Nevan

W takim razie pobierz logi FRST z poziomu RE: KLIK.

To znaczy, że przy próbie wejścia w Tryb Awaryjny (przez F7) dostajesz ten sam bluescreen? Gdzie go wyłączyłeś?

W Windowsowym szukaniu wpisz msconfig > zakładka Rozruch > zaznacz Bezpieczny rozruch oraz Sieć > OK > Uruchom ponownie. Pamiętaj tylko, żeby później spowrotem zmienić te ustawienia.

Ostatnie poprawki. Otwórz Notatnik i wklej w nim: C:\Program Files (x86)\015e3c37-96af-472d-b6c5-5a866cb22ff1 C:\Program Files (x86)\84755b0a-737c-49bb-afc1-43e334495121 C:\Program Files (x86)\8c4c2854-5d8a-4bb3-bb0e-2e6ba81a3892 C:\Program Files (x86)\baidu C:\Program Files (x86)\TwIstTerminal C:\Program Files (x86)\Shopzy C:\Program Files (x86)\Costly Wash CMD: del /q C:\Users\lenovo\Downloads\sd4cjpnl.exe CMD: del /q C:\Users\lenovo\Downloads\tprvg136.exe Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

Problem rozwiązany. Temat zamykam.

Sprawdź, czy możesz uruchomić system w Trybie awaryjnym. Z jego poziomu wejdź w C:\Windows\Minidump i znajdź plik .dmp z najnowszą datą. Wrzuć go na jakiś hosting, np. Speedyshare. Zrób nowe logi FRST z poziomu Trybu awaryjnego. Wejdź w Avasta i sprawdź raport odnośnie usuniętych plików.

Kwarantannę MBAM możesz przeczyścić. Do wdrożenia drobne poprawki. 1. Uruchom narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście wpis Google Update Helper > Dalej. 2. Otwórz Notatnik i wklej w nim: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\Program Files (x86)\Google C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome C:\Users\lenovo\AppData\Local\Google Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk C:\Users\lenovo\Desktop\Google Chrome.lnk C:\Users\lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk CMD: DIR "C:\Program Files (x86)" /A:D Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Zrób nowy log FRST z opcji Skanuj (Scan), bez Addition i Shortcut. Dołącz też plik fixlog.txt.

W logach czysto. Jeżeli nie ma już więcej problemów, zastosuj Delfix i wyczyść foldery Przywracania systemu: KLIK.

Problem rozwiązany. Temat zamykam.

W logach nie widać infekcji, a i z poziomu programów nie ma się do czego przyczepić. Zużycie procesora i pamięci też jest niskie. Z mojej strony do wprowadzenia małe czyszczenie, nie mające związku z omawianymi problemami. 1. Przez Panel sterowania odinstaluj stare wersje programów: Adobe Flash Player 10 ActiveX; Adobe Reader XI (11.0.12) - Polish. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia HKU\S-1-5-21-3646099861-1544004646-182888485-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-05-25] FF HKU\S-1-5-21-3646099861-1544004646-182888485-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 S3 catchme; \??\C:\ComboFix\catchme.sys [X] Folder: C:\Users\Krzych\Desktop\UyAEVh9a 2015-09-10 14:23 - 2015-07-10 22:55 - 00000000 ____D C:\Program Files (x86)\WordAnchor_1.10.0.20 Task: {1EB11F54-EA8E-4E63-9E9E-C0230189E875} - System32\Tasks\{64652996-EB29-49DF-B045-C2E677BDE549} => pcalua.exe -a C:\Users\Krzych\AppData\Local\Temp\Temp1_TL-WN725N_V2_130326.zip\Setup.exe EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Zrób nowy log FRST z opcji Skanuj (Scan) (bez Addition i Shortcut). Dołącz też plik fixlog.txt.

W logach czysto. Jeżeli nie ma już więcej problemów, usuń ręcznie GMER, zastosuj Delfix i wyczyść foldery Przywracania systemu: KLIK.

Spróbuj wejść w Menedżer urządzeń i stamtąd przeinstalować sterowniki i urządzenia audio. Jeżeli to nie pomoże, uruchom narzędzie do diagnozowania problemów od Microsoftu: KLIK 1. W logach widać niepoprawnie usunięte urządzenie od Kasperskiego: Wejdź w Menedżer urządzeń i je odinstaluj. 2. Są także błędy explorer.exe spowodowane rozszerzeniem Nero: Jeżeli nie korzystasz z Nero 7 Essentials, odinstaluj go. Jeżeli korzystasz - powiedz, spróbujemy czegoś innego. 3. Uruchom Firefox i ustaw go jako domyślną przeglądarkę.

To znaczy? Co dokładnie dzieje się przy próbie wyłączenia? Jakieś błędy?

Akurat zawsze pod tym kątem polecam Avasta i tego też trzymam się teraz. Różne rzeczy słyszałem o produktach Comodo i szczerze mówiąc trudno mi stanąć po którejkolwiek ze stron. Jak by nie było, jakakolwiek przeglądarka nie byłaby zainstalowana, wszystko zależy od użytkownika i stron jakie odwiedza. Zawsze można spróbować wtyczek, np. Web of Trust (pokazuje opinie na temat stron przy linkach). Zawsze to jakaś poprawa bezpieczeństwa. Trzeba najpierw upewnić się, co siedzi w kwarantannie. W programie wejdź w Historia > Raporty aplikacji i znajdź najnowszy Raport skanowania. Skopiuj zawartość na wklej.org i podaj utworzony link do wklejki.

Czego nie możesz włączyć?

Brakuje logu Addition o który prosiłem. Uzupełnij.

Do wdrożenia mała poprawka. 1. Otwórz Notatnik i wklej w nim: HKU\S-1-5-21-2432944317-3742113809-1526851054-1000\...\Run: [Zdmcmb] => C:\Users\Sylwek\AppData\Roaming\Zdmcmb.exe C:\Users\Sylwek\AppData\Roaming\Zdmcmb.exe Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 2. Zrób nowy log FRST z opcji Skanuj (Scan) (bez Addition i Shortcut). Dołącz też plik fixlog.txt.

W logu czysto. Tylko drobna poprawka apropo Springfiles w Panelu sterowania. Otwórz Notatnik i wklej w nim: Reg: reg delete HKU\S-1-5-21-973903641-291106771-1967127616-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpringFiles /f Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

W logach nie widać śladów infekcji, jest jednak widoczny wpis Debugger, który blokuje CCleaner. Do tego trochę śmieci, głównie pozostałości po pobieraniu plików .dll. Apropo czyszczenia rejestru CCleanerem - nie polecam tego robić. Programy do czyszczenia rejestru działają na podstawie schematów i nie biorą pod uwagę różnych zmiennych, przez co mogą zostać usunięte prawidłowe wpisy. 1. Przez Panel sterowania odinstaluj stare wersje programów: Adobe Flash Player 18 ActiveX; Adobe Flash Player 18 NPAPI; Adobe Reader XI (11.0.11) - Polish; Adobe Shockwave Player 12.1. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] IFEO\CCleaner64.exe: [Debugger] svchost.exe Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f AutoConfigURL: [s-1-5-21-3523831722-436908771-449274672-1000] => http://127.0.0.1:10922/proxy.pac Toolbar: HKLM - Brak nazwy - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X] S3 cpuz137; \??\C:\Users\Karol\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] S3 vm331avs; System32\Drivers\vm331avs.sys [X] U3 pgloqpog; \??\C:\Users\Karol\AppData\Local\Temp\pgloqpog.sys [X] S3 vm331avs; System32\Drivers\vm331avs.sys [X] Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> Brak pliku AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 FirewallRules: [{14A689E7-C443-4044-A26B-23F5B4D1D67E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [TCP Query User{9F0000B4-68A9-454D-B19A-3FFB717D8683}C:\users\karol\downloads\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com]\p2p-f14p\p2p-f14p\game\fifa14.exe] => (Block) C:\users\karol\downloads\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com]\p2p-f14p\p2p-f14p\game\fifa14.exe FirewallRules: [uDP Query User{DBB3B58B-F569-4180-B456-3C11CFAF5EE9}C:\users\karol\downloads\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com]\p2p-f14p\p2p-f14p\game\fifa14.exe] => (Block) C:\users\karol\downloads\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com]\p2p-f14p\p2p-f14p\game\fifa14.exe FirewallRules: [{BC5B4E16-77AA-4436-8D68-90D51EE79459}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{EA775D08-7706-4CCC-AD38-46E468A85CEE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{29B318AA-53BF-49A1-85C9-B99352F4C11A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{8C8E0003-1F1F-4BDB-841F-3360314ED347}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{B6DB194A-81D6-4832-9067-5395B04DA559}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{327D579C-FB3E-4A89-820A-15C3B7096616}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{5DDA5CF8-3041-49C8-985E-599EFE949598}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{C9EC67D7-0294-4977-977A-A4A69805A034}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3EC28FB9-9D67-44A9-9E4A-505D1C452580}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{994F90A0-7819-4A27-9196-B6553C947D4A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2D584DC7-208F-4C4B-950E-6B074A8F9D48}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{80ED816E-9AF5-462F-97A8-A0DECF7003B5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{E959C7F3-BB25-4CF8-8639-1E82CA525C56}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{957DB8E5-78F6-4B90-9889-E914AEE4E55A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{D42A625D-6E88-4D84-BC93-481212350E59}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{0857FA31-1F7D-4B77-839A-170F98A59036}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{B827B83C-C652-4CC2-8960-D7DD3E8EF6B7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{51A58404-84F0-4FAA-A442-57E2199D82E0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{D106A8F0-DCFB-4739-9749-37482FDB833A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{954E235A-8E86-4409-9505-A2BFFDD32F86}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{5B7CEE08-4ABA-4C27-B485-3E4648C93BCE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{B0278C4F-372A-4C37-B76A-9A4DAF5F4937}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{002DD164-C9ED-4501-BD8E-70C986B2ABEB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{B5AB5CDB-EADF-450E-A32C-6A13F91EA02F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{91B76B37-3A27-4A6C-ADB4-3FF8FE34ACB8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{31BA144C-4251-44F5-A3C3-CE8978F14E50}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{7F12BB56-00A2-4FE2-B7D1-79BA4CC4BEFA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{8AACA69F-94DF-42B5-B757-A1B42A54F5ED}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{1F3A691C-4736-44E8-9032-B8FEB722BDCE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2108E423-324C-4089-9144-E736F2301064}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{8E566079-DBB4-4857-BF9C-2665DAF8523B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{4882BE74-257E-4714-B9F2-8569BAFC3FCD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2B25C664-9A6E-4956-84A1-7587A21CE208}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{A3A1ACE5-035F-43B1-9F9B-A6848B8EC8FD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{24FE76B9-E190-4E1E-ACE7-61A285F9CB61}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{7BBC49EE-3C66-4E73-8D0D-A7DD88DA7D2C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{9EA9BB43-9E77-4174-838B-298B5671D38F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{D03267D1-4380-4B3F-AF07-27658D1BF293}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{707CE576-D0A2-4656-A451-1E7663E68C2D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{D4957719-AC82-4F9E-8257-829C13E09A6C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{EE97AE7D-59B3-4EAB-8CB3-6FB9B281D943}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2B40406C-CB1B-41F9-A79B-E05912BC827D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{125F0CB3-0423-4AD7-8D2A-2C8A21F12317}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{F7ED9082-B71F-4DE6-9940-B8BF6F226633}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{1429D2AB-A464-4BCE-BEF8-30EF7E571127}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{B8FEFA63-DAB1-47F5-99CB-474D3F9842ED}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2F5B7042-1A9A-4715-97C5-9BC714FDBD77}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{4AE38AB2-221D-4467-92F0-402B8D9E2268}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{D29FDE4B-3993-42FF-BF4D-9DA16ABAD29C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{48CAFD9C-335A-4D3C-8715-4F140AAF25DD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{22614834-6431-488A-99D6-4482010EE643}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{16A027DA-04CE-4527-8D8C-68D4707BB42D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{B288D368-8DDC-47B9-9004-603BE017E573}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{C3988F5F-F57F-4B71-AEC0-635892193C63}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{201F0071-DDD4-4BB3-B600-10663330018A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{F410BC76-6E55-42B4-AFB3-56F017E58BC2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{E02A3D7A-452A-481E-B995-15F9952D6909}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3EFFDCCC-BADA-4B19-A700-94AE17C47AFA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{1637A24B-4C77-444A-8A0F-6C34DFA9C4D7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{CA287786-2CC0-4AC1-BC13-25D7713DEDC1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{8F550321-C244-44B1-8596-A61FD91F1CA0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{94F802FD-D292-4981-996C-23C6AF82C35A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{565E5B29-8161-46C8-87F1-2134D1D3E033}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{1FA6621D-5F9A-4E67-8938-ACF9BDC7DAF3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{808AE2C5-F483-4884-B8A9-41F3D5A44FCF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{065BFFCC-00D7-4127-AA5E-E48B50F67A5D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{76FAC7BD-732E-4186-85F1-2DA2A379B78D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{CEF14CC0-8971-4115-9E3C-D826A0D7D2F4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{4913B09A-BDF5-476E-B19C-17CD2D3CA900}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2C91C482-2056-491F-98BC-8B6677694E81}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{12B62F75-8048-4EE8-8C60-89FF039DF4B4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{24E62713-B33F-4059-902F-A72DC56D8F11}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{33B5B5F9-6037-4553-AB01-71C719B7AC9C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{FA172F36-97C2-4F28-8AE5-4EB181CDC2CC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{E762C7F0-E580-4A90-B75A-6BAFCD154A1E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{184154FC-F473-40C4-AED1-FDD153286A02}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6683AFFC-764D-4BA6-9F17-1D481A4B2389}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{DC8E544E-6A64-45DD-BF74-96BDD36473AB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{5BAD79C2-82DA-4A0C-9741-23304E0F2EE8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{48971283-26FF-4C16-A2AE-F0BEDE606EF5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6964DE2B-BE35-4A98-B771-F90B155D5363}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{A115E6E4-4C5B-4BA1-B783-BC01DB778967}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{E549B6B8-C0E8-4DEB-AEDB-F4DD4D9454C3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{EE30BA48-B11D-4D8F-884F-9C49782885A6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{0729820E-4B18-402A-9C00-E6A09454E9B8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{FF093E91-26F6-48A9-B840-979779FDE27B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{C1020EBB-4D74-4747-AF7C-50CD4A15F194}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{119500E3-EDE6-4A64-B877-64CFE0BFA584}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{47DD7C3A-CEE5-4E5D-948C-212662CD0762}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{581A1D16-7249-44A0-BAE2-38EE04B534AA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{D51423C0-E74A-4BEC-AF86-91A2556F1511}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{EBACB74D-038C-4CE5-9A54-B40B11D4ABD9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2D5684F4-BF02-48E9-9B2C-52A6FAE94DDD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{15E67D78-0559-4D45-B880-738A3EE0B732}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6B7C552F-F61A-498C-9B6C-79602993FDBB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{CB7F4C2E-1911-4E59-8C54-52DA018318DF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6BB8EF91-F327-4C03-B131-92C085171A8A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3C3511F5-6C7A-4B96-98F4-1D4195C6D99D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{9C98C4C7-82C2-4D52-A042-226BC557D61A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{74F94973-0884-4211-BB12-E1B15FDF1601}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{4D9BB7E7-498C-4619-B692-77C3B5347204}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{ED9AEE05-4400-436E-A46A-07B88C7CAEDD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{9EAC37F8-75AB-405D-ABCF-F728CBD2C681}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3174947E-B72A-42FA-9E75-4A42E6A67942}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{E07AC2C4-F9D4-4C02-92BB-D054498EED44}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{E55C8D52-0044-4B48-85BE-608B86E83CCA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{4BE78713-B1B6-42DB-878A-BAE72A299F33}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{0C4EDBD6-9468-4064-8E98-B5C0C8FB0CF0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{8506CD3F-C0F8-4544-9582-7EC605A30C63}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6C949747-1DB1-4FDD-878C-8A9081B15FF0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{89471597-22B9-4027-818F-28F7C983E900}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{23793869-72F9-4DB6-BD63-F5D1FFD55DB3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{F1E09BEC-869E-4951-AE4A-B04870598E9C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6774CCDF-760F-44F2-905C-91CF9EC0C1A6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{97D16E41-FBAD-4C1D-BACD-32AB9393752C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{66790CAF-1AB0-4D76-9D6F-F28F908F6976}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{67364871-1599-4D04-BEC0-70B8E673C216}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{1ACA7735-B7C2-4FA9-8381-692F2F103AE5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3C0C3EE9-B8FB-42F7-8298-6D9D8A4E0E55}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{695E77AE-BDD8-4361-BC8D-B6F3DD5B63CE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2F97E299-184E-4E41-9304-1143A860449E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{CF0BEF90-2054-4295-97D5-B30BB236B491}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{664DB0DA-A0B5-4C90-BC72-6695DF822385}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{67854290-113A-414C-97B9-585A91829486}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{DE1FD071-9521-4742-BF08-830BC2A24131}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{4AAEE218-0A72-4477-90C5-07E8EE6183CF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{D720537F-E16F-4185-88DC-7FCAD19CC781}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{996AED2F-E233-4DE4-8F9A-7BB317459248}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{DCDA754D-DCC4-4A9F-908B-69E02D47F057}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{71A51792-888C-4ADA-8F96-20DF39C49549}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{7048609A-4B5F-43BE-8912-48A5F0553B52}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{CAFD94AC-DC50-4B6F-96E1-3304AB162723}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{7701E6FE-6324-4721-AE88-0D1EF2AD80A5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{261B2890-0FDE-475A-8609-393ED8983489}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{41571508-2E21-4DCF-8CE3-C83EE1DE4D9D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{F2744106-0B43-4AE1-8C4E-38E530102897}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{32646138-9FE7-486F-A992-1700F32760F9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{1812911B-E6DA-42B5-9949-FE20346AFE04}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{349E7E79-6638-4ADC-9177-5DAACAADD422}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{973D82E9-AC3F-4BC3-AB85-2431B513F27B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{E67DF059-6B2E-4A1C-BE08-4E18989DA4ED}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{31B25DBF-FC81-4A80-BD61-844AFCE8914C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{416B3D9D-662E-43BE-967F-A47C82C159DC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{9449B1BE-C55B-4782-A6DA-A65BBCE4026F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{A1A127DA-C889-4336-8C99-3EF411D8FDBA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{7362F1AC-85A9-4B3E-9E3E-3F94B2AE6A31}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{444F484B-BA8D-430E-A02E-0BA59154F40E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{29751766-603D-491F-8D1E-32F74D1474A6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{EA967717-FC81-4A0F-B86C-B0B40441F1F0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{CAD12C2A-3DF8-4C30-B2EE-FDFA65B6B456}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{7CEEB4FC-ECBD-4A4C-B483-AF2EEF5A058C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{9913477B-E2CF-47B9-8AE5-5154170A6A97}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{742F5773-3005-4373-9E76-ABB2071D50E4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{CFCAE76A-2EBA-4798-AC69-DF47A9DE1AE1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{41D7ACD5-4DFA-4EA4-8ADB-9449B2E0238D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{536F94E1-3102-439D-93F2-32D54B930E14}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6DA886C4-B1A0-45ED-89C4-36609020D554}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3EA4230F-B39E-4E87-8303-561D7F2A16A9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3D9DA8F6-EAF0-472F-A915-0402B1EEC70D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{C075C46E-574F-4890-9EEC-0C9414DC3F01}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2EF004C5-C44D-45EB-90B9-89743DAE7EBA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{AF3443E5-C578-4B64-967C-48B596D07763}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{8977BA5F-4B9E-45DD-A2F4-DE3C80763874}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6F862653-0026-45FD-9A80-6853937ABF5D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{DA4DF352-6165-4562-B827-7A05CCEA90C1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{BD82A12E-E4DB-4C6C-B4EE-DBB9F6D0D19B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3484ED1A-AB90-427E-81FC-45CDA79F9A06}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{EFEBBC30-14CD-4838-A44C-715E6AF7ED2C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{D11A9BE7-6AF5-44D0-8498-0111FB791507}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{B45F1AF6-D0D5-4181-8C3A-228E2BBB1666}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{7B59EE4A-7867-4AEB-AB4D-750650D639A3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{355E7B6E-45F8-4953-9247-0D18894CD4AE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{A60E7B86-4B96-440B-A97F-590734E85727}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{A4DBEEC7-3AE1-4E65-ADCF-3509EF7D3416}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{C502398B-06D3-4A71-8BF9-7CB90A0F9C03}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{7DFBF8DD-2628-4DF8-954D-E3A660491501}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{39EBAFD8-0090-4CF0-BD1F-5E1594610E68}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{49B988EA-DB00-4052-AA4B-89018A95D696}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{603560A3-EEBF-4E6C-AA9A-0845EC1896F6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6F49FF16-8530-4148-8B9F-BDB1F52A69D3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{097A9558-A740-41D4-850C-B00166782301}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{A75C00B3-43E0-4600-BA37-7F6022D81722}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{8F7B45E8-1443-493E-9155-AC5DC22B9DDB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{8C781E4A-FB38-411C-ACDF-08A319B9F9A2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{B35959C3-0563-481B-BC85-DC51219A96C9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{79B51478-0F0C-453C-A0DF-1F0B17020716}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{4674F71E-FA51-402A-950A-00F9E1880D2B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{81A8A41B-A89C-4E71-820D-FF4B3084B03B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{75C4D582-1101-4AAB-AB20-11F026391D7B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{CCB9D9D0-4E72-462A-8C98-82B7F93B4E42}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2A2867EC-04E3-451A-B722-23E8A844214E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{12985D79-EF4C-45EC-83AB-DFE7C4C6ED24}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{F3B0F184-ED2F-4BEC-8AA5-877424030BE5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{5109ED10-1776-40F2-8725-9B830B0BBCFB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{746E7D88-FDB3-40DA-9F7C-B1BDAF887865}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{7B6E8090-6271-4FA9-B92F-7ADFCFC2CF72}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{12FFCB3F-2CEF-47AC-BD6C-317048866EFA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{1A799BB2-6D51-4C44-A63C-9CF3BDC0A68B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3912FAC0-D264-4E21-A79A-36071D17CDFB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{36ED3FA0-5931-4E0C-94E4-404F2333DE5F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{9079308D-91DF-4F54-A3DF-0A4C14FFF23E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{B40EB247-F8CE-44C9-AA2D-125FA5172926}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{70FD5F07-D627-4263-9F85-8E1777C4C85C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{755E320F-AC1E-45A2-8E55-29F1282E9D24}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{72499F8A-0E0B-40C3-BB86-E2F69048986E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6AF99EA5-8556-47C2-A70A-F598673F35FB}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe FirewallRules: [{6780E786-FF57-4226-AECA-53F644DCC9D1}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe FirewallRules: [{95ADED19-15C4-4A85-AE2B-A553011BB7AF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{264343B6-D057-4E45-B034-5F8AF28D817A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{D92A11CB-B0BC-40AB-8E13-BC10A962340D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{85F3CD48-4930-42AD-BD1F-47A28F51A0ED}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{948D77C0-3839-407F-A7FE-9F925103F481}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{0BEEBD82-12FA-492D-90B7-CB90A8BEE12E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{969537C4-F7A2-42EA-BA60-D4F6F13C54A4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{F39895E5-10FA-459B-AADB-21D1111F8639}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{0DD9A534-114D-40BC-B214-27C33A729E3F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{A8925F75-32CB-4FFF-9290-35AFA842AB8B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{25934987-5211-495E-8E6A-11370D01E88C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{F746B13F-7CAE-409E-B94E-7B82C2AF6CBC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{5362A445-9F07-4C10-AD97-4F860AA2F807}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2F87BE95-5879-435C-9E7B-6A2A67CB051C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{94828EE0-92A7-475D-ABA3-51B0D0DB4E5E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{EF2E153E-53A1-475A-B3DA-93AC3EA8B351}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{BB023DF0-57EC-40FD-B826-F1E3FE81B5B2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{500D4283-C270-4AF7-901B-A328E0512A37}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{CA329A7E-D90D-49C4-B98D-86A6D17E70D0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{651571E0-F8F6-4113-A71F-8F24B045CF64}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{896F65C0-6359-41D7-9EEF-AA751612C123}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{DAC31171-D23C-415E-BC86-3A34873CB61C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{0759E0D1-0453-4105-B042-A1A7E857BCF8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6B4F054A-F239-44EF-B484-76F6167F32D1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{216BE9AC-B7F8-481D-B3DC-0938F9E6E3BD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3AC61567-24CE-474A-9975-8DB2C037EB08}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{748DDBE9-F2E9-4793-BF54-A2A9218DF730}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{9BA679E5-916F-4C44-861D-B1A6E8C75E3F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{B9AB40B7-5D34-4813-9DF6-D62B10EF216C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{F64B1719-DD5E-450F-A197-20DCA08A106B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [TCP Query User{E5FF999C-196A-44D6-80E7-BEB837F49BCE}C:\users\karol\downloads\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com]\p2p-f14p\p2p-f14p\game\fifa14.exe] => (Allow) C:\users\karol\downloads\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com]\p2p-f14p\p2p-f14p\game\fifa14.exe FirewallRules: [uDP Query User{B1C23657-2836-40B2-90BF-DAE2C0EB6835}C:\users\karol\downloads\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com]\p2p-f14p\p2p-f14p\game\fifa14.exe] => (Allow) C:\users\karol\downloads\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com]\p2p-f14p\p2p-f14p\game\fifa14.exe FirewallRules: [{3943D7D3-9628-45DE-9E4A-4BD1983C2F64}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{AB5B1D8F-7EFC-4D1B-A8B0-517E07ADC978}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{C6581458-CC30-406D-93D4-EB87EBA47FCB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3D445BBD-D0C7-4E64-B9A3-CFC2D5E35D99}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{8D40E1EC-0A7B-4C36-A148-428AEB72F865}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3216C161-9E28-4CCC-905A-5D6DF5225E1A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{7C666F04-B0EB-4E73-A5AD-89480AABA33A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{39390AB6-CA11-4484-B4B8-BDC5B916DDF4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{D8FBEC28-C39A-4CF0-8E31-EB4B193C3256}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{046E8887-34EB-475E-AA00-684038FDD5B9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{F76FF16B-0DBD-45B9-B6C5-B5DCE442BEAD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{CD1F1C8A-5148-4E38-B9EC-3CF8F51D5EB1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{4638C0B1-C1C8-4EB9-A31E-959F205B232E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{9C06D75F-35B9-4F65-A096-85C218CB1033}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{D5C34ED6-8246-4034-8A4A-5D00EF2AF9EE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{01381DFF-88F9-432A-BC70-6A3F453A9347}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{15871205-179C-4497-9A43-079DB892E10F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{45AE453F-1915-4EBD-8F1F-E43823E65BD5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{FA941CFC-39BF-4B23-A757-9EF23B5558F5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{C63F67B6-704F-4A5E-9B06-23D672E23F68}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{35C7D5FA-92C3-4EA8-98C6-390BE100DF62}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{70613C68-4AF0-48BE-9F3B-33921C40AF05}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{17E03953-5DCF-449E-9E83-1CC63AE6052B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{FA3C0FBF-263D-40B1-9F4E-A94929751BE1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{7B908337-ACA9-43B3-A223-FD02E5385CB2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{0D0A5076-EC76-4537-B0FC-14E0C5C8DDF3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{EABE262D-8C33-4436-86C3-524F3CFCCD7B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{9BFAD9FB-9BEB-4588-95FC-D4EEEFADA5E2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{0B3BA187-7AE3-49B8-A7ED-87E9E78D40E5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{040883DE-CB6E-4995-8C39-E9DC5F8A8885}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{774DE5EA-8CDD-47BD-B2D6-10AD8C972E67}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{3636CC7F-1F9F-4FC4-B1A7-BFD6A2ABDBC3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{55EABE54-8AE5-47FD-8172-60A2E1D691B2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{55F6F6BC-4A90-4F6A-B946-3AA365F5DBDF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{0DC9DDC1-1513-4260-BE6E-56E2347C1E04}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT\Ocbase.com.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT\OCCT.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT\Uninstall.lnk C:\ProgramData\Microsoft\Windows\GameExplorer\{E78E1B9B-5B2D-4033-BA46-92B71D00045D} EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Zrób nowy log FRST z opcji Skanuj (Scan) (bez Addition i Shortcut). Dołącz też plik fixlog.txt.

W logach jest straszliwy bałagan. Masa adware, do tego uszkodzona baza Usług kryptograficznych. Zabieramy się do roboty. 1. Uruchom narzędzie Fix It 50202 (zaznacz tryb agresywny): KLIK. To narzędzie działa na XP, a tryb agresywny resetuje bazę Usług kryptograficznych. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: R2 ExtTag; C:\Documents and Settings\All Users\Dane aplikacji\\ExtTag\\ExtTag.exe [441856 2015-09-17] () [brak podpisu cyfrowego] R2 NetTcpHandler; C:\Documents and Settings\User1\Dane aplikacji\NetService\netservice.exe [173088 2015-07-09] () R2 Saophase; C:\Documents and Settings\All Users\Dane aplikacji\\Saophase\\Saophase.exe [441856 2015-09-17] () [brak podpisu cyfrowego] R2 SSFK; C:\Program Files\SFK\SSFK.exe [458400 2015-09-27] (TODO: ) R2 WdsManPro; C:\Documents and Settings\All Users\Dane aplikacji\tWdsManProt\WdsManPro.exe [442504 2015-09-24] (DTools LIMITED) S1 Cdaudio; Brak ImagePath S3 cpuz134; \??\C:\DOCUME~1\User1\USTAWI~1\Temp\cpuz134\cpuz134_x32.sys [X] S3 Parport; Brak ImagePath S1 ppfd_vt_1_10_0_22; system32\drivers\ppfd_vt_1_10_0_22.sys [X] S1 ppfd_vt_1_10_0_24; system32\drivers\ppfd_vt_1_10_0_24.sys [X] S1 Sfloppy; Brak ImagePath U3 TlntSvr; Brak ImagePath S2 totyseku; Brak ImagePath S1 wwfd_vt_1_10_0_24; system32\drivers\wwfd_vt_1_10_0_24.sys [X] HKLM\...\Run: [gmsd_pl_005010095] => [X] HKLM\...\Run: [gmsd_pl_005010096] => [X] HKLM\...\Run: [upgmsd_pl_005010096.exe] => C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\gmsd_pl_005010096\upgmsd_pl_005010096.exe [3320240 2015-09-24] () HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DANEAP~1\ExtTag\Unacof.dll => C:\Documents and Settings\All Users\Dane aplikacji\ExtTag\Unacof.dll [384512 2015-09-25] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Brak pliku GroupPolicy: Ograniczenia - Chrome CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia Task: C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job => C:\WINDOWS\system32\cscript.exeWC:\Documents and Settings\All Users\Dane aplikacji\Baidu Security\Duplicaterecord.js Task: C:\WINDOWS\Tasks\44fea398-f68a-4e75-9bbc-3681d760ca3a-10_user.job => C:\Program Files\CinemaP-1.9cV01.09\44fea398-f68a-4e75-9bbc-3681d760ca3a-10.exe Task: C:\WINDOWS\Tasks\44fea398-f68a-4e75-9bbc-3681d760ca3a-11.job => C:\Program Files\CinemaP-1.9cV01.09\44fea398-f68a-4e75-9bbc-3681d760ca3a-11.exe Task: C:\WINDOWS\Tasks\5030a62f-a3c2-40dc-b700-e69504166c18-1-6.job => C:\Program Files\iWebar\5030a62f-a3c2-40dc-b700-e69504166c18-1-6.exe Task: C:\WINDOWS\Tasks\5030a62f-a3c2-40dc-b700-e69504166c18-1-7.job => C:\Program Files\iWebar\5030a62f-a3c2-40dc-b700-e69504166c18-1-7.exe Task: C:\WINDOWS\Tasks\5030a62f-a3c2-40dc-b700-e69504166c18-11.job => C:\Program Files\iWebar\5030a62f-a3c2-40dc-b700-e69504166c18-11.exe Task: C:\WINDOWS\Tasks\5030a62f-a3c2-40dc-b700-e69504166c18-4.job => C:\Program Files\iWebar\5030a62f-a3c2-40dc-b700-e69504166c18-4.exe Task: C:\WINDOWS\Tasks\5030a62f-a3c2-40dc-b700-e69504166c18-5.job => C:\Program Files\iWebar\5030a62f-a3c2-40dc-b700-e69504166c18-5.exe Task: C:\WINDOWS\Tasks\63f105b2-eed6-4b41-9277-b3c23a3958dd-11.job => C:\Program Files\Object Browser\63f105b2-eed6-4b41-9277-b3c23a3958dd-11.exe Task: C:\WINDOWS\Tasks\6a1bf0b7-a5e4-488c-85f6-3f0363a98d74-1-6.job => C:\Program Files\GoHD\6a1bf0b7-a5e4-488c-85f6-3f0363a98d74-1-6.exe Task: C:\WINDOWS\Tasks\6a1bf0b7-a5e4-488c-85f6-3f0363a98d74-1-7.job => C:\Program Files\GoHD\6a1bf0b7-a5e4-488c-85f6-3f0363a98d74-1-7.exe Task: C:\WINDOWS\Tasks\6a1bf0b7-a5e4-488c-85f6-3f0363a98d74-10_user.job => C:\Program Files\GoHD\6a1bf0b7-a5e4-488c-85f6-3f0363a98d74-10.exe Task: C:\WINDOWS\Tasks\6a1bf0b7-a5e4-488c-85f6-3f0363a98d74-4.job => C:\Program Files\GoHD\6a1bf0b7-a5e4-488c-85f6-3f0363a98d74-4.exe Task: C:\WINDOWS\Tasks\6a1bf0b7-a5e4-488c-85f6-3f0363a98d74-5.job => C:\Program Files\GoHD\6a1bf0b7-a5e4-488c-85f6-3f0363a98d74-5.exe Task: C:\WINDOWS\Tasks\72e64bd7-9720-4061-be8f-39180bfd848f-1-6.job => C:\Program Files\GoHD\72e64bd7-9720-4061-be8f-39180bfd848f-1-6.exe Task: C:\WINDOWS\Tasks\72e64bd7-9720-4061-be8f-39180bfd848f-1-7.job => C:\Program Files\GoHD\72e64bd7-9720-4061-be8f-39180bfd848f-1-7.exe Task: C:\WINDOWS\Tasks\72e64bd7-9720-4061-be8f-39180bfd848f-10_user.job => C:\Program Files\GoHD\72e64bd7-9720-4061-be8f-39180bfd848f-10.exe Task: C:\WINDOWS\Tasks\72e64bd7-9720-4061-be8f-39180bfd848f-4.job => C:\Program Files\GoHD\72e64bd7-9720-4061-be8f-39180bfd848f-4.exe Task: C:\WINDOWS\Tasks\72e64bd7-9720-4061-be8f-39180bfd848f-5.job => C:\Program Files\GoHD\72e64bd7-9720-4061-be8f-39180bfd848f-5.exe Task: C:\WINDOWS\Tasks\7709485d-3868-4af5-b43b-60b7816f6004-1-6.job => C:\Program Files\GoHD\7709485d-3868-4af5-b43b-60b7816f6004-1-6.exe Task: C:\WINDOWS\Tasks\7709485d-3868-4af5-b43b-60b7816f6004-1-7.job => C:\Program Files\GoHD\7709485d-3868-4af5-b43b-60b7816f6004-1-7.exe Task: C:\WINDOWS\Tasks\7709485d-3868-4af5-b43b-60b7816f6004-10_user.job => C:\Program Files\GoHD\7709485d-3868-4af5-b43b-60b7816f6004-10.exe Task: C:\WINDOWS\Tasks\7709485d-3868-4af5-b43b-60b7816f6004-4.job => C:\Program Files\GoHD\7709485d-3868-4af5-b43b-60b7816f6004-4.exe Task: C:\WINDOWS\Tasks\7709485d-3868-4af5-b43b-60b7816f6004-5.job => C:\Program Files\GoHD\7709485d-3868-4af5-b43b-60b7816f6004-5.exe Task: C:\WINDOWS\Tasks\9529d4d3-1946-4140-aa60-c14fd6789211-1-6.job => C:\Program Files\GoHD\9529d4d3-1946-4140-aa60-c14fd6789211-1-6.exe Task: C:\WINDOWS\Tasks\9529d4d3-1946-4140-aa60-c14fd6789211-1-7.job => C:\Program Files\GoHD\9529d4d3-1946-4140-aa60-c14fd6789211-1-7.exe Task: C:\WINDOWS\Tasks\9529d4d3-1946-4140-aa60-c14fd6789211-10_user.job => C:\Program Files\GoHD\9529d4d3-1946-4140-aa60-c14fd6789211-10.exe Task: C:\WINDOWS\Tasks\9529d4d3-1946-4140-aa60-c14fd6789211-4.job => C:\Program Files\GoHD\9529d4d3-1946-4140-aa60-c14fd6789211-4.exe Task: C:\WINDOWS\Tasks\9529d4d3-1946-4140-aa60-c14fd6789211-5.job => C:\Program Files\GoHD\9529d4d3-1946-4140-aa60-c14fd6789211-5.exe Task: C:\WINDOWS\Tasks\9f957861-99e2-4e35-ac21-6cc2f46cf776-1-6.job => C:\Program Files\CinemaPlus-3.2cV01.09\9f957861-99e2-4e35-ac21-6cc2f46cf776-1-6.exe Task: C:\WINDOWS\Tasks\9f957861-99e2-4e35-ac21-6cc2f46cf776-1-7.job => C:\Program Files\CinemaPlus-3.2cV01.09\9f957861-99e2-4e35-ac21-6cc2f46cf776-1-7.exe Task: C:\WINDOWS\Tasks\9f957861-99e2-4e35-ac21-6cc2f46cf776-10_user.job => C:\Program Files\CinemaPlus-3.2cV01.09\9f957861-99e2-4e35-ac21-6cc2f46cf776-10.exe Task: C:\WINDOWS\Tasks\9f957861-99e2-4e35-ac21-6cc2f46cf776-4.job => C:\Program Files\CinemaPlus-3.2cV01.09\9f957861-99e2-4e35-ac21-6cc2f46cf776-4.exe Task: C:\WINDOWS\Tasks\9f957861-99e2-4e35-ac21-6cc2f46cf776-5.job => C:\Program Files\CinemaPlus-3.2cV01.09\9f957861-99e2-4e35-ac21-6cc2f46cf776-5.exe Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe Task: C:\WINDOWS\Tasks\d5aaef1e-0cb4-422f-8d67-7c42da3e3929-1-6.job => C:\Program Files\CinemaPlus-3.2cV03.09\d5aaef1e-0cb4-422f-8d67-7c42da3e3929-1-6.exe Task: C:\WINDOWS\Tasks\d5aaef1e-0cb4-422f-8d67-7c42da3e3929-1-7.job => C:\Program Files\CinemaPlus-3.2cV03.09\d5aaef1e-0cb4-422f-8d67-7c42da3e3929-1-7.exe Task: C:\WINDOWS\Tasks\d5aaef1e-0cb4-422f-8d67-7c42da3e3929-4.job => C:\Program Files\CinemaPlus-3.2cV03.09\d5aaef1e-0cb4-422f-8d67-7c42da3e3929-4.exe Task: C:\WINDOWS\Tasks\d5aaef1e-0cb4-422f-8d67-7c42da3e3929-5.job => C:\Program Files\CinemaPlus-3.2cV03.09\d5aaef1e-0cb4-422f-8d67-7c42da3e3929-5.exe Task: C:\WINDOWS\Tasks\f6b8afaf-1e95-4b4c-94c4-370830e19355-1-6.job => C:\Program Files\CinemaPlus-3.2cV01.09\f6b8afaf-1e95-4b4c-94c4-370830e19355-1-6.exe Task: C:\WINDOWS\Tasks\f6b8afaf-1e95-4b4c-94c4-370830e19355-10_user.job => C:\Program Files\CinemaPlus-3.2cV01.09\f6b8afaf-1e95-4b4c-94c4-370830e19355-10.exe Task: C:\WINDOWS\Tasks\GmWzqPVHNriqsgVN.job => C:\Documents and Settings\User1\Dane aplikacji\GmWzqPVHNriqsgVN.exe Task: C:\WINDOWS\Tasks\H53nFTodjxIM.job => C:\Documents and Settings\User1\Dane aplikacji\H53nFTodjxIM.exe Task: C:\WINDOWS\Tasks\n5SlCbpS.job => C:\Documents and Settings\User1\Dane aplikacji\n5SlCbpS.exe Task: C:\WINDOWS\Tasks\nriPGpZqDkzDYSA9GvIvgIvC.job => C:\Documents and Settings\User1\Dane aplikacji\nriPGpZqDkzDYSA9GvIvgIvC.exe Task: C:\WINDOWS\Tasks\PbVXCIe.job => C:\Documents and Settings\User1\Dane aplikacji\PbVXCIe.exe Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-308236825-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-308236825-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\SMupdate2.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll Task: C:\WINDOWS\Tasks\SMupdate3.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll Task: C:\WINDOWS\Tasks\SPBIW_UpdateTask_Time_343133373632303230382d3437415a556c2a3223346c41.job => Wscript.exe w/B C:\Documents and Settings\All Users\Dane aplikacji\ShopperPro\spbihe.js spbiu.exe Task: C:\WINDOWS\Tasks\Tempo Runner nuhldtin.job => C:\Documents and Settings\All Users\Dane aplikacji\JidUube\nuhlatin.exeP/dgad C:\Documents and Settings\All Users\Dane aplikacji\JidUube\nuhldtin.exe Task: C:\WINDOWS\Tasks\WordSurfer Auto Updater 1.10.0.19 Core.job => C:\Program Files\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe Task: C:\WINDOWS\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update.job => C:\Program Files\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe Task: C:\WINDOWS\Tasks\zwaI3bfP5cBzLhkw37c.job => C:\Documents and Settings\User1\Dane aplikacji\zwaI3bfP5cBzLhkw37c.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" IE trusted site: HKU\S-1-5-21-1960408961-308236825-725345543-1004\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1960408961-308236825-725345543-1004\...\webcompanion.com -> hxxp://webcompanion.com HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia HKU\S-1-5-21-1960408961-308236825-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1960408961-308236825-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdVvN2YngcddZv8rTKuq1s_QYbB-NV4IUc020cJpf0lnjEp-1Wd0w3T-sISQUPagkcm1EXvwlAK3ITZ7UI_lK4kLAvEeOqRubBAcPdHlTEHvGKODZYm5jBldiedLYi52TKlRlYFL1khWue_G&q={searchTerms} HKU\S-1-5-21-1960408961-308236825-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdVvN2YngcddZv8rTKuq1s_QYbB-NV4IUc020cJpf0lnjEp-1Wd0w3T-sISQUPagkcm1EXvwlAK3ITZ7UI_lK4kLAvEeOqRubBAcPdHlTEHvGKODZYm5jBldiedLYi52TKlRlYFL1khWue_G&q={searchTerms} HKU\S-1-5-21-1960408961-308236825-725345543-1004\Software\Microsoft\Internet Explorer\Main,start page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdVvN2YngcddZv8rTKuq1s_QYbB-NV4IUc020cJpf0lnjEp-1Wd0w3T-sISQUPagkcV2UGKPTVupRl3nUgBEgOXS4NTPMQTCPBWtOtSJlskmJpn6YG6QEyjfqhvMqYbnuWHrNbUDSiVVtycb HKU\S-1-5-21-1960408961-308236825-725345543-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdVvN2YngcddZv8rTKuq1s_QYbB-NV4IUc020cJpf0lnjEp-1Wd0w3T-sISQUPagkcm1EXvwlAK3ITZ7UI_lK4kLAvEeOqRubBAcPdHlTEHvGKODZYm5jBldiedLYi52TKlRlYFL1khWue_G&q={searchTerms} HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdVvN2YngcddZv8rTKuq1s_QYbB-NV4IUc020cJpf0lnjEp-1Wd0w3T-sISQUPagkcm1EXvwlAK3ITZ7UI_lK4kLAvEeOqRubBAcPdHlTEHvGKODZYm5jBldiedLYi52TKlRlYFL1khWue_G&q={searchTerms} SearchScopes: HKU\S-1-5-21-1960408961-308236825-725345543-1004 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdVvN2YngcddZv8rTKuq1s_QYbB-NV4IUc020cJpf0lnjEp-1Wd0w3T-sISQUPagkcm1EXvwlAK3ITZ7UI_lK4kLAvEeOqRubBAcPdHlTEHvGKODZYm5jBldiedLYi52TKlRlYFL1khWue_G&q={searchTerms} SearchScopes: HKU\S-1-5-21-1960408961-308236825-725345543-1004 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150924__yaie&p={searchTerms} SearchScopes: HKU\S-1-5-21-1960408961-308236825-725345543-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdVvN2YngcddZv8rTKuq1s_QYbB-NV4IUc020cJpf0lnjEp-1Wd0w3T-sISQUPagkcm1EXvwlAK3ITZ7UI_lK4kLAvEeOqRubBAcPdHlTEHvGKODZYm5jBldiedLYi52TKlRlYFL1khWue_G&q={searchTerms} Toolbar: HKU\S-1-5-21-1960408961-308236825-725345543-1004 -> Brak nazwy - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - Brak pliku Toolbar: HKU\S-1-5-21-1960408961-308236825-725345543-1004 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku Toolbar: HKU\S-1-5-21-1960408961-308236825-725345543-1004 -> Brak nazwy - {472734EA-242A-422B-ADF8-83D1E48CC825} - Brak pliku DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1443338268&z=44747d85596913a976df996g1zezdc8cfcfb5eeb9e&from=cmi&uid=WDCXWD5000AAKS-00YGA0_WD-WCAS8068758287582 ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1443338268&z=44747d85596913a976df996g1zezdc8cfcfb5eeb9e&from=cmi&uid=WDCXWD5000AAKS-00YGA0_WD-WCAS8068758287582 FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [brak pliku] FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [brak pliku] FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [brak pliku] FF Plugin HKU\S-1-5-21-1960408961-308236825-725345543-1004: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll Brak pliku FF Plugin HKU\S-1-5-21-1960408961-308236825-725345543-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll Brak pliku FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Documents and Settings\User1\Dane aplikacji\Mozilla\Firefox\Profiles\ires6kqe.default-1442938407671\extensions\defsearchp@gmail.com => nie znaleziono FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Documents and Settings\User1\Dane aplikacji\Mozilla\Firefox\Profiles\ires6kqe.default-1442938407671\extensions\deskCutv2@gmail.com => nie znaleziono AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: STOPzilla AntiVirus (Disabled - Out of date) {271A6322-9DAA-4E02-932D-7EDF389FFCF0} C:\InstallConfig.ini C:\rei C:\Documents and Settings\All Users\Dane aplikacji\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Documents and Settings\All Users\Dane aplikacji\PSNetwork.ini C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software C:\Documents and Settings\All Users\Dane aplikacji\Avg C:\Documents and Settings\All Users\Dane aplikacji\Baidu C:\Documents and Settings\All Users\Dane aplikacji\Baidu Security C:\Documents and Settings\All Users\Dane aplikacji\ExtTag C:\Documents and Settings\All Users\Dane aplikacji\ExtTags C:\Documents and Settings\All Users\Dane aplikacji\JidUube C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft C:\Documents and Settings\All Users\Dane aplikacji\LocalStorage C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes C:\Documents and Settings\All Users\Dane aplikacji\MFAData C:\Documents and Settings\All Users\Dane aplikacji\Oracle C:\Documents and Settings\All Users\Dane aplikacji\Saophase C:\Documents and Settings\All Users\Dane aplikacji\Saophases C:\Documents and Settings\All Users\Dane aplikacji\TEMP C:\Documents and Settings\All Users\Dane aplikacji\update C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Windows\GameExplorer\{6312B78A-936B-4F76-867E-1787113D12A1} C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox\Mozilla Firefox (2).lnk C:\Documents and Settings\All Users\TXQMPC C:\Documents and Settings\User1\config.json C:\Documents and Settings\User1\Dane aplikacji\9iY1sOrq C:\Documents and Settings\User1\Dane aplikacji\eV9ZTpwzDSQLSQC0jtqyH C:\Documents and Settings\User1\Dane aplikacji\GmWzqPVHNriqsgVN C:\Documents and Settings\User1\Dane aplikacji\H53nFTodjxIM C:\Documents and Settings\User1\Dane aplikacji\hnDiu1jL9oOdBW6 C:\Documents and Settings\User1\Dane aplikacji\n5SlCbpS C:\Documents and Settings\User1\Dane aplikacji\nriPGpZqDkzDYSA9GvIvgIvC C:\Documents and Settings\User1\Dane aplikacji\PbVXCIe C:\Documents and Settings\User1\Dane aplikacji\TH7nS6SIUHtDZZS0o4IlG C:\Documents and Settings\User1\Dane aplikacji\WD7OWo1HH7rqVe C:\Documents and Settings\User1\Dane aplikacji\XTDocSettings.ini C:\Documents and Settings\User1\Dane aplikacji\zwaI3bfP5cBzLhkw37c C:\Documents and Settings\User1\Dane aplikacji\IObit C:\Documents and Settings\User1\Dane aplikacji\mystartsearch C:\Documents and Settings\User1\Dane aplikacji\NetService C:\Documents and Settings\User1\Dane aplikacji\oopirnaab C:\Documents and Settings\User1\Dane aplikacji\Opera Software C:\Documents and Settings\User1\Dane aplikacji\PCToolsFirewallPlus C:\Documents and Settings\User1\Dane aplikacji\ppslog C:\Documents and Settings\User1\Dane aplikacji\pwo12 C:\Documents and Settings\User1\Dane aplikacji\Real C:\Documents and Settings\User1\Dane aplikacji\RunDir C:\Documents and Settings\User1\Dane aplikacji\Soft-4-free.com C:\Documents and Settings\User1\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Documents and Settings\User1\Menu Start\Programy\Avi2Dvd\Tutorial.lnk C:\Documents and Settings\User1\Menu Start\Programy\Alawar.pl\Gry Alawar.lnk C:\Documents and Settings\User1\Menu Start\Programy\Zoom Player C:\Documents and Settings\User1\Moje dokumenty\Pobieranie\Skrót do z yt.lnk C:\Documents and Settings\User1\Pulpit\全网影视.lnk C:\Documents and Settings\User1\Pulpit\Gry Alawar.lnk C:\Documents and Settings\User1\Pulpit\Skrót do wiktor 09.2012.lnk C:\Documents and Settings\User1\Pulpit\gry\Gry Alawar.lnk C:\Documents and Settings\User1\Pulpit\gry\Gry.Gazeta.pl.lnk C:\Documents and Settings\User1\Pulpit\gry\Nowe gry.lnk C:\Documents and Settings\User1\UserData C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\Saoranity.exe.config C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\AEF77DE3-D232-4B49-9481-F3C3DE1E314A C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\AlawarWrapper C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\Avg C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\AvgSetupLog C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\Ethash C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\Lavasoft C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\MFAData C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\Sun C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\Google\Chrome C:\Documents and Settings\LocalService\Dane aplikacji\Lavasoft C:\Documents and Settings\LocalService\Dane aplikacji\Oracle C:\Documents and Settings\LocalService\Dane aplikacji\Sun C:\Documents and Settings\LocalService\Dane aplikacji\Tencent C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\BAVData C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Lavasoft C:\Program Files\110089E0-1441101461-7601-93C3-001D60661108 C:\Program Files\CinemaPlus-3.2cV03.09 C:\Program Files\Concom C:\Program Files\GUM2F6.tmp C:\Program Files\GUT2F7.tmp C:\Program Files\Feed Notifier C:\Program Files\Google\Chrome C:\Program Files\GoHD C:\Program Files\Java C:\Program Files\Kaspersky Lab C:\Program Files\Lavasoft C:\Program Files\Malwarebytes Anti-Malware C:\Program Files\mozilla firefox\cfg C:\Program Files\mozilla firefox\browser\defaults C:\Program Files\PC Tools Firewall Plus C:\Program Files\predm C:\Program Files\Real C:\Program Files\SFK C:\Program Files\Web Amplified C:\Program Files\Common Files\5lglkxt1 C:\Program Files\Common Files\wkot4hbx.exe C:\Program Files\Common Files\PC Tools C:\WINDOWS\phw.ini C:\WINDOWS\PumaPlayer.ini C:\WINDOWS\Reimage.ini C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\pss\Feed Notifier.lnk.Startup C:\WINDOWS\system32\BdSandboxDll32.dll C:\WINDOWS\system32\findit.xml C:\WINDOWS\system32\HWLook.log C:\WINDOWS\system32\roboot.exe C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7 C:\WINDOWS\system32\LavasoftTcpService.dll C:\WINDOWS\system32\Drivers\{ae010870-3d4e-4ee3-af55-83bb5f34c868}Gt.sys C:\WINDOWS\system32\Drivers\etc\hp.bak Folder: C:\Documents and Settings\User1\Moje dokumenty\LoginToFolderda10e766 CMD: netsh firewall reset CMD: netsh winsock reset CMD: for /d %f in ("C:\Documents and Settings\All Users\Dane aplikacji\*WdsManPro*") do rd /s /q "%f" CMD: for /d %f in ("C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\*tmp*") do rd /s /q "%f" CMD: for /d %f in ("C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\gmsd_pl*") do rd /s /q "%f" CMD: for /d %f in ("C:\Program Files\gmsd_pl*") do rd /s /q "%f" Reg: reg delete HKCU\Software\Google\Chrome /f Reg: reg delete HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D} /f Reg: reg delete HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96} /f Reg: reg delete HKLM\SOFTWARE\Google\Chrome /f Reg: reg delete HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D} /f Reg: reg delete HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96} /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^User1^Menu Start^Programy^Autostart^Feed Notifier.lnk" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Z menu Notatnika > Plik > Zapisz jako > wprowadź nazwę fixlist.txt > Kodowanie zmień na UTF-8 > Zapisz i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Wyczyść Firefox: Odłącz synchronizację (o ile włączona): KLIK Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone. Menu Historia > Wyczyść historię przeglądania 4. Zrób nowy log FRST z opcji Skanuj (Scan), włączając log Addition.txt. Dołącz też plik fixlog.txt.

W logach siedzi to samo co w poprzednim temacie, czyli Brontok. 1. Włącz Przywracanie systemu, gdyż aktualnie jest wyłączone. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: HKLM\...\Run: [bron-Spizaetus] => C:\Windows\ShellNew\sempalong.exe [42654 2014-04-29] () HKLM\...\Winlogon: [shell] Explorer.exe "C:\Windows\BerasJatah.exe" [x ] () HKU\S-1-5-21-2432944317-3742113809-1526851054-1000\...\Run: [Tok-Cirrhatus] => C:\Users\Sylwek\AppData\Roaming\Zdmcmb.exe [0 ] (IORISOFT) HKU\S-1-5-21-2432944317-3742113809-1526851054-1000\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-2432944317-3742113809-1526851054-1000\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-2432944317-3742113809-1526851054-1000\...\Policies\Explorer: [NoFolderOptions] 1 2015-09-23 21:04 - 2015-09-23 21:04 - 00000000 ____D C:\Windows\ShellNew AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFPVHRP275D836HNTHKP9KTLWJMHFSVF7JBCVPJGV AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_SBXNV9VVGV1BFPVHRP275D836HNTHKP9KTLWJMHFSVF7JBCVPJGV AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_SBXNV9VVGV1BFPVHRP275D836HNTHKP9KTLWJMHFSVF7JBCVPJGV AlternateDataStreams: C:\ProgramData\Dane aplikacji:$SS_DESCRIPTOR_SBXNV9VVGV1BFPVHRP275D836HNTHKP9KTLWJMHFSVF7JBCVPJGV CMD: for /d %f in (C:\Users\Sylwek\AppData\Local\*Bron*) do rd /s /q "%f" C:\Users\Sylwek\AppData\Local\*bron* C:\Users\Sylwek\AppData\Local\*.exe C:\Users\Sylwek\AppData\Local\*.txt Hosts: cmd: sfc /scanfile=C:\Windows\system32\User32.dll EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Zrób nowe logi FRST z opcji Skanuj (Scan), włączając log Addition.txt. Dołącz też plik fixlog.txt.

W Panelu sterowania nie widać Google Chrome, jednak jego skróty pokazują, że pliki należące do Chrome nadal istnieją. Czy przeglądarka Chrome jest sprawna? Tak, globalupdate został odinstalowany. Przechodzimy do czyszczenia. 1. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-4201304222-3365072408-1565082128-1001\...\MountPoints2: {85f9536b-1d90-11e5-8289-3010b39e1f2c} - "E:\Setup.exe" HKU\S-1-5-21-4201304222-3365072408-1565082128-1001\...\MountPoints2: {c524baf4-e8fc-11e4-8262-3010b39e1f2c} - "F:\.\StartModem.exe" ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMGCShellExt64.dll Brak pliku GroupPolicy: Ograniczenia - Chrome Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f S3 caMyciloP; Brak ImagePath S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S1 ykjjgrvi; \??\C:\WINDOWS\system32\drivers\ykjjgrvi.sys [X] U3 fxlyrpog; \??\C:\Users\lenovo\AppData\Local\Temp\fxlyrpog.sys [X] 2015-09-27 13:19 - 2015-08-23 16:58 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-09-27 14:25 - 2015-08-27 18:28 - 00003648 _____ C:\WINDOWS\System32\Tasks\Teutqeug 2015-09-27 14:37 - 2015-09-27 14:37 - 00000000 ____D C:\ProgramData\IObit 2015-09-27 14:36 - 2015-09-27 14:39 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\IObit 2015-09-27 14:36 - 2015-09-27 14:37 - 00000000 ____D C:\Program Files (x86)\IObit 2015-09-27 14:35 - 2015-09-27 14:35 - 10943264 _____ (IObit) C:\Users\lenovo\Downloads\iobituninstaller_www.NSTALKI.pl.exe 2015-09-02 14:47 - 2015-09-02 14:47 - 00000000 ____D C:\Program Files (x86)\49caaec1-005a-48b5-8c8f-3af706e7c81e 2015-09-27 15:49 - 2015-08-27 18:35 - 00000000 ____D C:\Program Files (x86)\61ec7e01-7e6f-4069-9f24-e4a3823cfed0 2015-09-27 15:49 - 2015-08-23 17:31 - 00000000 ____D C:\Program Files (x86)\07056fc0-3e6b-4392-aa1e-b7385d030423 2015-09-27 15:49 - 2015-08-23 17:01 - 00000000 ____D C:\Program Files (x86)\6949a848-fd16-4950-ad3a-5f859cf2add1 2015-09-27 15:49 - 2015-08-23 16:58 - 00000000 ____D C:\Program Files (x86)\ae461637-c41d-404f-afac-796dcb8c85c7 2015-09-27 15:49 - 2015-05-12 19:22 - 00000000 ____D C:\Program Files (x86)\Wikipedia Quick Hints 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\lenovo\AppData\Roaming\8wiyQ1si6Du4qeycuE 2015-06-30 21:46 - 2015-07-23 17:58 - 0000020 _____ () C:\Users\lenovo\AppData\Roaming\appdataFr2.bin 2015-05-17 19:47 - 2015-08-23 17:32 - 0000024 _____ () C:\Users\lenovo\AppData\Roaming\appdataFr25.bin C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Task: {34977A8B-EAA8-45BC-A842-8A2E9C020827} - System32\Tasks\Teutqeug => C:\Program Files\shopperz240820151333\Mitle.bat Task: {DE051DD0-58B7-42E6-B76E-43F93A01846B} - System32\Tasks\8wiyQ1si6Du4qeycuE => C:\Users\lenovo\AppData\Roaming\8wiyQ1si6Du4qeycuE.exe Task: C:\WINDOWS\Tasks\8wiyQ1si6Du4qeycuE.job => C:\Users\lenovo\AppData\Roaming\8wiyQ1si6Du4qeycuE.exe AlternateDataStreams: C:\ProgramData:NT AlternateDataStreams: C:\ProgramData:NT2 AlternateDataStreams: C:\Users\All Users:NT AlternateDataStreams: C:\Users\All Users:NT2 AlternateDataStreams: C:\ProgramData\Application Data:NT AlternateDataStreams: C:\ProgramData\Application Data:NT2 AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 AlternateDataStreams: C:\Users\lenovo\Dane aplikacji:NT AlternateDataStreams: C:\Users\lenovo\Dane aplikacji:NT2 AlternateDataStreams: C:\Users\lenovo\AppData\Roaming:NT AlternateDataStreams: C:\Users\lenovo\AppData\Roaming:NT2 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ooteeotoor => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" FirewallRules: [{8E6414E6-5D47-4B1F-96D6-0A26E0D06E60}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe FirewallRules: [{C0D747AB-7FD9-49D8-9217-6634928B5815}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCmgrInstallGuide.exe FirewallRules: [{AADEC6D2-13B4-406A-80FB-3F4372AD2F5C}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{65EFB0E7-824F-460B-A5A6-CFD859151A2A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCTray.exe FirewallRules: [{E59203E0-C9AE-427D-899F-3324106DFB15}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{90A59D54-5409-4C09-B11A-7911D3FE82E6}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCMgr.exe FirewallRules: [{0D415BD6-4C8A-4E3D-9D3F-B18DBBBD3157}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRTP.exe FirewallRules: [{CAF996B8-A078-41A6-B5F0-7224B9AC81AD}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMDL.exe FirewallRules: [{42F5CB48-E620-415A-9BDD-C327E9981981}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\bugreport.exe FirewallRules: [{AB28F757-E9C2-4713-AE14-9365828F177A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCFileOpen.exe FirewallRules: [{8BDF37A2-9E02-41A1-A492-004BE1E36E17}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCLeakScan.exe FirewallRules: [{DE7DBD32-703E-4EF7-8405-15D3CA4E8967}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPConfig.exe FirewallRules: [{5BFDDE49-C214-45B8-9461-976CCDF0308A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCSoftMgr.exe FirewallRules: [{CEA0E8B1-56CB-4B28-B3A6-9B31EB0FBBD4}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\QQPCNetFlow.exe FirewallRules: [{86DD8C61-EA26-43FD-8D08-21C23842DDA0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCBTU.exe FirewallRules: [{6AD22613-94B4-41EF-B604-E9EDB3D6D9B6}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCClinic.exe FirewallRules: [{4F0BE9C8-84E0-4A15-9AA1-C913F2BA1579}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCLaunch.exe FirewallRules: [{D71D5BF6-1F1D-4C2E-9966-2A13D1A45934}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMUpdate\QQPCMgrUpdate.exe FirewallRules: [{156EBC1F-423D-45B6-B308-2CEA3AA85D05}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCSoftGame.exe FirewallRules: [{C23E7D0C-68BD-489A-9EEF-199EC1FE65DF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCSysOptimize.exe FirewallRules: [{70FC6043-BDF7-4BCA-BF66-790346BA9E50}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCUpdateAVLib.exe FirewallRules: [{5DC2E92A-BABA-40A3-B399-58348F33DC78}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQRepair.exe FirewallRules: [{271D6FA9-AD5A-4838-A31E-E71146BA0ACB}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\Uninst.exe FirewallRules: [{7C166D89-9144-473D-AA9F-33B09EB7C378}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCPatch.exe FirewallRules: [{5013B1C0-3FF5-4714-90B7-A2A2BFD2A88F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TpkUpdate.exe FirewallRules: [{D14D79E4-6555-4677-9E9C-D318A91DB162}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMRouterMgr.exe FirewallRules: [{DE2A56F0-DBAA-4523-B795-C64D0E18FC61}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMAccountProtection.exe FirewallRules: [{EA64F959-5E51-4EBA-BF18-3BECE43140C0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMAdBlock.exe FirewallRules: [{AACB3537-F9FC-47C3-81B9-54952995A05F}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{6EB6B10E-533A-4B00-84EB-48745F0658DB}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe C:\Program Files (x86)\Tencent C:\Program Files (x86)\Mozilla Firefox C:\ProgramData\Mozilla C:\Users\lenovo\AppData\Local\Mozilla C:\Users\lenovo\AppData\Roaming\Mozilla Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\Users\lenovo\Desktop\Continue Minecraft installation — kopia.lnk C:\Users\lenovo\Desktop\Continue Minecraft installation.lnk C:\Users\lenovo\Desktop\Mozilla Firefox.lnk C:\Users\Public\Desktop\Mozilla Firefox.lnk Hosts: Folder: C:\Program Files (x86) cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 2. W Windowsowym szukaniu wpisz cmd > z prawokliku Uruchom jako Administrator > wpisz sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll > potwierdź Enterem > zrestartuj system 3. (jeżeli Chrome jest odinstalowane to pomiń ten krok) Wyczyść Google Chrome: Upewnij się, że nie masz włączonej synchronizacji, która załaduje złe ustawienia z serwera po reinstalacji przeglądarki: KLIK. Jeśli potrzebne, wyeksportuj zakładki: CTRL+SHIFT+O > Organizuj > Eksportuj zakładki do pliku HTML. Odinstaluj Google Chrome. Wejdź w C:\Program Files\Google\Chrome\Application\x.x.x.x\Installer (gdzie x.x.x.x to najnowsza wersja np. 45.0.2454.101) i znajdź plik setup.exe. Utwórz od niego skrót, z prawokliku otwórz właściwości tego skrótu i po cudzysłowiu dopisz --uninstall --multi-install --chrome --system-level, np. "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Odpal ten skrót. Przy deinstalacji zaznacz Usuń także dane przeglądarki. Zainstaluj najnowszą stabilną wersję Google Chrome: KLIK. 4. Zrób nowy log FRST z opcji Skanuj (Scan). włączając log Addition.txt. Dołącz też plik fixlog.txt.

W logach widać zainfekowane skróty przeglądarek, do tego zostało kilka nieusuniętych folderów SpringFiles. 1. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] AutoConfigURL: [s-1-5-21-973903641-291106771-1967127616-1001] => http://stopblock.me/wpad.dat?a5a07b8d3c581332d543996ad9ffa315311481 CustomCLSID: HKU\S-1-5-21-973903641-291106771-1967127616-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1811AB83-9468-D082-D53B-60E985889A47} => Brak pliku CustomCLSID: HKU\S-1-5-21-973903641-291106771-1967127616-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {18130F44-9468-D082-129F-62E985889A47} => Brak pliku CustomCLSID: HKU\S-1-5-21-973903641-291106771-1967127616-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {5A3E9496-9468-D082-C004-4FAB85889A47} => Brak pliku CustomCLSID: HKU\S-1-5-21-973903641-291106771-1967127616-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5A3E9439-9468-D082-6F04-4FAB85889A47} => Brak pliku FirewallRules: [{DB2DA308-27E1-4908-82E9-D1880BB0A7E3}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe FirewallRules: [{7A6BA28B-4DDD-437A-93BC-99CEF48024C3}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe FirewallRules: [{382D8CBE-6100-44BB-A3A1-67D9126441B1}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe FirewallRules: [{C80D2FFB-9885-4519-8479-72BA2C83D07E}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe C:\Program Files (x86)\SpringFiles 2015-09-28 10:31 - 2015-09-28 10:31 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\SpringFiles 2015-09-28 10:31 - 2015-09-28 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SpringFiles C:\ProgramData\Microsoft\Windows\Start Menu\SpringFiles\SpringFiles.lnk ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1443429064&a=1003679" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1443429064&a=1003679" ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1443429064&a=1003679" ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1443429064&a=1003679" ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\QNAP Qfinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1443429064&a=1003679" ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\VNC® Viewer for Google Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1443429064&a=1003679" ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1443429064&a=1003679" ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1443429064&a=1003679" ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1443429064&a=1003679" ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1443429064&a=1003679" Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpringFiles /f EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 2. Wyczyść Firefox: Odłącz synchronizację (o ile włączona): KLIK Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone. Menu Historia > Wyczyść historię przeglądania 3. Wyczyść Google Chrome: Zresetuj synchronizację (o ile włączona): KLIK. Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Zresetuj ustawienia przeglądarki. Zakładki i hasła nie zostaną naruszone. Ustawienia > karta Ustawienia > sekcja Wyszukiwanie > klik w Zarządzanie wyszukiwarkami > skasuj z listy niedomyślne śmieci (o ile będą). Zresetuj cache wtyczek. W pasku adresów wpisz chrome://plugins i ENTER. Na liście wtyczek wybierz dowolną i kliknij Wyłącz. Następnie wtyczkę ponownie Włącz. 4. Zrób nowy log FRST z opcji Skanuj (Scan) (bez Addition i Shortcut). Dołącz też plik fixlog.txt.

W logu czysto. Jesteś pewien, że to nie są po prostu reklamy z tego programu? Na wszelki wypadek puść jeszcze AdwCleaner - opcja Skanowanie.

Wygląda na to, że mamy do czynienia z infekcją routera. Zaloguj się do routera: Zmień ustawienia DNS. Jeśli nie wiesz na jakie, możesz ustawić adresy Google: 8.8.8.8 + 8.8.4.4 Zabezpiecz router: zmień hasło oraz zamknij dostęp do panelu zarządzania od strony Internetu. Porównaj z tymi artykułami: KLIK, KLIK. Po konfiguracji uruchom ten test mający potwierdzić zabezpieczenie: KLIK. Dopiero gdy router zostanie wyczyszczony i zabezpieczony: Komputer: 1. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: AutoConfigURL: [s-1-5-21-4186264908-892325800-295169171-1001] => http://127.0.0.1:8445/okf.pac HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia HKU\S-1-5-21-4186264908-892325800-295169171-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia FirewallRules: [{F0A4B247-983B-4271-AD30-919A18D592F4}] => (Allow) C:\Users\Pawe HKU\S-1-5-21-4186264908-892325800-295169171-1001\Software\Classes\.exe: exefile => HKU\S-1-5-21-4186264908-892325800-295169171-1001\Software\Classes\exefile: CMD: ipconfig /flushdns EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 2. Wyczyść Google Chrome: Zresetuj synchronizację (o ile włączona): KLIK. Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Zresetuj ustawienia przeglądarki. Zakładki i hasła nie zostaną naruszone. Ustawienia > karta Ustawienia > sekcja Wyszukiwanie > klik w Zarządzanie wyszukiwarkami > skasuj z listy niedomyślne śmieci (o ile będą). Zresetuj cache wtyczek. W pasku adresów wpisz chrome://plugins i ENTER. Na liście wtyczek wybierz dowolną i kliknij Wyłącz. Następnie wtyczkę ponownie Włącz. 3. Zrób nowy log FRST z opcji Skanuj (Scan), bez Addition i Shortcut. Dołącz też plik fixlog.txt. Laptop: 1. Przez Panel sterowania odinstaluj: HaoZip; Java DB 10.3.1.4; Java™ SE Development Kit 6 Update 35 (64-bit); Java™ SE Development Kit 6 Update 7. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: IE trusted site: HKU\S-1-5-21-123836412-2427045690-4114815500-2297\...\tzmo.torun -> hxxps://pap4.tzmo.torun ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Brak pliku ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Brak pliku ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Brak pliku ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => Brak pliku ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => Brak pliku ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => Brak pliku ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => Brak pliku HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia HKU\S-1-5-21-123836412-2427045690-4114815500-2297\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia SearchScopes: HKU\S-1-5-21-123836412-2427045690-4114815500-2297 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird [2014-12-29] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird FF Extension: Brak nazwy - C:\Users\pawel.dziopa\AppData\Roaming\Mozilla\Firefox\Profiles\5ga9r8wh.default\extensions\{d8d31aa1-b2d5-1cd9-ec71-867d38c2945c} [nie znaleziono] FF Extension: Brak nazwy - C:\Users\pawel.dziopa\AppData\Roaming\Mozilla\Firefox\Profiles\5ga9r8wh.default\extensions\quick_searchff@gmail.com [nie znaleziono] FF Extension: Brak nazwy - C:\Users\pawel.dziopa\AppData\Roaming\Mozilla\Firefox\Profiles\5ga9r8wh.default\extensions\sweetsearch@gmail.com [nie znaleziono] S3 catchme; \??\C:\ComboFix\catchme.sys [X] CustomCLSID: HKU\S-1-5-21-123836412-2427045690-4114815500-2297_Classes\CLSID\{51E7F170-5955-638A-ED52-B9FD401B18CE}\InprocServer32 -> Brak ścieżki do pliku C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rankerizer C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk C:\Users\dserwis\Links\SkyDrive.lnk C:\Users\dserwis\Desktop\Rankerizer.lnk C:\Users\dserwis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk C:\Users\dserwis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intel AppUp® center.lnk C:\Users\pawel.dziopa\Desktop\KATALOGI\17-10-2014\Lenovo Fingerprint Manager.lnk C:\Users\pawel.dziopa\Desktop\Allegro Armani\Nvu.lnk C:\Users\pawel.dziopa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ALLPlayer.Radio.lnk C:\Users\pawel.dziopa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ALLPlayer.VOD.lnk C:\Users\pawel.dziopa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ChomikBox.lnk C:\Users\pawel.dziopa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Shop.lnk C:\Users\pawel.dziopa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NapiProjekt.lnk C:\Users\pawel.dziopa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Napisy24.pl.lnk C:\Users\pawel.dziopa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S.T.A.L.K.E.R. - Lost Alpha.lnk C:\Users\pawel.dziopa\AppData\Roaming\Microsoft\Windows\SendTo\Android (ALLPlayer Pilot).lnk C:\Users\x\Desktop\Nvu.lnk C:\Users\x\Desktop\Rankerizer.lnk C:\Users\x\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intel AppUp® center.lnk CMD: ipconfig /flushdns EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Wyczyść Google Chrome: Zresetuj synchronizację (o ile włączona): KLIK. Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Zresetuj ustawienia przeglądarki. Zakładki i hasła nie zostaną naruszone. Ustawienia > karta Ustawienia > sekcja Wyszukiwanie > klik w Zarządzanie wyszukiwarkami > skasuj z listy niedomyślne śmieci (o ile będą). Zresetuj cache wtyczek. W pasku adresów wpisz chrome://plugins i ENTER. Na liście wtyczek wybierz dowolną i kliknij Wyłącz. Następnie wtyczkę ponownie Włącz. 4. Zrób nowy log FRST z opcji Skanuj (Scan), włączając log Addition. Dołącz też plik fixlog.txt.