Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Samouruchamiające się niechciane aplikacje

Astreuz 16 Sie 2015 20:01 687 12
  • #1 16 Sie 2015 20:01
    Astreuz
    Poziom 10  

    Witam, podczas uruchamia windowsa w procesach pojawiają się takie procesy, które widać na załączonym screenie. Wcześniej zainstalował się ten cały mystart (wyszukiwarka), lecz z tym sobie poradziłem, a pozostało usunięcie aplikacji, do których nie mam pojęcia jak dojść. Proszę o jakąś pomoc i wskazówki. Antywirus blokuje także inne aplikacje, które próbują się same włączyć, więc gdyby dało radę tamte usunąć to podesłałbym jeszcze te z antywirusa. Pomijając pytania czy usuwałem aplikacje z panelu sterowania w dodaj/usuń programy = tak,usuwałem,lecz tych nie ma zapisanych na liście. Jeżeli chodzi o msconfig tak samo, mam tylko zaznaczone usługi systemowe no i antywirus,nic innego.

    0 12
  • CControls
  • #3 17 Sie 2015 16:37
    Astreuz
    Poziom 10  

    A więc tak:
    1.Jeżeli chodzi o AdwCleanera, wyczyściłem i wyniki są następujące:

    Spoiler:
    # AdwCleaner v5.000 - Logfile created 17/08/2015 at 16:18:52
    # Updated 14/08/2015 by Xplode
    # Database : 2015-08-16.2 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x86)
    # Username : kamilooo - KAMILOOO-PC
    # Running from : C:\Users\kamilooo\Downloads\adwcleaner_5.000.exe
    # Option : Cleaning

    ***** [ Services ] *****

    [-] Service Deleted : fchk32

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files\Mobogenie
    [-] Folder Deleted : C:\Program Files\predm
    [-] Folder Deleted : C:\Program Files\Wajam
    [-] Folder Deleted : C:\Program Files\bestadblocker
    [-] Folder Deleted : C:\Program Files\fchk32
    [!] Folder Not Deleted : C:\Program Files\bestadblocker
    [-] Folder Deleted : C:\Program Files\CinemaPlus-3.2cV15.08
    [-] Folder Deleted : C:\Program Files\CinemaPlus-3.2cV16.08
    [-] Folder Deleted : C:\ProgramData\ParetoLogic
    [-] Folder Deleted : C:\ProgramData\95a68b260000444e
    [-] Folder Deleted : C:\ProgramData\{3ecd909c-4225-4e3c-3ecd-d909c4224271}
    [-] Folder Deleted : C:\ProgramData\{d7d8c324-9ec1-370e-d7d8-8c3249ec0c92}
    [-] Folder Deleted : C:\Users\Guest\AppData\LocalLow\HomeTab
    [-] Folder Deleted : C:\Users\Guest\AppData\LocalLow\SimplyTech
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Local\genienext
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Local\Mobogenie
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Local\SmartWeb
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Local\SysassistByHotWheel
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Local\00000000-1439647351-0000-0000-001A4D33746E
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Roaming\DriverCure
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Roaming\istartsurf
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Roaming\OpenCandy
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Roaming\ParetoLogic
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Roaming\registry mechanic
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Roaming\Systweak
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Roaming\mystartsearch
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Roaming\IQIYI Video
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\deskCutv2@gmail.com
    [-] Folder Deleted : C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\defsearchp@gmail.com
    [-] Folder Deleted : C:\Users\kamilooo\Documents\Mobogenie




    [-] Folder Deleted : C:\Users\Konto zastępcze\AppData\Local\Google\Chrome\User Data\Default\Extensions\null
    [-] Folder Deleted : C:\Users\Konto zastępcze\AppData\LocalLow\adawaretb
    [-] Folder Deleted : C:\Users\Konto zastępcze\AppData\Roaming\Mozilla\Firefox\Profiles\d95hdh6c.default\Extensions\Ldtf@n.org
    [-] Folder Deleted : C:\Users\wangzhisong\AppData\Local\Mobogenie

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\kamilooo\daemonprocess.txt
    [-] File Deleted : C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage
    [-] File Deleted : C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage
    [-] File Deleted : C:\Users\kamilooo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\???PPS??.LNK
    [-] File Deleted : C:\Users\kamilooo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
    [-] File Deleted : C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\searchplugins\istartsurf.xml
    [-] File Deleted : C:\Windows\system32\roboot.exe

    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : SmartWeb Upgrade Trigger Task
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-1-6
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-1-7
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-10_user
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-4
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-5
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-5_user
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-1-6
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-1-7
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-10_user
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-4
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-5
    [-] Task Deleted : 4d80a784-d28c-43ef-a864-532b063d8799-5_user
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5
    [-] Task Deleted : 594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user
    [-] Task Deleted : 0215avUpdateInfo
    [-] Task Deleted : 1214avUpdateInfo
    [-] Task Deleted : 0215avUpdateInfo
    [-] Task Deleted : 1214avUpdateInfo

    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    [-] Key Deleted : HKCU\Software\Mozilla\Extends
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IEhelperActiveX.IEhelperLabel
    [-] Key Deleted : HKCU\Software\MozillaPlugins\@iqiyi.com/npWebPlayer
    [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer
    [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient
    [-] Key Deleted : HKLM\SOFTWARE\Classes\qygameclient
    [-] Key Deleted : HKLM\SOFTWARE\Classes\HCDNProxy
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_pl_005010061]
    [-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
    [-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{756C097C-6BDB-45DE-A8F1-83E01AB86BA4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4DFC-959F-233651CC4D7F}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}
    [-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
    [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
    [-] Key Deleted : HKCU\Software\APN PIP
    [-] Key Deleted : HKCU\Software\AskPartnerNetwork
    [-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
    [-] Key Deleted : HKCU\Software\ParetoLogic
    [-] Key Deleted : HKCU\Software\simplytech
    [!] Key Not Deleted : HKCU\Software\Simplytech\HomeTab
    [-] Key Deleted : HKCU\Software\systweak
    [-] Key Deleted : HKCU\Software\TutoTag
    [-] Key Deleted : HKCU\Software\vShare.tv
    [-] Key Deleted : HKCU\Software\WajIEnhance
    [-] Key Deleted : HKCU\Software\TNT2
    [-] Key Deleted : HKCU\Software\CrossBrowser
    [-] Key Deleted : HKCU\Software\Crossbrowse
    [-] Key Deleted : HKCU\Software\YorkNewCin
    [-] Key Deleted : HKCU\Software\HighDefAction
    [-] Key Deleted : HKCU\Software\ArenaHD
    [-] Key Deleted : HKCU\Software\Avg Secure Update
    [-] Key Deleted : HKCU\Software\QyGameClient
    [-] Key Deleted : HKCU\Software\DAILYPCCLEAN
    [-] Key Deleted : HKCU\Software\CinemaPlus-3.2cV15.08
    [-] Key Deleted : HKCU\Software\CinemaPlus-3.2cV16.08
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
    [-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
    [-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
    [-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    [-] Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
    [-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    [-] Key Deleted : HKLM\SOFTWARE\hdcode
    [-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    [-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
    [-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
    [-] Key Deleted : HKLM\SOFTWARE\systweak
    [-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    [-] Key Deleted : HKLM\SOFTWARE\Tutorials
    [-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
    [-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    [-] Key Deleted : HKLM\SOFTWARE\Crossbrowse
    [-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
    [-] Key Deleted : HKLM\SOFTWARE\HighDefAction
    [-] Key Deleted : HKLM\SOFTWARE\ArenaHD
    [-] Key Deleted : HKLM\SOFTWARE\FFPluginHp
    [-] Key Deleted : HKLM\SOFTWARE\searchult
    [-] Key Deleted : HKLM\SOFTWARE\downchecker
    [-] Key Deleted : HKLM\SOFTWARE\CinemaPlus-3.2cV15.08
    [-] Key Deleted : HKLM\SOFTWARE\CinemaPlus-3.2cV16.08
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
    [-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
    [-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
    [-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
    [-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
    [-] Data Restored : HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data Restored : HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    [-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2CA0B775-F5B7-45C0-B8F1-28893D2F6F5C}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    [-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

    ***** [ Web browsers ] *****

    [-] [C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
    [-] [C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "istartsurf");
    [-] [C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.alias", "istartsurf");
    [-] [C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
    [-] [C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.name", "istartsurf");
    [-] [C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1439815006&z=3806c2a81f30e627774b473g6zec7t5b9g2z8tag9g&from=face&uid=HitachiXHDS721616PLA380_PVF904Z9RSR1ANRSR1[...]
    [-] [C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "istartsurf");
    [-] [C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
    [-] [C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
    [-] [C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.certified-toolbar.com
    [-] [C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.sweetim.com
    [-] [C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystart.incredibar.com/mb161
    [-] [C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : feed.helperbar.com
    [-] [C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : feed.helperbar.com_
    [-] [C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : startsear.ch
    [-] [C:\Users\Konto zastępcze\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : feed.helperbar.com
    [-] [C:\Users\Konto zastępcze\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com

    *************************

    :: Proxy settings cleared
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner[C2].txt - [19520 octets] - [17/08/2015 16:18:53]
    C:\AdwCleaner[S2].txt - [19915 octets] - [17/08/2015 15:14:36]

    ########## EOF - C:\AdwCleaner[C2].txt - [19648 octets] ##########

    2.Jeżeli chodzi o FRST:
    pliki FRST.txt i Addition w załącznikach.
    3.Jeżeli chodzi o Mbam, próbowałem zainstalować, instalka wiesza się na końcu i jest brak odpowiedzi. Nie udaje się także z plików które powstały włączyć, gdyż wyskakuje komunikat, że nie ma pliku mbam.exe (tego głównego).
    Zauważyłem,że zniknęło dużo procesów,które na starcie atakowały odrazu komputer,aczkolwiek ten drugi proces nadal istnieje i się uruchamia na starcie,jakiś program smartweb czy coś takiego (na pewno smart) także się uruchamia.To tylko te dwa przypadki,które zostały jeszcze.

    0
  • CControls
  • #4 17 Sie 2015 16:50
    Kolobos
    Spec od komputerów

    Odinstaluj: 20Dollars2Surf 1.1

    Comodo tez mozesz odinstalowac, jest bezuzyteczny.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    () C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\hnsc7FBB.tmp
    () C:\Program Files\fchk32\fchk32.exe
    (Cinema PlusV16.08) C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe
    () C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\knse7DB7.tmp
    () C:\Users\kamilooo\AppData\Local\InstallDriverTable\c_20105.exe
    (Cinema PlusV15.08) C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\kamilooo\AppData\Local\Temp\814396397990\Setup_product_461.exe ()
    Task: {08679BAB-3603-40A9-B902-2DD0FF77B2E7} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.exe <==== ATTENTION
    Task: {1533A41A-888C-4EFA-88AE-D05C6738A24E} - System32\Tasks\Bufor wydruku 1.66.15 => C:\Windows\system32\config\systemprofile\AppData\Local\Buforwydruku\bufor.exe [2015-08-15] ()Task: {1EE0BB37-5262-4242-81DC-03B540B3E9E8} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {20AD9EF2-6C46-47CA-9294-272B1151EF88} - System32\Tasks\Internet Explorer ETW Collector Service32 => C:\Windows\system32\config\systemprofile\AppData\Local\InternetExplorer\internet.exe [2015-08-16] ()
    Task: {2174A209-1996-49D8-ADC1-B2EF932BF515} - System32\Tasks\Menedżer poświadczeń 1.88.15 => C:\Windows\system32\config\systemprofile\AppData\Local\Menederpowiadcze\printfilterpipelinesvc.exe [2015-08-15] ()
    Task: {27EBA502-0551-4EA3-928A-E626FA6E8E48} - System32\Tasks\Zarządzanie aplikacjami 1.45.17 => C:\Windows\system32\config\systemprofile\AppData\Local\Zarzdzanieaplikacjami\dwrite.exe [2015-08-17] ()
    Task: {40BF6EF2-77C6-4E74-8254-BCAFF545E404} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {45B89B20-FB77-49FB-920A-CB0972A84B31} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-6.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {56800B45-BEDB-4ADD-BF57-58CD2298A0CF} - System32\Tasks\Usługa inicjatora iSCSI firmy Microsoft 1.26.17 => C:\Windows\system32\config\systemprofile\AppData\Local\Usugainicjatora\usługa.exe [2015-08-17] ()
    Task: {590C2980-1EEB-441C-B14E-9CAD73A273E4} - System32\Tasks\Bufor wydruku 1.56.16 => C:\Windows\system32\config\systemprofile\AppData\Local\Buforwydruku\bufor.exe [2015-08-15] ()
    Task: {590C2EFF-C5AC-41F8-AA0D-7EABC249CB9F} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
    Task: {5B43955A-6656-45B8-8310-38E452EE1488} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
    Task: {5BAA8351-03A2-4D9F-9635-933280A519CA} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-4.exe <==== ATTENTION
    Task: {5FC54E71-A831-4207-99BC-4F4D7B30880C} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {61213E0E-6057-4090-986F-2BA082966C89} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {70DBF96B-86FD-4773-97C0-E331A5DB24FA} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {7471388D-CB17-47B0-A82C-525DC771247B} - System32\Tasks\287E91C0-C5F0-4095-A5F7-B4812571947A => C:\Users\kamilooo\AppData\Local\287E91C0-C5F0-4095-A5F7-B4812571947A\287E91C0-C5F0-4095-A5F7-B4812571947A.exe [2015-08-17] () <==== ATTENTION
    Task: {7D3D4348-6351-4E05-9085-C5CBEA3FF150} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {A647847B-96A7-46D5-9D8D-9D4026751B45} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-7.exe <==== ATTENTION
    Task: {AA8A35C2-1759-4943-95B0-A916D99AC0D9} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {C34A50A4-266E-4347-9F19-78101D1DB13A} - System32\Tasks\iPrioritize => c:\programdata\{3ecd909c-4225-4e3c-3ecd-d909c4224271}\sevensetup.exe [2015-08-15] () <==== ATTENTION
    Task: {DB13074E-8C64-416E-94FA-FA227064BD18} - System32\Tasks\1214avUpdateInfo => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
    Task: {E4D5EDA2-E5D7-43FB-BE7F-BF4E635E99F5} - System32\Tasks\Usługa powiadomień SPP 1.48.17 => C:\Windows\system32\config\systemprofile\AppData\Local\Usugapowiadomie\usługa.exe [2015-08-17] ()
    Task: {F90DFB57-6340-45FC-B466-573158975510} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.exe <==== ATTENTION
    Task: {FFDBDC03-8C77-47E1-A0F8-FA074D1C1648} - System32\Tasks\NodEnabler => C:\ESET\NodEnabler\NodEnabler.exe <==== ATTENTION
    Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
    Task: C:\Windows\Tasks\1214avUpdateInfo.job => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-6.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-7.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-4.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\iPrioritize.job => c:\programdata\{3ecd909c-4225-4e3c-3ecd-d909c4224271}\sevensetup.exe <==== ATTENTION
    2015-08-15 14:00 - 2015-08-15 14:00 - 00161792 _____ () C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\hnsc7FBB.tmp
    2015-08-10 10:20 - 2015-08-15 13:58 - 00379904 _____ () C:\Program Files\fchk32\fchk32.exe
    2015-08-17 00:28 - 2015-08-17 00:53 - 00473600 _____ () C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\knse7DB7.tmp
    2015-08-15 13:57 - 2015-08-15 13:57 - 00038400 _____ () C:\Users\kamilooo\AppData\Local\InstallDriverTable\c_20105.exe
    AlternateDataStreams: C:\Users\kamilooo\AppData\Roaming:NT
    AlternateDataStreams: C:\Users\kamilooo\AppData\Roaming:NT2
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [ospd_us_013010061] => [X]
    HKLM\...\Run: [gmsd_pl_005010061] => [X]
    HKLM\...\Run: [SmartWeb] => C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe
    IFEO\avcenter.exe: [Debugger] euaie.exe
    IFEO\avguard.exe: [Debugger] euaie.exe
    IFEO\avp.exe: [Debugger] euaie.exe
    IFEO\bdagent.exe: [Debugger] euaie.exe
    IFEO\ccuac.exe: [Debugger] euaie.exe
    IFEO\ComboFix.exe: [Debugger] euaie.exe
    IFEO\egui.exe: [Debugger] euaie.exe
    IFEO\hijackthis.exe: [Debugger] euaie.exe
    IFEO\keyscrambler.exe: [Debugger] euaie.exe
    IFEO\mbam.exe: [Debugger] euaie.exe
    IFEO\MpCmdRun.exe: [Debugger] euaie.exe
    IFEO\MSASCui.exe: [Debugger] euaie.exe
    IFEO\MsMpEng.exe: [Debugger] euaie.exe
    IFEO\msseces.exe: [Debugger] euaie.exe
    IFEO\spybotsd.exe: [Debugger] euaie.exe
    IFEO\wireshark.exe: [Debugger] euaie.exe
    IFEO\zlclient.exe: [Debugger] euaie.exe
    Startup: C:\Users\kamilooo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-16]
    ShortcutTarget: SmartWeb.lnk -> C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
    GroupPolicyUsers\S-1-5-21-48624932-3266488684-2313955220-1003\User: Restriction on Chrome detected <======= ATTENTION
    GroupPolicyScripts: Group Policy detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:49395;https=127.0.0.1:49395
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=143...HitachiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=143...HitachiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=143...HitachiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=143...HitachiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKLM -> {2CA0B775-F5B7-45C0-B8F1-28893D2F6F5C} URL = hxxp://feed.helperbar.com/?publisher=OPENCAND...774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-48624932-3266488684-2313955220-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-48624932-3266488684-2313955220-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    BHO: No Name -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> No File
    FF NewTab: chrome://quick_start/content/index.html
    FF DefaultSearchEngine: istartsurf
    FF SelectedSearchEngine: istartsurf
    FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
    FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
    FF Plugin HKU\S-1-5-21-48624932-3266488684-2313955220-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
    FF Plugin HKU\S-1-5-21-48624932-3266488684-2313955220-1001: BearSharePlugin -> C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    FF SearchPlugin: C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\searchplugins\istartsurf.xml [2015-08-17]
    FF Extension: Default SearchProtected - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\defsearchp@gmail.com [2015-08-17]
    FF Extension: deskCut - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\deskCutv2@gmail.com [2015-08-17]
    FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\extensions\defsearchp@gmail.com
    FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\extensions\deskCutv2@gmail.com
    CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2015-01-12]
    CHR HKLM\...\Chrome\Extension: [hahpjplbmicfkmoccokbjejahjjpnena] - <no Path\update_url>
    CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-19]
    CHR HKLM\...\Chrome\Extension: [pbigfkbippnoeffniighecdghnbnmced] - <no Path\update_url>
    R2 comyninu; C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\hnsc7FBB.tmp [161792 2015-08-15] () [File not signed]
    R2 fchk32; C:\Program Files\fchk32\fchk32.exe [379904 2015-08-15] () [File not signed] <==== ATTENTION
    R2 piqipete; C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\knse7DB7.tmp [473600 2015-08-17] () [File not signed]
    R2 wsock32; C:\Users\kamilooo\AppData\Local\InstallDriverTable\c_20105.exe [38400 2015-08-15] () [File not signed]
    S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
    S0 bteaey; no ImagePath
    S3 catchme; no ImagePath
    S3 cpuz126; no ImagePath
    S3 EagleNT; no ImagePath
    S3 EagleXNt; no ImagePath
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S3 NvStreamKms; no ImagePath
    S4 nvvad_WaveExtensible; no ImagePath
    S3 Synth3dVsc; no ImagePath
    S3 tsusbhub; no ImagePath
    S3 VGPU; no ImagePath
    S3 WinRing0_1_2_0; no ImagePath
    2015-08-17 15:14 - 2015-08-17 15:14 - 00000315 _____ C:\AdwCleaner[S2].txt
    2015-08-17 15:09 - 2015-08-17 15:09 - 00000000 ____D C:\AdwCleaner
    2015-08-17 14:37 - 2015-08-17 14:42 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\istartsurf
    2015-08-17 14:36 - 2015-08-17 14:36 - 00000000 ____D C:\Users\kamilooo\AppData\Local\287E91C0-C5F0-4095-A5F7-B4812571947A
    2015-08-16 19:11 - 2015-08-17 14:03 - 00002440 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user.job
    2015-08-16 19:11 - 2015-08-17 14:03 - 00002440 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.job
    2015-08-16 19:10 - 2015-08-17 15:13 - 00002106 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user.job
    2015-08-16 19:10 - 2015-08-17 15:10 - 00003132 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.job
    2015-08-16 19:10 - 2015-08-17 14:03 - 00004488 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.job
    2015-08-16 19:10 - 2015-08-17 14:03 - 00003132 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.job
    2015-08-16 19:09 - 2015-08-16 19:11 - 00000000 ____D C:\Program Files\CinemaPlus-3.2cV16.08
    2015-08-16 15:53 - 2015-08-16 18:58 - 00000000 ____D C:\Program Files\gmsd_pl_005010061
    2015-08-16 15:50 - 2015-08-17 14:43 - 00000000 ____D C:\Users\kamilooo\AppData\Local\SmartWeb
    2015-08-15 23:26 - 2015-08-16 10:07 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\ppslog
    2015-08-15 15:45 - 2015-08-17 15:10 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
    2015-08-15 15:14 - 2015-08-16 11:00 - 00000000 ____D C:\qycache
    2015-08-15 15:14 - 2015-08-15 15:16 - 00000000 ____D C:\Users\kamilooo\AppData\Local\SysassistByHotWheel
    2015-08-15 15:05 - 2015-08-15 23:27 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\IQIYI Video
    2015-08-15 15:05 - 2015-08-15 15:05 - 00000000 ____D C:\Users\Public\QiYi
    2015-08-15 15:01 - 2015-08-15 15:01 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\kamilooo\Downloads\SpyHunter-Installer.exe
    2015-08-15 14:47 - 2015-08-15 14:48 - 00000000 ____D C:\ProgramData\95a68b260000444e
    2015-08-15 14:46 - 2015-08-17 14:46 - 00003132 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7.job
    2015-08-15 14:46 - 2015-08-17 14:46 - 00003132 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6.job
    2015-08-15 14:46 - 2015-08-17 14:46 - 00002440 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user.job
    2015-08-15 14:46 - 2015-08-17 14:46 - 00002440 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5.job
    2015-08-15 14:45 - 2015-08-17 15:13 - 00002106 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user.job
    2015-08-15 14:45 - 2015-08-17 14:45 - 00004488 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4.job
    2015-08-15 14:45 - 2015-08-15 14:46 - 00000000 ____D C:\Program Files\CinemaPlus-3.2cV15.08
    2015-08-15 14:36 - 2015-08-15 14:36 - 00000000 _____ C:\Windows\prleth.sys
    2015-08-15 14:36 - 2015-08-15 14:36 - 00000000 _____ C:\Windows\hgfs.sys
    2015-08-15 14:35 - 2015-08-15 14:35 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\mystartsearch
    2015-08-15 14:09 - 2015-08-15 14:09 - 00000000 ____D C:\Program Files\predm
    2015-08-15 14:08 - 2015-08-15 14:15 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\systweak
    2015-08-15 14:08 - 2015-07-02 14:14 - 00018200 _____ () C:\Windows\system32\roboot.exe
    2015-08-15 14:07 - 2015-08-15 14:08 - 00000000 ____D C:\Program Files\00000000-1439640479-0000-0000-001A4D33746E
    2015-08-15 14:02 - 2015-08-15 14:13 - 00000000 ____D C:\Users\kamilooo\AppData\Local\00000000-1439647351-0000-0000-001A4D33746E
    2015-08-15 13:59 - 2015-08-17 00:53 - 00000000 ____D C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E
    2015-08-15 13:57 - 2015-08-15 13:58 - 00000000 ____D C:\Program Files\fchk32
    2015-08-15 13:57 - 2015-08-15 13:57 - 00000000 ____D C:\Users\kamilooo\AppData\Local\InstallDriverTable
    2015-08-15 13:53 - 2015-08-15 14:36 - 00000000 ____D C:\Program Files\bestadblocker
    2015-08-15 13:40 - 2015-08-15 13:40 - 00000000 ____D C:\Program Files\WajInterEnhancer
    2015-08-15 13:40 - 2015-08-15 13:40 - 00000000 ____D C:\Program Files\Wajam
    2015-08-15 13:38 - 2015-08-15 14:47 - 00000000 ____D C:\ProgramData\12766753828128071177
    2015-08-15 13:36 - 2015-08-16 19:53 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\Narcissistic Hope
    2015-08-15 13:36 - 2015-08-16 19:36 - 00000340 _____ C:\Windows\Tasks\iPrioritize.job
    2015-08-15 13:36 - 2015-08-15 13:36 - 00000000 ____D C:\ProgramData\{3ecd909c-4225-4e3c-3ecd-d909c4224271}
    C:\Users\kamilooo\AppData\Local\Temp*.html
    EmptyTemp:

    W FRST wybierz Fix.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu daj nowe logi z FRST, ze skanowania.

    0
  • #5 17 Sie 2015 17:09
    Acorus 20
    Spec od komputerów

    Odinstaluj 20Dollars2Surf 1.1, Akamai NetSession Interface. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {08679BAB-3603-40A9-B902-2DD0FF77B2E7} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.exe <==== ATTENTION
    Task: {1EE0BB37-5262-4242-81DC-03B540B3E9E8} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {40BF6EF2-77C6-4E74-8254-BCAFF545E404} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {45B89B20-FB77-49FB-920A-CB0972A84B31} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-6.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {590C2EFF-C5AC-41F8-AA0D-7EABC249CB9F} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
    Task: {5B43955A-6656-45B8-8310-38E452EE1488} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
    Task: {5BAA8351-03A2-4D9F-9635-933280A519CA} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-4.exe <==== ATTENTION
    Task: {5FC54E71-A831-4207-99BC-4F4D7B30880C} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {61213E0E-6057-4090-986F-2BA082966C89} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {70DBF96B-86FD-4773-97C0-E331A5DB24FA} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {7471388D-CB17-47B0-A82C-525DC771247B} - System32\Tasks\287E91C0-C5F0-4095-A5F7-B4812571947A => C:\Users\kamilooo\AppData\Local\287E91C0-C5F0-4095-A5F7-B4812571947A\287E91C0-C5F0-4095-A5F7-B4812571947A.exe [2015-08-17] () <==== ATTENTION
    Task: {7D3D4348-6351-4E05-9085-C5CBEA3FF150} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {A647847B-96A7-46D5-9D8D-9D4026751B45} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-7.exe <==== ATTENTION
    Task: {AA8A35C2-1759-4943-95B0-A916D99AC0D9} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {C34A50A4-266E-4347-9F19-78101D1DB13A} - System32\Tasks\iPrioritize => c:\programdata\{3ecd909c-4225-4e3c-3ecd-d909c4224271}\sevensetup.exe [2015-08-15] () <==== ATTENTION
    Task: {DB13074E-8C64-416E-94FA-FA227064BD18} - System32\Tasks\1214avUpdateInfo => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
    Task: {F90DFB57-6340-45FC-B466-573158975510} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.exe <==== ATTENTION
    Task: {FFDBDC03-8C77-47E1-A0F8-FA074D1C1648} - System32\Tasks\NodEnabler => C:\ESET\NodEnabler\NodEnabler.exe <==== ATTENTION
    Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
    Task: C:\Windows\Tasks\1214avUpdateInfo.job => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-6.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-7.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-4.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\iPrioritize.job => c:\programdata\{3ecd909c-4225-4e3c-3ecd-d909c4224271}\sevensetup.exe <==== ATTENTION
    AlternateDataStreams: C:\ProgramData:NT2
    AlternateDataStreams: C:\Users\All Users:NT2
    AlternateDataStreams: C:\ProgramData\Application Data:NT2
    AlternateDataStreams: C:\Users\kamilooo\Application Data:NT
    AlternateDataStreams: C:\Users\kamilooo\Application Data:NT2
    AlternateDataStreams: C:\Users\kamilooo\AppData\Roaming:NT
    AlternateDataStreams: C:\Users\kamilooo\AppData\Roaming:NT2
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [ospd_us_013010061] => [X]
    HKLM\...\Run: [gmsd_pl_005010061] => [X]
    HKLM\...\Run: [SmartWeb] => C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe
    IFEO\avcenter.exe: [Debugger] euaie.exe
    IFEO\avguard.exe: [Debugger] euaie.exe
    IFEO\avp.exe: [Debugger] euaie.exe
    IFEO\bdagent.exe: [Debugger] euaie.exe
    IFEO\ccuac.exe: [Debugger] euaie.exe
    IFEO\ComboFix.exe: [Debugger] euaie.exe
    IFEO\egui.exe: [Debugger] euaie.exe
    IFEO\hijackthis.exe: [Debugger] euaie.exe
    IFEO\keyscrambler.exe: [Debugger] euaie.exe
    IFEO\mbam.exe: [Debugger] euaie.exe
    IFEO\MpCmdRun.exe: [Debugger] euaie.exe
    IFEO\MSASCui.exe: [Debugger] euaie.exe
    IFEO\MsMpEng.exe: [Debugger] euaie.exe
    IFEO\msseces.exe: [Debugger] euaie.exe
    IFEO\spybotsd.exe: [Debugger] euaie.exe
    IFEO\wireshark.exe: [Debugger] euaie.exe
    IFEO\zlclient.exe: [Debugger] euaie.exe
    Startup: C:\Users\kamilooo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-16]
    ShortcutTarget: SmartWeb.lnk -> C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    GroupPolicyUsers\S-1-5-21-48624932-3266488684-2313955220-1003\User: Restriction on Chrome detected <======= ATTENTION
    GroupPolicyScripts: Group Policy detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:49395;https=127.0.0.1:49395
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=143...HitachiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=143...HitachiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=143...HitachiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=143...HitachiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKLM -> {2CA0B775-F5B7-45C0-B8F1-28893D2F6F5C} URL = hxxp://feed.helperbar.com/?publisher=OPENCAND...774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-48624932-3266488684-2313955220-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-48624932-3266488684-2313955220-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts...XHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    BHO: No Name -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    FF DefaultSearchEngine: istartsurf
    FF SelectedSearchEngine: istartsurf
    FF Plugin HKU\S-1-5-21-48624932-3266488684-2313955220-1001: BearSharePlugin -> C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    FF SearchPlugin: C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\searchplugins\istartsurf.xml [2015-08-17]
    FF Extension: Default SearchProtected - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\defsearchp@gmail.com [2015-08-17]
    FF Extension: deskCut - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\deskCutv2@gmail.com [2015-08-17]
    FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\extensions\defsearchp@gmail.com
    FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\extensions\deskCutv2@gmail.com
    R2 fchk32; C:\Program Files\fchk32\fchk32.exe [379904 2015-08-15] () [File not signed] <==== ATTENTION
    S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
    S0 bteaey; no ImagePath
    S3 catchme; no ImagePath
    S3 cpuz126; no ImagePath
    S3 EagleNT; no ImagePath
    S3 EagleXNt; no ImagePath
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S3 NvStreamKms; no ImagePath
    S4 nvvad_WaveExtensible; no ImagePath
    S3 Synth3dVsc; no ImagePath
    S3 tsusbhub; no ImagePath
    S3 VGPU; no ImagePath
    S3 WinRing0_1_2_0; no ImagePath
    2015-08-17 15:09 - 2015-08-17 15:09 - 00000000 ____D C:\AdwCleaner
    2015-08-16 15:53 - 2015-08-16 18:58 - 00000000 ____D C:\Program Files\gmsd_pl_005010061
    2015-08-16 15:50 - 2015-08-17 14:43 - 00000000 ____D C:\Users\kamilooo\AppData\Local\SmartWeb
    2015-08-15 15:01 - 2015-08-15 15:01 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\kamilooo\Downloads\SpyHunter-Installer.exe
    2015-08-15 14:35 - 2015-08-15 14:35 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\mystartsearch
    2015-08-15 14:09 - 2015-08-15 14:09 - 00000000 ____D C:\Program Files\predm
    2015-08-15 14:08 - 2015-08-15 14:15 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\systweak
    2015-08-15 14:08 - 2015-07-02 14:14 - 00018200 _____ () C:\Windows\system32\roboot.exe
    C:\Users\kamilooo\AppData\Local\Temp*.html
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.
    Najpierw możesz wyeksportować zakładki: https://support.google.com/chrome/answer/96816?hl=pl
    Później zainstaluj stabilną wersję: https://www.google.pl/chrome/browser/desktop/
    Przeskanuj programem Malwarebytes Anti-Malware https://www.malwarebytes.org/downloads/
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

    0
  • #6 17 Sie 2015 17:41
    Astreuz
    Poziom 10  

    Kolobos:

    Spoiler:
    Fix result of Farbar Recovery Scan Tool (x86) Version:16-08-2015
    Ran by kamilooo (2015-08-17 17:12:51) Run:1
    Running from C:\Users\kamilooo\Downloads
    Loaded Profiles: kamilooo (Available Profiles: kamilooo & Konto zastępcze & Guest & DefaultAppPool)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    () C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\hnsc7FBB.tmp
    () C:\Program Files\fchk32\fchk32.exe
    (Cinema PlusV16.08) C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe
    () C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\knse7DB7.tmp
    () C:\Users\kamilooo\AppData\Local\InstallDriverTable\c_20105.exe
    (Cinema PlusV15.08) C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\kamilooo\AppData\Local\Temp\814396397990\Setup_product_461.exe ()
    Task: {08679BAB-3603-40A9-B902-2DD0FF77B2E7} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.exe <==== ATTENTION
    Task: {1533A41A-888C-4EFA-88AE-D05C6738A24E} - System32\Tasks\Bufor wydruku 1.66.15 => C:\Windows\system32\config\systemprofile\AppData\Local\Buforwydruku\bufor.exe [2015-08-15] ()Task: {1EE0BB37-5262-4242-81DC-03B540B3E9E8} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {20AD9EF2-6C46-47CA-9294-272B1151EF88} - System32\Tasks\Internet Explorer ETW Collector Service32 => C:\Windows\system32\config\systemprofile\AppData\Local\InternetExplorer\internet.exe [2015-08-16] ()
    Task: {2174A209-1996-49D8-ADC1-B2EF932BF515} - System32\Tasks\Menedżer poświadczeń 1.88.15 => C:\Windows\system32\config\systemprofile\AppData\Local\Menederpowiadcze\printfilterpipelinesvc.exe [2015-08-15] ()
    Task: {27EBA502-0551-4EA3-928A-E626FA6E8E48} - System32\Tasks\Zarządzanie aplikacjami 1.45.17 => C:\Windows\system32\config\systemprofile\AppData\Local\Zarzdzanieaplikacjami\dwrite.exe [2015-08-17] ()
    Task: {40BF6EF2-77C6-4E74-8254-BCAFF545E404} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {45B89B20-FB77-49FB-920A-CB0972A84B31} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-6.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {56800B45-BEDB-4ADD-BF57-58CD2298A0CF} - System32\Tasks\Usługa inicjatora iSCSI firmy Microsoft 1.26.17 => C:\Windows\system32\config\systemprofile\AppData\Local\Usugainicjatora\usługa.exe [2015-08-17] ()
    Task: {590C2980-1EEB-441C-B14E-9CAD73A273E4} - System32\Tasks\Bufor wydruku 1.56.16 => C:\Windows\system32\config\systemprofile\AppData\Local\Buforwydruku\bufor.exe [2015-08-15] ()
    Task: {590C2EFF-C5AC-41F8-AA0D-7EABC249CB9F} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
    Task: {5B43955A-6656-45B8-8310-38E452EE1488} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
    Task: {5BAA8351-03A2-4D9F-9635-933280A519CA} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-4.exe <==== ATTENTION
    Task: {5FC54E71-A831-4207-99BC-4F4D7B30880C} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {61213E0E-6057-4090-986F-2BA082966C89} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {70DBF96B-86FD-4773-97C0-E331A5DB24FA} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {7471388D-CB17-47B0-A82C-525DC771247B} - System32\Tasks\287E91C0-C5F0-4095-A5F7-B4812571947A => C:\Users\kamilooo\AppData\Local\287E91C0-C5F0-4095-A5F7-B4812571947A\287E91C0-C5F0-4095-A5F7-B4812571947A.exe [2015-08-17] () <==== ATTENTION
    Task: {7D3D4348-6351-4E05-9085-C5CBEA3FF150} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {A647847B-96A7-46D5-9D8D-9D4026751B45} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-7.exe <==== ATTENTION
    Task: {AA8A35C2-1759-4943-95B0-A916D99AC0D9} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {C34A50A4-266E-4347-9F19-78101D1DB13A} - System32\Tasks\iPrioritize => c:\programdata\{3ecd909c-4225-4e3c-3ecd-d909c4224271}\sevensetup.exe [2015-08-15] () <==== ATTENTION
    Task: {DB13074E-8C64-416E-94FA-FA227064BD18} - System32\Tasks\1214avUpdateInfo => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
    Task: {E4D5EDA2-E5D7-43FB-BE7F-BF4E635E99F5} - System32\Tasks\Usługa powiadomień SPP 1.48.17 => C:\Windows\system32\config\systemprofile\AppData\Local\Usugapowiadomie\usługa.exe [2015-08-17] ()
    Task: {F90DFB57-6340-45FC-B466-573158975510} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.exe <==== ATTENTION
    Task: {FFDBDC03-8C77-47E1-A0F8-FA074D1C1648} - System32\Tasks\NodEnabler => C:\ESET\NodEnabler\NodEnabler.exe <==== ATTENTION
    Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
    Task: C:\Windows\Tasks\1214avUpdateInfo.job => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-6.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-7.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-4.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\iPrioritize.job => c:\programdata\{3ecd909c-4225-4e3c-3ecd-d909c4224271}\sevensetup.exe <==== ATTENTION
    2015-08-15 14:00 - 2015-08-15 14:00 - 00161792 _____ () C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\hnsc7FBB.tmp
    2015-08-10 10:20 - 2015-08-15 13:58 - 00379904 _____ () C:\Program Files\fchk32\fchk32.exe
    2015-08-17 00:28 - 2015-08-17 00:53 - 00473600 _____ () C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\knse7DB7.tmp
    2015-08-15 13:57 - 2015-08-15 13:57 - 00038400 _____ () C:\Users\kamilooo\AppData\Local\InstallDriverTable\c_20105.exe
    AlternateDataStreams: C:\Users\kamilooo\AppData\Roaming:NT
    AlternateDataStreams: C:\Users\kamilooo\AppData\Roaming:NT2
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [ospd_us_013010061] => [X]
    HKLM\...\Run: [gmsd_pl_005010061] => [X]
    HKLM\...\Run: [SmartWeb] => C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe
    IFEO\avcenter.exe: [Debugger] euaie.exe
    IFEO\avguard.exe: [Debugger] euaie.exe
    IFEO\avp.exe: [Debugger] euaie.exe
    IFEO\bdagent.exe: [Debugger] euaie.exe
    IFEO\ccuac.exe: [Debugger] euaie.exe
    IFEO\ComboFix.exe: [Debugger] euaie.exe
    IFEO\egui.exe: [Debugger] euaie.exe
    IFEO\hijackthis.exe: [Debugger] euaie.exe
    IFEO\keyscrambler.exe: [Debugger] euaie.exe
    IFEO\mbam.exe: [Debugger] euaie.exe
    IFEO\MpCmdRun.exe: [Debugger] euaie.exe
    IFEO\MSASCui.exe: [Debugger] euaie.exe
    IFEO\MsMpEng.exe: [Debugger] euaie.exe
    IFEO\msseces.exe: [Debugger] euaie.exe
    IFEO\spybotsd.exe: [Debugger] euaie.exe
    IFEO\wireshark.exe: [Debugger] euaie.exe
    IFEO\zlclient.exe: [Debugger] euaie.exe
    Startup: C:\Users\kamilooo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-16]
    ShortcutTarget: SmartWeb.lnk -> C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
    GroupPolicyUsers\S-1-5-21-48624932-3266488684-2313955220-1003\User: Restriction on Chrome detected <======= ATTENTION
    GroupPolicyScripts: Group Policy detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:49395;https=127.0.0.1:49395
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&t...hiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&t...hiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&t...hiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&t...hiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKLM -> {2CA0B775-F5B7-45C0-B8F1-28893D2F6F5C} URL = hxxp://feed.helperbar.com/?publisher=OPE...mp;searchtype=ds&babsrc=lnkry&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-48624932-3266488684-2313955220-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-48624932-3266488684-2313955220-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    BHO: No Name -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> No File
    FF NewTab: chrome://quick_start/content/index.html
    FF DefaultSearchEngine: istartsurf
    FF SelectedSearchEngine: istartsurf
    FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
    FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
    FF Plugin HKU\S-1-5-21-48624932-3266488684-2313955220-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
    FF Plugin HKU\S-1-5-21-48624932-3266488684-2313955220-1001: BearSharePlugin -> C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    FF SearchPlugin: C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\searchplugins\istartsurf.xml [2015-08-17]
    FF Extension: Default SearchProtected - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\defsearchp@gmail.com [2015-08-17]
    FF Extension: deskCut - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\deskCutv2@gmail.com [2015-08-17]
    FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\extensions\defsearchp@gmail.com
    FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\extensions\deskCutv2@gmail.com
    CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2015-01-12]
    CHR HKLM\...\Chrome\Extension: [hahpjplbmicfkmoccokbjejahjjpnena] - <no Path\update_url>
    CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-19]
    CHR HKLM\...\Chrome\Extension: [pbigfkbippnoeffniighecdghnbnmced] - <no Path\update_url>
    R2 comyninu; C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\hnsc7FBB.tmp [161792 2015-08-15] () [File not signed]
    R2 fchk32; C:\Program Files\fchk32\fchk32.exe [379904 2015-08-15] () [File not signed] <==== ATTENTION
    R2 piqipete; C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\knse7DB7.tmp [473600 2015-08-17] () [File not signed]
    R2 wsock32; C:\Users\kamilooo\AppData\Local\InstallDriverTable\c_20105.exe [38400 2015-08-15] () [File not signed]
    S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
    S0 bteaey; no ImagePath
    S3 catchme; no ImagePath
    S3 cpuz126; no ImagePath
    S3 EagleNT; no ImagePath
    S3 EagleXNt; no ImagePath
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S3 NvStreamKms; no ImagePath
    S4 nvvad_WaveExtensible; no ImagePath
    S3 Synth3dVsc; no ImagePath
    S3 tsusbhub; no ImagePath
    S3 VGPU; no ImagePath
    S3 WinRing0_1_2_0; no ImagePath
    2015-08-17 15:14 - 2015-08-17 15:14 - 00000315 _____ C:\AdwCleaner[S2].txt
    2015-08-17 15:09 - 2015-08-17 15:09 - 00000000 ____D C:\AdwCleaner
    2015-08-17 14:37 - 2015-08-17 14:42 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\istartsurf
    2015-08-17 14:36 - 2015-08-17 14:36 - 00000000 ____D C:\Users\kamilooo\AppData\Local\287E91C0-C5F0-4095-A5F7-B4812571947A
    2015-08-16 19:11 - 2015-08-17 14:03 - 00002440 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user.job
    2015-08-16 19:11 - 2015-08-17 14:03 - 00002440 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.job
    2015-08-16 19:10 - 2015-08-17 15:13 - 00002106 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user.job
    2015-08-16 19:10 - 2015-08-17 15:10 - 00003132 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.job
    2015-08-16 19:10 - 2015-08-17 14:03 - 00004488 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.job
    2015-08-16 19:10 - 2015-08-17 14:03 - 00003132 _____ C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.job
    2015-08-16 19:09 - 2015-08-16 19:11 - 00000000 ____D C:\Program Files\CinemaPlus-3.2cV16.08
    2015-08-16 15:53 - 2015-08-16 18:58 - 00000000 ____D C:\Program Files\gmsd_pl_005010061
    2015-08-16 15:50 - 2015-08-17 14:43 - 00000000 ____D C:\Users\kamilooo\AppData\Local\SmartWeb
    2015-08-15 23:26 - 2015-08-16 10:07 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\ppslog
    2015-08-15 15:45 - 2015-08-17 15:10 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
    2015-08-15 15:14 - 2015-08-16 11:00 - 00000000 ____D C:\qycache
    2015-08-15 15:14 - 2015-08-15 15:16 - 00000000 ____D C:\Users\kamilooo\AppData\Local\SysassistByHotWheel
    2015-08-15 15:05 - 2015-08-15 23:27 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\IQIYI Video
    2015-08-15 15:05 - 2015-08-15 15:05 - 00000000 ____D C:\Users\Public\QiYi
    2015-08-15 15:01 - 2015-08-15 15:01 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\kamilooo\Downloads\SpyHunter-Installer.exe
    2015-08-15 14:47 - 2015-08-15 14:48 - 00000000 ____D C:\ProgramData\95a68b260000444e
    2015-08-15 14:46 - 2015-08-17 14:46 - 00003132 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7.job
    2015-08-15 14:46 - 2015-08-17 14:46 - 00003132 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6.job
    2015-08-15 14:46 - 2015-08-17 14:46 - 00002440 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user.job
    2015-08-15 14:46 - 2015-08-17 14:46 - 00002440 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5.job
    2015-08-15 14:45 - 2015-08-17 15:13 - 00002106 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user.job
    2015-08-15 14:45 - 2015-08-17 14:45 - 00004488 _____ C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4.job
    2015-08-15 14:45 - 2015-08-15 14:46 - 00000000 ____D C:\Program Files\CinemaPlus-3.2cV15.08
    2015-08-15 14:36 - 2015-08-15 14:36 - 00000000 _____ C:\Windows\prleth.sys
    2015-08-15 14:36 - 2015-08-15 14:36 - 00000000 _____ C:\Windows\hgfs.sys
    2015-08-15 14:35 - 2015-08-15 14:35 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\mystartsearch
    2015-08-15 14:09 - 2015-08-15 14:09 - 00000000 ____D C:\Program Files\predm
    2015-08-15 14:08 - 2015-08-15 14:15 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\systweak
    2015-08-15 14:08 - 2015-07-02 14:14 - 00018200 _____ () C:\Windows\system32\roboot.exe
    2015-08-15 14:07 - 2015-08-15 14:08 - 00000000 ____D C:\Program Files\00000000-1439640479-0000-0000-001A4D33746E
    2015-08-15 14:02 - 2015-08-15 14:13 - 00000000 ____D C:\Users\kamilooo\AppData\Local\00000000-1439647351-0000-0000-001A4D33746E
    2015-08-15 13:59 - 2015-08-17 00:53 - 00000000 ____D C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E
    2015-08-15 13:57 - 2015-08-15 13:58 - 00000000 ____D C:\Program Files\fchk32
    2015-08-15 13:57 - 2015-08-15 13:57 - 00000000 ____D C:\Users\kamilooo\AppData\Local\InstallDriverTable
    2015-08-15 13:53 - 2015-08-15 14:36 - 00000000 ____D C:\Program Files\bestadblocker
    2015-08-15 13:40 - 2015-08-15 13:40 - 00000000 ____D C:\Program Files\WajInterEnhancer
    2015-08-15 13:40 - 2015-08-15 13:40 - 00000000 ____D C:\Program Files\Wajam
    2015-08-15 13:38 - 2015-08-15 14:47 - 00000000 ____D C:\ProgramData\12766753828128071177
    2015-08-15 13:36 - 2015-08-16 19:53 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\Narcissistic Hope
    2015-08-15 13:36 - 2015-08-16 19:36 - 00000340 _____ C:\Windows\Tasks\iPrioritize.job
    2015-08-15 13:36 - 2015-08-15 13:36 - 00000000 ____D C:\ProgramData\{3ecd909c-4225-4e3c-3ecd-d909c4224271}
    C:\Users\kamilooo\AppData\Local\Temp*.html
    EmptyTemp:
    *****************

    C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\hnsc7FBB.tmp
    [1756] C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\hnsc7FBB.tmp => process closed successfully.
    C:\Program Files\fchk32\fchk32.exe
    C:\Program Files\fchk32\fchk32.exe => No running process found
    C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe
    C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe => No running process found
    C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\knse7DB7.tmp
    C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\knse7DB7.tmp => No running process found
    C:\Users\kamilooo\AppData\Local\InstallDriverTable\c_20105.exe
    [2572] C:\Users\kamilooo\AppData\Local\InstallDriverTable\c_20105.exe => process closed successfully.
    C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe
    C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe => No running process found
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08679BAB-3603-40A9-B902-2DD0FF77B2E7} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7 => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1533A41A-888C-4EFA-88AE-D05C6738A24E}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1533A41A-888C-4EFA-88AE-D05C6738A24E}" => key removed successfully.
    C:\Windows\System32\Tasks\Bufor wydruku 1.66.15 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bufor wydruku 1.66.15" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20AD9EF2-6C46-47CA-9294-272B1151EF88}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20AD9EF2-6C46-47CA-9294-272B1151EF88}" => key removed successfully.
    C:\Windows\System32\Tasks\Internet Explorer ETW Collector Service32 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Internet Explorer ETW Collector Service32" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2174A209-1996-49D8-ADC1-B2EF932BF515}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2174A209-1996-49D8-ADC1-B2EF932BF515}" => key removed successfully.
    C:\Windows\System32\Tasks\Menedżer poświadczeń 1.88.15 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Menedżer poświadczeń 1.88.15" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27EBA502-0551-4EA3-928A-E626FA6E8E48}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27EBA502-0551-4EA3-928A-E626FA6E8E48}" => key removed successfully.
    C:\Windows\System32\Tasks\Zarządzanie aplikacjami 1.45.17 => moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Zarządzanie aplikacjami 1.45.17 => key could not remove. ErrorCode: 0xC0000033
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40BF6EF2-77C6-4E74-8254-BCAFF545E404} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45B89B20-FB77-49FB-920A-CB0972A84B31} => key not found.
    C:\Windows\System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d80a784-d28c-43ef-a864-532b063d8799-1-6 => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56800B45-BEDB-4ADD-BF57-58CD2298A0CF}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56800B45-BEDB-4ADD-BF57-58CD2298A0CF}" => key removed successfully.
    C:\Windows\System32\Tasks\Usługa inicjatora iSCSI firmy Microsoft 1.26.17 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Usługa inicjatora iSCSI firmy Microsoft 1.26.17" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{590C2980-1EEB-441C-B14E-9CAD73A273E4}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{590C2980-1EEB-441C-B14E-9CAD73A273E4}" => key removed successfully.
    C:\Windows\System32\Tasks\Bufor wydruku 1.56.16 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bufor wydruku 1.56.16" => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{590C2EFF-C5AC-41F8-AA0D-7EABC249CB9F} => key not found.
    C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B43955A-6656-45B8-8310-38E452EE1488} => key not found.
    C:\Windows\System32\Tasks\0215avUpdateInfo not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0215avUpdateInfo => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BAA8351-03A2-4D9F-9635-933280A519CA} => key not found.
    C:\Windows\System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d80a784-d28c-43ef-a864-532b063d8799-4 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FC54E71-A831-4207-99BC-4F4D7B30880C} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61213E0E-6057-4090-986F-2BA082966C89} => key not found.
    C:\Windows\System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d80a784-d28c-43ef-a864-532b063d8799-5 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70DBF96B-86FD-4773-97C0-E331A5DB24FA} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7471388D-CB17-47B0-A82C-525DC771247B}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7471388D-CB17-47B0-A82C-525DC771247B}" => key removed successfully.
    C:\Windows\System32\Tasks\287E91C0-C5F0-4095-A5F7-B4812571947A => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\287E91C0-C5F0-4095-A5F7-B4812571947A" => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D3D4348-6351-4E05-9085-C5CBEA3FF150} => key not found.
    C:\Windows\System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d80a784-d28c-43ef-a864-532b063d8799-5_user => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A647847B-96A7-46D5-9D8D-9D4026751B45} => key not found.
    C:\Windows\System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d80a784-d28c-43ef-a864-532b063d8799-1-7 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA8A35C2-1759-4943-95B0-A916D99AC0D9} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6 => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C34A50A4-266E-4347-9F19-78101D1DB13A}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C34A50A4-266E-4347-9F19-78101D1DB13A}" => key removed successfully.
    C:\Windows\System32\Tasks\iPrioritize => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iPrioritize" => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB13074E-8C64-416E-94FA-FA227064BD18} => key not found.
    C:\Windows\System32\Tasks\1214avUpdateInfo not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1214avUpdateInfo => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4D5EDA2-E5D7-43FB-BE7F-BF4E635E99F5}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4D5EDA2-E5D7-43FB-BE7F-BF4E635E99F5}" => key removed successfully.
    C:\Windows\System32\Tasks\Usługa powiadomień SPP 1.48.17 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Usługa powiadomień SPP 1.48.17" => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F90DFB57-6340-45FC-B466-573158975510} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4 => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFDBDC03-8C77-47E1-A0F8-FA074D1C1648}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFDBDC03-8C77-47E1-A0F8-FA074D1C1648}" => key removed successfully.
    C:\Windows\System32\Tasks\NodEnabler => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NodEnabler" => key removed successfully.
    C:\Windows\Tasks\0215avUpdateInfo.job not found.
    C:\Windows\Tasks\1214avUpdateInfo.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user.job not found.
    C:\Windows\Tasks\iPrioritize.job => moved successfully.
    C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\hnsc7FBB.tmp => moved successfully.
    "C:\Program Files\fchk32\fchk32.exe" => File/Folder not found.
    "C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E\knse7DB7.tmp" => File/Folder not found.
    C:\Users\kamilooo\AppData\Local\InstallDriverTable\c_20105.exe => moved successfully.
    C:\Users\kamilooo\AppData\Roaming => ":NT" ADS removed successfully..
    C:\Users\kamilooo\AppData\Roaming => ":NT2" ADS removed successfully..
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ospd_us_013010061 => value removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_pl_005010061 => value not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => key removed successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe" => key removed successfully.
    C:\Users\kamilooo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => moved successfully.
    C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe not found.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-48624932-3266488684-2313955220-1003\User => moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
    C:\Windows\system32\GroupPolicy\Machine => moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2CA0B775-F5B7-45C0-B8F1-28893D2F6F5C} => key not found.
    HKCR\CLSID\{2CA0B775-F5B7-45C0-B8F1-28893D2F6F5C} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully.
    HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully.
    HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C} => key not found.
    HKCR\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C} => key not found.
    Firefox "newtab" removed successfully.
    Firefox DefaultSearchEngine removed successfully.
    Firefox SelectedSearchEngine removed successfully.
    HKLM\Software\MozillaPlugins\@iqiyi.com/npclient => key not found.
    HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer => key not found.
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\MozillaPlugins\@iqiyi.com/npWebPlayer => key not found.
    C:\IQIYI Video\LStyle\npWebPlayer.dll not found.
    "HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\MozillaPlugins\BearSharePlugin" => key removed successfully.
    C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll not found.
    C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\searchplugins\istartsurf.xml => moved successfully.
    C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\defsearchp@gmail.com => moved successfully.
    C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\deskCutv2@gmail.com => moved successfully.
    HKLM\Software\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => value removed successfully.
    HKLM\Software\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => value removed successfully.
    C:\Users\kamilooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd folder not found.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\hahpjplbmicfkmoccokbjejahjjpnena" => key removed successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd" => key removed successfully.
    C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx => moved successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\pbigfkbippnoeffniighecdghnbnmced" => key removed successfully.
    comyninu => service removed successfully.
    fchk32 => service not found.
    piqipete => service not found.
    wsock32 => service removed successfully.
    wscsvc => service removed successfully.
    bteaey => service removed successfully.
    catchme => service removed successfully.
    cpuz126 => service removed successfully.
    EagleNT => service removed successfully.
    EagleXNt => service removed successfully.
    FairplayKD => service removed successfully.
    NvStreamKms => service removed successfully.
    nvvad_WaveExtensible => service removed successfully.
    Synth3dVsc => service removed successfully.
    tsusbhub => service removed successfully.
    VGPU => service removed successfully.
    WinRing0_1_2_0 => service removed successfully.
    C:\AdwCleaner[S2].txt => moved successfully.
    C:\AdwCleaner => moved successfully.
    "C:\Users\kamilooo\AppData\Roaming\istartsurf" => File/Folder not found.
    C:\Users\kamilooo\AppData\Local\287E91C0-C5F0-4095-A5F7-B4812571947A => moved successfully.
    "C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user.job" => File/Folder not found.
    "C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.job" => File/Folder not found.
    "C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user.job" => File/Folder not found.
    "C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.job" => File/Folder not found.
    "C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.job" => File/Folder not found.
    "C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.job" => File/Folder not found.
    "C:\Program Files\CinemaPlus-3.2cV16.08" => File/Folder not found.
    C:\Program Files\gmsd_pl_005010061 => moved successfully.
    C:\Users\kamilooo\AppData\Local\SmartWeb => moved successfully.
    C:\Users\kamilooo\AppData\Roaming\ppslog => moved successfully.
    C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
    C:\qycache => moved successfully.
    "C:\Users\kamilooo\AppData\Local\SysassistByHotWheel" => File/Folder not found.
    "C:\Users\kamilooo\AppData\Roaming\IQIYI Video" => File/Folder not found.
    C:\Users\Public\QiYi => moved successfully.
    C:\Users\kamilooo\Downloads\SpyHunter-Installer.exe => moved successfully.
    "C:\ProgramData\95a68b260000444e" => File/Folder not found.
    "C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7.job" => File/Folder not found.
    "C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6.job" => File/Folder not found.
    "C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user.job" => File/Folder not found.
    "C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5.job" => File/Folder not found.
    "C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user.job" => File/Folder not found.
    "C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4.job" => File/Folder not found.
    "C:\Program Files\CinemaPlus-3.2cV15.08" => File/Folder not found.
    C:\Windows\prleth.sys => moved successfully.
    C:\Windows\hgfs.sys => moved successfully.
    "C:\Users\kamilooo\AppData\Roaming\mystartsearch" => File/Folder not found.
    C:\Program Files\predm => moved successfully.
    "C:\Users\kamilooo\AppData\Roaming\systweak" => File/Folder not found.
    "C:\Windows\system32\roboot.exe" => File/Folder not found.
    C:\Program Files\00000000-1439640479-0000-0000-001A4D33746E => moved successfully.
    "C:\Users\kamilooo\AppData\Local\00000000-1439647351-0000-0000-001A4D33746E" => File/Folder not found.
    C:\Program Files\00000000-1439639964-0000-0000-001A4D33746E => moved successfully.
    "C:\Program Files\fchk32" => File/Folder not found.
    C:\Users\kamilooo\AppData\Local\InstallDriverTable => moved successfully.
    "C:\Program Files\bestadblocker" => File/Folder not found.
    C:\Program Files\WajInterEnhancer => moved successfully.
    "C:\Program Files\Wajam" => File/Folder not found.
    C:\ProgramData\12766753828128071177 => moved successfully.
    C:\Users\kamilooo\AppData\Roaming\Narcissistic Hope => moved successfully.
    "C:\Windows\Tasks\iPrioritize.job" => File/Folder not found.
    "C:\ProgramData\{3ecd909c-4225-4e3c-3ecd-d909c4224271}" => File/Folder not found.
    C:\Users\kamilooo\AppData\Local\Temp*.html => moved successfully.
    EmptyTemp: => 1.5 GB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 17:19:48 ====

    Nie wiem skąd usunąć 20Dollars2Surf 1.1 ,gdyż nie ma tego w programach i funkacjach (odinstalowywanie programów).
    Mbam tak jak pisałem wcześniej wykazuje brak odpowiedzi,gdy staram się instalować go.
    Acorus:
    odinstalowałem Akamai NetSession Interface ,z 20 dollars ta sama sytuacja, co napisałem u góry.Przeglądarki chrome nie posiadam,mam tylko mozille firefox i systemowy explorer.Malware u mnie nie działa (patrz pare linijek wyżej).Skopiowałem teraz to,co napisałeś i restart komputera.

    0
  • #7 17 Sie 2015 17:52
    Kolobos
    Spec od komputerów

    Po wykonaniu wszystkiego daj nowe logi z FRST, ze skanowania.

    0
  • #8 17 Sie 2015 17:54
    Acorus 20
    Spec od komputerów

    Po wykonaniu skryptu Malwarebytes powinien działać.

    0
  • #9 17 Sie 2015 18:07
    Astreuz
    Poziom 10  

    Malware właśnie skanuje komputer, mimo że instalacja stoi już na końcu, instalator włączony, a program działa. To są jakieś cyrki...

    Co do logów najnowsze logi z FRST>LOGS:

    Spoiler:
    Fix result of Farbar Recovery Scan Tool (x86) Version:16-08-2015
    Ran by kamilooo (2015-08-17 17:42:44) Run:2
    Running from C:\Users\kamilooo\Downloads
    Loaded Profiles: kamilooo (Available Profiles: kamilooo & Konto zastępcze & Guest & DefaultAppPool)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    Task: {08679BAB-3603-40A9-B902-2DD0FF77B2E7} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.exe <==== ATTENTION
    Task: {1EE0BB37-5262-4242-81DC-03B540B3E9E8} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {40BF6EF2-77C6-4E74-8254-BCAFF545E404} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {45B89B20-FB77-49FB-920A-CB0972A84B31} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-6.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {590C2EFF-C5AC-41F8-AA0D-7EABC249CB9F} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
    Task: {5B43955A-6656-45B8-8310-38E452EE1488} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
    Task: {5BAA8351-03A2-4D9F-9635-933280A519CA} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-4.exe <==== ATTENTION
    Task: {5FC54E71-A831-4207-99BC-4F4D7B30880C} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {61213E0E-6057-4090-986F-2BA082966C89} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {70DBF96B-86FD-4773-97C0-E331A5DB24FA} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {7471388D-CB17-47B0-A82C-525DC771247B} - System32\Tasks\287E91C0-C5F0-4095-A5F7-B4812571947A => C:\Users\kamilooo\AppData\Local\287E91C0-C5F0-4095-A5F7-B4812571947A\287E91C0-C5F0-4095-A5F7-B4812571947A.exe [2015-08-17] () <==== ATTENTION
    Task: {7D3D4348-6351-4E05-9085-C5CBEA3FF150} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
    Task: {A647847B-96A7-46D5-9D8D-9D4026751B45} - System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7 => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-7.exe <==== ATTENTION
    Task: {AA8A35C2-1759-4943-95B0-A916D99AC0D9} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
    Task: {C34A50A4-266E-4347-9F19-78101D1DB13A} - System32\Tasks\iPrioritize => c:\programdata\{3ecd909c-4225-4e3c-3ecd-d909c4224271}\sevensetup.exe [2015-08-15] () <==== ATTENTION
    Task: {DB13074E-8C64-416E-94FA-FA227064BD18} - System32\Tasks\1214avUpdateInfo => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
    Task: {F90DFB57-6340-45FC-B466-573158975510} - System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4 => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.exe <==== ATTENTION
    Task: {FFDBDC03-8C77-47E1-A0F8-FA074D1C1648} - System32\Tasks\NodEnabler => C:\ESET\NodEnabler\NodEnabler.exe <==== ATTENTION
    Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
    Task: C:\Windows\Tasks\1214avUpdateInfo.job => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-6.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-1-7.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-10.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-4.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user.job => C:\Program Files\CinemaPlus-3.2cV15.08\4d80a784-d28c-43ef-a864-532b063d8799-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user.job => C:\Program Files\CinemaPlus-3.2cV16.08\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.exe <==== ATTENTION
    Task: C:\Windows\Tasks\iPrioritize.job => c:\programdata\{3ecd909c-4225-4e3c-3ecd-d909c4224271}\sevensetup.exe <==== ATTENTION
    AlternateDataStreams: C:\ProgramData:NT2
    AlternateDataStreams: C:\Users\All Users:NT2
    AlternateDataStreams: C:\ProgramData\Application Data:NT2
    AlternateDataStreams: C:\Users\kamilooo\Application Data:NT
    AlternateDataStreams: C:\Users\kamilooo\Application Data:NT2
    AlternateDataStreams: C:\Users\kamilooo\AppData\Roaming:NT
    AlternateDataStreams: C:\Users\kamilooo\AppData\Roaming:NT2
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [ospd_us_013010061] => [X]
    HKLM\...\Run: [gmsd_pl_005010061] => [X]
    HKLM\...\Run: [SmartWeb] => C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe
    IFEO\avcenter.exe: [Debugger] euaie.exe
    IFEO\avguard.exe: [Debugger] euaie.exe
    IFEO\avp.exe: [Debugger] euaie.exe
    IFEO\bdagent.exe: [Debugger] euaie.exe
    IFEO\ccuac.exe: [Debugger] euaie.exe
    IFEO\ComboFix.exe: [Debugger] euaie.exe
    IFEO\egui.exe: [Debugger] euaie.exe
    IFEO\hijackthis.exe: [Debugger] euaie.exe
    IFEO\keyscrambler.exe: [Debugger] euaie.exe
    IFEO\mbam.exe: [Debugger] euaie.exe
    IFEO\MpCmdRun.exe: [Debugger] euaie.exe
    IFEO\MSASCui.exe: [Debugger] euaie.exe
    IFEO\MsMpEng.exe: [Debugger] euaie.exe
    IFEO\msseces.exe: [Debugger] euaie.exe
    IFEO\spybotsd.exe: [Debugger] euaie.exe
    IFEO\wireshark.exe: [Debugger] euaie.exe
    IFEO\zlclient.exe: [Debugger] euaie.exe
    Startup: C:\Users\kamilooo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-16]
    ShortcutTarget: SmartWeb.lnk -> C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    GroupPolicyUsers\S-1-5-21-48624932-3266488684-2313955220-1003\User: Restriction on Chrome detected <======= ATTENTION
    GroupPolicyScripts: Group Policy detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:49395;https=127.0.0.1:49395
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&t...hiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&t...hiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&t...hiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&t...hiXHDS721616PLA380_PVF904Z9RSR1ANRSR1ANX
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKLM -> {2CA0B775-F5B7-45C0-B8F1-28893D2F6F5C} URL = hxxp://feed.helperbar.com/?publisher=OPE...mp;searchtype=ds&babsrc=lnkry&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-48624932-3266488684-2313955220-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-48624932-3266488684-2313955220-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&a...21616PLA380_PVF904Z9RSR1ANRSR1ANX&q={searchTerms}
    BHO: No Name -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    FF DefaultSearchEngine: istartsurf
    FF SelectedSearchEngine: istartsurf
    FF Plugin HKU\S-1-5-21-48624932-3266488684-2313955220-1001: BearSharePlugin -> C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    FF SearchPlugin: C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\searchplugins\istartsurf.xml [2015-08-17]
    FF Extension: Default SearchProtected - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\defsearchp@gmail.com [2015-08-17]
    FF Extension: deskCut - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\deskCutv2@gmail.com [2015-08-17]
    FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\extensions\defsearchp@gmail.com
    FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\extensions\deskCutv2@gmail.com
    R2 fchk32; C:\Program Files\fchk32\fchk32.exe [379904 2015-08-15] () [File not signed] <==== ATTENTION
    S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
    S0 bteaey; no ImagePath
    S3 catchme; no ImagePath
    S3 cpuz126; no ImagePath
    S3 EagleNT; no ImagePath
    S3 EagleXNt; no ImagePath
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S3 NvStreamKms; no ImagePath
    S4 nvvad_WaveExtensible; no ImagePath
    S3 Synth3dVsc; no ImagePath
    S3 tsusbhub; no ImagePath
    S3 VGPU; no ImagePath
    S3 WinRing0_1_2_0; no ImagePath
    2015-08-17 15:09 - 2015-08-17 15:09 - 00000000 ____D C:\AdwCleaner
    2015-08-16 15:53 - 2015-08-16 18:58 - 00000000 ____D C:\Program Files\gmsd_pl_005010061
    2015-08-16 15:50 - 2015-08-17 14:43 - 00000000 ____D C:\Users\kamilooo\AppData\Local\SmartWeb
    2015-08-15 15:01 - 2015-08-15 15:01 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\kamilooo\Downloads\SpyHunter-Installer.exe
    2015-08-15 14:35 - 2015-08-15 14:35 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\mystartsearch
    2015-08-15 14:09 - 2015-08-15 14:09 - 00000000 ____D C:\Program Files\predm
    2015-08-15 14:08 - 2015-08-15 14:15 - 00000000 ____D C:\Users\kamilooo\AppData\Roaming\systweak
    2015-08-15 14:08 - 2015-07-02 14:14 - 00018200 _____ () C:\Windows\system32\roboot.exe
    C:\Users\kamilooo\AppData\Local\Temp*.html
    EmptyTemp:
    *****************

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08679BAB-3603-40A9-B902-2DD0FF77B2E7} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EE0BB37-5262-4242-81DC-03B540B3E9E8} => key not found.
    C:\Windows\System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d80a784-d28c-43ef-a864-532b063d8799-10_user => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40BF6EF2-77C6-4E74-8254-BCAFF545E404} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45B89B20-FB77-49FB-920A-CB0972A84B31} => key not found.
    C:\Windows\System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d80a784-d28c-43ef-a864-532b063d8799-1-6 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{590C2EFF-C5AC-41F8-AA0D-7EABC249CB9F} => key not found.
    C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B43955A-6656-45B8-8310-38E452EE1488} => key not found.
    C:\Windows\System32\Tasks\0215avUpdateInfo not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0215avUpdateInfo => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BAA8351-03A2-4D9F-9635-933280A519CA} => key not found.
    C:\Windows\System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d80a784-d28c-43ef-a864-532b063d8799-4 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FC54E71-A831-4207-99BC-4F4D7B30880C} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61213E0E-6057-4090-986F-2BA082966C89} => key not found.
    C:\Windows\System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d80a784-d28c-43ef-a864-532b063d8799-5 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70DBF96B-86FD-4773-97C0-E331A5DB24FA} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7471388D-CB17-47B0-A82C-525DC771247B} => key not found.
    C:\Windows\System32\Tasks\287E91C0-C5F0-4095-A5F7-B4812571947A not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\287E91C0-C5F0-4095-A5F7-B4812571947A => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D3D4348-6351-4E05-9085-C5CBEA3FF150} => key not found.
    C:\Windows\System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d80a784-d28c-43ef-a864-532b063d8799-5_user => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A647847B-96A7-46D5-9D8D-9D4026751B45} => key not found.
    C:\Windows\System32\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d80a784-d28c-43ef-a864-532b063d8799-1-7 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA8A35C2-1759-4943-95B0-A916D99AC0D9} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C34A50A4-266E-4347-9F19-78101D1DB13A} => key not found.
    C:\Windows\System32\Tasks\iPrioritize not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iPrioritize => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB13074E-8C64-416E-94FA-FA227064BD18} => key not found.
    C:\Windows\System32\Tasks\1214avUpdateInfo not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1214avUpdateInfo => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F90DFB57-6340-45FC-B466-573158975510} => key not found.
    C:\Windows\System32\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFDBDC03-8C77-47E1-A0F8-FA074D1C1648} => key not found.
    C:\Windows\System32\Tasks\NodEnabler not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NodEnabler => key not found.
    C:\Windows\Tasks\0215avUpdateInfo.job not found.
    C:\Windows\Tasks\1214avUpdateInfo.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-6.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-1-7.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-10_user.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-4.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5.job not found.
    C:\Windows\Tasks\4d80a784-d28c-43ef-a864-532b063d8799-5_user.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-6.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-1-7.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-10_user.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-4.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5.job not found.
    C:\Windows\Tasks\594b6ea0-8bee-41b2-b19c-fdcc8f686b6e-5_user.job not found.
    C:\Windows\Tasks\iPrioritize.job not found.
    C:\ProgramData => ":NT2" ADS removed successfully..
    "C:\Users\All Users" => ":NT2" ADS not found.
    "C:\ProgramData\Application Data" => ":NT2" ADS not found.
    "C:\Users\kamilooo\Application Data" => ":NT" ADS not found.
    "C:\Users\kamilooo\Application Data" => ":NT2" ADS not found.
    "C:\Users\kamilooo\AppData\Roaming" => ":NT" ADS not found.
    "C:\Users\kamilooo\AppData\Roaming" => ":NT2" ADS not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ospd_us_013010061 => value not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_pl_005010061 => value not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => key not found.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => key not found.
    C:\Users\kamilooo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk not found.
    C:\Users\kamilooo\AppData\Local\SmartWeb\SmartWebHelper.exe not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-48624932-3266488684-2313955220-1003\User" => File/Folder not found.
    "C:\Windows\system32\GroupPolicy\Machine" => File/Folder not found.
    HKLM\SOFTWARE\Policies\Google => key not found.
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2CA0B775-F5B7-45C0-B8F1-28893D2F6F5C} => key not found.
    HKCR\CLSID\{2CA0B775-F5B7-45C0-B8F1-28893D2F6F5C} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
    HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
    HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C} => key not found.
    HKCR\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C} => key not found.
    "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key removed successfully.
    "HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA}" => key removed successfully.
    "HKCR\CLSID\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
    "HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
    Firefox DefaultSearchEngine removed successfully.
    Firefox SelectedSearchEngine removed successfully.
    HKU\S-1-5-21-48624932-3266488684-2313955220-1001\Software\MozillaPlugins\BearSharePlugin => key not found.
    C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll not found.
    "C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\searchplugins\istartsurf.xml" => not found.
    C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\defsearchp@gmail.com => not found.
    C:\Users\kamilooo\AppData\Roaming\Mozilla\Firefox\Profiles\tvms1cxe.default-1439732323727\Extensions\deskCutv2@gmail.com => not found.
    HKLM\Software\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => value not found.
    HKLM\Software\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => value not found.
    fchk32 => service not found.
    wscsvc => service not found.
    bteaey => service not found.
    catchme => service not found.
    cpuz126 => service not found.
    EagleNT => service not found.
    EagleXNt => service not found.
    FairplayKD => service not found.
    NvStreamKms => service not found.
    nvvad_WaveExtensible => service not found.
    Synth3dVsc => service not found.
    tsusbhub => service not found.
    VGPU => service not found.
    WinRing0_1_2_0 => service not found.
    "C:\AdwCleaner" => File/Folder not found.
    "C:\Program Files\gmsd_pl_005010061" => File/Folder not found.
    "C:\Users\kamilooo\AppData\Local\SmartWeb" => File/Folder not found.
    "C:\Users\kamilooo\Downloads\SpyHunter-Installer.exe" => File/Folder not found.
    "C:\Users\kamilooo\AppData\Roaming\mystartsearch" => File/Folder not found.
    "C:\Program Files\predm" => File/Folder not found.
    "C:\Users\kamilooo\AppData\Roaming\systweak" => File/Folder not found.
    "C:\Windows\system32\roboot.exe" => File/Folder not found.
    "C:\Users\kamilooo\AppData\Local\Temp*.html" => File/Folder not found.
    EmptyTemp: => 5.7 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 17:43:19 ====


    FRST i Addition nie mieści się cały w znakach, więc nie wyślę ponownie niestety.
    Co do comodo, to dlaczego mam go odinstalować? Jest on takim beznadziejnym antywirusem, że nic nie potrafi wyłapać czy jak? Widziałem że blokował trochę procesów, a oto i jego rezultaty na załącznikach. Co do tego mendżera zadań, to nadal tylko występuje ten proces 4o2w itd. próbując go wyłączyć, wyskakuje komunikat "odmowa dostępu".

    0
  • #10 17 Sie 2015 18:21
    Kolobos
    Spec od komputerów

    Masz dac nowe logi z FRST, ze skanowania w zalaczniku. Nie fixlog.txt z wykonania skryptu!

    Wczesniej jakos potrafiles dac logi w zalaczniku, a teraz juz nie?

    0
  • #11 17 Sie 2015 18:29
    Astreuz
    Poziom 10  

    Nie denerwuj się tak...Proszę oto logi, w spoilerze się nie zmieściło gdyż 6500 znaków.
    Malware wykryło już 53 obiekty, przedostatnia faza.

    0
  • #12 17 Sie 2015 18:44
    Kolobos
    Spec od komputerów

    Kto Ci kazal cos umieszczac w spoilerze? Od poczatku pisalem w ZALACZNIKU. Do tego wstawiaj spacje po przecinkach i kropkach.

    Dales STARY log, a masz dac NOWE logi ze skanowania, razem z addition.txt!

    0