Oczyszczenie pc ze śmieci

[Mike]

Witam,
Prośba o weryfikację logów. Komp był mocno zasyfiony - ADW Cleaner znalazł sporo syfu. Skanowanie AV już nic nie widzi. Prośba jeszcze o zerknięcie w logi. Zauważyłem, że dość wolno wczytują się strony www.

FIRST:

Kod: Zaznacz wszystko

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Szymon (administrator) on AMD3300 on 12-03-2015 17:50:28
Running from C:\Users\Szymon\Desktop
Loaded Profiles: Szymon (Available profiles: Szymon)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Polski (Polska)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-05] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iPlusManager] => C:\Program Files\iPlus\iPlusChecker.exe [446464 2010-01-04] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1081178902-2998496384-2607672579-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-1081178902-2998496384-2607672579-1000 -> ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48иpatm6ęo^Mp`Ëő÷_iŁw˜ľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)x­ä­ URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-03] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\eevcttz7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF Extension: Adblock Plus - C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\eevcttz7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-11]

Chrome:
=======
CHR HomePage: Default -> hxxp://pl.yahoo.com?fr=fpc-comodo
CHR StartupUrls: Default -> "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=001050E5495AD96C&affID=119357&tsp=4957"
CHR Profile: C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-28]
CHR Extension: (Google Search) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-28]
CHR Extension: (Orange Kitten) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchgkbjeniiiodldcplggoiiipgnjfih [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-28]

Opera:
=======
OPR StartupUrls: "hxxp://google.pl/"
StartMenuInternet: (HKLM) Opera - C:\Users\Szymon\Desktop\wszystko\Opera.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-12-05] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [70272 2011-03-17] (Advanced Micro Devices, INC.)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2010-06-29] (Advanced Micro Devices Inc.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [149632 2011-03-17] (Advanced Micro Devices, INC.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
S3 etdrv; C:\Windows\etdrv.sys [17488 2012-02-02] (Windows (R) 2000 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [17488 2012-02-03] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2012-02-03] ()
S3 catchme; \??\C:\Users\Szymon\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 17:50 - 2015-03-12 17:50 - 00009323 _____ () C:\Users\Szymon\Desktop\FRST.txt
2015-03-12 17:49 - 2015-03-12 17:50 - 00000000 ____D () C:\FRST
2015-03-12 17:45 - 2015-03-12 17:45 - 01135104 _____ (Farbar) C:\Users\Szymon\Desktop\FRST.exe
2015-03-12 00:48 - 2015-03-12 00:48 - 00000000 ___SD () C:\ComboFix
2015-03-12 00:31 - 2015-03-12 00:31 - 00013623 _____ () C:\ComboFix.txt
2015-03-12 00:27 - 2015-03-12 17:31 - 00000224 _____ () C:\Windows\setupact.log
2015-03-12 00:27 - 2015-03-12 00:27 - 00001018 _____ () C:\Windows\PFRO.log
2015-03-12 00:27 - 2015-03-12 00:27 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-12 00:18 - 2015-03-12 00:48 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-12 00:17 - 2015-03-12 00:48 - 00000000 ____D () C:\Windows\erdnt
2015-03-11 23:54 - 2015-03-11 23:54 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\Mozilla
2015-03-11 23:53 - 2015-03-11 23:53 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-11 23:53 - 2015-03-11 23:53 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-11 23:51 - 2015-03-11 23:52 - 00243536 _____ () C:\Users\Szymon\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-01 20:31 - 2015-03-01 20:31 - 00013636 _____ () C:\Users\Szymon\Downloads\pobrany plik
2015-02-28 08:58 - 2015-03-04 09:23 - 00000000 ____D () C:\Users\Szymon\Desktop\Nowy folder
2015-02-28 08:57 - 2015-02-28 08:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-12 16:32 - 2015-02-12 16:35 - 39138904 _____ () C:\Users\Szymon\Downloads\iplasetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 17:38 - 2012-11-11 16:58 - 00000000 ____D () C:\Users\Szymon\Desktop\wszystko
2015-03-12 17:38 - 2009-07-14 05:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 17:38 - 2009-07-14 05:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 17:34 - 2012-02-02 22:44 - 01965218 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 17:31 - 2012-10-28 18:41 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 17:31 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 17:30 - 2012-10-28 18:41 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 17:20 - 2012-10-25 14:45 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 00:47 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-12 00:28 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-12 00:17 - 2009-07-14 05:53 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-12 00:08 - 2012-02-03 19:35 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-12 00:08 - 2012-02-02 22:41 - 00000000 ____D () C:\Windows\Panther
2015-03-11 23:54 - 2012-02-02 23:34 - 00000000 ____D () C:\Users\Szymon\AppData\Local\Mozilla
2015-03-11 23:54 - 2012-02-02 23:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-11 23:40 - 2012-02-03 23:55 - 00000000 ____D () C:\Users\Szymon\AppData\Local\Opera
2015-03-11 23:38 - 2012-02-03 23:55 - 00000000 ____D () C:\Users\Szymon\AppData\Roaming\Opera
2015-03-11 23:17 - 2011-02-04 15:24 - 01155750 _____ () C:\Windows\system32\perfh015.dat
2015-03-11 23:17 - 2011-02-04 15:24 - 00281796 _____ () C:\Windows\system32\perfc015.dat
2015-03-11 23:00 - 2014-04-09 14:15 - 00000000 ____D () C:\Windows\Minidump
2015-03-11 22:17 - 2012-12-21 16:30 - 00000000 ____D () C:\Users\Szymon\AppData\Local\Unity
2015-03-11 22:16 - 2012-02-03 19:33 - 00024168 _____ () C:\Users\Szymon\AppData\Roaming\Notepad2.ini
2015-03-11 22:04 - 2012-02-02 22:55 - 00000000 ____D () C:\Users\Szymon
2015-03-02 21:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-05-25 07:47 - 2013-05-25 07:47 - 0000005 _____ () C:\Users\Szymon\AppData\Roaming\BCT-TTL.DAT
2012-02-03 19:33 - 2015-03-11 22:16 - 0024168 _____ () C:\Users\Szymon\AppData\Roaming\Notepad2.ini
2013-07-27 07:09 - 2013-11-10 10:31 - 0000110 _____ () C:\Users\Szymon\AppData\Roaming\WB.CFG
2013-06-18 18:48 - 2013-06-24 17:48 - 0000005 _____ () C:\Users\Szymon\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-07-07 06:49 - 2013-07-07 06:49 - 0000005 _____ () C:\Users\Szymon\AppData\Roaming\WBPU-Q3-TTL.DAT
2013-07-13 06:21 - 2013-07-28 11:09 - 0000005 _____ () C:\Users\Szymon\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-17 21:47 - 2013-11-25 08:54 - 0000006 _____ () C:\Users\Szymon\AppData\Roaming\WBPU-TTL.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-12-10 17:07

==================== End Of Log ============================

Addition

Kod: Zaznacz wszystko

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Szymon at 2015-03-12 17:51:10
Running from C:\Users\Szymon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2838 - CDBurnerXP)
Easy Tune 6 B11.0704.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0704.1 (Version: 1.00.0000 - GIGABYTE) Hidden
Garmin BaseCamp (HKLM\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
iPlus manager 2.2 (HKLM\...\iPlus manager_is1) (Version:  - )
IZArc 4.1.6 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
K-Lite Codec Pack 8.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 36.0.1 (x86 pl)) (Version: 36.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25  - Florian Balmer)
Opera Stable 28.0.1750.40 (HKLM\...\Opera 28.0.1750.40) (Version: 28.0.1750.40 - Opera Software ASA)
Pakiet sterowników systemu Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Pakiet zgodności dla systemu Office 2007 (HKLM\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
PC Connectivity Solution (HKLM\...\{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}) (Version: 12.0.17.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
SCANIA Truck Driving Simulator 1.0.0 (HKLM\...\SCANIA Truck Driving Simulator) (Version: 1.0.0 - SCS Software)
Winamp (HKLM\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1081178902-2998496384-2607672579-1000_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\Users\Szymon\Desktop\BESTplayer.exe (Karol Winnicki)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-03-12 00:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12CDF232-A489-4BC1-9529-046F452741E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {6E558BFD-5F64-4E77-A76B-EB2A5536DB48} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1081178902-2998496384-2607672579-1000
Task: {9866C5EA-CB7E-4C2F-B5B4-0BAFE0659AA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {9DC6B64A-A167-4398-BE5A-B8A88A0897AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {CFF82AB4-7543-4F4F-9FC0-AC4C859C2F52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F3FDC7ED-89BD-4CFA-BAE7-CBAB2D1F73D0} - System32\Tasks\Opera scheduled Autoupdate 1389981649 => C:\Users\Szymon\Desktop\wszystko\launcher.exe [2015-03-10] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-02-03 19:35 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-02-03 19:32 - 2011-02-28 21:42 - 00652800 _____ () C:\Program Files\IZArc\IZArcCM.dll
2011-12-05 22:14 - 2011-12-05 22:14 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-12-05 22:10 - 2011-12-05 22:10 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID
AlternateDataStreams: C:\Users\Szymon\Downloads\Firefox Setup Stub 36.0.1.exe:$CmdTcID
AlternateDataStreams: C:\Users\Szymon\Downloads\Firefox Setup Stub 36.0.1.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Fax => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1081178902-2998496384-2607672579-500 - Administrator - Disabled)
Gość (S-1-5-21-1081178902-2998496384-2607672579-501 - Limited - Disabled)
Szymon (S-1-5-21-1081178902-2998496384-2607672579-1000 - Administrator - Enabled) => C:\Users\Szymon

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 05:33:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2015 05:17:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2015 00:51:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2015 00:29:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2015 00:17:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2015 00:17:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 11:44:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 11:28:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 11:25:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 10:22:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu.
.
To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym.


Operacja:
   Zbieranie danych modułu zapisującego

Kontekst:
   Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220}
   Nazwa modułu zapisującego: System Writer
   Identyfikator wystąpienia modułu zapisującego: {e3b1b86f-6c5f-4005-ab4e-3198e7a2f70a}


System errors:
=============
Error: (03/12/2015 05:38:38 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 80. Stan błędu wewnętrznego: 551.

Error: (03/12/2015 05:38:27 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 80. Stan błędu wewnętrznego: 551.

Error: (03/12/2015 05:38:19 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 80. Stan błędu wewnętrznego: 551.

Error: (03/12/2015 05:38:02 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 80. Stan błędu wewnętrznego: 551.

Error: (03/12/2015 05:37:37 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 80. Stan błędu wewnętrznego: 551.

Error: (03/12/2015 05:37:25 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 80. Stan błędu wewnętrznego: 551.

Error: (03/12/2015 05:37:15 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 80. Stan błędu wewnętrznego: 551.

Error: (03/12/2015 05:37:04 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 80. Stan błędu wewnętrznego: 551.

Error: (03/12/2015 05:35:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 2.

Error: (03/12/2015 05:35:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD A4-3300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 1533.24 MB
Available physical RAM: 780.62 MB
Total Pagefile: 3066.48 MB
Available Pagefile: 2007.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:45.02 GB) (Free:27.67 GB) NTFS
Drive d: () (Fixed) (Total:152.93 GB) (Free:152.83 GB) NTFS
Drive e: () (Fixed) (Total:100.04 GB) (Free:99.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 033BDF23)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=152.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[ordynat]

Tylko kosmetyka:
Otwórz Notatnik i wklej w nim:

CHR StartupUrls: Default -> "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=001050E5495AD96C&affID=119357&tsp=4957"
SearchScopes: HKU\S-1-5-21-1081178902-2998496384-2607672579-1000 -> ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48иpatm6ęo^Mp`Ëő÷_iŁw˜ľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)x­ä­ URL =
HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść w tym folderze C:\Users\Ja\Downloads.
Uruchom FRST i kliknij przycisk Fix.
.

Autor postu otrzymał pochwałę

[Mike]

Dzięki ordynat za pomoc.