Prośba o sprawdzenie logów

[jankowiak]

Proszę o sprawdzenie logów. Komputer działa bardzo wolno, często się zawiesza, wyskakują niechciane reklamy i otwierają się samoczynnie strony internetowe. Przeskanowano AVG i NOD-em ale bez efektu. Poniżej wklejam logi z FRST:

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

[tachion]

Do notatnika wklej i zapisz jako fixlist.txt

Kod:

CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [incmd] => [X]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ospd_us_013010059] => [X]
HKLM\...\Run: [gmsd_pl_005010070] => "C:\Program Files\gmsd_pl_005010070\gmsd_pl_005010070.exe"
HKLM\...\Run: [gmsd_pl_005010071] => "C:\Program Files\gmsd_pl_005010071\gmsd_pl_005010071.exe"
HKLM\...\Run: [gmsd_pl_005010072] => [X]
HKLM\...\Run: [gmsd_pl_005010074] => "C:\Program Files\gmsd_pl_005010074\gmsd_pl_005010074.exe"
HKU\S-1-5-21-635819508-116237150-608208048-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-635819508-116237150-608208048-1000\...\Run: [GoogleChromeAutoLaunch_7224357271543D9A97DFD77FDE9DBF8C] => "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
AppInit_DLLs: C:\ProgramData\SaveCode\gaiqrufs.dll => C:\ProgramData\SaveCode\gaiqrufs.dll [121344 2015-08-28] ( )
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  Brak pliku [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Brak pliku
BootExecute: 
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKU\S-1-5-21-635819508-116237150-608208048-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-635819508-116237150-608208048-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRZtOcIWc8bLBYSKRz50WrtNNontJzypFImcxjavVaypNZBn7F2APkVf6bCPf16Rh4fTg-q-SVbxJGfyPdvXCxqDsIKh1hkpIHv00CNoMqTA0oN86OYsbqMAKLhfOctZxjgBmUw_y4SbhtYS2_48,&q={searchTerms}
HKU\S-1-5-21-635819508-116237150-608208048-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRZtOcIWc8bLBYSKRz50WrtNNontJzypFImcxjavVaypNZBn7F2APkVf6bCPf16Rh4fTsMmSbd6iK0yuEyA0-qkgSGAB-2ghGjB0dcA3jN3x442yDJ_lhNnPeDsvYIzEGils-hiFWBC93aFbMMJU,
HKU\S-1-5-21-635819508-116237150-608208048-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=91&bd=Presario&pf=cnnb
HKU\S-1-5-21-635819508-116237150-608208048-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRZtOcIWc8bLBYSKRz50WrtNNontJzypFImcxjavVaypNZBn7F2APkVf6bCPf16Rh4fTg-q-SVbxJGfyPdvXCxqDsIKh1hkpIHv00CNoMqTA0oN86OYsbqMAKLhfOctZxjgBmUw_y4SbhtYS2_48,&q={searchTerms}
HKU\S-1-5-21-635819508-116237150-608208048-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRZtOcIWc8bLBYSKRz50WrtNNontJzypFImcxjavVaypNZBn7F2APkVf6bCPf16Rh4fTg-q-SVbxJGfyPdvXCxqDsIKh1hkpIHv00CNoMqTA0oN86OYsbqMAKLhfOctZxjgBmUw_y4SbhtYS2_48,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRZtOcIWc8bLBYSKRz50WrtNNontJzypFImcxjavVaypNZBn7F2APkVf6bCPf16Rh4fTg-q-SVbxJGfyPdvXCxqDsIKh1hkpIHv00CNoMqTA0oN86OYsbqMAKLhfOctZxjgBmUw_y4SbhtYS2_48,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-635819508-116237150-608208048-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-635819508-116237150-608208048-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRZtOcIWc8bLBYSKRz50WrtNNontJzypFImcxjavVaypNZBn7F2APkVf6bCPf16Rh4fTg-q-SVbxJGfyPdvXCxqDsIKh1hkpIHv00CNoMqTA0oN86OYsbqMAKLhfOctZxjgBmUw_y4SbhtYS2_48,&q={searchTerms}
BHO: Brak nazwy -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  Brak pliku
BHO: Brak nazwy -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  Brak pliku
BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll Brak pliku
Toolbar: HKU\S-1-5-21-635819508-116237150-608208048-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Brak pliku
Toolbar: HKU\S-1-5-21-635819508-116237150-608208048-1000 -> Brak nazwy - {3796E649-4334-4CBF-89D3-A927554AD438} -  Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1440791817&z=c5df2b474bf5a21b72a21c3g5z1z5e4m4tcgcqftaq&from=cmi&uid=ST9160310AS_5SV4CRLN
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <Brak Path\update_url>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKU\S-1-5-21-635819508-116237150-608208048-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [leahdjjpjmnamomgpojikeapflgbmjab] - <Brak Path\update_url>
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1440791817&z=c5df2b474bf5a21b72a21c3g5z1z5e4m4tcgcqftaq&from=cmi&uid=ST9160310AS_5SV4CRLN
OPR Extension: (GoHD) - C:\Users\TOMEK I WIOLA\AppData\Roaming\Opera Software\Opera Stable\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-08-26]
OPR Extension: (Plus.HD_3.5V18.08) - C:\Users\TOMEK I WIOLA\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-18]
R2 IHProtect Service; C:\Program Files\MiniLite\ProtectService.exe [132768 2015-08-24] (MiniLite system)
S2 NeroMediaHomeService.4; Brak ImagePath
S2 SaveCode; C:\ProgramData\SaveCode\SaveCode [X]
S2 adfs; Brak ImagePath
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S0 BtHidBus; System32\Drivers\BtHidBus.sys [X]
S3 catchme; Brak ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 IvtBtBUs; System32\Drivers\IvtBtBus.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
C:\e3d902b8ec40ce7e0ea8dd1c
C:\ProgramData\SaveCode
C:\ProgramData\SaveCodes
C:\Windows\system32\findit.xml
C:\Program Files\Common Files\hapfhtju.unl
C:\Program Files\predm
C:\Users\TOMEK I WIOLA\AppData\Local\nsw1F55.tmp
C:\Program Files\gmsd_pl_005010074
C:\Users\TOMEK I WIOLA\AppData\Local\gmsd_pl_005010074
C:\ProgramData\UWinManProU
C:\Users\TOMEK I WIOLA\AppData\Local\nsdD953.tmp
C:\Program Files\SFK
C:\Users\TOMEK I WIOLA\AppData\Roaming\mystartsearch
C:\Users\TOMEK I WIOLA\AppData\Local\SmartWeb
C:\Program Files\gmsd_pl_005010073
C:\Users\TOMEK I WIOLA\AppData\Local\gmsd_pl_005010073
C:\Program Files\MiniLite
C:\ProgramData\SWinManProS
C:\Users\TOMEK I WIOLA\AppData\Local\nsaA124.tmp
C:\Users\TOMEK I WIOLA\AppData\Roaming\AnyProtectEx
C:\Program Files\gmsd_pl_005010072
C:\ProgramData\MWinManProM
C:\ProgramData\JWinManProJ
C:\ProgramData\WWinManProW
C:\ProgramData\cWinManProc
C:\ProgramData\pWinManProp
C:\task.vbs
C:\Users\TOMEK I WIOLA\AppData\Local\7A3EC178-824D-4413-A02D-2D39337DF8B
C:\ProgramData\update
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\ProgramData\DWinManProD
C:\Users\TOMEK I WIOLA\AppData\Local\Could not connect. Error code = 0x-1440433161---
C:\Program Files\Could not connect. Error code = 0x-1440425886---
C:\ProgramData\rWinManPror
C:\ProgramData\iWinManProi
C:\Program Files\88f4272a-7239-4f88-b66a-06300fa217c2
C:\Windows\system32\KAward
C:\Program Files\ospd_us_013010059
C:\Program Files\412f56f4-0b75-4c28-9b19-e4e331564b91
C:\Users\TOMEK I WIOLA\AppData\Local\ospd_us_013010059
C:\ProgramData\Kaspersky Lab
C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
C:\Users\TOMEK I WIOLA\AppData\Roaming\inst.exe
C:\Users\TOMEK I WIOLA\AppData\Roaming\$_hpcst$.hpc
C:\Users\TOMEK I WIOLA\AppData\Roaming\EjI6pdtUHv9jHEK4sahC
 C:\Users\TOMEK I WIOLA\AppData\Local\keyfile3.drm
C:\Users\TOMEK I WIOLA\AppData\Local\nsaA124.tmp
C:\Users\TOMEK I WIOLA\AppData\Local\nsj9B39.tmp
C:\Users\TOMEK I WIOLA\AppData\Local\unins000.dat
C:\Users\TOMEK I WIOLA\AppData\Local\unins000.exe
C:\Users\TOMEK I WIOLA\AppData\Local\unins000.msg
C:\ProgramData\003e63a3.tmp
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
CustomCLSID: HKU\S-1-5-21-635819508-116237150-608208048-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\TOMEK I WIOLA\AppData\Local\Chromium\Application\45.0.2433.0\delegate_execute.exe" Brak pl (dane wartości zawierają 3 znaków więcej). <==== UWAGA
CustomCLSID: HKU\S-1-5-21-635819508-116237150-608208048-1000_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-635819508-116237150-608208048-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-635819508-116237150-608208048-1000_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\PROGRA~1\Skype\Phone\Skype.exe Brak pliku
CustomCLSID: HKU\S-1-5-21-635819508-116237150-608208048-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\TOMEK I WIOLA\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll Brak pliku
CustomCLSID: HKU\S-1-5-21-635819508-116237150-608208048-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\TOMEKI~1\AppData\Local\Temp\98A339.exe Brak pliku
Task: {03EAE6D1-3F83-4E75-9323-9F1AC2BC299F} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== UWAGA
Task: {05916E1E-952D-416B-A8ED-0E2F603DA47E} - System32\Tasks\ad17d29a-d65a-475b-ba97-228997c6049b-11 => C:\Program Files\GoHD\ad17d29a-d65a-475b-ba97-228997c6049b-11.exe <==== UWAGA
Task: {090DCFB5-89A8-45A4-A650-B06BA1D847A5} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== UWAGA
Task: {0DE7FC56-A3FE-4589-8F75-F05D369996C5} - System32\Tasks\{C9D02549-9D85-4CF1-8F66-200279F940B4} => Iexplore.exe http://ui.skype.com/ui/0/5.8.0.158/pl/abandoninstall?page=tsProgressBar
Task: {1910BFC1-FCAC-466C-A940-C6E496EF7810} - System32\Tasks\{E2E4B573-3BE1-43BA-8666-6E293D61D121} => pcalua.exe -a "C:\Users\TOMEK I WIOLA\Dokumenty\Dokumenty Tomek\eu07-160110\EU07\MASZYNA.EXE" -d "C:\Users\TOMEK I WIOLA\Dokumenty\Dokumenty Tomek\eu07-160110\EU07"
Task: {234C3530-C77D-4E0C-882D-213B88F9509E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-635819508-116237150-608208048-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2DCEF2E8-5904-4ABB-A0DC-15AE23117302} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)
Task: {359233B7-260C-4576-812C-336E9EE79C14} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RCP\RegCleanPro.exe <==== UWAGA
Task: {3EFF0C2E-5075-41CB-BDC8-52FE68749A30} - System32\Tasks\{24E2DBC2-E047-435C-BC0E-A34550FD0213} => pcalua.exe -a "C:\Program Files\WinRAR\WinRAR.exe" -d "C:\Users\TOMEK I WIOLA\Downloads" -c "C:\Users\TOMEK I WIOLA\Downloads\WinRar_3.80_PL__Cracked.rar"
Task: {41D4A0B8-68FF-447F-81BD-AE4425301948} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)
Task: {44B613EF-0B19-452A-AD6F-306E3B89A5FF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-635819508-116237150-608208048-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {4AA21A24-6117-4203-947A-487FD5B82E4D} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== UWAGA
Task: {4C8154C6-4D00-4A4E-A8DA-942CD6F76421} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {4EDD8386-ADB5-49F3-9144-DA7886C4D490} - System32\Tasks\snf => C:\ProgramData\SaveCode\p4ibojyy.exe [2015-08-28] ()
Task: {709A5AE1-704F-49DC-B6D7-002832DD17BC} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== UWAGA
Task: {71C4EE80-D6DB-423D-BD4E-C966354B382B} - \RegClean Pro_DEFAULT -> Brak pliku <==== UWAGA
Task: {71DC15D8-A5B8-40EC-A97F-8672F426F9BD} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: {7C67E3A5-551E-4892-90F7-BCF925B22438} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\TOMEK I WIOLA\AppData\Local\SmartWeb\SmartWebHelper.exe <==== UWAGA
Task: {80972311-74E3-4A88-BE57-BA3149B868A4} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: {8250B8CE-09EB-4A39-AE82-2AADAE4790F0} - System32\Tasks\{3990E350-D4E5-46D3-BAA0-0A1E740FA101} => pcalua.exe -a "C:\Users\TOMEK I WIOLA\Desktop\Tłumacz i Słownik Języka Niemieckiego 3.0\Tłumacz i Słownik Języka Niemieckiego 3.0\Instalator.exe" -d "C:\Users\TOMEK I WIOLA\Desktop\Tłumacz i Słownik Języka Niemieckiego 3.0\Tłumacz i Słownik Języka Niemieckiego 3.0"
Task: {82DBD584-0CE0-44C7-BCD4-E201D01A0064} - System32\Tasks\{6D21F479-731B-4992-A36A-8BD7B6A66136} => pcalua.exe -a "C:\gra\PES 2009\kitserver\setup.exe" -d "C:\gra\PES 2009\kitserver"
Task: {912D49D6-CCC7-489F-8261-5AA52328B4B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {B2B9832A-8DAF-408D-AA34-493DBF41B821} - System32\Tasks\snp => C:\ProgramData\SaveCode\p4ibojyy.exe [2015-08-28] ()
Task: {B6C1039F-3A7F-4B24-964D-F396C40592DB} - System32\Tasks\{9C99F9A7-33F1-48D5-8573-D9A2824FA6BF} => pcalua.exe -a C:\freerapid\FreeRapid-0.82\frd.exe -d C:\freerapid\FreeRapid-0.82
Task: {B6D22A8F-AD8D-487D-80C0-737B4ABA4093} - System32\Tasks\RegClean Pro => C:\Program Files\RCP\RegCleanPro.exe <==== UWAGA
Task: {C418582E-D755-4BBB-9455-F59A71C7086B} - System32\Tasks\{40CCC1D5-B3E4-45CC-9B37-928AF34DE275} => pcalua.exe -a "C:\Users\TOMEK I WIOLA\Dokumenty\Dokumenty Tomek\pityxl_v-[www.legalne.info].exe" -d "C:\Users\TOMEK I WIOLA\Desktop"
Task: {CC75A9C2-CB30-4814-A5B1-EC04930F68E2} - System32\Tasks\{B00D5B79-A37E-4BD8-8874-D4D2417A1EAB} => Iexplore.exe http://ui.skype.com/ui/0/6.3.0.107/pl/abandoninstall?page=tsProgressBar
Task: {D4B42A81-141A-4E2D-8F95-10F1C4D26B73} - System32\Tasks\Crossbrowse => C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe <==== UWAGA
Task: {D6D87518-03B4-4DA0-9EF5-CA58793F5E3A} - System32\Tasks\ad17d29a-d65a-475b-ba97-228997c6049b-10_user => C:\Program Files\GoHD\ad17d29a-d65a-475b-ba97-228997c6049b-10.exe <==== UWAGA
Task: {E4285850-144E-453E-BE57-9F4EE5203A48} - System32\Tasks\{9B3AEF81-24B1-4A7A-BB6E-E01F168FB77A} => C:\Program Files\Skype\Phone\Skype.exe
Task: {E84D8C2B-A814-4A41-A5D6-6BC0BABCF83D} - System32\Tasks\LaunchPreSignup => C:\Program Files\OLBPre\OLBPre.exe <==== UWAGA
Task: {E9D958CF-9274-4DD1-9D14-DC77FDEFBBDB} - System32\Tasks\{677735E5-7F0F-4D43-BDED-3C83E757E23C} => pcalua.exe -a "C:\Users\TOMEK I WIOLA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWJWVIHG\Perekt[1].exe" -d "C:\Users\TOMEK I WIOLA\Desktop"
Task: {ED1D3B62-64D2-4B0F-9A71-EF221449ED93} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: {EDCB8652-D1DD-41C5-A354-8083DCFFFD1B} - System32\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757} => C:\Users\TOMEKI~1\AppData\Local\Temp\b.exe <==== UWAGA
Task: {F3A24E35-F7C3-4445-A626-3767DBB237DD} - System32\Tasks\ad17d29a-d65a-475b-ba97-228997c6049b-3 => C:\Program Files\GoHD\ad17d29a-d65a-475b-ba97-228997c6049b-3.exe <==== UWAGA
Task: {F4F3BC5F-A68E-406C-B659-ED673069A813} - System32\Tasks\EjI6pdtUHv9jHEK4sahC => C:\Users\TOMEK I WIOLA\AppData\Roaming\EjI6pdtUHv9jHEK4sahC.exe <==== UWAGA
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AnyProtect Scanner
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BDRegion
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Quick Search Box
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Twoje TVN24
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameXN GO
CMD: del /q /s C:\*AdwCleaner*
CMD: netsh advfirewall reset
EmptyTemp:

Zapisany skrypt umieść obok ściągniętego programu FRST 
Następnie w programie kliknij Fix,po wykonaniu pokaż raport z tego działania.

Odinstaluj:

Acrobat.com
Adobe Acrobat 8 Professional
Adobe AIR
Adobe Reader X (10.1.15)
Google Chrome
Java 8 Update 45
Opera Stable 31.0.1889.174 (jest nowsza wersja)
PIT-OPP 2010
YTD Toolbar v6.5

Ściągnij program

[Aby zobaczyć linki, zarejestruj się tutaj]

kliknij Szukaj i następnie Usuń

Pokaż raport z niego.

Ściągnij 

[Aby zobaczyć linki, zarejestruj się tutaj]

Po uruchomieniu otworzy się okno cmd proszące o wciśnięcie jakiegokolwiek klawisza, by kontynuować. Rozpoczyna się skan i usuwanie. Wynikowo na Pulpicie powstanie log JRT.txt.


Do notatnika wklej:

Kod:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt]
"DisplayName"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-205"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-204"
"ObjectName"="localSystem"
"ErrorControl"=dword:00000000
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"ServiceSidType"=dword:00000001
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\
00,6c,00,6c,00,00,00
"ServiceMain"="ServiceMain"

zapisz jako fix.reg z PPM scal wprowadzając wpisy do rejestru

Uruchom komputer ponownie.

Zrób nowe logi i przedstaw z FRST.txt > Addition.txt

[jankowiak]

Raport naprawy FRST

[Aby zobaczyć linki, zarejestruj się tutaj]

---

raport ADWCleaner

[Aby zobaczyć linki, zarejestruj się tutaj]

[jankowiak]

Raporty z FRST

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

[tachion]

Nie wiem po co pierwszy skrypt był wykonywany 4 razy,wykonuję się tylko raz. Brak też raportu z JRT.