Zawirusowana przeglądarka, v9 i inne

**Posty:** 5 · przez **wiktoriabakitka** 05 Sty 2016, 22:24

Witam

Proszę o pomoc w usunięciu tego dziwnego oprogramowania z Chrome,
dodam, że jestem totalnym nowicjuszem i słowo "logi" mi nie za wiele mówi
W załączniku dodaje przykładowe rzeczy, które dzieją się w mojej przeglądarce.

liczę na Was

**Posty:** 5 · przez **ProGamerX333** 05 Sty 2016, 22:30

Pobierz program ADWCleaner ( http://www.programosy.pl/program,adwcleaner.html ), po uruchomieniu kliknij "Skanuj" (SCAN), po wykonanym skanie kliknij "Usuń" (CLEAN). Komputer powinien uruchomić się ponownie.

**Posty:** 261 · przez **AdamPL234** 06 Sty 2016, 09:22

Jeżeli reklamy i paski narzędzi nie znikną to ponownie robisz instalacje przeglądarki na której problem jest aktywny. Jeżeli silnik wyszukiwania, strona domyślna oraz startowa pozostają bez zmian to zmień silnik wyszukiwania na Google, strone startową i domyślną tak samo ustawiasz na np: Google.pl lub Google.com, zapisujesz zmiany i restartujesz przeglądarke tak dla pewności by wiedzieć czy wszystko jest w porządku. A co do pytania skąd sie biorą reklamy i toolbary to właśnie z menedżerów pobierania, instalatorów programów Freeware oraz Shareware i przy okazji z pobierania instalatora jakiegoś programu z nieznanego żródła.

**Posty:** 5 · przez **wiktoriabakitka** 06 Sty 2016, 19:17

Od wczoraj próbuję to zrobić ale ADWCleaner zacina się mimo restartowania komputera i ciągle trwa usuwanie. Wyszukiwarkę już restartowałam jednak to nie pomogło. Spróbuję więc ją zainstalować od nowa

**Posty:** 261 · przez **AdamPL234** 06 Sty 2016, 22:09

Jest na to 2 metoda: Odinstaluj wszystkie reklamy i Paski narzędzi Toolbar programem: Wise Program Uninstaller, wersja portable nie wymaga instalacji, po włączeniu programu odinstaluj wszystko co dotyczy Pasków Narzędzi Toolbar wraz z Reklamami, radze użyć Brutalnej Dezinstalacji gdyby w Bezpiecznej Dezinstalacji nie usunęło wszystkich śladów po reklamach i toolbarach. Potem włącz AdwCleaner i po skanowaniu to co znajdzie usuwasz całkowicie, akceptujesz restart systemu i sprawdzasz jak sytuacja z przeglądarką jeżeli ponowna instalacja przeglądarki nie rozwiąże problemu z Reklamami i Toolbarami.

**Posty:** 2138 · przez **Łowca Androidów** 08 Sty 2016, 14:40

wiktoriabakitka ja proponuję nie słuchać tych bredni tylko dać wymagane logi z FRST i poczekać na kolegę ordynus który Cię poprowadzi fachowo.
To co zostało zaproponowane to syzyfowa praca i nic z tego nie wyjdzie.
W tym dziale panuje kolega ordynat - ma odpowiednią wiedzę więc na pewno Ci pomoże.

**Posty:** 5 · przez **wiktoriabakitka** 13 Sty 2016, 23:26

Zainstalowałam przeglądarkę od nowa i przez jakieś 2 dni był spokój. Teraz pomimo AdBlocka znowu dzieją się dziwne rzeczy, reklamy zasłaniają strony itp.
Jak mam dać te logi? Nie znam się zbyt :1:

**Posty:** 5 · przez **wiktoriabakitka** 09 Lut 2016, 01:45

wklejam logi i proszę o pomoc w uporaniu się z tym okropnym wirusem

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:07-02-2016
Uruchomiony przez Wiktoria (administrator) MATYLDA (09-02-2016 00:36:42)
Uruchomiony z C:\Users\Wiktoria\Desktop\Downloads
Załadowane profile: Wiktoria (Dostępne profile: Wiktoria)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfAdvLog.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Elex do Brasil cenzura!ções Ltda) C:\Program Files (x86)\Elex-tech\YAC\bugreport.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{AA9F92F5-BAA8-42E8-8EAB-3348DC336B7B}\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files (x86)\GUM4921.tmp\GoogleUpdate.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Elex do Brasil cenzura!ções Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil cenzura!ções Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [98304 2009-04-02] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\...\Run: [Dropbox Update] => C:\Users\Wiktoria\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-15] (Dropbox, Inc.)
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\...\Run: [GoogleChromeAutoLaunch_4C40B00606D90ECB5ACAD26341D61A19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-01-27] (Google Inc.)
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\...\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [3709896 2015-11-04] (Napisy24.pl)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-02] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2009-10-18]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\..\Interfaces\{53338500-089C-4D7C-9360-CECC55E32C79}: [DhcpNameServer] 37.8.214.2 31.11.202.254
Tcpip\..\Interfaces\{54106CAF-7755-4F4D-9CCB-27BF71784398}: [DhcpNameServer] 172.16.10.1
Tcpip\..\Interfaces\{865127B3-39A1-47D4-AB79-F9677C500B35}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663218&z=00f3bdc5a289a97d72cd72eg6z5zft4q7qac5o5g9g&from=ient07021&uid=3219913727_67194_B4AEBB8A&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663218&z=00f3bdc5a289a97d72cd72eg6z5zft4q7qac5o5g9g&from=ient07021&uid=3219913727_67194_B4AEBB8A&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1450947693&z=67221cc17ae52a414cde62egez5w9e3t3zcm3qdb5w&from=wpm07173&uid=3219913727_67194_B4AEBB8A&q={searchTerms}
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1450947693&z=67221cc17ae52a414cde62egez5w9e3t3zcm3qdb5w&from=wpm07173&uid=3219913727_67194_B4AEBB8A&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684&from=zzgbkk123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663218&z=00f3bdc5a289a97d72cd72eg6z5zft4q7qac5o5g9g&from=ient07021&uid=3219913727_67194_B4AEBB8A&q={searchTerms}
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684&from=zzgbkk123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684&from=zzgbkk123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684&from=zzgbkk123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684&from=zzgbkk123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684&from=zzgbkk123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684&from=zzgbkk123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663218&z=00f3bdc5a289a97d72cd72eg6z5zft4q7qac5o5g9g&from=ient07021&uid=3219913727_67194_B4AEBB8A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684&from=zzgbkk123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-11-18] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Wiktoria\AppData\Roaming\Mozilla\Firefox\Profiles\cm92m9ai.default
FF NewTab: hxxp://v9.com?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
FF DefaultSearchEngine: V9
FF SearchEngineOrder.1: V9
FF SelectedSearchEngine: V9
FF Homepage: hxxp://v9.com?type=hp&ts=1450690684&from=mych123&uid=3219913727_67194_b4aebb8a&z=8e686faef60fc7505da8beagdz1w1e5qctbe5qebdg
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [Brak pliku]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1721931728-3251447684-4275122561-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Wiktoria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Wiktoria\AppData\Roaming\Mozilla\Firefox\Profiles\cm92m9ai.default\searchplugins\V9.xml [2016-01-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\istartpageing.xml [2015-12-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yoursearching.xml [2015-12-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yoursites123.xml [2015-12-24]
FF Extension: KingCoupOn - C:\Users\Wiktoria\AppData\Roaming\Mozilla\Firefox\Profiles\cm92m9ai.default\Extensions\K3@iJQ.com [2015-09-18] [Brak podpisu cyfrowego]
FF Extension: Stylish - C:\Users\Wiktoria\AppData\Roaming\Mozilla\Firefox\Profiles\cm92m9ai.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-01-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-31] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Wiktoria\AppData\Roaming\Mozilla\Firefox\Profiles\cm92m9ai.default\extensions\deskCutv2@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Wiktoria\AppData\Roaming\Mozilla\Firefox\Profiles\cm92m9ai.default\extensions\default_newtabff@gmail.com => nie znaleziono

Chrome:
=======
CHR HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=180&d=20140615
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-06]
CHR Extension: (Przelewy24) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2016-01-06]
CHR Extension: (Dokumenty Google) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-06]
CHR Extension: (Dysk Google) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-06]
CHR Extension: (YouTube) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-06]
CHR Extension: (Google Search) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-06]
CHR Extension: (Arkusze Google) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-06]
CHR Extension: (AdBlock) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-04]
CHR Extension: (Przycisk Pin It) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-01-06]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-01-16]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-06]
CHR Extension: (Gmail) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [Brak podpisu cyfrowego]
R2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-14] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [Brak podpisu cyfrowego]
S2 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-24] (ASUSTeK Computer Inc.)
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-08-19] (Elex do Brasil cenzura!ções Ltda)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2009-08-22] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2009-08-22] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-19] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2015-08-19] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-08-19] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil cenzura!ções Ltda)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-19] (Duplex Secure Ltd.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42000 2009-12-04] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-08-22] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [265744 2009-12-04] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2007056 2009-12-04] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
U3 tmlwf; Brak ImagePath
U3 tmwfp; Brak ImagePath

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-02-02 21:53 - 2016-02-02 21:53 - 06871040 _____ C:\Program Files (x86)\GUT4922.tmp
2016-02-02 21:53 - 2016-02-02 21:53 - 00000000 ____D C:\Program Files (x86)\GUM4921.tmp
2016-01-28 18:29 - 2016-01-28 18:29 - 00001105 _____ C:\Users\Wiktoria\Desktop\ALLPlayer Radio.lnk
2016-01-28 18:29 - 2016-01-28 18:29 - 00000993 _____ C:\Users\Wiktoria\Desktop\ALLPlayer.lnk
2016-01-28 18:29 - 2016-01-28 18:29 - 00000981 _____ C:\Users\Public\Desktop\Napisy24.pl.lnk
2016-01-28 18:29 - 2016-01-28 18:29 - 00000000 ____D C:\ProgramData\Napisy24
2016-01-28 18:29 - 2016-01-28 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napisy24
2016-01-28 18:29 - 2016-01-28 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer
2016-01-28 18:29 - 2016-01-28 18:29 - 00000000 ____D C:\Program Files (x86)\Napisy24
2016-01-28 18:29 - 2013-04-05 20:26 - 02106368 _____ C:\Windows\SysWOW64\ac3filter.ax
2016-01-28 18:29 - 2013-04-05 20:26 - 00276992 _____ (IntelleSoft) C:\Windows\SysWOW64\BugTrap.dll
2016-01-28 18:29 - 2011-06-02 01:10 - 00644608 _____ C:\Windows\SysWOW64\xvidcore.dll
2016-01-28 18:29 - 2007-10-07 14:36 - 00258048 _____ C:\Windows\SysWOW64\libFLAC.dll
2016-01-28 18:28 - 2016-01-28 18:29 - 00000000 ____D C:\ProgramData\ALLPlayer
2016-01-28 18:28 - 2016-01-28 18:29 - 00000000 ____D C:\Program Files (x86)\ALLPlayer
2016-01-28 18:06 - 2016-01-28 18:06 - 00001014 _____ C:\Users\Wiktoria\Desktop\NapiProjekt.lnk
2016-01-28 18:06 - 2016-01-28 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt
2016-01-28 17:58 - 2016-01-28 18:20 - 00000000 ____D C:\Users\Wiktoria\Desktop\into the wild
2016-01-25 17:50 - 2016-01-25 17:50 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{72D7B339-0945-4C88-A971-995C1AC6EF25}
2016-01-25 01:10 - 2016-01-25 01:11 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{4CF7A37B-E62A-4097-8D66-EB18A2C4765D}
2016-01-24 21:22 - 2016-01-24 21:22 - 00000000 ____D C:\Users\Wiktoria\Documents\Custom Office Templates
2016-01-24 13:10 - 2016-01-24 13:10 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{E5071A82-C592-43D7-BB8B-FAA322943E76}
2016-01-24 00:44 - 2016-01-24 00:45 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{D1EC58FB-FA79-4A9E-B459-BA4426A77407}
2016-01-20 13:24 - 2016-01-20 13:24 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{DEFBDBEE-67A4-47A3-A6CF-4A8D70B055B6}
2016-01-14 20:55 - 2016-01-14 20:55 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{749CD44C-A627-4A31-8DBF-0CDD4B817A39}
2016-01-10 21:40 - 2016-01-10 21:40 - 00000000 ____D C:\Users\Wiktoria\Desktop\X
2016-01-10 17:49 - 2016-01-10 17:50 - 24811778 _____ C:\Users\Wiktoria\Desktop\PP.compressed (1).pdf

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-02-09 00:36 - 2015-04-04 20:32 - 00000000 ____D C:\FRST
2016-02-08 23:54 - 2014-12-26 12:00 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-08 23:46 - 2015-06-15 17:54 - 00001174 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001UA.job
2016-02-08 23:27 - 2012-02-15 21:36 - 00001090 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001UA.job
2016-02-08 11:50 - 2012-02-15 21:36 - 00001068 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001Core.job
2016-02-08 11:49 - 2015-06-15 17:54 - 00001122 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001Core.job
2016-02-08 11:42 - 2010-06-26 18:08 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-03 19:27 - 2015-10-07 15:34 - 00000000 ____D C:\Users\Wiktoria\Desktop\ETRAPES
2016-02-03 19:27 - 2012-03-06 20:00 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\WEB2Print
2016-02-01 01:51 - 2015-03-17 21:28 - 00002012 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-02-01 01:51 - 2015-03-17 21:28 - 00002010 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-02-01 01:51 - 2015-03-17 21:28 - 00002000 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-02-01 01:51 - 2015-03-17 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-01-30 22:13 - 2009-07-14 05:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-30 22:13 - 2009-07-14 05:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-30 22:08 - 2014-06-15 15:12 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\LogMeIn Hamachi
2016-01-30 22:03 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-29 21:34 - 2012-04-24 14:34 - 00000000 ____D C:\Users\Wiktoria\AppData\Roaming\uTorrent
2016-01-29 18:25 - 2014-03-20 20:25 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\CrashDumps
2016-01-29 10:24 - 2016-01-06 18:25 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-29 10:24 - 2010-06-26 18:13 - 00002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-29 10:24 - 2010-06-26 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-28 18:06 - 2013-02-15 18:44 - 00000000 ____D C:\Program Files (x86)\NapiProjekt
2016-01-28 17:56 - 2015-10-17 22:37 - 00000000 ____D C:\Users\Wiktoria\AppData\LocalLow\uTorrent
2016-01-20 10:25 - 2012-03-06 17:31 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\ChomikBox
2016-01-20 10:23 - 2011-02-27 14:17 - 00000000 ____D C:\Users\Wiktoria\.gstreamer-0.10
2016-01-19 22:54 - 2012-04-03 19:43 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-19 22:54 - 2011-11-01 18:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-12 00:31 - 2015-11-16 15:05 - 00000000 ____D C:\Users\Wiktoria\Desktop\wdig

==================== Pliki w katalogu głównym wybranych folderów =======

2010-12-17 21:52 - 2008-10-24 00:59 - 0056105 _____ (PortableAppZ.blogspot.com) C:\Program Files\PhotoshopPortable.exe
2016-02-02 21:53 - 2016-02-02 21:53 - 6871040 _____ () C:\Program Files (x86)\GUT4922.tmp
2015-05-17 17:48 - 2015-05-17 17:48 - 6420480 _____ () C:\Program Files (x86)\GUT646E.tmp
2015-12-24 10:00 - 2015-12-24 10:00 - 2770377 _____ (iBank) C:\Program Files (x86)\SSFK.exe
2015-05-06 15:42 - 2015-12-13 18:19 - 0000100 _____ () C:\Users\Wiktoria\AppData\Roaming\WB.CFG
2011-12-04 18:42 - 2011-12-04 18:42 - 0000000 ____H () C:\Users\Wiktoria\AppData\Local\BITB480.tmp
2010-03-30 21:11 - 2015-03-26 15:04 - 0013312 _____ () C:\Users\Wiktoria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-25 15:20 - 2015-05-25 15:22 - 0000036 _____ () C:\Users\Wiktoria\AppData\Local\housecall.guid.cache
2014-12-21 18:01 - 2014-12-21 18:01 - 0000000 _____ () C:\Users\Wiktoria\AppData\Local\{2A520664-D792-4502-89CA-AD88C28CF993}
2011-10-25 15:34 - 2011-10-25 15:34 - 0000000 _____ () C:\Users\Wiktoria\AppData\Local\{C3EDCEE5-0435-45A2-A8F9-B27FF0AAF9BA}
2015-07-28 18:07 - 2015-07-28 18:07 - 0000000 _____ () C:\Users\Wiktoria\AppData\Local\{DF9568E3-E266-40DC-B62B-320EF51223BF}
2011-12-04 18:41 - 2011-12-04 18:42 - 0000000 _____ () C:\Users\Wiktoria\AppData\Local\{FA924E1A-54DC-4E5B-A770-16FA17F5944B}
2010-03-30 16:05 - 2010-03-30 16:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-10-18 01:04 - 2009-10-18 01:05 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-10-18 01:04 - 2009-10-18 01:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Niektóre pliki w TEMP:
====================
C:\Users\Wiktoria\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Wiktoria\AppData\Local\Temp\Napisy24.exe
C:\Users\Wiktoria\AppData\Local\Temp\Quarantine.exe
C:\Users\Wiktoria\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2016-02-01 16:44

==================== Koniec FRST.txt ============================

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:07-02-2016
Uruchomiony przez Wiktoria (2016-02-09 00:39:45)
Uruchomiony z C:\Users\Wiktoria\Desktop\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-03-30 12:04:41)
Tryb startu: Normal
==========================================================

==================== Konta użytkowników: =============================

Administrator (S-1-5-21-1721931728-3251447684-4275122561-500 - Administrator - Disabled)
Gość (S-1-5-21-1721931728-3251447684-4275122561-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1721931728-3251447684-4275122561-1002 - Limited - Enabled)
Wiktoria (S-1-5-21-1721931728-3251447684-4275122561-1001 - Administrator - Enabled) => C:\Users\Wiktoria

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

µTorrent (HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}) (Version: 1.2.17.25001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.25001 - Alcor Micro Corp.) Hidden
ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.)
Any Video Converter 5.7.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.6 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0013 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}) (Version: 1.1.19 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.17 - asus)
Asus_Camera_ScreenSaver (HKLM-x32\...\Asus_Camera_ScreenSaver) (Version: 2.0.0009 - ASUS)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0050 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0005 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0005 - ASUS)
Azuon (HKLM-x32\...\{F5DA860D-DA21-4927-80D6-A29CFB7B419B}) (Version: 2.8.472 - Azuon)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
ChomikBox (HKLM-x32\...\{26050F54-3928-4D9C-849A-C48A9E831E6F}) (Version: 2.0.5.0 - Chomikuj.pl)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.3 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1720 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.2713 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
ETDWare PS/2-x64 7.0.5.7_WHQL (HKLM\...\Elantech) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.3 - ASUS)
FastStone Capture 8.2 (HKLM-x32\...\FastStone Capture) (Version: 8.2 - FastStone Soft)
ffdshow v1.1.3507 [2010-07-07] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3507.0 - )
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
iDRS(tm) OCR Software by I.R.I.S (HKLM-x32\...\iDRS(tm) OCR Software by I.R.I.S) (Version: 1.00.04.03 - Samsung Electronics Co., Ltd.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Mega Bomberman (HKLM-x32\...\Mega Bomberman_is1) (Version: - GameFabrique)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Moorhuhn Kart 2 (HKLM-x32\...\Moorhuhn Kart 2_is1) (Version: - Play.pl)
Mozilla Firefox 8.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 8.0 (x86 pl)) (Version: 8.0 - Mozilla)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - )
Napisy24 (HKLM-x32\...\{D1985DBC-F09E-4317-91B8-932AD0FD4A27}_is1) (Version: 1.2 - Napisy24.pl)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{EB87675F-5281-4767-A54B-31931794C23D}) (Version: 3.3.9567 - OpenOffice.org)
osu! (HKLM-x32\...\{c58ff977-81b5-40ce-90cb-dd00c547e9fe}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PhotoFiltre (HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\...\PhotoFiltre) (Version: - )
Picexa (HKLM-x32\...\Picexa) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.06.05 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.30.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-3400 Series (HKLM-x32\...\Samsung SCX-3400 Series) (Version: - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.3 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{D42F84B6-3709-4A50-8502-6719D16AE6C8}) (Version: 1.07.0100 - SRS Labs, Inc.)
Strong Signal (HKLM-x32\...\Strong Signal) (Version: 2.0.5554.11859 - Strong Signal) <==== UWAGA
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Tomb Raider Legenda (HKLM-x32\...\{C45330FC-CFE0-40BE-84F4-AED19D94E3F8}) (Version: 1.00.0000 - Eidos)
Trend Micro Internet Security (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.50 - Trend Micro Inc.)
Trend Micro Internet Security (Version: 17.50 - Trend Micro Inc.) Hidden
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
WarThunder (HKLM\...\WarThunder) (Version: - WarThunder) <==== UWAGA
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Sync (HKLM-x32\...\{E580DFEA-3F1D-4B56-9115-984217032FF5}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.26.0 - ASUS)
WinRAR 5.20 (32-bitowy) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.132 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== UWAGA
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL cenzura!ÇÕES LTDA) <==== UWAGA
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Wiktoria\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {00B83B37-93A0-4889-B204-6B744A299765} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {0867396F-255D-4E21-A14E-8588E8493574} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0EBA7D9A-F8FD-467F-A709-081091F09326} - System32\Tasks\{F59F37F7-41DC-4150-8F00-A74E6AA0EA27} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsMain
Task: {1505CE5C-4550-4105-872D-510163977A42} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {24514384-4CAA-4DE8-97FD-49D9074E07F4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001Core => C:\Users\Wiktoria\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-15] (Dropbox, Inc.)
Task: {3226EA0B-E262-4579-B5DF-DB8CCD125A2C} - System32\Tasks\{32BD5ED1-423A-4847-9604-DC5452A08921} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.0.102/pl/abandoninstall?page=tsProgressBar
Task: {3913E2B3-6493-4A08-B97F-1C240AC6CBB5} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {4E417234-0927-45FC-BBE8-A9E9B6F7B05B} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-07-29] (ATK)
Task: {5B3E8928-BF6E-4D5E-95E2-E948F11B2B06} - System32\Tasks\{F3103F1D-A9FB-453B-B2E1-35074135BBF2} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {5EFC4A28-835F-419C-ADD3-E610604FE892} - System32\Tasks\{B7D845D9-332C-4631-9622-B91C1AE99172} => pcalua.exe -a "C:\Users\Wiktoria\Desktop\matematyga\Profesor Pedro Rozumienie ze słuchu i Konwersacje .exe" -d C:\Users\Wiktoria\Desktop\matematyga
Task: {6169D6BD-F45F-4062-B2F9-A8ED0BC21D92} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-07-23] ()
Task: {6EFB3245-7B27-4C08-8BEE-57C82829E376} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {751F8C75-BFAB-45C8-9A12-1ACFEE6E2AA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {76231EC0-4BE1-4BCB-BE3F-92DFCBD5AE30} - System32\Tasks\{ED51B12D-2892-4291-9DC6-0733F6B76ABA} => pcalua.exe -a "C:\Program Files\photoshop\PhotoshopPortable.exe" -d "C:\Program Files\photoshop"
Task: {8595F880-664F-4998-86FC-CAA66CAD2BC4} - System32\Tasks\{5215CF5C-4C84-4EAB-A019-C3EF8E5C8883} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {929855FB-73C8-48FB-857F-91B069EED30F} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-07-24] ()
Task: {945C20AC-8CD3-488D-8C98-A4D668734E26} - System32\Tasks\PFExe => C:\Users\Wiktoria\AppData\Local\PriceFountain\pricefountain.exe <==== UWAGA
Task: {99CBFD60-0F7F-4EA5-B734-09D635E79333} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {9CE0C6BB-1CD3-4477-9FC8-A2BC4871846C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001Core => C:\Users\Wiktoria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {B2E6B54C-7CE5-4C82-9257-B5D9BEF7774A} - System32\Tasks\{361C08DF-515F-4706-8F0A-95C9C0DF089C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/pl/abandoninstall?page=tsWLM
Task: {B303774B-280F-41A7-B529-7C8E45AC304D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001UA => C:\Users\Wiktoria\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-15] (Dropbox, Inc.)
Task: {C93ED069-34A4-4CA4-8F9D-B9DE51004CB5} - System32\Tasks\MillimetersNortherV2 => Rundll32.exe EmpoisonedStrongman.dll,main 7 1 <==== UWAGA
Task: {C99A3EAF-B5B9-4FFB-BE82-A7F96BAFE0A1} - System32\Tasks\{4CC96FA5-BD62-456A-A9C2-B4A9B5CD9F48} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.0.102/pl/abandoninstall?page=tsProgressBar
Task: {D2D6C452-73DA-4C7C-A457-468DDA229609} - System32\Tasks\{0E8C1D66-1B73-4C31-BEE3-99E8ECE724D3} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.0.102/pl/abandoninstall?page=tsProgressBar
Task: {D85901A6-49EB-4386-AF1A-0B6EF5131B82} - System32\Tasks\{7D4DE4EE-E746-43B2-B292-88C97F6F303F} => pcalua.exe -a C:\Users\Wiktoria\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=cor
Task: {E5F4E20D-7E42-4353-9927-6FBACF69E62B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001UA => C:\Users\Wiktoria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {EADB3F93-0FBD-4591-81F1-6E7D9F1FA680} - System32\Tasks\MantuaJazzesV2 => Rundll32.exe GuarantiedCalvinism.dll,main 7 1 <==== UWAGA
Task: {EE9BC211-B272-45CE-B7CD-A6C56AD51A1C} - System32\Tasks\{4AAC36EE-DE91-453A-BFA3-0A5EA144D0FA} => pcalua.exe -a "G:\SZKOLNEEE FOTY.exe" -d G:\
Task: {F750CB73-CEF3-4F6C-A9E7-1615ECAE8681} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001Core.job => C:\Users\Wiktoria\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001UA.job => C:\Users\Wiktoria\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001Core.job => C:\Users\Wiktoria\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1721931728-3251447684-4275122561-1001UA.job => C:\Users\Wiktoria\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

==================== Załadowane moduły (filtrowane) ==============

2008-08-14 04:59 - 2008-08-14 04:59 - 00100920 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
2009-10-18 01:15 - 2007-08-08 08:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2011-05-02 08:10 - 2011-05-02 08:10 - 00034304 _____ () C:\Windows\System32\ssm1mlm.dll
2011-08-03 15:56 - 2011-08-03 15:56 - 01079808 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssm1mdu.dll
2009-08-22 10:31 - 2009-08-22 10:31 - 00207656 _____ () C:\Program Files\Trend Micro\Internet Security\UfPack.dll
2009-08-22 14:18 - 2009-08-22 14:18 - 01106864 _____ () C:\Program Files\Trend Micro\Internet Security\sqlite3.dll
2015-10-13 15:09 - 2015-10-13 15:09 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2007-06-15 18:28 - 2007-06-15 18:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-02 00:52 - 2007-06-02 00:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2009-07-23 01:58 - 2009-07-23 01:58 - 00017976 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-05-05 18:00 - 2009-05-05 18:00 - 00041472 _____ () C:\Program Files\P4G\DevMng.dll
2009-07-27 18:12 - 2009-07-27 18:12 - 00026624 _____ () C:\Program Files\P4G\OvrClk.dll
2009-10-18 01:15 - 2007-03-10 02:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-07-24 18:32 - 2009-07-24 18:32 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-12-17 18:13 - 2010-12-17 18:13 - 00438784 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 18:13 - 2010-12-17 18:13 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2008-08-14 04:59 - 2008-08-14 04:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2007-06-15 18:28 - 2007-06-15 18:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-02 01:08 - 2007-06-02 01:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2016-01-29 10:24 - 2016-01-27 18:39 - 16799048 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll
2015-12-17 15:14 - 2015-08-19 07:59 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2011-01-17 15:19 - 2011-06-09 15:25 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-11-19 17:45 - 2011-06-09 15:25 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2015-12-17 15:14 - 2015-06-30 03:50 - 00176976 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2015-12-17 15:14 - 2015-06-30 03:50 - 00087744 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2015-12-17 15:14 - 2015-08-19 07:59 - 00179200 ____N () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2016-01-29 10:24 - 2016-01-27 18:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-29 10:24 - 2016-01-27 18:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE - Powiązania (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)

==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)

IE trusted site: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE trusted site: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\...\sharepoint.com -> hxxps://sghedu.sharepoint.com

==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 03:34 - 2015-12-13 20:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Wiktoria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 37.8.214.2 - 31.11.202.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

(Obecnie brak automatycznej naprawy dla tej sekcji.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [TCP Query User{BA6E2298-C070-4428-9D83-D509ECD0FDCF}C:\program files (x86)\gadu-gadu 10\gg.exe] => (Block) C:\program files (x86)\gadu-gadu 10\gg.exe
FirewallRules: [UDP Query User{74182343-9A1C-4878-BC8F-EBE655CB0EC7}C:\program files (x86)\gadu-gadu 10\gg.exe] => (Block) C:\program files (x86)\gadu-gadu 10\gg.exe
FirewallRules: [TCP Query User{33C6E5E8-1DDF-4F16-9C25-B478A313C38E}C:\program files\gadu-gadu 10\gg.exe] => (Allow) C:\program files\gadu-gadu 10\gg.exe
FirewallRules: [UDP Query User{9B1E40E3-6453-4C32-8E41-4797B0023AD5}C:\program files\gadu-gadu 10\gg.exe] => (Allow) C:\program files\gadu-gadu 10\gg.exe
FirewallRules: [{D4B994BA-08D0-4BC6-ABBD-317BEC2C748D}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{D4DF46BB-25A7-4CA1-AD56-20D65B716117}C:\program files (x86)\nowe gadu-gadu\gg.exe] => (Block) C:\program files (x86)\nowe gadu-gadu\gg.exe
FirewallRules: [UDP Query User{2D75CD7B-C315-4311-9586-4EAE2E433250}C:\program files (x86)\nowe gadu-gadu\gg.exe] => (Block) C:\program files (x86)\nowe gadu-gadu\gg.exe
FirewallRules: [TCP Query User{345A9A94-2B71-4093-A15A-17D357D175AC}C:\program files (x86)\nowe gadu-gadu\gg.exe] => (Block) C:\program files (x86)\nowe gadu-gadu\gg.exe
FirewallRules: [UDP Query User{D80F9583-6009-4E5D-89C0-D59E4B9D3346}C:\program files (x86)\nowe gadu-gadu\gg.exe] => (Block) C:\program files (x86)\nowe gadu-gadu\gg.exe
FirewallRules: [TCP Query User{41DBC287-110E-4E14-8833-48502C7F0A09}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{E1AD0E6C-6325-4D8C-88DE-F98A287F1FD0}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{A9F40FBA-4374-4B6B-81D3-5C1D4434F3BD}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{688C1C63-EF1C-40E6-BB55-5D8C65DFE8D4}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{FA2565A3-FF4F-4B17-9D6F-FE15FA0EEC3D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1DCFD688-B2F4-4280-9F17-B21E612BED6B}] => (Allow) LPort=2869
FirewallRules: [{5173BC91-377C-4898-99C5-FCA07B85B74B}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{8F8D32F2-8F8E-43A5-A6ED-D2AB661CE877}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{58DED15B-5AB3-4C4F-893F-5F7578EF8F90}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{39E1DE04-C32A-4192-927A-A091C8776A3F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{928D9787-FD7E-45DF-9AF9-F6DD55368346}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{95BD8EB2-9FB5-49EE-9DC6-E1899B3B1504}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{10D22498-5AE9-4FE4-9695-8A51897D823B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{DC9F06E8-6B12-487A-BDE7-368D69DE1870}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{32CC7BDC-3363-4BE6-BB6B-F4A415CE902F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{E42E7E96-0B71-4642-967D-3EB0AA9A40B1}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{A39B4FC3-80A7-4623-B4B9-F85E626ED98E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{EB007136-02BF-4ABE-A496-5E847A84A964}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{BE40C1F6-81AA-4403-88FE-E0DB73028226}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{ACA35F96-02BB-4117-9907-BD3DB95E7BE1}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{390BC54A-5E9E-408D-976E-6A4DBCC330EC}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{83C533C2-A938-4C35-A3B1-045DA9E5AC2E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{7AE31C16-292E-49DB-9808-B6C7C9ED74D0}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{1B0680DE-BFD0-4AD7-BA0B-72FE487EF666}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{C4973122-2296-4023-BE1B-379C2D4BCBD6}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{E117297D-DB2E-42E7-B3D4-9F38173D95F4}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{768248D6-0DE6-4531-A615-B0AC4AD1994C}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{2464A708-0B49-464D-A570-A05FA599BB36}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [TCP Query User{9D7FACBC-2A4F-467C-A35C-8350B6F29195}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [UDP Query User{09FEBC12-332A-42EF-A622-BE746F08CF22}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{76D0AC07-FC25-4767-8881-C23D5BDD865B}] => (Allow) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
FirewallRules: [{E91AACE3-0DFD-485B-B840-48B98344E647}] => (Allow) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
FirewallRules: [{EB089CF0-6F9E-4D66-96BF-530086C61B08}] => (Allow) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
FirewallRules: [{FF5DA506-08EB-4CC4-B2F9-11ECB7578567}] => (Allow) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
FirewallRules: [{13A3CAA2-C71B-4D4C-A06F-1ED15389EDFF}] => (Allow) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
FirewallRules: [{059AFFE0-821C-4460-A771-0E1783A0AE0A}] => (Allow) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
FirewallRules: [{0CF05843-ABF9-41B9-8A78-AB692D1D0966}] => (Allow) C:\Users\Wiktoria\Desktop\Downloads\uTorrent.exe
FirewallRules: [{6B7F8F08-F158-4195-8A15-55E275D2DE15}] => (Allow) C:\Users\Wiktoria\Desktop\Downloads\uTorrent.exe
FirewallRules: [{4F5392F3-E4E3-4ED9-9553-402D8AF3AFD4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD4EE36D-7898-4B62-8607-D0DF8B740831}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3D650DEC-90D1-4B79-BE79-1E1D202D49E6}] => (Allow) C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EB2BAEF9-FCA8-4331-B247-3DEFBA2647F6}] => (Allow) C:\Users\Wiktoria\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{97A064F4-B682-41FB-BA58-2F21D4B08602}C:\users\wiktoria\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\wiktoria\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8E10A2D5-50E4-4A59-A510-9A005C1280BD}C:\users\wiktoria\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\wiktoria\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{63593F38-2D2C-4F6B-96DE-03B6C610D8C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{49E1B7DF-4D7A-4A0B-BAB7-82E6924CC78B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BFD547AF-BAFD-4ED0-BBFB-BFB2E4301B74}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7348B25E-8B8A-4D55-912B-C85BA0D8FC5B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{D052C46D-0B6A-480C-806A-E81B72BFF156}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{0E55E97A-36BC-463A-A2AB-BE65B42275B1}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [{B1FAE8FC-6709-4F26-9DF4-A0FE66D3DFDC}] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [{D6D9B9C3-252A-409E-9AD1-DEB6E3577178}] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{82641B03-6FCE-4C41-BBB5-6B3249826482}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{14AD4B1B-4D5A-4E55-878F-C8A154843AA5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{0897C9BA-4986-4415-827F-E70AFE6ABB19}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{A445E8D8-0F52-4F34-B969-12800A0831BE}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{5CFAC1CF-91C6-4BF9-9BF5-74D3320BACE7}] => (Allow) C:\Users\Wiktoria\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{A1F839F5-8F36-45E4-B91C-02D1296E296C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{CC1B3F35-4807-4177-8AAF-B4EF7DD7CBAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{2A975090-3915-443E-899E-FB58E57F18A9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{280C9381-19A9-409B-9889-29FCB7AAAE44}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{AC945822-7B3D-4F14-A794-A4604E15F53E}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{84DA9383-7AC7-432F-90A2-A9E344B8926A}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{5645B9A5-B482-4366-8A55-D0B81D1482FF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{9F4DE623-C63C-4266-8A14-923A8FA24D0E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{AA038694-A623-41C3-A50E-78C99360F728}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{0D54B704-082A-40D6-8CAA-FA0163C9BC74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{4BA00B78-5B20-422E-BA1C-A039DC4F6ECE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{07D72278-6F4E-4D05-A8F9-68AF2688193F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{1427CD41-908F-4310-8A23-206D0436AECC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{2E292E54-299C-4835-97F0-213F7EB95B1A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{C7E062C3-B868-48A8-B84B-D9D036DC5E6A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{FECB79E4-90F6-4B8C-B0CB-FBC2EBCFB91D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{911D6F6F-DFD0-4DE7-B227-2B99744A6122}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{30D80304-CB95-4C8D-80F6-093078AAD0C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{D0986734-CEE0-420C-A74A-7C211302D3D1}C:\users\wiktoria\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\wiktoria\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{11397B9F-47DB-4737-8D97-465F788DA0C9}C:\users\wiktoria\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\wiktoria\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{48766421-9053-408F-8130-F1962C3F4AC8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{CC171EA2-207F-4E51-B1B9-7181A399B2CC}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{B0939C4A-32E6-483D-B5D8-1EF31788A58D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{005986D1-2EBF-4653-A040-3C51C24905BC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F57EC7E7-6572-450B-8C43-FD3C323BFBCB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{EBF4D754-E77A-48C9-B158-0E6434228DCE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F4135D01-6F17-49B8-80B6-8136CD30DB8E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{665DBE79-4142-4A38-96AF-F4695913ED65}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6B6916E8-BDB7-4343-8F96-E865D775AE7E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{329AD02A-A86F-44C6-8303-4A319DF64B4E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0678EA84-035B-489E-BBD4-474A6CD0F59F}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{6CD3BC54-3223-402B-95ED-29B9335D341A}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{D9310BF9-4DFC-4393-A97D-820CBFECDFEC}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{46B8FE84-5C3D-431F-AF31-84D547A8207F}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{16C7EE9A-7583-4111-A8D9-E2EAEB297AD8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Punkty Przywracania systemu =========================

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name: Teredo Tunneling Pseudo-Interface
Description: Karta tunelowania Teredo firmy Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (02/07/2016 08:29:11 PM) (Source: Google Update) (EventID: 20) (User: Matylda)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (02/07/2016 07:20:57 PM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: Wykonanie kopii zapasowej nie powiodło się, ponieważ nie można utworzyć kopii w tle. Zwolnij miejsce w stacji dysków kopii zapasowej, usuwając niepotrzebne pliki, i ponów próbę.

Error: (01/31/2016 08:13:54 PM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: Wykonanie kopii zapasowej nie powiodło się, ponieważ nie można utworzyć kopii w tle. Zwolnij miejsce w stacji dysków kopii zapasowej, usuwając niepotrzebne pliki, i ponów próbę.

Error: (01/30/2016 10:04:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: FastBootAgent.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a68233e
Nazwa modułu powodującego błąd: FastBootAgent.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a68233e
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0000f2b1
Identyfikator procesu powodującego błąd: 0x620
Godzina uruchomienia aplikacji powodującej błąd: 0xFastBootAgent.exe0
Ścieżka aplikacji powodującej błąd: FastBootAgent.exe1
Ścieżka modułu powodującego błąd: FastBootAgent.exe2
Identyfikator raportu: FastBootAgent.exe3

Error: (01/29/2016 09:38:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: FastBootAgent.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a68233e
Nazwa modułu powodującego błąd: FastBootAgent.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a68233e
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0000f2b1
Identyfikator procesu powodującego błąd: 0x670
Godzina uruchomienia aplikacji powodującej błąd: 0xFastBootAgent.exe0
Ścieżka aplikacji powodującej błąd: FastBootAgent.exe1
Ścieżka modułu powodującego błąd: FastBootAgent.exe2
Identyfikator raportu: FastBootAgent.exe3

Error: (01/29/2016 06:25:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: rundll32.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc637
Nazwa modułu powodującego błąd: msvcrt.dll, wersja: 7.0.7601.17744, sygnatura czasowa: 0x4eeaf722
Kod wyjątku: 0x40000015
Przesunięcie błędu: 0x0005620a
Identyfikator procesu powodującego błąd: 0xabc
Godzina uruchomienia aplikacji powodującej błąd: 0xrundll32.exe0
Ścieżka aplikacji powodującej błąd: rundll32.exe1
Ścieżka modułu powodującego błąd: rundll32.exe2
Identyfikator raportu: rundll32.exe3

Error: (01/26/2016 11:24:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: FastBootAgent.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a68233e
Nazwa modułu powodującego błąd: FastBootAgent.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a68233e
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0000f2b1
Identyfikator procesu powodującego błąd: 0x8dc
Godzina uruchomienia aplikacji powodującej błąd: 0xFastBootAgent.exe0
Ścieżka aplikacji powodującej błąd: FastBootAgent.exe1
Ścieżka modułu powodującego błąd: FastBootAgent.exe2
Identyfikator raportu: FastBootAgent.exe3

Error: (01/26/2016 10:59:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: FastBootAgent.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a68233e
Nazwa modułu powodującego błąd: FastBootAgent.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a68233e
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0000f2b1
Identyfikator procesu powodującego błąd: 0x73c
Godzina uruchomienia aplikacji powodującej błąd: 0xFastBootAgent.exe0
Ścieżka aplikacji powodującej błąd: FastBootAgent.exe1
Ścieżka modułu powodującego błąd: FastBootAgent.exe2
Identyfikator raportu: FastBootAgent.exe3

Error: (01/24/2016 09:20:54 PM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: Wykonanie kopii zapasowej nie powiodło się, ponieważ nie można utworzyć kopii w tle. Zwolnij miejsce w stacji dysków kopii zapasowej, usuwając niepotrzebne pliki, i ponów próbę.

Error: (01/23/2016 11:28:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: FastBootAgent.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a68233e
Nazwa modułu powodującego błąd: FastBootAgent.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a68233e
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0000f2b1
Identyfikator procesu powodującego błąd: 0x604
Godzina uruchomienia aplikacji powodującej błąd: 0xFastBootAgent.exe0
Ścieżka aplikacji powodującej błąd: FastBootAgent.exe1
Ścieżka modułu powodującego błąd: FastBootAgent.exe2
Identyfikator raportu: FastBootAgent.exe3

Dziennik System:
=============
Error: (02/08/2016 01:49:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/07/2016 01:48:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/05/2016 05:58:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi IPBusEnum.

Error: (02/04/2016 10:12:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/04/2016 05:20:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi IPBusEnum.

Error: (02/03/2016 10:11:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/03/2016 08:20:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa YAC Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 2.

Error: (02/03/2016 12:28:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa YAC Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (02/02/2016 10:10:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/02/2016 09:06:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi Netman.

CodeIntegrity:
===================================
Date: 2015-12-13 20:11:31.248
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-13 20:11:30.935
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Statystyki pamięci ===========================

Procesor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Procent pamięci w użyciu: 89%
Całkowita pamięć fizyczna: 4095.27 MB
Dostępna pamięć fizyczna: 426.57 MB
Całkowita pamięć wirtualna: 9148.75 MB
Dostępna pamięć wirtualna: 910.8 MB

==================== Dyski ================================

Drive c: (WIKTORIOWY) (Fixed) (Total:149.05 GB) (Free:12.99 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)]
Drive d: (WIKTORIASTY) (Fixed) (Total:134.39 GB) (Free:18.56 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: D9B3496E)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=134.4 GB) - (Type=OF Extended)

==================== Koniec Addition.txt ============================

**Posty:** 4765 · przez **ordynat** 09 Lut 2016, 09:32

1) Odinstaluj te programy:
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL cenzura!ÇÕES LTDA) <==== UWAGA
WarThunder (HKLM\...\WarThunder) (Version: - WarThunder) <==== UWAGA
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.132 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== UWAGA
Picexa (HKLM-x32\...\Picexa) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA

2) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"

3) Otwórz Notatnik i wklej w nim:

Task: {EADB3F93-0FBD-4591-81F1-6E7D9F1FA680} - System32\Tasks\MantuaJazzesV2 => Rundll32.exe GuarantiedCalvinism.dll,main 7 1 <==== UWAGA
Task: {C93ED069-34A4-4CA4-8F9D-B9DE51004CB5} - System32\Tasks\MillimetersNortherV2 => Rundll32.exe EmpoisonedStrongman.dll,main 7 1 <==== UWAGA
Task: {945C20AC-8CD3-488D-8C98-A4D668734E26} - System32\Tasks\PFExe => C:\Users\Wiktoria\AppData\Local\PriceFountain\pricefountain.exe <==== UWAGA
C:\Users\Wiktoria\AppData\Local\PriceFountain
Task: {76231EC0-4BE1-4BCB-BE3F-92DFCBD5AE30} - System32\Tasks\{ED51B12D-2892-4291-9DC6-0733F6B76ABA} => pcalua.exe -a "C:\Program Files\photoshop\PhotoshopPortable.exe" -d "C:\Program Files\photoshop"
Task: {5B3E8928-BF6E-4D5E-95E2-E948F11B2B06} - System32\Tasks\{F3103F1D-A9FB-453B-B2E1-35074135BBF2} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {5EFC4A28-835F-419C-ADD3-E610604FE892} - System32\Tasks\{B7D845D9-332C-4631-9622-B91C1AE99172} => pcalua.exe -a "C:\Users\Wiktoria\Desktop\matematyga\Profesor Pedro Rozumienie ze słuchu i Konwersacje .exe" -d C:\Users\Wiktoria\Desktop\matematyga
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
C:\Program Files (x86)\SSFK.exe
C:\Program Files (x86)\Elex-tech
Task: {EE9BC211-B272-45CE-B7CD-A6C56AD51A1C} - System32\Tasks\{4AAC36EE-DE91-453A-BFA3-0A5EA144D0FA} => pcalua.exe -a "G:\SZKOLNEEE FOTY.exe" -d G:\
Task: {D85901A6-49EB-4386-AF1A-0B6EF5131B82} - System32\Tasks\{7D4DE4EE-E746-43B2-B292-88C97F6F303F} => pcalua.exe -a C:\Users\Wiktoria\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=cor
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-19] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2015-08-19] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-08-19] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil cenzura!ções Ltda)
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-08-19] (Elex do Brasil cenzura!ções Ltda)
FF SearchPlugin: C:\Users\Wiktoria\AppData\Roaming\Mozilla\Firefox\Profiles\cm92m9ai.default\searchplugins\V9.xml [2016-01-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\istartpageing.xml [2015-12-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yoursearching.xml [2015-12-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yoursites123.xml [2015-12-24]
FF Extension: KingCoupOn - C:\Users\Wiktoria\AppData\Roaming\Mozilla\Firefox\Profiles\cm92m9ai.default\Extensions\K3@iJQ.com [2015-09-18] [Brak podpisu cyfrowego]
FF NewTab: hxxp://v9.com?type=hp&ts=1450690684&fro ... ctbe5qebdg
FF DefaultSearchEngine: V9
FF SearchEngineOrder.1: V9
FF SelectedSearchEngine: V9
FF Homepage: hxxp://v9.com?type=hp&ts=1450690684&fro ... ctbe5qebdg
SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684 ... e5qebdg&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684 ... e5qebdg&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684 ... e5qebdg&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684 ... e5qebdg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684 ... e5qebdg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=d ... 4AEBB8A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1721931728-3251447684-4275122561-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684 ... e5qebdg&q={searchTerms}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=d ... 4AEBB8A&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=d ... 4AEBB8A&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts= ... 4AEBB8A&q={searchTerms}
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450690684&fr ... ctbe5qebdg
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts= ... 4AEBB8A&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684 ... e5qebdg&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=d ... 4AEBB8A&q={searchTerms}
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450690684 ... e5qebdg&q={searchTerms}
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
HKU\S-1-5-21-1721931728-3251447684-4275122561-1001\...\Run: [GoogleChromeAutoLaunch_4C40B00606D90ECB5ACAD26341D61A19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-01-27] (Google Inc.)
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Powstanie plik fixlog.txt.
Daj ten log.

4) Zrób nowe logi FRST.
Log (tekst) wklej na http://wklejto.pl/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów) http://wklejtekst.pl/
.

**Posty:** 5 · przez **wiktoriabakitka** 25 Maj 2016, 02:19

Nie wiem co się dzieje ale programu WarThunder nie mogę odinstalować od dłuższego czasu, mimo restartowania komputera itp. Po prostu klikam "odinstaluj" i nic się nie dzieje...

**Posty:** 4765 · przez **ordynat** 27 Maj 2016, 14:49

Zrób logi z FRST > http://forum.programosy.pl/frst-otl-zoek-vt139692.html
Przed skanem zaznacz "Addition.txt" oraz "Shortcut.txt"

Kto jest na forum