OTL logi sprawdzenie

[nowy00]

Proszę o sprawdzenie logów bo włanczają mi się dziwne strony podczas przeglądania internetu.Poniżej wklejam linki Dostępne tylko dla zarejestrowanych użytkowników Dostępne tylko dla zarejestrowanych użytkowników Dziękuje

[djarta]

Logi z FRST daj: bezpieczenstwo/korzystanie-z-frst-t28530.html

[nowy00]

Logi z FRST Dostępne tylko dla zarejestrowanych użytkowników Dostępne tylko dla zarejestrowanych użytkowników Dostępne tylko dla zarejestrowanych użytkowników

[djarta]

1. Otwórz notatnik i wklej:

CloseProcesses:
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 cpuz138; \??\C:\Users\HP\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 usboebusdrvcl; system32\DRIVERS\usboebusdrvcl.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 vmm; \??\C:\Windows\system32\Drivers\vmm.sys [X]
OPR Session Restore: -> [funkcja włączona]
CHR Extension: (ARChon Custom Runtime 2.1.0 - x86_64) - C:\Users\HP\Desktop\vladikoff-archon-e3c9b322402a\vladikoff-archon-e3c9b322402a [2015-01-16] [UpdateUrl: hxxp://localhost] <==== UWAGA
C:\Users\HP\Desktop\vladikoff-archon-e3c9b322402a
CHR HomePage: Default -> hxxp://houmpage.com/?src=hp&ssid=145105 ... b8d1bc6b86
CHR StartupUrls: Default -> "hxxp://houmpage.com/?src=nt&ssid=1451057798&a=1003679&uuid=bceeac73-6194-4edb-b5b0-36b8d1bc6b86"
CHR DefaultSearchURL: Default -> hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451057798&a=1003679&uuid=bceeac73-6194-4edb-b5b0-36b8d1bc6b86
CHR DefaultSearchKeyword: Default -> g
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\gcswf32.dll => Brak pliku
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Brak pliku
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => Brak pliku
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => Brak pliku
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => Brak pliku
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => Brak pliku
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll => Brak pliku
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-71128753-1185949656-3381995990-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-71128753-1185949656-3381995990-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID= ... 0000000000
HKU\S-1-5-21-71128753-1185949656-3381995990-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-71128753-1185949656-3381995990-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-71128753-1185949656-3381995990-1000 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-71128753-1185949656-3381995990-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-71128753-1185949656-3381995990-1000 -> {24FE7998-CB93-4BDB-A7D8-A50AE4C8F0C9} URL = hxxp://pl.wikipedia.org/w/index.php?tit ... aj&search={searchTerms}
SearchScopes: HKU\S-1-5-21-71128753-1185949656-3381995990-1000 -> {7238975F-A20D-4B0B-AE72-4F1016502AFB} URL = hxxp://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=F47CE4D6-2EE0-4F00-80BA-7BBC340759D5&apn_sauid=18173CA8-F1BA-41B2-AF25-3BBAEF7F9F33
SearchScopes: HKU\S-1-5-21-71128753-1185949656-3381995990-1000 -> {930E4725-3DB1-4E88-8DB2-5FBDC935930E} URL = hxxp://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-71128753-1185949656-3381995990-1000 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-71128753-1185949656-3381995990-1000 -> {E13E3AA9-3CE2-4347-ABB2-C80285FB83F3} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
2015-12-25 17:33 - 2015-12-25 17:33 - 00003116 _____ C:\Windows\System32\Tasks\Rush Component
2015-12-25 17:33 - 2015-12-25 17:33 - 00003106 _____ C:\Windows\System32\Tasks\Rush Component2
2015-12-25 17:32 - 2015-12-25 17:43 - 00000000 ____D C:\ProgramData\yWdMy
2015-12-25 17:32 - 2015-12-25 17:32 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-12-25 17:28 - 2015-12-25 17:28 - 00000187 _____ C:\Users\HP\AppData\Local\Isruncan.exe.config
2015-12-25 17:26 - 2015-12-25 17:26 - 00000000 ____D C:\Users\Public\Documents\dmp
2015-12-25 17:21 - 2015-12-25 17:21 - 00301802 _____ ( ) C:\Users\HP\Downloads\Instalador.exe
2015-12-25 12:42 - 2015-12-25 12:41 - 00000170 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-25 11:17 - 2015-12-25 11:17 - 00000000 ____D C:\Users\HP\AppData\Local\ns0
C:\Users\HP\AppData\Local\Rush Component
Task: {0B3DC3E8-05D3-40DB-9131-5D7DD05D75E8} - System32\Tasks\{AEA50040-4EC2-4EE5-A214-3C49EB4D00CA} => pcalua.exe -a C:\Users\HP\Desktop\StairCon340Full\Crack.exe -d C:\Users\HP\Desktop\StairCon340Full
Task: {0C7F85C0-85F6-443C-B3A7-F812EEECB1C6} - System32\Tasks\Rush Component2 => Rundll32.exe "C:\Users\HP\AppData\Local\Rush Component\{B9485F22-F2E1-5122-2BBE-29911A294BF2}\bkseqylr.dll",#1 <==== UWAGA
Task: {0E6C1ACC-61CD-4278-9D85-379F1CA46160} - \HPPumicesUnclotheV2 -> Brak pliku <==== UWAGA
Task: {1119351E-C847-4E51-AE31-D8AA6FA0B856} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {17F3D391-C5C7-4B92-8944-2DEDAC10FFAE} - \Program aktualizacji online firmy DivX. -> Brak pliku <==== UWAGA
Task: {19C308D2-BDDC-43BF-BF7F-006BDE001589} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {209F39FA-FC73-4D22-8267-1E80E1C4A063} - System32\Tasks\{E2182B00-1F6E-4A93-988B-1159764485BE} => Firefox.exe
Task: {25A8688F-6D68-4CC3-A4C0-32A026AE092E} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 8.0\upgrade.exe [2015-11-28] (ESET)
Task: {26AEA42C-8069-483A-B3F1-3C02DA13F126} - System32\Tasks\{BBFF96B4-344F-48ED-8E31-1C4C9378E208} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.11.104/pl ... =tsInstall
Task: {29B83FF7-6618-4A85-B6B6-40AD11C41D6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2007-08-29] (Apple Inc.)
Task: {2E9FE216-47B3-4031-9192-B1DDD091AC6A} - System32\Tasks\Opera scheduled Autoupdate 1428124222 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software)
Task: {35551546-2D58-4FBE-B20F-3C59BFAD6F95} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe [2014-09-20] (Megaify Software Co., Ltd.)
Task: {37AE8E81-14B9-4DCF-8D15-624137374843} - System32\Tasks\{CB034602-0BEE-48A4-A0C5-E83E19F9EC67} => pcalua.exe -a "C:\Users\HP\Desktop\HijackThis (1).exe" -d C:\Users\HP\Desktop
Task: {3AB188C6-DD02-4F1C-9CDF-6B5A027BEFC8} - System32\Tasks\{DF0A0501-F10B-4440-88C4-41E7362540A2} => pcalua.exe -a D:\cadwork.dir\ci_start.exe -c /UNINSTALL
Task: {428EA34E-EE23-4850-866A-067D6B787F26} - System32\Tasks\ALL Update => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe
Task: {468AEE72-6FBA-4DD4-976B-1C329DDA09EE} - System32\Tasks\{645CF191-DA22-4EF4-9A84-CC1669F8E0A6} => pcalua.exe -a C:\Users\HP\Desktop\vm_web2(1).exe -d C:\Users\HP\Desktop
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {669F78BB-DDAE-4450-8753-E1116E5E6C02} - System32\Tasks\{7F1E0FE4-4535-4DB9-B308-DA4836CCF7E6} => pcalua.exe -a "D:\lumia\Tom XAP Installer.exe" -d D:\lumia
Task: {6764CBDE-29F1-4FC3-B53C-5CBB9C377CF0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-09-19] (TuneUp Software)
Task: {6E1AFA35-5032-4A80-9F3E-506FE0309F97} - System32\Tasks\{AFD9C54B-FBF9-4218-B4AD-48F6DB6F4978} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.11.104/id ... age=tsMain
Task: {74B4283F-7965-4773-9C63-A3176BCF50BC} - System32\Tasks\{66996455-A0B0-4103-80B7-B9EB08568E30} => pcalua.exe -a "D:\narzedziownia\Nero 7.2.0.3 Portable PL.exe" -d D:\narzedziownia
Task: {77E03424-52DD-4C4F-AB94-642DD745AD65} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {840D0039-1FB2-4CC0-93BF-5CAB10044093} - System32\Tasks\{4AEF95A3-4A90-401B-9A8B-70FE833F017A} => pcalua.exe -a C:\Windows\WPDeviceManager\WPDeviceSetup.exe -d C:\Windows\WPDeviceManager
Task: {85AF399B-EE6E-4DFB-9781-7ED64FC55D86} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {8B5EC96A-B885-428E-AD02-19E521706D4E} - System32\Tasks\{656F9B4F-5FFC-4635-8DD9-6AD86AC73CF6} => pcalua.exe -a "C:\Users\HP\Desktop\Nero 6.6.1.4_ENG_PL_ Serial_LightScribe\Nero 6.6.1.4_ENG_PL_ Serial_LightScribe\Nero-6.6.1.4_plk.exe" -d "C:\Users\HP\Desktop\Nero 6.6.1.4_ENG_PL_ Serial_LightScribe\Nero 6.6.1.4_ENG_PL_ Serial_LightScribe"
Task: {8E6B5732-B936-4C74-A4B2-81FEC8D90174} - System32\Tasks\{2FB6539E-DDC0-49D9-97BB-9D0510BB3354} => pcalua.exe -a "C:\Users\HP\Desktop\UISOPE9322656\UltraISO Premium Edition v9.3.2.2656 Pl\uiso9_pe.exe" -d "C:\Users\HP\Desktop\UISOPE9322656\UltraISO Premium Edition v9.3.2.2656 Pl"
Task: {9728B20F-D4D8-40E4-A441-19A8831B82CF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {9AA1B7EC-7EFB-4FF3-83FD-1A42EBB6CDDE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {9FE02264-EDAA-48C9-BCD1-3130249C463D} - \LuckyBrowse -> Brak pliku <==== UWAGA
Task: {A0FD055D-62A0-406C-A644-31CB1802752A} - System32\Tasks\{046D4132-2D7A-4325-B959-4DB65F555662} => pcalua.exe -a "C:\Users\HP\Desktop\EasyRecovery Professional v.6.12.02 PL - portable.exe" -d C:\Users\HP\Desktop
Task: {B6B88477-442C-4A71-BF2E-100FD726451F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {D5F17012-0804-40DD-8F6C-177C8A820FEE} - System32\Tasks\{1C05042F-C3A3-4989-8225-4B92916DEFE6} => pcalua.exe -a "C:\Users\HP\Desktop\Tom XAP Installer.exe" -d C:\Users\HP\Desktop
Task: {DAF473B6-3522-4AFC-B686-53A2D9DC6562} - System32\Tasks\{0B01718F-B36A-4344-A9F6-2DB317318E70} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {DC4D3CDD-B06D-4016-ADA1-85F81B5737E0} - System32\Tasks\Google Updater and Installer => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E26FFCA5-D9D7-49CE-9D8A-FF7FC345A5FF} - System32\Tasks\Rush Component => Rundll32.exe "C:\Users\HP\AppData\Local\Rush Component\{B9485F22-F2E1-5122-2BBE-29911A294BF2}\RushComponent.dll",#1 <==== UWAGA
Task: {F288695C-6B1D-46EB-9AF8-9B86F2383746} - System32\Tasks\{8556123C-8EEF-4C25-B640-1FF3ABE6B0F6} => pcalua.exe -a "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\GUninstaller.exe" -c -uprtc -key "BabylonToolbar"
Task: {FBF2F984-BBD8-47A0-AB4E-C72AB35B4EDB} - \Program aktualizacji online firmy Adobe. -> Brak pliku <==== UWAGA
Task: {FC3DBBA6-FA3B-49F8-8C05-CFB32AF5A14B} - System32\Tasks\{138781B4-6D7F-4C1D-8C04-403B5A58CF0B} => pcalua.exe -a "C:\Users\HP\Desktop\Windows Phone SDK 7.1 web installer.exe" -d C:\Users\HP\Desktop
Task: {FFD8C513-5768-451B-912B-84A5FFD80A1E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe [2015-12-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

2. Użyj >Dostępne tylko dla zarejestrowanych użytkowników
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt

3. Uruchom Dostępne tylko dla zarejestrowanych użytkowników. Wciśnij dowolny klawisz i czekaj, aż skończy się operacja. (UWAGA: podczas pobierania, programy mogą wskazywać, że to jest zagrożenie, proszę to zignorować). Pokaż raport.

4. Wyczyść przeglądarki

FireFox:

• menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone.
• menu Historia > Wyczyść historię przeglądania

Google Chrome:

• Zresetuj synchronizację (o ile włączona): Dostępne tylko dla zarejestrowanych użytkowników.


• Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone.


• Zresetuj cache wtyczek. W pasku adresów wpisz chrome://plugins i ENTER. Na liście wtyczek wybierz dowolną i kliknij Wyłącz. Następnie wtyczkę ponownie Włącz.

5. Wykonaj i wklej nowe logi z FRST.

[nowy00]

# AdwCleaner v5.027 - Utworzono raport 01/01/2016 o 21:17:57
# Ostatnia aktualizacja 30/12/2015 przez Xplode
# Baza danych : 2015-12-30.1 [Serwer]
# System operacyjny : Windows 7 Ultimate Service Pack 1 (x64)
# Nazwa użytkownika : HP - DV7
# Lokalizacja programu : C:\Users\HP\Desktop\adwcleaner_5.027.exe
# Działanie : Skanuj
# Wsparcie : Dostępne tylko dla zarejestrowanych użytkowników

***** [ Usługi ] *****


***** [ Foldery ] *****

Folder znaleziono : C:\Program Files\FileViewPro
Folder znaleziono : C:\Program Files (x86)\1ClickDownload
Folder znaleziono : C:\Program Files (x86)\Conduit
Folder znaleziono : C:\Program Files (x86)\file scout
Folder znaleziono : C:\Program Files (x86)\Przyspiesz Komputer
Folder znaleziono : C:\Program Files (x86)\DriverToolkit
Folder znaleziono : C:\Program Files (x86)\myfree codec
Folder znaleziono : C:\ProgramData\Ask
Folder znaleziono : C:\ProgramData\Babylon
Folder znaleziono : C:\ProgramData\Uniblue
Folder znaleziono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder znaleziono : C:\Users\HP\AppData\Local\Conduit
Folder znaleziono : C:\Users\HP\AppData\Local\OpenCandy
Folder znaleziono : C:\Users\HP\AppData\Local\FileViewPro
Folder znaleziono : C:\Users\HP\AppData\Local\DriverToolkit
Folder znaleziono : C:\Users\HP\AppData\LocalLow\Conduit
Folder znaleziono : C:\Users\HP\AppData\Roaming\Babylon
Folder znaleziono : C:\Users\HP\AppData\Roaming\PerformerSoft

***** [ Pliki ] *****


***** [ DLL ] *****


***** [ Skróty ] *****


***** [ Zaplanowane zadania ] *****


***** [ Rejestr ] *****

Klucz znaleziono : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Klucz znaleziono : HKLM\SOFTWARE\Classes\driverscanner
Klucz znaleziono : HKLM\SOFTWARE\Classes\Prod.cap
Klucz znaleziono : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Klucz znaleziono : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klucz znaleziono : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz znaleziono : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Klucz znaleziono : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Klucz znaleziono : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klucz znaleziono : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Klucz znaleziono : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Klucz znaleziono : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Klucz znaleziono : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Klucz znaleziono : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Klucz znaleziono : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klucz znaleziono : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Klucz znaleziono : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klucz znaleziono : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Klucz znaleziono : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Klucz znaleziono : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klucz znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klucz znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Klucz znaleziono : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Klucz znaleziono : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Klucz znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Klucz znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klucz znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Klucz znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klucz znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Klucz znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Klucz znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klucz znaleziono : HKCU\Software\Conduit
Klucz znaleziono : HKCU\Software\Myfree Codec
Klucz znaleziono : HKCU\Software\Softonic
Klucz znaleziono : HKCU\Software\DriverToolkit
Klucz znaleziono : HKCU\Software\PRODUCTSETUP
Klucz znaleziono : HKCU\Software\DAILYPCCLEAN
Klucz znaleziono : HKCU\Software\undefined
Klucz znaleziono : HKCU\Software\Microsoft\Tinstalls
Klucz znaleziono : HKCU\Software\dobreprogramy
Klucz znaleziono : HKCU\Software\AppDataLow\Toolbar
Klucz znaleziono : HKCU\Software\AppDataLow\Software\Conduit
Klucz znaleziono : HKLM\SOFTWARE\Babylon
Klucz znaleziono : HKLM\SOFTWARE\Conduit
Klucz znaleziono : HKLM\SOFTWARE\Myfree Codec
Klucz znaleziono : HKLM\SOFTWARE\Uniblue
Klucz znaleziono : HKLM\SOFTWARE\Uniblue\DriverScanner
Klucz znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Przeglądarki internetowe ] *****

[C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] znaleziono : ejpbbhjlbipncjklfjjaedaieimbmdda

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5335 bajty] ##########

-- 01 sty 2016, 21:45 --

log JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Ultimate x64
Ran by HP (Administrator) on 2016-01-01 at 21:36:34,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-01-01 at 21:42:55,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- 01 sty 2016, 22:04 --

Dostępne tylko dla zarejestrowanych użytkowników Dostępne tylko dla zarejestrowanych użytkowników Dostępne tylko dla zarejestrowanych użytkowników

[djarta]

Jak sytuacja ?

[nowy00]

Pomogło i jak narazie żadne strony dziwne się nie pojawiają

[djarta]

1. Wykonaj wszystko z tego tematu: Kroki kończące temat.

2. Przeprowadź skanowanie za pomocą Dostępne tylko dla zarejestrowanych użytkowników. Jeśli coś znajdzie, nic nie usuwaj, tylko dostarcz raport z wynikami.

[nowy00]

Kod: Zaznacz cały

HitmanPro 3.7.12.253
www.hitmanpro.com

   Computer name . . . . : DV7
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : DV7\HP
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-01-02 15:45:03
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 45s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 9

   Objects scanned . . . : 2 055 038
   Files scanned . . . . : 37 339
   Remnants scanned  . . : 293 572 files / 1 724 127 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA80047532D0
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA8003CA42C0 +0
   Solution
      DriverObject . . . : FFFFFA80047532D0
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF88000E214D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Suspicious files ____________________________________________________________

   C:\Users\HP\Desktop\FRST-OlderVersion\FRST64_02.5.2015.exe
      Size . . . . . . . : 2 101 248 bytes
      Age  . . . . . . . : 1.9 days (2015-12-31 17:40:33)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : EC53232ED6985FD72F122C37EA6FF5E943C6A4D5C5195FA2021BAB3EE06A14D6
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\HP\Desktop\FRST64.exe
      Size . . . . . . . : 2 370 560 bytes
      Age  . . . . . . . : 1.9 days (2015-12-31 17:47:40)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 8C07FFF0D998FC8CDF4700AC2E2B8E131D74289713F41BF35FEC4F9A8B6CF6DE
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-71128753-1185949656-3381995990-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\HP\Desktop\FRST64.exe

   C:\Users\HP\Downloads\FRST (1).exe
      Size . . . . . . . : 1 721 856 bytes
      Age  . . . . . . . : 1.9 days (2015-12-31 17:37:48)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : C304F636C6D867B95853DB44818B2F1070A2E0F2572891E093B742D9CC6247FC
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -1.8s C:\Users\HP\Downloads\FRST.exe
          0.0s C:\Users\HP\Downloads\FRST (1).exe

   C:\Users\HP\Downloads\FRST.exe
      Size . . . . . . . : 1 721 856 bytes
      Age  . . . . . . . : 1.9 days (2015-12-31 17:37:46)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : C304F636C6D867B95853DB44818B2F1070A2E0F2572891E093B742D9CC6247FC
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\HP\Downloads\FRST.exe
          1.8s C:\Users\HP\Downloads\FRST (1).exe

   C:\Users\HP\Downloads\FRST64_02.5.2015.exe
      Size . . . . . . . : 2 101 248 bytes
      Age  . . . . . . . : 1.9 days (2015-12-31 17:39:58)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : EC53232ED6985FD72F122C37EA6FF5E943C6A4D5C5195FA2021BAB3EE06A14D6
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-71128753-1185949656-3381995990-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\HP\Downloads\FRST64_02.5.2015.exe


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-71128753-1185949656-3381995990-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Smartbar\ (Conduit)
   HKU\S-1-5-21-71128753-1185949656-3381995990-1000\Software\AppDataLow\Software\Smartbar\ (Conduit)




[djarta]

Usuń wszystko co wykrył Hitman.

[nowy00]

# DelFix v1.011 - Logfile created 03/01/2016 at 18:03:27
# Updated 18/08/2015 by Xplode
# Username : HP - DV7
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\HP\Desktop\FRST-OlderVersion
Deleted : C:\ComboFix.txt
Deleted : C:\Users\HP\Desktop\adwcleaner_5.027.exe
Deleted : C:\Users\HP\Desktop\FRST64.exe
Deleted : C:\Users\HP\Desktop\JRT.exe
Deleted : C:\Users\HP\Desktop\HijackThis (1).exe
Deleted : C:\Users\HP\Downloads\adwcleaner_5.027 (1).exe
Deleted : C:\Users\HP\Downloads\adwcleaner_5.027 (2).exe
Deleted : C:\Users\HP\Downloads\adwcleaner_5.027 (3).exe
Deleted : C:\Users\HP\Downloads\adwcleaner_5.027.exe
Deleted : C:\Users\HP\Downloads\Extras.Txt
Deleted : C:\Users\HP\Downloads\FRST (1).exe
Deleted : C:\Users\HP\Downloads\FRST.exe
Deleted : C:\Users\HP\Downloads\FRST64_02.5.2015.exe
Deleted : C:\Users\HP\Downloads\JRT.exe
Deleted : C:\Users\HP\Downloads\HijackThis (1).exe
Deleted : C:\Users\HP\Downloads\HijackThis.exe
Deleted : C:\Users\HP\Downloads\OTL.Txt
Deleted : C:\Users\HP\Downloads\OTL_www.instalki{usun}.pl (1).exe
Deleted : C:\Users\HP\Downloads\OTL_www.instalki{usun}.pl.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

[djarta]

W porządku.

[nowy00]

Dzięki zamykam temat