,334,288 | ---- | M] () -- C:\Users\admin\AppData\Local\gmsd_pl_005010068\upgmsd_pl_005010068.exe
    MOD - [2015-08-22 12:06:09 | 003,977,648 | ---- | M] () -- C:\Program Files\gmsd_pl_005010068\gmsd_pl_005010068.exe
    SRV - [2015-08-28 06:45:00 | 000,640,000 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E041\knsv596A.tmp -- (funimilo)
    O4 - HKLM..\Run: [gmsd_pl_005010068] C:\Program Files\gmsd_pl_005010068\gmsd_pl_005010068.exe ()
    O4 - HKLM..\Run: [gmsd_pl_005010069] C:\Program Files\gmsd_pl_005010069\gmsd_pl_005010069.exe ()
    O4 - HKLM..\Run: [gmsd_pl_005010070] C:\Program Files\gmsd_pl_005010070\gmsd_pl_005010070.exe ()
    O4 - HKLM..\Run: [mbot_pl_014010068]  File not found
    O4 - HKLM..\RunOnce: [upgmsd_pl_005010068.exe] C:\Users\admin\AppData\Local\gmsd_pl_005010068\upgmsd_pl_005010068.exe ()
    O4 - HKLM..\RunOnce: [upgmsd_pl_005010069.exe] C:\Users\admin\AppData\Local\gmsd_pl_005010069\upgmsd_pl_005010069.exe ()
    O4 - HKLM..\RunOnce: [upgmsd_pl_005010070.exe] C:\Users\admin\AppData\Local\gmsd_pl_005010070\upgmsd_pl_005010070.exe ()
    [2015-08-26 19:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DWinManProD
    [2015-08-25 10:28:41 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\gmsd_pl_005010070
    [2015-08-25 10:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\gmsd_pl_005010070
    [2015-08-24 10:34:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\gmsd_pl_005010069
    [2015-08-24 10:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\gmsd_pl_005010069
    [2015-08-23 10:35:33 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\gmsd_pl_005010068
    [2015-08-23 10:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\gmsd_pl_005010068
    [2015-08-23 09:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\6949a848-fd16-4950-ad3a-5f859cf2add1
    [2015-08-23 09:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E041
    [2015-08-23 09:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\update
    [2015-08-23 09:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\OWinManProO
    [2015-08-26 19:04:09 | 000,000,124 | ---- | M] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    [2015-08-25 15:21:25 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
    [2015-08-25 15:21:25 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
    [2015-08-25 15:21:25 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
    [2015-08-23 09:58:52 | 000,000,484 | ---- | M] () -- C:\Windows\tasks\B034E4DE-F959-4289-9CDE-821E262C615.job
    [2015-08-23 09:58:41 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\70u8DEbO6VurusO.job
    [2015-08-23 09:58:40 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\ED9LQt0xEB9HY7EmP.job
    [2015-08-23 09:57:47 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
    [2015-04-20 16:05:14 | 001,579,520 | ---- | M] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP.exe
    [2015-04-20 16:05:14 | 001,246,720 | ---- | M] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO.exe
    [2015-04-19 14:20:16 | 000,005,872 | ---- | M] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP
    [2015-04-14 18:28:56 | 000,004,387 | ---- | M] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO
    [2015-08-26 19:04:09 | 000,000,124 | ---- | C] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    [2015-04-20 16:05:14 | 001,579,520 | ---- | C] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP.exe
    [2015-04-20 16:05:14 | 001,246,720 | ---- | C] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO.exe
    [2015-04-19 14:20:16 | 000,005,872 | ---- | C] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP
    [2015-04-14 18:28:56 | 000,004,387 | ---- | C] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO
    [2014-12-03 09:39:01 | 000,003,951 | ---- | C] () -- C:\Users\admin\AppData\Roaming\C5C18FE1D82F4BB7F86E28860CE82AE7
    [2014-11-28 13:57:22 | 000,235,348 | ---- | C] () -- C:\Users\admin\AppData\Roaming\906F7D600B4E574A1AA55C353BB6C948
    [2014-11-12 11:37:56 | 000,000,191 | ---- | C] () -- C:\Users\admin\AppData\Roaming\hNUpv8W6fTq9DSEoNXIgpr5pwk
    [2014-11-06 19:43:34 | 000,233,878 | ---- | C] () -- C:\Users\admin\AppData\Roaming\4ED62FBB88120ACF19637B80059756A2
    [2014-10-27 03:05:53 | 000,233,878 | ---- | C] () -- C:\Users\admin\AppData\Roaming\905CCF79278916E91590A8BAEDE53B11
    [2014-09-25 01:54:13 | 000,000,016 | ---- | C] () -- C:\Users\admin\AppData\Roaming\UXFKTkPgyk7mHcaAHlZzHGwPI1a3zsM
    [2014-08-03 20:21:02 | 000,003,951 | ---- | C] () -- C:\Users\admin\AppData\Roaming\F6E244C4484D18AF95FFD2EB6D0DAC6C
    [2014-05-30 18:37:19 | 000,000,538 | ---- | C] () -- C:\Users\admin\AppData\Roaming\2YplpIcfiT30Bc7aFbBeJ0p
    [2014-05-29 20:25:16 | 000,288,937 | ---- | C] () -- C:\Users\admin\AppData\Roaming\CFEE7ADD9DAB7D3D84D0081B8E64C659
    [2014-05-29 20:25:16 | 000,000,315 | ---- | C] () -- C:\Users\admin\AppData\Roaming\MyRxSSBFZ6SaaKk934Be4MX93LE
    [2014-05-29 20:25:10 | 000,288,937 | ---- | C] () -- C:\Users\admin\AppData\Roaming\F38F8A1EAD8B6C42A4DC220CDF125C5D
    [2014-12-20 02:39:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\1F937E41EAD6DD5DC5DD0C78F622A7A7
    [2014-12-20 02:44:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\381CA6F558DE9812B92074CF883033C2
    [2014-12-20 02:45:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\39EA476E748DFFD02B8B678FE70CA310
    [2014-12-20 03:28:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\9CBB388D85531EF33145DFD9673939A9
    [2014-12-20 03:31:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\A757C1D23CCA29FF4C926BDBF1877467
    [2014-12-20 03:41:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\D92339BB111C30F4CF12F4FE6F761B0D
    [2014-01-25 21:52:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\{d9217b2c-880e-0d76-5251-a8d8d9217b2c}
    
    :Files
    C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E04
    C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4*.job
    C:\Program Files\gmsd_pl*
    C:\Users\admin\AppData\Local\gmsd_pl*
    
    :Commands
    [EmptyTemp]
    
  • Click ZsElC62.png
  • Wait for OTL to finish it's job. It might want to reboot the system. Allow it if it wants to.
  • After the scan is done (or after the reboot), a Notepad window will be opened. If it won't, you can find it in C:\_OTL\MovedFiles.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply
 
Step #3
4rr98tz.pngFRST Scan
  • Download Farbar Recovery Scan Tool and save it to your Desktop.
  • Right click FRST.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
EOEdyWG.png Things that should appear in your next post:
  • OTL Fix log content
  • Please tell me if you have successfully uninstalled all the programs I've asked you to remove
  • FRST.txt log content
  • Addition.txt log content

  • 0

#6
zdrapek5

zdrapek5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <MOD - [2015-08-24 11:47:53 | 003,980,432 | ---- | M] () -- C:\Program Files\gmsd_pl_005010070\gmsd_pl_005010070.exe> in the current context!
Error: Unable to interpret <MOD - [2015-08-23 11:27:20 | 003,979,408 | ---- | M] () -- C:\Program Files\gmsd_pl_005010069\gmsd_pl_005010069.exe> in the current context!
Error: Unable to interpret <MOD - [2015-08-22 12:06:13 | 003,334,288 | ---- | M] () -- C:\Users\admin\AppData\Local\gmsd_pl_005010068\upgmsd_pl_005010068.exe> in the current context!
Error: Unable to interpret <MOD - [2015-08-22 12:06:09 | 003,977,648 | ---- | M] () -- C:\Program Files\gmsd_pl_005010068\gmsd_pl_005010068.exe> in the current context!
Error: Unable to interpret <SRV - [2015-08-28 06:45:00 | 000,640,000 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E041\knsv596A.tmp -- (funimilo)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [gmsd_pl_005010068] C:\Program Files\gmsd_pl_005010068\gmsd_pl_005010068.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [gmsd_pl_005010069] C:\Program Files\gmsd_pl_005010069\gmsd_pl_005010069.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [gmsd_pl_005010070] C:\Program Files\gmsd_pl_005010070\gmsd_pl_005010070.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [mbot_pl_014010068]  File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnce: [upgmsd_pl_005010068.exe] C:\Users\admin\AppData\Local\gmsd_pl_005010068\upgmsd_pl_005010068.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnce: [upgmsd_pl_005010069.exe] C:\Users\admin\AppData\Local\gmsd_pl_005010069\upgmsd_pl_005010069.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnce: [upgmsd_pl_005010070.exe] C:\Users\admin\AppData\Local\gmsd_pl_005010070\upgmsd_pl_005010070.exe ()> in the current context!
Error: Unable to interpret <[2015-08-26 19:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DWinManProD> in the current context!
Error: Unable to interpret <[2015-08-25 10:28:41 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\gmsd_pl_005010070> in the current context!
Error: Unable to interpret <[2015-08-25 10:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\gmsd_pl_005010070> in the current context!
Error: Unable to interpret <[2015-08-24 10:34:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\gmsd_pl_005010069> in the current context!
Error: Unable to interpret <[2015-08-24 10:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\gmsd_pl_005010069> in the current context!
Error: Unable to interpret <[2015-08-23 10:35:33 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\gmsd_pl_005010068> in the current context!
Error: Unable to interpret <[2015-08-23 10:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\gmsd_pl_005010068> in the current context!
Error: Unable to interpret <[2015-08-23 09:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\6949a848-fd16-4950-ad3a-5f859cf2add1> in the current context!
Error: Unable to interpret <[2015-08-23 09:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E041> in the current context!
Error: Unable to interpret <[2015-08-23 09:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\update> in the current context!
Error: Unable to interpret <[2015-08-23 09:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\OWinManProO> in the current context!
Error: Unable to interpret <[2015-08-26 19:04:09 | 000,000,124 | ---- | M] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat> in the current context!
Error: Unable to interpret <[2015-08-25 15:21:25 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job> in the current context!
Error: Unable to interpret <[2015-08-25 15:21:25 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job> in the current context!
Error: Unable to interpret <[2015-08-25 15:21:25 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job> in the current context!
Error: Unable to interpret <[2015-08-23 09:58:52 | 000,000,484 | ---- | M] () -- C:\Windows\tasks\B034E4DE-F959-4289-9CDE-821E262C615.job> in the current context!
Error: Unable to interpret <[2015-08-23 09:58:41 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\70u8DEbO6VurusO.job> in the current context!
Error: Unable to interpret <[2015-08-23 09:58:40 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\ED9LQt0xEB9HY7EmP.job> in the current context!
Error: Unable to interpret <[2015-08-23 09:57:47 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <[2015-04-20 16:05:14 | 001,579,520 | ---- | M] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP.exe> in the current context!
Error: Unable to interpret <[2015-04-20 16:05:14 | 001,246,720 | ---- | M] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO.exe> in the current context!
Error: Unable to interpret <[2015-04-19 14:20:16 | 000,005,872 | ---- | M] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP> in the current context!
Error: Unable to interpret <[2015-04-14 18:28:56 | 000,004,387 | ---- | M] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO> in the current context!
Error: Unable to interpret <[2015-08-26 19:04:09 | 000,000,124 | ---- | C] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat> in the current context!
Error: Unable to interpret <[2015-04-20 16:05:14 | 001,579,520 | ---- | C] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP.exe> in the current context!
Error: Unable to interpret <[2015-04-20 16:05:14 | 001,246,720 | ---- | C] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO.exe> in the current context!
Error: Unable to interpret <[2015-04-19 14:20:16 | 000,005,872 | ---- | C] () -- C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP> in the current context!
Error: Unable to interpret <[2015-04-14 18:28:56 | 000,004,387 | ---- | C] () -- C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO> in the current context!
Error: Unable to interpret <[2014-12-03 09:39:01 | 000,003,951 | ---- | C] () -- C:\Users\admin\AppData\Roaming\C5C18FE1D82F4BB7F86E28860CE82AE7> in the current context!
Error: Unable to interpret <[2014-11-28 13:57:22 | 000,235,348 | ---- | C] () -- C:\Users\admin\AppData\Roaming\906F7D600B4E574A1AA55C353BB6C948> in the current context!
Error: Unable to interpret <[2014-11-12 11:37:56 | 000,000,191 | ---- | C] () -- C:\Users\admin\AppData\Roaming\hNUpv8W6fTq9DSEoNXIgpr5pwk> in the current context!
Error: Unable to interpret <[2014-11-06 19:43:34 | 000,233,878 | ---- | C] () -- C:\Users\admin\AppData\Roaming\4ED62FBB88120ACF19637B80059756A2> in the current context!
Error: Unable to interpret <[2014-10-27 03:05:53 | 000,233,878 | ---- | C] () -- C:\Users\admin\AppData\Roaming\905CCF79278916E91590A8BAEDE53B11> in the current context!
Error: Unable to interpret <[2014-09-25 01:54:13 | 000,000,016 | ---- | C] () -- C:\Users\admin\AppData\Roaming\UXFKTkPgyk7mHcaAHlZzHGwPI1a3zsM> in the current context!
Error: Unable to interpret <[2014-08-03 20:21:02 | 000,003,951 | ---- | C] () -- C:\Users\admin\AppData\Roaming\F6E244C4484D18AF95FFD2EB6D0DAC6C> in the current context!
Error: Unable to interpret <[2014-05-30 18:37:19 | 000,000,538 | ---- | C] () -- C:\Users\admin\AppData\Roaming\2YplpIcfiT30Bc7aFbBeJ0p> in the current context!
Error: Unable to interpret <[2014-05-29 20:25:16 | 000,288,937 | ---- | C] () -- C:\Users\admin\AppData\Roaming\CFEE7ADD9DAB7D3D84D0081B8E64C659> in the current context!
Error: Unable to interpret <[2014-05-29 20:25:16 | 000,000,315 | ---- | C] () -- C:\Users\admin\AppData\Roaming\MyRxSSBFZ6SaaKk934Be4MX93LE> in the current context!
Error: Unable to interpret <[2014-05-29 20:25:10 | 000,288,937 | ---- | C] () -- C:\Users\admin\AppData\Roaming\F38F8A1EAD8B6C42A4DC220CDF125C5D> in the current context!
Error: Unable to interpret <[2014-12-20 02:39:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\1F937E41EAD6DD5DC5DD0C78F622A7A7> in the current context!
Error: Unable to interpret <[2014-12-20 02:44:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\381CA6F558DE9812B92074CF883033C2> in the current context!
Error: Unable to interpret <[2014-12-20 02:45:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\39EA476E748DFFD02B8B678FE70CA310> in the current context!
Error: Unable to interpret <[2014-12-20 03:28:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\9CBB388D85531EF33145DFD9673939A9> in the current context!
Error: Unable to interpret <[2014-12-20 03:31:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\A757C1D23CCA29FF4C926BDBF1877467> in the current context!
Error: Unable to interpret <[2014-12-20 03:41:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\D92339BB111C30F4CF12F4FE6F761B0D> in the current context!
Error: Unable to interpret <[2014-01-25 21:52:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\{d9217b2c-880e-0d76-5251-a8d8d9217b2c}> in the current context!
========== FILES ==========
File\Folder C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E04 not found.
C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-1-6.job moved successfully.
C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-1-7.job moved successfully.
C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-10_user.job moved successfully.
C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-11.job moved successfully.
C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-3.job moved successfully.
C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-4.job moved successfully.
C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-5.job moved successfully.
C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-5_user.job moved successfully.
C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-6.job moved successfully.
C:\Windows\tasks\a47de464-2e3a-4435-9784-cbf1f75bc6a4-7.job moved successfully.
File\Folder C:\Program Files\gmsd_pl* not found.
File\Folder C:\Users\admin\AppData\Local\gmsd_pl* not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 97673735 bytes
->Temporary Internet Files folder emptied: 43553362 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 334539763 bytes
->Google Chrome cache emptied: 856432 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 5316 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1894147 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 456,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09042015_174539

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#7
zdrapek5

zdrapek5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

FRST


Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:31-08-2015
Uruchomiony przez admin (administrator)  ADMIN-KOMPUTER (04-09-2015 17:56:42)
Uruchomiony z C:\Users\admin\Downloads
Załadowane profile: admin (Dostępne profile: admin)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TODO: <公司名>) C:\Program Files\SFK\SSFK.exe
() C:\Program Files\SFK\SFKEX.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Redefine Sp z o.o.) C:\Program Files\ipla\ipla.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(© 2015 Microsoft Corporation) C:\Users\admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-10-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-12-20] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-31] (Avast Software s.r.o.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [mbot_pl_014010068] => [X]
HKLM\...\Run: [gmsd_pl_005010068] => [X]
HKLM\...\Run: [gmsd_pl_005010069] => [X]
HKLM\...\Run: [gmsd_pl_005010070] => [X]
HKLM\...\Run: [rec_pl_65] => [X]
HKU\S-1-5-21-260202698-669789434-1290222812-1000\...\Run: [IPLA!] => C:\Program Files\ipla\ipla.exe [21360736 2014-12-12] (Redefine Sp z o.o.)
HKU\S-1-5-21-260202698-669789434-1290222812-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-260202698-669789434-1290222812-1000\...\Run: [BingSvc] => C:\Users\admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-06] (Avast Software s.r.o.)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci..)

Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{6E23689C-C8C9-4C8F-918F-00BBE6677154}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-260202698-669789434-1290222812-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-06] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\SKYPE4~1.DLL [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1441381045&z=e623de5bbc775031e7aaaeeg9zez5gccab5e1q4e1q&from=slbnew&uid=HitachiXHTS545050B9A300_110203PBN403M7F0XE3EX

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\aijsq4bo.default-1440617259547
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Homepage: hxxp://www.mystartsearch.com/?type=hp&ts=1441381045&z=e623de5bbc775031e7aaaeeg9zez5gccab5e1q4e1q&from=slbnew&uid=HitachiXHTS545050B9A300_110203PBN403M7F0XE3EX
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-04] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-12-20] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-12-20] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\aijsq4bo.default-1440617259547\searchplugins\mystartsearch.xml [2015-09-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-28]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-20]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-20]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\aijsq4bo.default-1440617259547\extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\aijsq4bo.default-1440617259547\extensions\[email protected]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.mystartsearch.com/?type=sc&ts=1441381045&z=e623de5bbc775031e7aaaeeg9zez5gccab5e1q4e1q&from=slbnew&uid=HitachiXHTS545050B9A300_110203PBN403M7F0XE3EX

Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-06]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-06]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-06]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-06]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-06]
CHR Extension: (Avast SafePrice) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-05-06]
CHR Extension: (Google Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-06]
CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-06]
CHR Extension: (RealDownloader) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-05-06]
CHR Extension: (CinemaP-1.9cV23.08) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-23]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-06]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-06]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-06]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartse...PBN403M7F0XE3EX

Opera:
=======
OPR Extension: (High Stairs) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\fgebpiphakabkmklhijpogchbgpmebjg [2015-08-26]
OPR Extension: (CinemaP-1.9cV23.08) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-23]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-06] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
S4 funimilo; C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E041\knsv596A.tmp [640000 2015-08-28] () [Brak podpisu cyfrowego]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SSFK; C:\Program Files\SFK\SSFK.exe [411648 2015-09-04] (TODO: <公司名>) [Brak podpisu cyfrowego]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66176 2010-09-10] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [31872 2010-09-10] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-18] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-06] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-06] (Avast Software)
S3 cpuz134; \??\C:\Users\admin\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-09-04 17:56 - 2015-09-04 17:57 - 00017207 _____ C:\Users\admin\Downloads\FRST.txt
2015-09-04 17:56 - 2015-09-04 17:56 - 00000000 ____D C:\FRST
2015-09-04 17:55 - 2015-09-04 17:55 - 01690624 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2015-09-04 17:53 - 2015-09-04 14:34 - 00100354 _____ C:\Users\admin\Desktop\OTL.Txt
2015-09-04 17:53 - 2015-09-04 14:34 - 00048338 _____ C:\Users\admin\Desktop\Extras.Txt
2015-09-04 17:52 - 2015-09-04 17:52 - 00023376 _____ C:\Users\admin\Desktop\09042015_174539.log
2015-09-04 17:45 - 2015-09-04 17:45 - 00000000 ____D C:\_OTL
2015-09-04 17:38 - 2015-09-04 17:50 - 00000000 ____D C:\Program Files\SFK
2015-09-04 17:37 - 2015-09-04 17:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\mystartsearch
2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\Program Files\predm
2015-09-04 14:32 - 2015-09-04 14:34 - 00048338 _____ C:\Users\admin\Downloads\Extras.Txt
2015-09-04 14:28 - 2015-09-04 14:34 - 00100354 _____ C:\Users\admin\Downloads\OTL.Txt
2015-09-04 14:10 - 2015-09-04 14:10 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2015-09-04 11:41 - 2015-09-04 12:34 - 00000000 ____D C:\AdwCleaner
2015-09-04 11:10 - 2015-09-04 11:10 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e6f196cd8682.job
2015-09-01 14:07 - 2015-09-01 14:07 - 00000000 _____ C:\ProgramData\temp
2015-08-29 08:00 - 2015-08-29 08:00 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-08-28 09:29 - 2015-08-29 06:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-27 06:57 - 2015-09-04 17:50 - 00012918 _____ C:\Windows\PFRO.log
2015-08-27 06:57 - 2015-09-04 17:50 - 00000896 _____ C:\Windows\setupact.log
2015-08-27 06:57 - 2015-08-27 06:57 - 00000000 _____ C:\Windows\setuperr.log
2015-08-26 21:42 - 2015-09-04 17:37 - 00001281 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-26 21:42 - 2015-09-04 17:37 - 00001269 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-26 19:04 - 2015-09-04 11:40 - 00000000 ____D C:\ProgramData\DWinManProD
2015-08-26 19:04 - 2015-08-26 19:04 - 00000124 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-08-25 10:29 - 2015-08-25 10:29 - 00613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsc868F.tmp
2015-08-24 12:20 - 2015-08-24 12:20 - 00613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsiCE96.tmp
2015-08-23 11:25 - 2015-09-04 17:37 - 00001269 _____ C:\Users\admin\Desktop\Mozilla Firefox.lnk
2015-08-23 10:39 - 2015-08-25 15:21 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-08-23 10:39 - 2015-08-25 15:21 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-08-23 10:39 - 2015-08-25 15:21 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-08-23 10:38 - 2015-08-23 10:37 - 00613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsi7192.tmp
2015-08-23 10:34 - 2015-08-23 10:34 - 00000862 _____ C:\Windows\Tasks\SmartWeb Upgrade Trigger Task.job
2015-08-23 10:34 - 2015-08-23 10:34 - 00000456 _____ C:\Windows\Tasks\WordSurfer Auto Updater 1.10.0.19 Core.job
2015-08-23 10:06 - 2015-09-04 17:54 - 00072009 _____ C:\Windows\WindowsUpdate.log
2015-08-23 09:58 - 2015-08-23 09:58 - 00001006 _____ C:\Windows\Tasks\ED9LQt0xEB9HY7EmP.job
2015-08-23 09:58 - 2015-08-23 09:58 - 00001002 _____ C:\Windows\Tasks\70u8DEbO6VurusO.job
2015-08-23 09:58 - 2015-08-23 09:58 - 00000484 _____ C:\Windows\Tasks\B034E4DE-F959-4289-9CDE-821E262C615.job
2015-08-23 09:58 - 2015-08-23 09:58 - 00000000 ____D C:\Program Files\6949a848-fd16-4950-ad3a-5f859cf2add1
2015-08-23 09:57 - 2015-09-04 11:46 - 00000000 ____D C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E041
2015-08-23 09:57 - 2015-08-23 09:57 - 00000958 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-23 09:57 - 2011-12-30 13:15 - 00000864 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-23 09:55 - 2015-08-23 12:15 - 00000000 ____D C:\ProgramData\update
2015-08-23 09:55 - 2015-08-23 10:03 - 00000000 ____D C:\ProgramData\OWinManProO
2015-08-23 09:55 - 2015-08-23 09:55 - 00000000 _____ C:\Windows\prleth.sys
2015-08-23 09:55 - 2015-08-23 09:55 - 00000000 _____ C:\Windows\hgfs.sys

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-09-04 17:55 - 2014-12-20 20:37 - 01406017 _____ C:\Windows\system32\debug.log
2015-09-04 17:55 - 2011-12-30 15:06 - 00000000 ____D C:\Program Files\Opera
2015-09-04 17:51 - 2014-09-02 09:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\ipla
2015-09-04 17:50 - 2014-12-20 17:51 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-09-04 17:50 - 2011-12-30 19:44 - 00000000 ____D C:\Users\admin
2015-09-04 17:50 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-04 17:37 - 2015-05-06 20:58 - 00002463 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-04 17:37 - 2014-12-20 17:51 - 00001409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 31.lnk
2015-09-04 17:37 - 2014-12-20 17:51 - 00001397 _____ C:\Users\Public\Desktop\Opera 31.lnk
2015-09-04 17:11 - 2014-12-20 17:50 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-04 15:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-09-04 14:11 - 2014-12-20 17:50 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-04 14:11 - 2011-12-30 15:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-04 13:56 - 2009-07-14 06:34 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-04 13:56 - 2009-07-14 06:34 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-04 11:10 - 2015-07-16 07:39 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf89d38df321.job
2015-09-04 11:03 - 2011-12-30 19:44 - 00001433 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-29 06:40 - 2012-05-03 14:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-26 21:27 - 2015-02-23 18:32 - 00000000 ____D C:\Users\admin\Desktop\Stare dane programu Firefox
2015-08-23 10:43 - 2015-01-28 10:40 - 00000438 _____ C:\Windows\Tasks\Opera scheduled Autoupdate 1419090702.job
2015-08-23 10:03 - 2009-07-14 06:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-23 09:57 - 2011-02-04 16:24 - 00687828 _____ C:\Windows\system32\perfh015.dat
2015-08-23 09:57 - 2011-02-04 16:24 - 00131382 _____ C:\Windows\system32\perfc015.dat
2015-08-23 09:57 - 2010-11-20 23:01 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-17 07:06 - 2011-12-30 15:41 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype

==================== Pliki w katalogu głównym wybranych folderów =======

2014-05-30 18:37 - 2014-12-18 17:54 - 0000538 _____ () C:\Users\admin\AppData\Roaming\2YplpIcfiT30Bc7aFbBeJ0p
2014-11-06 19:43 - 2014-11-06 19:43 - 0233878 _____ () C:\Users\admin\AppData\Roaming\4ED62FBB88120ACF19637B80059756A2
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO.exe
2014-10-27 03:05 - 2014-10-27 03:05 - 0233878 _____ () C:\Users\admin\AppData\Roaming\905CCF79278916E91590A8BAEDE53B11
2014-11-28 13:57 - 2014-11-28 13:57 - 0235348 _____ () C:\Users\admin\AppData\Roaming\906F7D600B4E574A1AA55C353BB6C948
2014-12-03 09:39 - 2014-12-09 03:13 - 0003951 _____ () C:\Users\admin\AppData\Roaming\C5C18FE1D82F4BB7F86E28860CE82AE7
2014-05-29 20:25 - 2014-05-29 20:25 - 0288937 _____ () C:\Users\admin\AppData\Roaming\CFEE7ADD9DAB7D3D84D0081B8E64C659
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP.exe
2014-05-29 20:25 - 2014-05-29 20:25 - 0288937 _____ () C:\Users\admin\AppData\Roaming\F38F8A1EAD8B6C42A4DC220CDF125C5D
2014-08-03 20:21 - 2014-12-09 03:13 - 0003951 _____ () C:\Users\admin\AppData\Roaming\F6E244C4484D18AF95FFD2EB6D0DAC6C
2014-11-12 11:37 - 2014-12-18 17:54 - 0000191 _____ () C:\Users\admin\AppData\Roaming\hNUpv8W6fTq9DSEoNXIgpr5pwk
2014-05-29 20:25 - 2014-12-16 11:49 - 0000315 _____ () C:\Users\admin\AppData\Roaming\MyRxSSBFZ6SaaKk934Be4MX93LE
2014-09-25 01:54 - 2014-12-18 17:55 - 0000016 _____ () C:\Users\admin\AppData\Roaming\UXFKTkPgyk7mHcaAHlZzHGwPI1a3zsM
2015-08-25 10:29 - 2015-08-25 10:29 - 0613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsc868F.tmp
2015-08-23 10:38 - 2015-08-23 10:37 - 0613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsi7192.tmp
2015-08-24 12:20 - 2015-08-24 12:20 - 0613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsiCE96.tmp
2015-09-01 14:07 - 2015-09-01 14:07 - 0000000 _____ () C:\ProgramData\temp
2015-08-26 19:04 - 2015-08-26 19:04 - 0000124 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2015-09-04 15:43

==================== Koniec  FRST.txt ============================


  • 0

#8
zdrapek5

zdrapek5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Addition



Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja:31-08-2015
Uruchomiony przez admin (2015-09-04 17:57:53)
Uruchomiony z C:\Users\admin\Downloads
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

admin (S-1-5-21-260202698-669789434-1290222812-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-260202698-669789434-1290222812-500 - Administrator - Disabled)
Gość (S-1-5-21-260202698-669789434-1290222812-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-260202698-669789434-1290222812-1002 - Limited - Enabled)

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{058F6CF1-8E0E-229E-F89C-F0F69F86F87E}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
ccc-core-static (Version: 2010.1026.2246.39002 - Nazwa firmy) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
DRUKI Gofin 2.2.19.0 (HKLM\...\{852B928B-042E-4555-B59B-3473734906FF}) (Version: 2.2.19.0 - Wydawnictwo Podatkowe GOFIN sp. z o.o.)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.124.715 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Gadu-Gadu 10 (HKLM\...\Gadu-Gadu 10) (Version:  - GG Network S.A.)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Earth (HKLM\...\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
ipla 2.8.4 (HKLM\...\ipla) (Version: 2.8.4 - Redefine Sp z o.o.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 10.9.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.0 - )
LibreOffice 3.4 Help Pack (Polish) (HKLM\...\{7EFC7E3C-5C8E-43AB-9F24-106D9FCDC542}) (Version: 3.4.402 - LibreOffice)
LibreOffice 4.3.3.2 (HKLM\...\{87C753BB-81E3-403B-BD87-6293F870B20B}) (Version: 4.3.3.2 - The Document Foundation)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.95 - LSI Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 pl) (HKLM\...\Mozilla Firefox 40.0.3 (x86 pl)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
mystartsearch uninstall (HKLM\...\mystartsearch uninstall) (Version:  - mystartsearch) <==== UWAGA
Obsługa programów Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Opera Stable 31.0.1889.174 (HKLM\...\Opera 31.0.1889.174) (Version: 31.0.1889.174 - Opera Software)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PIT Format 2014 (HKLM\...\PIT Format 2014_is1) (Version:  - Biuro Informatyki Stosowanej FORMAT)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.0.51026.2256 - ATI Technologies Inc.) Hidden

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Punkty Przywracania systemu =========================

04-09-2015 17:45:54 OTL Restore Point - 2015-09-04 17:45:54

==================== Hosts - zawartość: ==========================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 04:04 - 2011-12-30 13:15 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {0D9B1731-3189-457D-90BE-7B8FD55D2BBA} - System32\Tasks\{45F7A9A8-6CF1-4868-9746-3D43140673D2} => c:\program files\opera\opera.exe
Task: {1C3AE0C4-EC30-4589-AC8E-065AF778D950} - System32\Tasks\{06CBECC9-4C6B-4452-AFBF-8302C5B74C6C} => Firefox.exe http://ui.skype.com/...all?page=tsMain
Task: {24EAF26E-3F5E-4FC8-8EA1-61642483C587} - System32\Tasks\{3A3F39DA-C042-4D5D-A0A2-05B09F236BDF} => Firefox.exe http://ui.skype.com/...all?page=tsBing
Task: {3BD1F585-A930-48ED-8AC1-D9BEE076CB79} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {46848A7E-2B3D-4E52-9194-9618B91B1D52} - System32\Tasks\Opera scheduled Autoupdate 1419090702 => C:\Program Files\Opera\launcher.exe [2015-08-17] (Opera Software)
Task: {5384FAE0-24F9-4119-9521-03453F2C3B7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {8F676C4F-542D-4603-8F69-6F1D06D99B02} - System32\Tasks\{25202563-1D60-4EA3-AFF4-654B09B62A5B} => c:\program files\opera\opera.exe
Task: {9864D5AA-0CF7-412D-AA0D-FE096AF15A5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {9F87D62D-D2BF-48DA-94F6-D1A1A556ECCA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-260202698-669789434-1290222812-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D29F3CE0-7CAC-481D-99CD-F49B00B55966} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-260202698-669789434-1290222812-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D3FA7BF0-F20A-4481-AA38-A6BB01CC42CC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-18] (Avast Software s.r.o.)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\70u8DEbO6VurusO.job => C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO.exe <==== UWAGA
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\Windows\Tasks\B034E4DE-F959-4289-9CDE-821E262C615.job => C:\Users\admin\AppData\Local\B034E4DE-F959-4289-9CDE-821E262C615\B034E4DE-F959-4289-9CDE-821E262C615.exe
Task: C:\Windows\Tasks\ED9LQt0xEB9HY7EmP.job => C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP.exe <==== UWAGA
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== UWAGA
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0882f13c33775.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fa7c1661f42.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf89d38df321.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e6f196cd8682.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Opera scheduled Autoupdate 1419090702.job => C:\Program Files\Opera\launcher.exe
Task: C:\Windows\Tasks\SmartWeb Upgrade Trigger Task.job => C:\Users\admin\AppData\Local\SmartWeb\SmartWebHelper.exe <==== UWAGA
Task: C:\Windows\Tasks\WordSurfer Auto Updater 1.10.0.19 Core.job => C:\Program Files\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe

==================== Załadowane moduły (filtrowane) ==============

2015-05-06 20:50 - 2015-05-06 20:50 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-06 20:50 - 2015-05-06 20:50 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-04 12:29 - 2015-09-04 12:29 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090400\algo.dll
2015-09-02 11:52 - 2015-09-02 11:52 - 00352768 _____ () C:\Program Files\SFK\SFKEX.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-08-17 18:52 - 2015-08-17 18:52 - 00109568 _____ () C:\Program Files\SFK\SFKEX.exe
2015-05-06 20:50 - 2015-05-06 20:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-12 14:11 - 2014-12-12 14:11 - 00068104 _____ () C:\Program Files\ipla\ziplib.dll
2014-12-12 14:11 - 2014-12-12 14:11 - 00299528 _____ () C:\Program Files\ipla\MediaFileScanner.dll
2014-10-03 11:15 - 2014-10-03 11:15 - 37022328 _____ () C:\Program Files\ipla\libcef.dll
2014-12-12 14:11 - 2014-12-12 14:11 - 00392200 _____ () C:\Program Files\ipla\jabberoo.dll
2010-10-26 23:45 - 2010-10-26 23:45 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-11-22 02:03 - 2014-11-22 02:03 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)


==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)


==================== EXE - Powiązania (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-260202698-669789434-1290222812-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Zapora systemu Windows - funkcja włączona.

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

(Obecnie brak automatycznej naprawy dla tej sekcji.)

MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: pla => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C2188788-68A9-48B5-8AE6-67409544CFA5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5A7DFCE8-B36C-491F-9A68-B083915F03D1}C:\program files\gadu-gadu 10\gg.exe] => (Allow) C:\program files\gadu-gadu 10\gg.exe
FirewallRules: [UDP Query User{A1AA21DA-E0AD-4238-8F47-D5E24914EDAF}C:\program files\gadu-gadu 10\gg.exe] => (Allow) C:\program files\gadu-gadu 10\gg.exe
FirewallRules: [{42F9386A-64E7-4567-A252-C131CDBE3DBA}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{BED3E2D3-68F3-4CCA-A572-C32AF11B7EB6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9F35627C-9DD1-4476-90D5-C68DB95B4968}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{68F5676E-F8A0-4E92-B590-59DE2555EFE7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7A53AD51-3BE2-47DB-8C5F-25374AEBBEE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EC7C2DBF-CF3E-47E2-84BA-F74AB155AD1A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{513A8CD9-4440-485D-8FD9-3F0C8F485613}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{8289F4D8-6181-43F4-8014-A905E0E77951}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FEFC2463-7A32-452A-BF68-BFE646BF6896}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FE85ABD8-1A6D-4B00-AADC-A8555729293E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name: Karta Microsoft 6to4
Description: Karta Microsoft 6to4
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Karta Microsoft ISATAP
Description: Karta Microsoft ISATAP
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Karta Microsoft ISATAP #2
Description: Karta Microsoft ISATAP
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Karta tunelowania Teredo firmy Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (09/04/2015 05:51:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2015 03:53:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Nie można odnaleźć zestawu zależnego rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (09/04/2015 01:49:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2015 12:53:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 08:16:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Nie można odnaleźć zestawu zależnego rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (12/20/2014 08:16:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Nie można odnaleźć zestawu zależnego rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (12/20/2014 08:03:41 PM) (Source: MsiInstaller) (EventID: 11935) (User: admin-Komputer)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}

Error: (12/20/2014 06:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się.

Details:
AddLegacyDriverFiles: Unable to back up image of binary nyihheqi.

System Error:
Nie można odnaleźć określonego pliku.
.

Error: (12/20/2014 06:51:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się.

Details:
AddLegacyDriverFiles: Unable to back up image of binary nyihheqi.

System Error:
Nie można odnaleźć określonego pliku.
.

Error: (12/20/2014 06:36:24 PM) (Source: MsiInstaller) (EventID: 11935) (User: admin-Komputer)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable - Error 1935.Wystąpił błąd podczas instalowania zestawu Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86". Zobacz Pomoc i obsługę techniczną, aby uzyskać więcej informacji. Wynik HRESULT: 0x80070BC9, interfejs zestawu: IAssemblyCacheItem, funkcja: Commit, składnik: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}


Dziennik System:
=============
Error: (09/04/2015 05:45:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa AMD External Events Utility niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (09/04/2015 12:28:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Harmonogram zadań zależy od usługi Dziennik zdarzeń systemu Windows, której nie można uruchomić z powodu następującego błędu:
%%1058

Error: (09/04/2015 12:28:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\Windows\System32\bcmihvsrv.dll

Error: (09/04/2015 12:28:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\Windows\System32\bcmihvsrv.dll

Error: (09/04/2015 12:28:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\Windows\System32\bcmihvsrv.dll

Error: (09/04/2015 12:27:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (09/04/2015 12:27:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (09/04/2015 12:27:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa RealNetworks Downloader Resolver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (09/04/2015 12:27:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Foxit Cloud Safe Update Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (09/04/2015 12:27:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Skype Click to Call PNR Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.


Microsoft Office:
=========================
Error: (09/04/2015 05:51:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2015 03:53:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (09/04/2015 01:49:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2015 12:53:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 08:16:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (12/20/2014 08:16:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (12/20/2014 08:03:41 PM) (Source: MsiInstaller) (EventID: 11935) (User: admin-Komputer)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/20/2014 06:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary nyihheqi.

System Error:
Nie można odnaleźć określonego pliku.

Error: (12/20/2014 06:51:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary nyihheqi.

System Error:
Nie można odnaleźć określonego pliku.

Error: (12/20/2014 06:36:24 PM) (Source: MsiInstaller) (EventID: 11935) (User: admin-Komputer)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable - Error 1935.Wystąpił błąd podczas instalowania zestawu Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86". Zobacz Pomoc i obsługę techniczną, aby uzyskać więcej informacji. Wynik HRESULT: 0x80070BC9, interfejs zestawu: IAssemblyCacheItem, funkcja: Commit, składnik: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Statystyki pamięci ===========================

Procesor: AMD Athlon™ II Dual-Core M320
Procent pamięci w użyciu: 47%
Całkowita pamięć fizyczna: 2046.36 MB
Dostępna pamięć fizyczna: 1066.29 MB
Całkowita pamięć wirtualna: 5116.36 MB
Dostępna pamięć wirtualna: 3869.63 MB

==================== Dyski ================================

Drive c: (system) (Fixed) (Total:84.86 GB) (Free:60.22 GB) NTFS
Drive d: (data1) (Fixed) (Total:190.4 GB) (Free:189.54 GB) NTFS
Drive e: (data2) (Fixed) (Total:190.4 GB) (Free:150.8 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F8B2F8B2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=84.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=190.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=190.4 GB) - (Type=OF Extended)

==================== Koniec  Addition.txt ============================


  • 0

#9
zdrapek5

zdrapek5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I think that's enough .
Thank you very much for your help and your time.


  • 0

#10
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, zdrapek5.
 

Thank you very much for your help and your time.

My pleasure. Keep in mind that your system is still infected and we're not done yet.

Let's move on.

Step #1
4lSuPAR.pngUninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:
  • mystartsearch uninstall
  • Setup (I asked to remove it earlier. Are there any problems removing it?)
 
Step #2
4rr98tz.png FRST Fix

I've noticed that you ran FRST.exe from the Downloads folder. Please move it to your Desktop. You can do it by right-clicking FRST.exe, click Cut, then move to Desktop, right-click any free space and click Paste.
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   7.8KB   72 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #3
INQmTSa.png Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program (click here if you don't know how to do this)
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #4
LHBIenm.pngAdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click 5W2Ci1o.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[C1].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
EOEdyWG.png Things that should appear in your next post:
  • Please tell me if you have successfully uninstalled all the programs I've asked you to remove
  • Fixlog.txt log content
  • JRT.txt log content
  • AdwCleaner log content

  • 0

#11
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP