Wirus przeglądarkowy.

▒Kiszka▒ · 24 Kwietnia 2015

Witam, mam problem z wirusem przeglądarkowym. Chodzi tu o nasze kochane spamery reklamami i wirusy robiące lagi na przeglądarce.

Nie znam dokładnej nazwy wirusa, ale działa on tak: http://prntscr.com/6xn7ld(przykład wchodząc na allegro)

Dodatkowo czasem otwiera mi się jakaś strona, którą muszę cofnąć chyba z 8 razy by cofnąć do tej, z której mi się otworzyło.

Pamiętam kiedyś pobrałem program, który po instalacji skanował, sam automatycznie usuwał tego wirusa.

Podkreślę, że nie szukam syfu typu "spy hunter" który sam jest większym wirusem niż to co w przeglądarce, albo jakieć CCleaner (bądź inne podobne programy).

Potrzebuję to szybko, więc do zgarnięcia 30 like za podanie linku, jeśli zadziała

▒Kiszka▒ · 26 Kwietnia 2015

Usunąłem wirusa. Nie wiem po co była ta cała jazda z programami, wystarczy wejść w %appdata% i tam usunąć mozillę. Dla pewności wywaliłem również cały rejestr i przeglądarka jak nowa.

@The Joker

W moim przypadku mogę sobie pozwolić na czyszczenie wszystkich zapisów przeglądarki, bo jedyne co po instalacji, to adblock zainstalować Haseł nie zapisuje, bo znam je na pamięć, poza tym bezpieczniej. Jak też nic się nie stanie po zupełnym "formacie" przeglądarki, to usuń cały folder i będzie działać.

@Aranthor Za chęć pomocy, masz ten limit

Zamykam i pozdrawiam.

▒Kiszka▒ · 25 Kwietnia 2015

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2015
Ran by KALISZ (administrator) on KALISZ-KOMPUTER on 25-04-2015 12:56:42
Running from C:\Users\KALISZ\Desktop
Loaded Profiles: KALISZ (Available profiles: KALISZ)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Polski (Polska)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgwdsvc.exe
(winreview.ru) C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgui.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) D:\Mozilla\firefox.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) D:\Mozilla\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Farbar) C:\Users\KALISZ\Desktop\FRST(1).exe
(Mozilla Corporation) D:\Mozilla\firefox.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgemcx.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgnsx.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgrsx.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgcsrvx.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [unlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => D:\AVG\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-3887460629-1903086119-2254284701-1000\...\Run: [LightShot] => C:\Users\KALISZ\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-3887460629-1903086119-2254284701-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-3887460629-1903086119-2254284701-1000\...\Run: [EpicScale] => [X]
HKU\S-1-5-21-3887460629-1903086119-2254284701-1000\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2014-10-29]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\KALISZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Plague Inc Evolved.lnk [2015-04-18]
ShortcutTarget: Plague Inc Evolved.lnk -> C:\ProgramData\{e04f0dc5-875c-c563-e04f-f0dc58753716}\Plague Inc Evolved.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Office12\GR469A~1.DLL [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Office12\GR469A~1.DLL [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Office12\GR469A~1.DLL [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Office12\GR469A~1.DLL [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Office12\GR469A~1.DLL [2006-10-27] (Microsoft Corporation)
BootExecute: autocheck autochk * aswBoot.exe /M:ac9cea8 /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3887460629-1903086119-2254284701-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Office12\GR469A~1.DLL [2006-10-27] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GRA32A~1.DLL [2006-10-27] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.23.1 192.168.0.1
Tcpip\..\Interfaces\{9B1C03E4-7360-4A2E-9827-AF51EF6D1083}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\KALISZ\AppData\Roaming\Mozilla\Firefox\Profiles\dhrngt87.default
FF Homepage: hxxp://www.google.pl/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Extension: SaleePlaus - C:\Users\KALISZ\AppData\Roaming\Mozilla\Firefox\Profiles\dhrngt87.default\Extensions\[email protected]<script cf-hash='f9e31' type="text/javascript"> /* */</script> [2015-04-18]
FF Extension: AntiGameOrigin - C:\Users\KALISZ\AppData\Roaming\Mozilla\Firefox\Profiles\dhrngt87.default\Extensions\[email protected][2015-02-28]
FF Extension: Adblock Plus - C:\Users\KALISZ\AppData\Roaming\Mozilla\Firefox\Profiles\dhrngt87.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-07]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

Opera:
=======
OPR StartupUrls: "hxxp://ogame.pl/"
OPR Extension: (AntiGameOrigin) - C:\Users\KALISZ\AppData\Roaming\Opera Software\Opera Stable\Extensions\kjhdacmhlokebdkdjpgpijccjcijoagk [2015-03-03]
StartMenuInternet: (HKLM) OperaStable - D:\\Launcher.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; D:\AVG\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\AVG\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S3 Microsoft Office Groove Audit Service; D:\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
R2 persdwmsrv; C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe [7680 2011-05-28] (winreview.ru) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [391472 2013-06-26] (Ralink Technology, Corp.)
S2 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [224736 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210912 2015-02-25] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-10-31] (Disc Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-04-08] (REALiX)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1635632 2013-09-06] (Ralink Technology Corp.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-25 12:56 - 2015-04-25 12:57 - 00014336 _____ () C:\Users\KALISZ\Desktop\FRST.txt
2015-04-25 12:39 - 2015-04-25 12:39 - 01139200 _____ (Farbar) C:\Users\KALISZ\Desktop\FRST(1).exe
2015-04-25 12:38 - 2015-04-25 12:56 - 00000000 ____D () C:\FRST
2015-04-24 15:42 - 2015-04-25 12:27 - 00000112 _____ () C:\Windows\setupact.log
2015-04-24 15:42 - 2015-04-24 15:42 - 00001804 _____ () C:\Windows\PFRO.log
2015-04-24 15:42 - 2015-04-24 15:42 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-24 15:27 - 2015-04-24 15:27 - 00000000 ____D () C:\ProgramData\Wondershare
2015-04-24 15:26 - 2015-02-27 10:35 - 00000232 _____ () C:\Windows\system32\dllhost.exe.config
2015-04-24 15:25 - 2015-04-24 15:34 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\Wondershare
2015-04-24 15:25 - 2015-04-24 15:34 - 00000000 ____D () C:\Program Files\Wondershare
2015-04-24 15:18 - 2015-04-24 15:18 - 00000000 ____D () C:\Program Files\Elex-tech
2015-04-23 21:09 - 2015-04-23 21:09 - 00000606 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-23 19:11 - 2015-04-24 14:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-19 14:50 - 2015-04-19 14:50 - 00000983 _____ () C:\Users\KALISZ\AppData\Local\recently-used.xbel
2015-04-19 12:32 - 2015-04-19 12:32 - 00001069 _____ () C:\Users\KALISZ\Desktop\Argentus — skrót.lnk
2015-04-18 16:49 - 2015-04-18 16:49 - 00000000 ____D () C:\ProgramData\10608673427404285897
2015-04-18 16:48 - 2015-04-20 13:32 - 00000000 ____D () C:\ProgramData\{e04f0dc5-875c-c563-e04f-f0dc58753716}
2015-04-09 16:35 - 2015-04-09 16:35 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\AMD
2015-04-08 23:22 - 2015-04-08 23:22 - 23621632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atioglxx.dll
2015-04-08 23:22 - 2015-04-08 23:22 - 03471376 _____ () C:\Windows\system32\atiumdva.cap
2015-04-08 23:22 - 2015-04-08 23:22 - 00651264 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2015-04-08 23:22 - 2015-04-08 23:22 - 00472576 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-04-08 23:22 - 2015-04-08 23:22 - 00323252 _____ () C:\Windows\system32\ativvaxy_vi.dat
2015-04-08 23:22 - 2015-04-08 23:22 - 00321712 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2015-04-08 23:22 - 2015-04-08 23:22 - 00238144 _____ () C:\Windows\system32\ativvaxy_cz_nd.dat
2015-04-08 23:22 - 2015-04-08 23:22 - 00234292 _____ () C:\Windows\system32\ativvaxy_cik.dat
2015-04-08 23:22 - 2015-04-08 23:22 - 00232624 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2015-04-08 23:22 - 2015-04-08 23:22 - 00203776 _____ () C:\Windows\system32\clinfo.exe
2015-04-08 23:22 - 2015-04-08 23:22 - 00164352 _____ (AMD) C:\Windows\system32\atitmmxx.dll
2015-04-08 23:22 - 2015-04-08 23:22 - 00158944 _____ () C:\Windows\system32\ativce03.dat
2015-04-08 23:22 - 2015-04-08 23:22 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle32.dll
2015-04-08 23:22 - 2015-04-08 23:22 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl32.dll
2015-04-08 23:22 - 2015-04-08 23:22 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo.dll
2015-04-08 23:22 - 2015-04-08 23:22 - 00083312 _____ () C:\Windows\system32\ativce02.dat
2015-04-08 23:22 - 2015-04-08 23:22 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode.dll
2015-04-08 23:22 - 2015-04-08 23:22 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc32.dll
2015-04-08 23:22 - 2015-04-08 23:22 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom32.dll
2015-04-08 23:22 - 2015-04-08 23:22 - 00030720 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-04-08 23:21 - 2015-04-08 23:22 - 16955392 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-04-08 23:21 - 2015-04-08 23:21 - 40987136 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl.dll
2015-04-08 23:21 - 2015-04-08 23:21 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd.dll
2015-04-08 23:21 - 2015-04-08 23:21 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle32.dll
2015-04-08 23:21 - 2015-04-08 23:21 - 00765851 _____ () C:\Windows\system32\amdicdxx.dat
2015-04-08 23:21 - 2015-04-08 23:21 - 00734861 _____ () C:\Windows\system32\atiicdxx.dat
2015-04-08 23:21 - 2015-04-08 23:21 - 00631912 _____ () C:\Windows\system32\atiapfxx.blb
2015-04-08 23:21 - 2015-04-08 23:21 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-04-08 23:21 - 2015-04-08 23:21 - 00265416 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-04-08 23:21 - 2015-04-08 23:21 - 00157248 _____ () C:\Windows\system32\amde31a.dat
2015-04-08 23:21 - 2015-04-08 23:21 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atigktxx.dll
2015-04-08 23:21 - 2015-04-08 23:21 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-04-08 23:21 - 2015-04-08 23:21 - 00058880 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-08 23:21 - 2015-04-08 23:21 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt.dll
2015-04-08 23:21 - 2015-04-08 23:21 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl.dll
2015-04-08 23:21 - 2015-04-08 23:21 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-04-08 23:21 - 2015-04-08 23:21 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll
2015-04-08 23:20 - 2015-04-08 23:20 - 00723160 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2015-04-08 23:20 - 2015-04-08 23:20 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2015-04-08 23:20 - 2015-04-08 23:20 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2015-04-08 23:04 - 2015-04-08 23:04 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\ProductData
2015-04-08 23:04 - 2015-04-08 23:04 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-08 23:03 - 2015-04-08 23:03 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-04-08 23:03 - 2015-04-08 23:03 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\Apple Computer
2015-04-08 23:03 - 2015-04-08 23:03 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-04-08 23:00 - 2015-04-23 18:47 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-08 22:59 - 2015-04-08 23:36 - 00000000 ____D () C:\Program Files\IObit
2015-04-08 22:59 - 2015-04-08 23:04 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\IObit
2015-04-08 22:59 - 2015-04-08 23:03 - 00000000 ____D () C:\ProgramData\IObit
2015-04-08 22:59 - 2015-04-08 22:59 - 00023840 _____ (REALiX) C:\Windows\system32\Drivers\HWiNFO32.SYS
2015-04-07 16:35 - 2015-04-07 16:36 - 03637248 _____ () C:\Users\KALISZ\Desktop\Dla Kochanej Mamusi.xls
2015-04-06 23:56 - 2015-04-06 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-06 23:56 - 2015-04-06 23:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-31 21:37 - 2015-04-09 16:48 - 00000132 _____ () C:\Users\KALISZ\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
2015-03-28 23:17 - 2015-03-28 23:17 - 00000000 ____D () C:\Users\KALISZ\Documents\Adobe Scripts
2015-03-27 11:02 - 2015-03-27 11:02 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-27 11:01 - 2015-03-27 11:01 - 00000700 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2015-03-27 11:00 - 2015-03-27 11:00 - 00000674 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-03-27 10:58 - 2015-03-27 10:58 - 00001490 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-03-27 10:58 - 2015-03-27 10:58 - 00000794 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-03-27 10:58 - 2015-03-27 10:58 - 00000000 ____D () C:\Program Files\Adobe
2015-03-27 10:49 - 2015-03-28 09:59 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-27 10:49 - 2015-03-27 10:59 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-26 17:05 - 2015-03-26 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Unlocker
2015-03-26 11:07 - 2015-03-26 11:08 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-03-26 10:44 - 2015-03-26 10:48 - 00000000 ____D () C:\Windows\SHELLNEW
2015-03-26 10:41 - 2015-03-26 10:43 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-26 10:35 - 2015-03-26 10:35 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-25 12:38 - 2014-10-15 22:31 - 00000000 ____D () C:\Users\KALISZ\AppData\Local\Adobe
2015-04-25 12:35 - 2011-04-12 07:08 - 00743042 _____ () C:\Windows\system32\perfh015.dat
2015-04-25 12:35 - 2011-04-12 07:08 - 00156524 _____ () C:\Windows\system32\perfc015.dat
2015-04-25 12:35 - 2010-11-20 23:01 - 01676910 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-25 12:35 - 2009-07-14 06:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-25 12:35 - 2009-07-14 06:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-25 12:33 - 2015-02-16 14:31 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-25 12:31 - 2014-10-11 23:29 - 01597155 _____ () C:\Windows\WindowsUpdate.log
2015-04-25 12:27 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 19:22 - 2014-10-12 13:24 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\TS3Client
2015-04-24 19:02 - 2015-02-07 17:09 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-24 15:34 - 2014-10-11 23:34 - 00000000 ____D () C:\Users\KALISZ
2015-04-24 15:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-24 15:31 - 2014-11-02 15:50 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\Skype
2015-04-24 15:31 - 2014-10-12 00:25 - 00000000 ____D () C:\Windows\Panther
2015-04-24 15:31 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-04-24 14:50 - 2015-02-21 15:07 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\FileZilla
2015-04-24 14:50 - 2015-02-17 20:29 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\uTorrent
2015-04-24 14:50 - 2014-11-02 15:55 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\Media Player Classic
2015-04-24 14:50 - 2014-10-31 09:53 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\DAEMON Tools Lite
2015-04-24 14:49 - 2015-01-08 22:06 - 00000000 ____D () C:\Windows\Minidump
2015-04-22 22:55 - 2014-12-25 23:45 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\ipla
2015-04-19 14:50 - 2015-02-26 14:09 - 00000000 ____D () C:\Users\KALISZ\.gimp-2.8
2015-04-19 14:49 - 2015-02-28 00:09 - 00000000 ___RD () C:\Users\KALISZ\Desktop\My Image
2015-04-19 14:49 - 2015-02-26 14:31 - 00000000 ____D () C:\Users\KALISZ\AppData\Local\gtk-2.0
2015-04-17 16:02 - 2015-02-01 00:33 - 00000000 ____D () C:\Program Files\TeamViewer
2015-04-16 18:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-16 14:02 - 2014-10-15 22:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-16 14:02 - 2014-10-15 22:31 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 17:58 - 2014-10-12 13:21 - 00000000 ___RD () C:\Users\KALISZ\Desktop\Maks Private
2015-04-09 15:59 - 2015-02-16 14:34 - 00000000 ____D () C:\ProgramData\AVG2015
2015-04-08 23:22 - 2013-12-07 00:03 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxpag.dll
2015-04-08 23:22 - 2013-12-07 00:02 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9pag.dll
2015-04-08 23:22 - 2013-12-06 23:58 - 07558816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdva.dll
2015-04-08 23:22 - 2013-12-06 23:57 - 07077776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdag.dll
2015-04-08 23:21 - 2013-12-07 00:00 - 01127496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx32.dll
2015-04-08 23:21 - 2013-12-06 23:59 - 09401480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx32.dll
2015-04-08 23:21 - 2013-12-06 22:53 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-04-08 23:21 - 2013-12-06 22:52 - 00626688 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-04-08 23:21 - 2013-12-06 22:51 - 00212992 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-04-08 23:21 - 2013-12-06 22:22 - 00903168 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-04-02 14:46 - 2015-02-05 21:11 - 00000000 ____D () C:\Users\KALISZ\AppData\Local\Windows Live
2015-03-31 18:48 - 2015-02-16 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-27 15:28 - 2009-07-14 06:33 - 03830400 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-27 11:04 - 2014-10-15 22:33 - 00000000 ____D () C:\Users\KALISZ\AppData\Roaming\Adobe
2015-03-27 11:02 - 2014-10-12 00:01 - 00111520 _____ () C:\Users\KALISZ\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-27 10:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-26 11:22 - 2015-01-19 16:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-26 10:47 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-26 10:43 - 2015-01-19 16:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-26 10:43 - 2014-10-31 11:02 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-26 10:40 - 2015-01-19 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-26 10:40 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild

==================== Files in the root of some directories =======

2015-03-31 21:37 - 2015-04-09 16:48 - 0000132 _____ () C:\Users\KALISZ\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
2014-12-31 00:09 - 2015-01-11 13:11 - 0000600 _____ () C:\Users\KALISZ\AppData\Roaming\winscp.rnd
2014-12-31 00:02 - 2015-02-21 16:00 - 0000600 _____ () C:\Users\KALISZ\AppData\Local\PUTTY.RND
2015-04-19 14:50 - 2015-04-19 14:50 - 0000983 _____ () C:\Users\KALISZ\AppData\Local\recently-used.xbel
2014-10-12 00:00 - 2014-11-02 21:30 - 0007597 _____ () C:\Users\KALISZ\AppData\Local\Resmon.ResmonCfg
2014-10-12 21:21 - 2014-10-12 21:21 - 0000003 _____ () C:\Users\KALISZ\AppData\Local\updater.log
2014-10-12 21:21 - 2014-12-17 22:29 - 0000413 _____ () C:\Users\KALISZ\AppData\Local\UserProducts.xml

Some content of TEMP:
====================
C:\Users\KALISZ\AppData\Local\Temp\YACDL_00000000.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-04-2015
Ran by KALISZ at 2015-04-25 12:58:08
Running from C:\Users\KALISZ\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3887460629-1903086119-2254284701-500 - Administrator - Disabled)
Gość (S-1-5-21-3887460629-1903086119-2254284701-501 - Limited - Disabled)
KALISZ (S-1-5-21-3887460629-1903086119-2254284701-1000 - Administrator - Enabled) => C:\Users\KALISZ

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3887460629-1903086119-2254284701-1000\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2796CF4-6517-00C1-9F70-6A9C50680D29}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4334 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
FileZilla Client 3.10.1.1 (HKLM\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Galeria fotografii (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Geeks3D FurMark 1.14.1 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
ipla 2.8.4 (HKLM\...\ipla) (Version: 2.8.4 - Redefine Sp z .)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Macromedia Extension Manager (HKLM\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 pl) (HKLM\...\Mozilla Firefox 37.0.2 (x86 pl)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
NOD32 FiX v1.3 (HKLM\...\{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1) (Version: - )
Opera Stable 28.0.1750.51 (HKLM\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Personalization Panel (HKLM\...\Personalization Panel) (Version: 1.2.0.0 - http://winreview.ru/)
Personalization Panel DWM Controller (HKLM\...\{77D3B2EB-8A7E-4E5C-9BC7-6BC2CD6B6B37}) (Version: 1.0.0 - Winreview.ru)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Podstawowe programy Windows Live (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Podstawowe programy Windows Live (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.31.0 - Ralink)
Secure Download Manager (HKLM\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SpeedSim (HKLM\...\SpeedSim) (Version: 0.9.8.1b - )
Stellarium 0.13.2 (HKLM\...\Stellarium_is1) (Version: 0.13.2 - Stellarium team)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.11 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinSCP 5.5.6 (HKLM\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3887460629-1903086119-2254284701-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\KALISZ\AppData\Local\Temp\1798\temp\Plague Inc Evolved.exe No File

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0792CF67-04DF-4D65-853A-D4395112294D} - System32\Tasks\Opera scheduled Autoupdate 1425403792 => D:\launcher.exe [2015-04-07] (Opera Software)
Task: {20286446-7ED1-42BE-9145-1F612CD90B7D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KALISZ-Komputer-KALISZ KALISZ-Komputer => D:\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {21FCA68D-A083-416A-A9F4-B5428FFA2D55} - System32\Tasks\{C71475D1-9E8B-458C-8D47-609796847650} => pcalua.exe -a C:\Users\KALISZ\Desktop\Setup.exe -d C:\Users\KALISZ\Desktop
Task: {3A1583C6-E7AE-4349-8AEE-506622300A15} - System32\Tasks\Uninstaller_SkipUac_KALISZ => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {45796B26-3B7A-433C-93C1-D44822E6CAF5} - System32\Tasks\{31832D6B-AF27-4BEA-8DE0-80B7A112A7DF} => pcalua.exe -a C:\Users\KALISZ\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
Task: {50BF2837-298C-47E2-B3FA-F28D19653ADC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {7694DB77-D06E-45DB-88DD-4F8AE654FF69} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {97F5E873-89B1-4113-94B1-B3ED235B591C} - System32\Tasks\Driver Booster SkipUAC (KALISZ) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {97FF569D-E779-4B3D-907F-E4095D46CF95} - System32\Tasks\AdobeAAMUpdater-1.0-KALISZ-Komputer-KALISZ => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {ADFEB729-6587-4E46-BC21-5A484BB3B139} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BE05F441-A8FD-4409-A912-789F498FC070} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C789B6A4-FE4A-4A23-9B83-FC6C929B03F9} - System32\Tasks\AVG_SYS_TASK_0215av_RUN => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
Task: {E70A4BDA-EC5B-471F-A348-9D6A99D2D31E} - System32\Tasks\{DD4B2772-BD66-4DA4-A859-477FFC98A548} => pcalua.exe -a C:\Users\KALISZ\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=smt <==== ATTENTION
Task: {F7C89441-13FC-482F-8318-0A82859623B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2010-07-04 23:32 - 2010-07-04 23:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2012-10-01 21:33 - 2012-10-01 21:33 - 06522480 _____ () D:\Office15\1033\GrooveIntlResource.dll
2010-07-04 21:51 - 2010-07-04 21:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2014-10-11 23:50 - 2013-09-23 16:48 - 01210672 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2015-04-16 14:02 - 2015-04-16 14:02 - 16863920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3887460629-1903086119-2254284701-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\KALISZ\Desktop\Maks Private\Sabaton-Heroes.jpg
DNS Servers: 192.168.23.1 - 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2015 00:38:37 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (04/25/2015 00:29:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2015 03:44:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

3 pliku nie dam, ponieważ od około 30 minut mam takie coś:

http://img.prntscr.com/img?url=http://i.imgur.com/6FKzkq4.png

Aranthor · 25 Kwietnia 2015

Zapisz zawartość tego linka do pliku o nazwie fixlist.txt w folderze FRST, którego następnie uruchom i wciśnij przycisk fix. Podaj zawartość pliku fixlog.txt.

Aranthor · 24 Kwietnia 2015

Są różne programy radzące sobie z tego typu problemami, lecz nie zawsze działają.

Wykonaj logi FRST.

@@The Joker

Załóż nowy temat i dołącz do niego logi FRST.

The Joker · 24 Kwietnia 2015

Mam to samo, a CCleander nie pomógł wiele razy czyściłem.. Ma na to ktoś rozwiązanie?

Aranthor · 25 Kwietnia 2015

Wklej te logi na jakiś serwer (na przykład wklej.org) lub dodaj je jako załącznik do posta. Te, które wkleiłeś do spoilera, są uszkodzone (znacznik HTML):

FF Extension: SaleePlaus - C:\Users\KALISZ\AppData\Roaming\Mozilla\Firefox\Profiles\dhrngt87.default\Extensions\[email protected]<script cf-hash='f9e31' type="text/javascript"> /* */</script> [2015-04-18]

▒Kiszka▒ · 25 Kwietnia 2015

http://wklej.org/id/1696435/Addition

http://wklej.org/id/1696436/FRST

@Aranthor

Zaloguj się

👋 Witaj na MPCForum!

Wirus przeglądarkowy.

Pytanie

▒Kiszka▒

▒Kiszka▒

7 odpowiedzi na to pytanie

Rekomendowane odpowiedzi

▒Kiszka▒

▒Kiszka▒

▒Kiszka▒

▒Kiszka▒

Aranthor

Aranthor

Aranthor

Aranthor

The Joker

The Joker

Aranthor

Aranthor

▒Kiszka▒

▒Kiszka▒

Zarchiwizowany