Komputer przymula

**Posty:** 310 · przez **odimen** 29 Kwi 2016, 10:57

Cześć

Od kilku dni komputer zaczął mi wolniej chodzić

W menedżerze zadań ani procek ani pamięć nie przekraczają 50 % wykorzystania.

Miałem Kasperskiego ale po przenosinach na Windows 10 akurat licencja straciła ważność. Wyczytałem, że antywirek Windowsa jest dobry więc niczego już nie odnawiałem.

Logi w załącznikach

Dzięki za pomoc.

gmer nie chciał się dodać

Kod: Zaznacz wszystko: GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-29 10:41:44 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Crucial_CT120M500SSD1 rev.MU05 111,79GB Running: 03wb7r58.exe; Driver: C:\Users\Bartek\AppData\Local\Temp\pwddqpog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE[9100] C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE!wdGetApplicationObject + 18 00000000010f1950 2 bytes [0F, 01] .text C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE[9100] C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE!wdGetApplicationObject + 202 00000000010f1a08 2 bytes [0F, 01] .text C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE[9100] C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE!wdGetApplicationObject + 920 00000000010f1cd6 2 bytes [0F, 01] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [13048:12312] fffff96130024060 Thread C:\WINDOWS\system32\csrss.exe [13048:19424] fffff96130024060 Thread C:\WINDOWS\Explorer.EXE [9568:19096] 00007ffab5530250 Thread C:\WINDOWS\Explorer.EXE [9568:5588] 00007ffaadfe0250 Thread C:\WINDOWS\Explorer.EXE [9568:12316] 00007ffaa6270250 Thread C:\WINDOWS\Explorer.EXE [9568:11096] 00007ffabbc10250 Thread C:\WINDOWS\Explorer.EXE [9568:19092] 00007ffabbc10250 Thread C:\WINDOWS\Explorer.EXE [9568:11092] 00007ffabbc10250 Thread C:\WINDOWS\Explorer.EXE [9568:8680] 00007ffabbc10250 Thread C:\WINDOWS\Explorer.EXE [9568:16800] 00007ffabbc10250 Thread C:\WINDOWS\Explorer.EXE [9568:10940] 00007ffabbc60250 ---- Processes - GMER 2.2 ---- Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE [9100] 000000000f520000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE [9100] 0000000061930000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE [9100] 00000000617a0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSOIDCLIL.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE [9100] 00000000611d0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSLID.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE [9100] 00000000514c0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [3712] 000000000f520000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [3712] 00000000617a0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [3712] 0000000051200000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [3712] 0000000050fd0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\1033\VBE7INTL.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [3712] 000000000f160000 Library C:\Windows\SYSTEM32\FM20.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [3712] 0000000050e90000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUIRES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [3712] 0000000009340000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\1033\VBEUIINTL.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [3712] 0000000009870000 Library C:\Windows\SYSTEM32\fm20ENU.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [3712] 0000000009bf0000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1893497531 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b1000131c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b1000131c@2073ab47e253 0x2F 0x82 0xF9 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@COD Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@DeviceSelectiveSuspended 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@Scans Before Out of Range 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@SCO Max Channels 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@SymbolicLinkName \??\USB#VID_0A12&PID_0001#6&2c24ce2e&0&2#{0850302a-b344-4fda-9be9-90576b8d46f0} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@SymbolicName \??\USB#VID_0A12&PID_0001#6&2c24ce2e&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@COD Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@Scans Before Out of Range 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@SCO Max Channels 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@SymbolicLinkName \??\USB#VID_0A12&PID_0001#6&2c24ce2e&0&3#{0850302a-b344-4fda-9be9-90576b8d46f0} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@SymbolicName \??\USB#VID_0A12&PID_0001#6&2c24ce2e&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@COD Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@DeviceRemoteWakeSupported 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@DeviceSelectiveSuspended 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@RemoteWakeEnabled 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@Scans Before Out of Range 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@SCO Max Channels 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@SymbolicLinkName \??\USB#VID_0A12&PID_0001#6&2c24ce2e&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@SymbolicName \??\USB#VID_0A12&PID_0001#6&2c24ce2e&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-12-2a-bb-46-e1@AddressCreationTimestamp 0x53 0x89 0x33 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-12-2a-bb-46-e1@ClientLocalPort 61261 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-12-2a-bb-46-e1@UPnPExternalPort 61261 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-12-2a-bb-46-e1@TeredoAddress 2001:0:5ef5:79fb:388f:10b2:b201:b53e Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 681 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x8B 0xB4 0x13 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x8B 0x1C 0xD8 0x82 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x8B 0x4C 0x4F 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x03 0x06 0x13 0x0D ... ---- Files - GMER 2.2 ---- File C:\Users\Bartek\AppData\Roaming\HoldemManager\Database\HoldemManager2\Players\2\Vitaly66606 0 bytes File C:\Users\Bartek\AppData\Roaming\HoldemManager\Database\HoldemManager2\Players\2\Vitaly66606\20160429 1123 bytes File C:\Users\Bartek\AppData\Roaming\HoldemManager\Database\HoldemManager2\Players\2\NoRiverRager 0 bytes File C:\Users\Bartek\AppData\Roaming\HoldemManager\Database\HoldemManager2\Players\2\NoRiverRager\20160429 1077 bytes File C:\Users\Bartek\AppData\Roaming\HoldemManager\Database\HoldemManager2\Players\2\walhal 62 0 bytes File C:\Users\Bartek\AppData\Roaming\HoldemManager\Database\HoldemManager2\Players\2\walhal 62\20160429 2715 bytes ---- EOF - GMER 2.2 ----

**Posty:** 4765 · przez **ordynat** 29 Kwi 2016, 13:41

W logach nie ma niczego podejrzanego.

Tylko kosmetyka (w tym usunięcie śladów po Kaspersky'm) :
Otwórz Notatnik i wklej w nim:

DeleteKey: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kaspersky Internet Security 2013
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kaspersky Internet Security 2013
CustomCLSID: HKU\S-1-5-21-725722643-3999779410-799618441-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-725722643-3999779410-799618441-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-725722643-3999779410-799618441-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-725722643-3999779410-799618441-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-725722643-3999779410-799618441-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-725722643-3999779410-799618441-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-725722643-3999779410-799618441-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-725722643-3999779410-799618441-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-725722643-3999779410-799618441-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-725722643-3999779410-799618441-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Brak pliku
Task: {2435388B-9DE9-46A4-B12B-F002A95CC7C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
Task: {019ED1A3-B1D6-4D81-9328-8D7B3AEFB915} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {05F73772-4937-4363-A27D-F5C71B9948F1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
FF Plugin HKU\S-1-5-21-725722643-3999779410-799618441-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Brak pliku]
CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1426160639&from=cor&uid=CrucialXCT120M500SSD1_14130C0EA78B0C0EA78B"
S3 WsDrvInst; "D:\programy\koma\Dr.Fone for Android\DriverInstall.exe" [X]
S1 KLIM6; \SystemRoot\system32\DRIVERS\klim6.sys [X]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-03-12]
F HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2015-02-18] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2015-02-18] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2015-02-18] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2015-02-18] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2015-02-18] [Brak podpisu cyfrowego]
FF HKU\S-1-5-21-725722643-3999779410-799618441-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => nie znaleziono
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-07] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-07] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-07] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-06-02] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-07] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-07] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-06-02] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-07] (Kaspersky Lab ZAO)
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
.