Jakis syf wyswietlający reklamy

[Piteruum]

Wgrał mi sie jakis syf i wyswietla mi reklamy w przegladarce praktycznie co chwile z nikąd , klikne byle gdzie , reklama w nowej karcie sie otwiera i tak co chwile.

Jest to na C/ProgramFiles

Gdy chce usunac wyskakuje Nie mozna usunac poniewaz "Nazwa" Jest uruchomione w programie "NazwaUpdate".

Gdy chce wylaczyc to w usługach jest odmowa dostepu , co moge zrobic?

[Janusz.]

Wykonaj logi FRST Poradnik dot. logów.

[Piteruum]

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2014 01

Ran by Piotrek (administrator) on BOGDAN-KOMPUTER on 05-10-2014 13:40:52

Running from C:\Users\Piotrek\Downloads

Loaded Profile: Piotrek (Available profiles: Bogdan & Piotrek)

Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Polski (Polska)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

() E:\Comodo\Dragon\dragon_updater.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

(FileZilla Project) E:\FileZilla Server\FileZilla Server.exe

() C:\Program Files\PennyBee\PennyBee.exe

(NVIDIA Corporation) C:\Windows\System32\nvSCPAPISvr.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(LogMeIn Inc.) D:\hamachi-2.exe

(LogMeIn, Inc.) D:\LMIGuardianSvc.exe

() C:\Program Files\PennyBee\PennyBeeW.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

() C:\Program Files\screenSHU\screenSHU.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

(Comodo) E:\Comodo\Dragon\dragon.exe

(Comodo) E:\Comodo\Dragon\dragon.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Comodo) E:\Comodo\Dragon\dragon.exe

() C:\Program Files\Techgile\bin\utilTechgile.exe

() C:\Program Files\Techgile\bin\Techgile.PurBrowse.exe

() C:\Program Files\Techgile\updateTechgile.exe

(Comodo) E:\Comodo\Dragon\dragon.exe

() C:\Program Files\Techgile\bin\Techgile.BrowserAdapter.exe

() D:\lol\RADS\system\rads_user_kernel.exe

() D:\lol\RADS\projects\lol_launcher\releases\0.0.0.223\deploy\LoLLauncher.exe

() D:\lol\RADS\projects\lol_patcher\releases\0.0.0.7\deploy\LoLPatcher.exe

() D:\lol\RADS\projects\lol_air_client\releases\0.0.1.112\deploy\LolClient.exe

() C:\1907\LeagueSharp.Loader.exe

(Comodo) E:\Comodo\Dragon\dragon.exe

(Comodo) E:\Comodo\Dragon\dragon.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3080264 2011-09-22] (ESET)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)

HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM\...\Run: [LogMeIn Hamachi Ui] => D:\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)

HKLM\...\Run: [FileZilla Server Interface] => E:\FileZilla Server\FileZilla Server Interface.exe [2331648 2014-08-03] (FileZilla Project)

HKLM\...\Run: [mbot_pl_34] => [X]

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-2938680954-439784975-107003261-1003\...\Run: [screenSHU] => C:\Program Files\screenSHU\screenSHU.exe [2112000 2013-09-04] ()

HKU\S-1-5-21-2938680954-439784975-107003261-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-2938680954-439784975-107003261-1003\...\Run: [DAEMON Tools Lite] => E:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-2938680954-439784975-107003261-1003\...\Run: [MK LOL] => E:\MKJogo\MK IM\Bin\MKIM.exe [1092296 2014-09-26] ()

HKU\S-1-5-21-2938680954-439784975-107003261-1003\...\Run: [MKLOL] => E:\MKJogo\MK IM\Bin\MKIM.exe [1092296 2014-09-26] ()

HKU\S-1-5-21-2938680954-439784975-107003261-1003\...\MountPoints2: {1d60e30b-0662-11e4-b4ab-806e6f6e6963} - F:\setup.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk

ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\System32\C2MP\TrayMenu.exe (No File)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

SearchScopes: HKCU - DefaultScope {85AE9870-EE83-434E-9F95-34311A94DBF2} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}

SearchScopes: HKCU - {85AE9870-EE83-434E-9F95-34311A94DBF2} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}

BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: No Name -> {7d2cbfb4-dfcd-4282-841a-c2a2a5299d7e} ->  No File

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.1.100

 

FireFox:

========

FF ProfilePath: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\ib25cogc.default

FF DefaultSearchEngine: Yahoo!

FF SelectedSearchEngine: Yahoo!

FF Homepage: hxxp://www.gazeta.pl/0,0.html?p=128

FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=888596&p=

FF NetworkProxy: "http", "185.49.15.25"

FF NetworkProxy: "http_port", 7808

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF user.js: detected! => C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\ib25cogc.default\user.js

FF SearchPlugin: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\ib25cogc.default\searchplugins\yahoo_ff.xml

FF Extension: GoHD - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\ib25cogc.default\Extensions\[email protected] [2014-10-01]

FF Extension: Autofill Forms - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\ib25cogc.default\Extensions\[email protected] [2014-09-18]

FF Extension: X-Forwarded-For Header - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\ib25cogc.default\Extensions\[email protected] [2014-08-29]

FF Extension: Greasemonkey - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\ib25cogc.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-07-19]

FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2014-07-30]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-29]

FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-07-13]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

 

Chrome: 

=======

CHR CustomProfile: C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Dokumenty Google) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-13]

CHR Extension: (Dysk Google) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-13]

CHR Extension: (MEGA) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2014-07-16]

CHR Extension: (YouTube) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-13]

CHR Extension: (Szukaj w Google) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-13]

CHR Extension: (AdBlock) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-20]

CHR Extension: (Techgile) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehepedlpajpdceoefcmmeajalnppgbd [2014-10-02]

CHR Extension: (Google Wallet) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]

CHR Extension: (Gmail) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-13]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 DragonUpdater; E:\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [974944 2011-09-22] (ESET)

R2 FileZilla Server; E:\FileZilla Server\FileZilla Server.exe [639488 2014-08-03] (FileZilla Project) [File not signed]

R2 Hamachi2Svc; D:\hamachi-2.exe [1890128 2014-09-04] (LogMeIn Inc.)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]

R2 PennyBee; C:\Program Files\PennyBee\PennyBee.exe [57856 2014-08-18] () [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]

R2 Stereo Service; C:\Windows\System32\nvSCPAPISvr.exe [232960 2009-06-10] (NVIDIA Corporation) [File not signed]

R2 Update Techgile; C:\Program Files\Techgile\updateTechgile.exe [522480 2014-10-05] ()

R2 Util Techgile; C:\Program Files\Techgile\bin\utilTechgile.exe [522480 2014-10-05] ()

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-07-30] (Disc Soft Ltd)

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163424 2011-08-09] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)

R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2011-08-04] (ESET)

R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

R1 {6d550375-e98e-48ce-8260-daa7e461d495}Gw; C:\Windows\System32\drivers\{6d550375-e98e-48ce-8260-daa7e461d495}Gw.sys [43152 2014-09-30] (StdLib)

S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

S3 taphss6; system32\DRIVERS\taphss6.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-05 13:40 - 2014-10-05 13:41 - 00014901 _____ () C:\Users\Piotrek\Downloads\FRST.txt

2014-10-05 13:40 - 2014-10-05 13:41 - 00000000 ____D () C:\FRST

2014-10-05 13:40 - 2014-10-05 13:40 - 01100800 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST.exe

2014-10-04 17:19 - 2014-10-04 17:21 - 00000325 _____ () C:\Users\Piotrek\Desktop\FunHub pp.txt

2014-10-04 14:35 - 2014-10-04 14:35 - 00000371 _____ () C:\Users\Piotrek\Desktop\Glyph.lnk

2014-10-04 14:35 - 2014-10-04 14:35 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Glyph

2014-10-04 14:35 - 2014-10-04 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph

2014-10-04 14:35 - 2014-10-04 14:35 - 00000000 ____D () C:\ProgramData\Glyph

2014-10-04 13:27 - 2014-10-04 13:28 - 32084080 _____ (Trion Worlds Inc.) C:\Users\Piotrek\Downloads\GlyphInstall-0-120.exe

2014-10-03 11:05 - 2014-10-03 11:09 - 16031224 _____ () C:\Users\Piotrek\Downloads\League of Legends.exe

2014-10-02 11:43 - 2014-10-02 11:43 - 00000266 __RSH () C:\ProgramData\ntuser.pol

2014-10-02 09:17 - 2014-10-05 13:18 - 00000000 ____D () C:\Program Files\Techgile

2014-10-02 00:00 - 2014-10-02 00:00 - 00000000 ____D () C:\Program Files\predm

2014-10-01 11:04 - 2014-10-01 11:24 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP1.job

2014-10-01 11:04 - 2014-10-01 11:04 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP2.job

2014-10-01 11:04 - 2014-10-01 11:04 - 00000316 _____ () C:\Users\Piotrek\AppData\Roaming\aps.uninstall.scan.results

2014-10-01 10:59 - 2014-10-01 10:59 - 00612068 _____ (ClickMeIn Limited) C:\Users\Piotrek\AppData\Local\nsjFB91.tmp

2014-10-01 10:58 - 2014-10-05 11:09 - 00004116 _____ () C:\Windows\Tasks\ced15202-e2e5-4da0-ac0c-3b0ddf60d070-4.job

2014-10-01 10:57 - 2014-10-02 11:02 - 00000000 ____D () C:\Program Files\globalUpdate

2014-10-01 10:57 - 2014-10-01 10:57 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\globalUpdate

2014-10-01 10:56 - 2014-09-30 18:56 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{6d550375-e98e-48ce-8260-daa7e461d495}Gw.sys

2014-10-01 10:53 - 2014-10-01 10:58 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\systweak

2014-10-01 10:53 - 2014-08-29 17:02 - 00018248 _____ () C:\Windows\system32\roboot.exe

2014-10-01 10:52 - 2014-10-02 10:00 - 00000000 ____D () C:\Program Files\Techgilek

2014-10-01 10:51 - 2014-10-01 11:43 - 00000000 ____D () C:\Program Files\Opera

2014-10-01 10:51 - 2014-10-01 10:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf

2014-10-01 10:51 - 2014-10-01 10:51 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Opera Software

2014-10-01 10:51 - 2014-10-01 10:51 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Opera Software

2014-10-01 10:45 - 2014-10-02 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cole2k Media - Codec Pack

2014-10-01 10:29 - 2014-10-01 10:59 - 00000000 ____D () C:\ProgramData\ALLPlayer

2014-10-01 10:29 - 2014-10-01 10:59 - 00000000 ____D () C:\Program Files\ALLPlayer

2014-10-01 10:29 - 2013-04-05 21:26 - 02106368 _____ () C:\Windows\system32\ac3filter.ax

2014-10-01 10:29 - 2013-04-05 21:26 - 00276992 _____ (IntelleSoft) C:\Windows\system32\BugTrap.dll

2014-09-30 13:58 - 2014-09-30 13:58 - 00000000 ____D () C:\Users\Rizja\Downloads\ylsharp

2014-09-30 13:58 - 2014-09-30 13:58 - 00000000 ____D () C:\Users\Rizja

2014-09-26 00:44 - 2014-10-02 10:00 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Dev-Cpp

2014-09-25 21:16 - 2014-10-02 10:00 - 00000000 ____D () C:\1907

2014-09-25 21:07 - 2014-09-25 21:09 - 05061977 _____ () C:\Users\Piotrek\Downloads\LeagueSharp (2).zip

2014-09-23 20:06 - 2014-09-24 14:23 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\CSO

2014-09-23 20:06 - 2014-09-23 20:06 - 00000000 ____D () C:\ProgramData\Nexon

2014-09-23 20:01 - 2014-09-23 20:01 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-23 19:20 - 2014-09-23 19:20 - 00000202 _____ () C:\Users\Piotrek\Desktop\Counter-Strike Nexon Zombies.url

2014-09-19 09:21 - 2014-09-19 09:21 - 05206978 _____ () C:\Users\Piotrek\Downloads\L#2014-09-16.rar

2014-09-19 09:20 - 2014-10-02 10:00 - 00000000 ____D () C:\Proba

2014-09-19 08:59 - 2014-09-19 09:00 - 07744865 _____ () C:\Users\Piotrek\Downloads\UltimateTribalWarsBot_v1.080.zip

2014-09-18 14:05 - 2014-10-02 09:44 - 00000000 ____D () C:\Nowy folder

2014-09-18 14:05 - 2014-09-18 14:05 - 04248274 _____ () C:\Users\Piotrek\Downloads\LeagueSharp (1).zip

2014-09-18 00:25 - 2014-09-18 00:25 - 00010844 _____ () C:\Users\Piotrek\Documents\skuter.rms

2014-09-17 21:22 - 2014-10-02 10:00 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\LeagueSharp

2014-09-17 21:13 - 2014-10-02 09:43 - 00000000 ____D () C:\Users\Piotrek\Downloads\Nowy folder

2014-09-17 21:12 - 2014-09-17 21:12 - 04248274 _____ () C:\Users\Piotrek\Downloads\LeagueSharp.zip

2014-09-17 18:59 - 2014-09-17 19:00 - 05169973 _____ () C:\Users\Piotrek\Downloads\LSharp.rar

2014-09-16 11:07 - 2014-09-16 11:07 - 00000000 ____D () C:\Users\Piotrek\Desktop\Old Firefox Data

2014-09-15 12:21 - 2014-09-15 12:21 - 00003655 _____ () C:\Users\Piotrek\Documents\synchro.rms

2014-09-14 23:19 - 2014-09-25 21:26 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\LeagueSharp

2014-09-14 15:31 - 2014-09-14 15:32 - 27296793 _____ () C:\Users\Piotrek\Downloads\torbrowser-install-3.6.5_en-US.exe

2014-09-11 13:55 - 2014-10-05 12:22 - 00001770 _____ () C:\Users\Piotrek\Desktop\Nowy dokument tekstowy (2).txt

2014-09-09 20:57 - 2014-09-09 20:58 - 00000000 ____D () C:\Program Files\CCleaner

2014-09-09 20:57 - 2014-09-09 20:57 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-09-09 14:52 - 2014-09-09 14:52 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\.mono

2014-09-09 14:38 - 2014-09-09 14:38 - 00048392 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll

2014-09-09 14:38 - 2014-09-09 14:38 - 00000654 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk

2014-09-09 14:38 - 2014-09-09 14:38 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Comodo

2014-09-09 14:38 - 2014-09-09 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo

2014-09-09 14:35 - 2014-09-09 14:35 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll

2014-09-09 12:51 - 2014-09-09 12:51 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Subversion

2014-09-09 12:47 - 2014-09-14 12:58 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\h3h3

2014-09-09 11:45 - 2014-09-14 12:48 - 00004372 _____ () C:\Users\Piotrek\Desktop\Akcje.txt

2014-09-09 10:52 - 2014-09-09 11:35 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\FileZilla

2014-09-09 10:45 - 2014-09-09 10:45 - 00000747 _____ () C:\Users\Public\Desktop\FileZilla Server Interface.lnk

2014-09-09 10:45 - 2014-09-09 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server

2014-09-09 10:44 - 2014-09-09 10:45 - 00000000 ____D () C:\Program Files\PennyBee

2014-09-09 10:44 - 2014-09-09 10:44 - 00002048 _____ () C:\Users\Piotrek\Desktop\WorldofTanks.lnk

2014-09-09 10:44 - 2014-09-09 10:44 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\WorldofTanks

2014-09-09 10:44 - 2014-09-09 10:44 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks

2014-09-09 10:44 - 2014-09-09 10:44 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\WorldofTanks

2014-09-09 07:21 - 2014-10-02 09:43 - 00000000 ____D () C:\Users\Bogdan\AppData\Local\LogMeIn Hamachi

2014-09-08 19:04 - 2014-09-08 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-09-08 19:04 - 2009-03-18 18:35 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

2014-09-07 23:40 - 2014-09-08 20:11 - 00000379 _____ () C:\Users\Public\Desktop\HEX.lnk

2014-09-07 23:40 - 2014-09-08 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HEX

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-05 13:17 - 2014-07-14 12:47 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-05 13:06 - 2014-07-13 22:17 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\PMB Files

2014-10-05 13:01 - 2014-07-13 21:56 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-05 12:35 - 2014-07-13 22:17 - 00000000 ____D () C:\ProgramData\PMB Files

2014-10-05 12:22 - 2014-08-28 02:10 - 00020342 _____ () C:\Users\Piotrek\Desktop\emaile.txt

2014-10-05 12:04 - 2014-09-02 01:40 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\LogMeIn Hamachi

2014-10-05 12:02 - 2014-09-01 20:10 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\UTWB

2014-10-05 11:36 - 2014-07-17 23:56 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Skype

2014-10-05 11:18 - 2009-07-14 04:04 - 00000540 _____ () C:\Windows\win.ini

2014-10-05 11:17 - 2009-07-14 06:34 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-05 11:17 - 2009-07-14 06:34 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-05 11:14 - 2014-07-08 07:41 - 01336968 _____ () C:\Windows\WindowsUpdate.log

2014-10-05 11:10 - 2014-07-14 13:34 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\screenSHU

2014-10-05 11:09 - 2014-07-13 21:56 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-05 11:09 - 2014-07-13 17:01 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-10-05 11:09 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-05 11:09 - 2009-07-14 06:39 - 00038737 _____ () C:\Windows\setupact.log

2014-10-04 11:21 - 2009-07-14 06:33 - 00269256 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-03 11:10 - 2014-07-14 11:06 - 00000000 ____D () C:\Users\Piotrek\Desktop\Moje

2014-10-02 11:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy

2014-10-02 10:00 - 2014-07-14 15:19 - 00000000 ____D () C:\Program Files\Common Files\Steam

2014-10-02 10:00 - 2014-07-13 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-10-02 10:00 - 2014-07-13 16:32 - 00000000 ____D () C:\Users\Piotrek

2014-10-02 10:00 - 2011-04-12 07:17 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-10-02 10:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration

2014-10-02 10:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat

2014-10-02 09:43 - 2014-07-08 08:00 - 00000000 ____D () C:\Users\Bogdan

2014-10-02 09:01 - 2010-11-20 23:48 - 00021386 _____ () C:\Windows\PFRO.log

2014-10-01 11:20 - 2014-07-29 07:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-10-01 11:20 - 2014-07-29 07:09 - 00000000 ____D () C:\Program Files\HP

2014-10-01 11:20 - 2014-07-29 07:08 - 00002220 _____ () C:\ProgramData\hpzinstall.log

2014-10-01 10:25 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public

2014-09-25 22:52 - 2014-07-17 20:48 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\TS3Client

2014-09-25 01:43 - 2014-07-13 21:57 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-09-23 20:17 - 2014-07-14 12:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-09-23 20:17 - 2014-07-14 12:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-09-23 19:20 - 2014-07-14 15:31 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2014-09-18 19:33 - 2014-08-11 06:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-09-17 19:19 - 2014-08-21 21:11 - 00001268 _____ () C:\Users\Piotrek\Desktop\Przepisy.txt

2014-09-17 10:03 - 2014-09-02 01:26 - 00000597 _____ () C:\Users\Piotrek\Desktop\plemiona tuty.txt

2014-09-10 23:15 - 2014-08-01 10:29 - 00000906 _____ () C:\Users\Piotrek\Desktop\j.txt

2014-09-08 11:31 - 2014-09-03 14:49 - 00000442 _____ () C:\Users\Piotrek\Desktop\Nuty.txt

 

Some content of TEMP:

====================

C:\Users\Piotrek\AppData\Local\Temp\10673-default_sciagnij.exe

C:\Users\Piotrek\AppData\Local\Temp\13957-instalator_sciagnij.exe

C:\Users\Piotrek\AppData\Local\Temp\bitool.dll

C:\Users\Piotrek\AppData\Local\Temp\FBah9.exe

C:\Users\Piotrek\AppData\Local\Temp\HssInstaller.exe

C:\Users\Piotrek\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Piotrek\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Piotrek\AppData\Local\Temp\smt_istartsurf.exe

C:\Users\Piotrek\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Piotrek\AppData\Local\Temp\tessnet2_32.dll

C:\Users\Piotrek\AppData\Local\Temp\xGDz5.dll

C:\Users\Piotrek\AppData\Local\Temp\xGDz5.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-26 09:10

 

==================== End Of Log ============================

 

[Janusz.]

Brakuje pliku addition oraz shortcut, dostarcz i wrzuć je na jakiś hosting, nie prosto do tematu.

[Piteruum]

Sory myslalem tylko ze FRST, skan musze wrzucac?

 

Tak ogolnie ten syf nazywa się Techgile chyba.

http://www.speedyshare.com/RXwNH/FRST.zip

https://www.virustotal.com/pl/url/2761075bdff3ae82203a2cab388f65baea926e9ded7c623bd4ae8abfa65a5733/analysis/1412514265/

[D4n100]

Spróbuj zabić proces i wtedy usunąć pliki.

 

A tak wgl to słyszałeś o czymś takim jak adblock i blokowanie wyskakujących okienek w opcjach przeglądarki?

[Piteruum]

Nauka czytania sie kłania , procesu zadnego nie ma , jest tylko usługa do ktorej jest odmowa dostepu gdy chce wylaczyc.

A kto nie słyszał o Ad blocku?

Ad Block nic nie daje , reklamy wyskakują ale białe tło poprostu.

[Janusz.]

@Piteruum

 

Pobierz http://speedy.sh/Ha7FA/fixlist.txt umieść obok FRST i kliknij FIX, dostarcz FIXLOG oraz nowy log FRST

 

Reklamy nie powinny już wyskakiwać.

[Piteruum]

Póki co rzeczywiście zniknęły Dziekuje bardzo.

[Piteruum]

I znów to samo.. Z nikąd się włączyły..

 

Tak to wyglada

 http://scr.hu/114g/u46ii

To białe to reklamy.. i ciagle sie pojawiaja..

[Janusz.]

Dlatego poprosiłem cię o nowe logi, nie zrobiłeś tego więc nie wiem czy usunąłem adware czy nie, wykonaj moje polecenie z poprzedniego postu.

[Piteruum]

http://speedy.sh/37Bjz/frst.zip

https://www.virustotal.com/pl/file/574b4bf86572690d0222075fae0172be012b0317b280d845a5b7c2a7f6daf95e/analysis/1412720390/

Spyhunter by to pewnie usunal ale jest płatny wiec lipa.

[Janusz.]

SpyHunter to program wątpliwej reputacji, nie polecam tego.

 

Jako iż używasz przeglądarki od Comodo

\

(Comodo) E:\Comodo\Dragon\dragon.exe

/

 

to nie mogę zobaczyć listę zainstalowanych dodatków. sprawdź ręcznie czy masz jakieś dziwne rozszerzenia w przeglądarce.

 

 

Mała poprawka

 

do notatnika wklej

 

 

R1 {6d550375-e98e-48ce-8260-daa7e461d495}Gw; C:\Windows\System32\drivers\{6d550375-e98e-48ce-8260-daa7e461d495}Gw.sys [43152 2014-10-07] (StdLib)

2014-10-08 00:09 - 2014-10-07 03:46 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{6d550375-e98e-48ce-8260-daa7e461d495}Gw.sys
 
EmptyTemp:
 

 

zapisz pod nazwą fixlist.txt, umieść obok FRST i kliknij FIX. użyj narzędzia DelFix z tego tematu Poradnik dot. logów.

[Piteruum]

DelFix uzyc juz po kliknieciu Fix gdy sie skonczy to robic?

[Janusz.]

Najpierw robisz fix, potem używasz narzędzia delfix. Nie zapomnij sprawdzić dodatków w comodo dragon.

[Piteruum]

I wrzucic FRST , Logfix i delfix?

[TreQuS]

no i malwarebytes przeskanuj pelnym

[Piteruum]

Nie wiem czemu ale FRST , i wszystkie pliki z niego zniknely jak uzylem delfixa, chodzi o sam program i o wszystkie pliki TXT.

Z delfixa txt to samo. wtf?

[TreQuS]

Nie wiem czemu ale FRST , i wszystkie pliki z niego zniknely jak uzylem delfixa, chodzi o sam program i o wszystkie pliki TXT.

Z delfixa txt to samo. wtf?

combofix

 

http://www.bleepingcomputer.com/download/combofix/

daj logi z niego

[Janusz.]

combofix

 

http://www.bleepingcomputer.com/download/combofix/

daj logi z niego

Polecasz mu combofixa nie znając stanu jego systemu. Wypisujesz głupoty, combofix nie usunie plików adware, ten program nie jest stworzony po to aby usunąć reklamy z przeglądarek. Jeśli Ci się chce to możesz poczytać skutki uboczne po użyciu combofixa bez nadzoru http://www.MPCpc.pl/topic/7-dezynfekcja-narz%C4%99dzie-combofix/

[Piteruum]

Przeinstalowanie przegladarki nic nie dało, a wszystko zwiazane z tym co pisał @DnaloP sie usuneło. Oczywiscie zrobilem co mialem.

[Janusz.]

Użyj na koniec adwcleaner http://www.bleepingcomputer.com/download/adwcleaner/

[Piteruum]

***** [ Usługi ] *****


[#] Usługa Usunięto : Update Techgile
[#] Usługa Usunięto : Util Techgile
Usługa Usunięto : {6d550375-e98e-48ce-8260-daa7e461d495}Gw

Dziekuje bardzo , nie mam jak sprawdzic teraz czy sie wyswietlaja dalej , ale potem sprawdze , dziekuje za pomoc!

[Janusz.]

a teraz was zgaszę czy przy reklamach pisze genesis ? to jest typowy wirus wyświetlający reklamy gdzie się da i to jest proces systemowy :P trzeba go zakończyć zlokalizować plik i usunąć i usunąć plik z autostartu najlepiej ccleaner'em a potem skany adw cleanerem i Eusing Free registry cleaner'em i komp od razu czysty

Niestety, nie zgasiłeś nas :-) Jakby to było adware genesis to bym dawno to wywalił, tutaj jest jakiś inny problem gdyż usługa {6d550375-e98e-48ce-8260-daa7e461d495}Gw cały czas nawraca.

 

@Piteruum dostarcz ponownie logi FRST wraz z addition.