Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus, nie można go usunąć

bestia098 04 Sie 2016 14:36 1074 5
  • #1 04 Sie 2016 14:36
    bestia098
    Poziom 2  

    Zacznę od początku: wczoraj chciałem ściągnąć Heroes 5 z neta okazało się że to wirus który przez internet ściąga inne wirusy i pop upy. Kiedy się zorientowałem odłączyłem neta i przez 2 godziny sprawdzałem w menadżerze zadań (miałem chyba z 150 procesów) które źródła procesów zostały zmienione 3.08.2016, szybko zakończałem procesy i usuwałem źródło.
    Problem w tym że pierwotny wirus zadomowił się w system32, nie mogę go usunąć ponieważ " the action can't be completed because the file is open in another program".
    Wirus nazywa sie " 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 " i " 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 " (nie wiem czy to pomoże). Wirus wyświetla reklamy (zbędne adresy). Wszystkie normalne sposoby nie dają efektu ponieważ radzą usunięcia z przeglądarki i zainstalowanych programów, gdzie tego nie ma. Próbowałem już w wierszu poleceń usunąć go ale wyskoczyło mi "the system connot find the path specified " sklonowałem laptop już Clean master , YAC , NPE i avast browser cleanup .

    Z góry dziękuję za odpowiedzi, szlag mnie trafia z tymi reklamami, proszę o szybką pomoc

    0 5
  • Pomocny post
    #2 04 Sie 2016 14:39
    Kolobos
    Spec od komputerów

    Zly dzial, brak wymaganych logow. YAC to szkodliwy program.

    Wirusy nigdzie nie chodza...

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zamiesc w zalaczniku logi z FRST (Frst.txt oraz Addition.txt):
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #3 04 Sie 2016 17:46
    bestia098
    Poziom 2  

    Addition cz 1

    Spoiler:
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-08-2016
    Ran by Natalia (2016-08-04 17:29:22)
    Running from C:\Users\Natalia\Downloads
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2015-01-20 04:51:41)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1464668405-4017746914-3805442167-500 - Administrator - Disabled)
    Guest (S-1-5-21-1464668405-4017746914-3805442167-501 - Limited - Disabled)
    Natalia (S-1-5-21-1464668405-4017746914-3805442167-1000 - Administrator - Enabled) => C:\Users\Natalia

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 22 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 9 ActiveX (HKLM\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
    Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
    Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.0.301.4 - ALPS ELECTRIC CO., LTD)
    Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
    Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros)
    Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
    CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.01 - TOSHIBA)
    Clean Master (HKLM\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
    Combined Community Codec Pack 2014-07-13 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)




    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    GearDrvs (Version: 1 - Symantec Corporation) Hidden
    GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
    Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    Heroes of Might and Magic V - Dzikie Hordy (HKLM\...\{0CF77150-B480-4F9F-8100-FF410AC86EE3}) (Version: 1.00.0000 - Ubisoft)
    Heroes of Might and Magic V - Edytor Map (HKLM\...\{93237F3E-5439-4344-92E9-52DAE1BDA457}) (Version: 2.01.2254 - Ubisoft, polish version by Shadow SSJ Warrior)
    Heroes of Might and Magic V - Kuźnia Przeznaczenia (HKLM\...\{76D49B56-C2E1-455A-848A-15ECC5E77D27}) (Version: 1.00.0000 - Ubisoft)
    Heroes of Might and Magic V (HKLM\...\{C0086B27-8E52-42D4-8393-236391EF18F6}) (Version: 1.00.0000 - Ubisoft)
    Heroes of Might and Magic V Demo (HKLM\...\{1898B8E5-43E2-4BCA-AD6A-B9FBE0C93F84}) (Version: 0.9 - Ubisoft)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    Internet Manager (HKLM\...\Internet Manager) (Version: 22.001.18.11.49 - Huawei Technologies Co.,Ltd)
    Java(TM) 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
    LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.43 - Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
    Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Memeo AutoBackup (HKLM\...\InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}) (Version: 3.00.3023 - Memeo Inc)
    Memeo AutoBackup (Version: 3.00.3023 - Memeo Inc) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}) (Version: 1.1.0324 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.27.00.264 - Huawei Technologies Co.,Ltd)
    Mobile Partner (HKLM\...\Mobile Partner) (Version: 23.009.05.00.69 - Huawei Technologies Co.,Ltd)
    Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Norton 360 (Version: 1.2.0.10 - Symantec Corporation) Hidden
    Opera Stable 36.0.2130.65 (HKLM\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
    PITax.pl Łatwe podatki (HKLM\...\{50f1ba7c-e7e8-4af6-a995-b9350e0c46a2}) (Version: 6.1.2.2 - PITax.pl)
    PITax.pl Łatwe podatki (HKLM\...\{6e3b9347-d53e-43e7-95a7-44c2f3a91eb3}) (Version: 6.1.2.2 - PITax.pl)
    PITax.pl Łatwe podatki (Version: 6.1.2.2 - PITax.pl) Hidden
    PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
    Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
    Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
    TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
    TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
    TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1a - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA)
    TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA)
    Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
    TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
    TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
    TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
    TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA)
    TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Utility Common Driver (Version: 0.0.50.7C - TOSHIBA) Hidden
    Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
    WinRAR 5.31 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
    YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version: 6.7.141 - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {33490407-DB0D-4275-861D-95F89787702A} - System32\Tasks\Opera scheduled Autoupdate 1422819641 => C:\Program Files\Opera\launcher.exe [2016-04-11] (Opera Software)
    Task: {38CB1A8D-D814-4F4A-BF16-36670BF3392A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-13] (Adobe Systems Incorporated)
    Task: {8C51418C-1F2E-488B-AEDA-7E2D2CCD5F30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {8E073AF6-8E71-46D8-B240-1F7C6E8934A3} - System32\Tasks\Driver Booster SkipUAC (Natalia) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
    Task: {9755B816-70B4-4D1D-A0E1-A61F5E7250E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
    Task: {CC06E2ED-E405-4023-8A85-3C791685D629} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
    Task: {EC4F9314-4D27-4D03-85FF-A9C486A10C41} - \Microsoft\Windows Defender\MP Scheduled Scan -> No File <==== ATTENTION
    Task: {EE0E836F-F691-4C97-95F6-BB55C87493E1} - System32\Tasks\ASC8_SkipUac_Natalia => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-04-09] (IObit)
    Task: {F92B123C-496A-4B7B-A5AF-2C4F221F3555} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-08-03 12:29 - 2015-07-27 14:14 - 00277608 ____N () C:\Program Files\Elex-tech\YAC\iSafeSrvMon.dll
    2015-03-16 09:16 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
    2016-08-03 12:29 - 2015-05-25 12:32 - 00068432 ____N () C:\Program Files\Elex-tech\YAC\zlib1.dll
    2016-08-03 12:29 - 2015-08-06 05:51 - 00582144 ____N () C:\Program Files\Elex-tech\YAC\curlpp.dll
    2016-08-03 12:30 - 2015-08-21 04:02 - 00176976 ____N () C:\Program Files\Elex-tech\YAC\tws\unrar.dll
    2016-08-03 12:30 - 2015-08-21 04:02 - 00087744 ____N () C:\Program Files\Elex-tech\YAC\tws\unacev2.dll
    2015-03-16 09:16 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
    2015-03-16 09:16 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
    2015-03-16 09:16 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
    2007-09-14 01:11 - 2007-09-14 01:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
    2011-03-14 17:27 - 2011-03-14 17:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
    2015-01-20 21:13 - 2011-06-17 13:04 - 00224096 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
    2015-01-20 21:13 - 2009-01-10 12:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
    2015-01-20 21:13 - 2009-06-22 20:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
    2015-01-20 21:13 - 2010-05-05 10:47 - 02415104 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
    2015-01-20 21:13 - 2010-02-10 16:10 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
    2016-02-27 00:58 - 2015-09-23 04:24 - 00242264 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
    2015-03-10 08:52 - 2012-09-22 04:32 - 00655744 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
    2015-03-10 08:52 - 2009-01-10 12:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
    2015-03-10 08:52 - 2009-06-22 20:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
    2015-03-10 08:52 - 2010-07-23 06:58 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
    2015-03-10 08:52 - 2010-02-10 16:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
    2015-03-10 08:52 - 2012-09-22 04:32 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
    2015-03-10 08:52 - 2010-02-10 16:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
    2008-02-19 04:56 - 2007-01-26 04:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe
    2008-02-19 04:56 - 2007-10-24 02:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
    2007-12-15 07:28 - 2007-12-15 07:28 - 04726784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
    2007-12-15 07:40 - 2007-12-15 07:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
    2008-02-19 04:45 - 2006-10-10 21:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    2007-12-25 22:03 - 2007-12-25 22:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
    2006-10-07 21:57 - 2006-10-07 21:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    2006-11-07 03:14 - 2006-11-07 03:14 - 00034352 _____ () C:\Program Files\Toshiba\Utilities\KeNotify.exe
    2015-02-14 00:42 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
    2015-02-14 00:42 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\100sexlinks.com -> 100sexlinks.com

    There are 4790 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 12:23 - 2016-08-03 00:06 - 00000943 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 down.baidu2016.com
    127.0.0.1 123.sogou.com
    127.0.0.1 www.czzsyzgm.com
    127.0.0.1 www.czzsyzxl.com
    127.0.0.1 union.baidu2019.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.8.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [{FAA7FF4B-D163-422B-9F42-C6CF9FE134B8}] => (Allow) LPort=80
    FirewallRules: [{B1898CEB-5E95-4B58-942C-317D093ACA39}] => (Allow) LPort=80
    FirewallRules: [{8E8A41E3-87E2-46D9-B4B9-CA44CF117B58}] => (Allow) LPort=80
    FirewallRules: [{20427642-D72A-47F9-8A2C-5E8F55527888}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{73A46848-BE24-4D5C-BE89-1D7B521502DF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{A0266A9C-E0E0-4A33-BC69-3811BF1D28D1}C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe] => (Block) C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe
    FirewallRules: [UDP Query User{2B5FC4D8-382D-4CFA-8049-4761B8B8FF18}C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe] => (Block) C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe
    FirewallRules: [TCP Query User{9627DD89-3467-4623-9752-746C6E656520}C:\program files\ubisoft\heroes of might and magic v\bina1\h5_game.exe] => (Block) C:\program files\ubisoft\heroes of might and magic v\bina1\h5_game.exe
    FirewallRules: [UDP Query User{04983EDC-EF98-41E8-8E3D-356BE7FC65E6}C:\program files\ubisoft\heroes of might and magic v\bina1\h5_game.exe] => (Block) C:\program files\ubisoft\heroes of might and magic v\bina1\h5_game.exe
    FirewallRules: [{C09644A9-7A39-4432-908F-BB68DA8F3377}] => (Allow) C:\Users\Natalia\Desktop\New Folder\New Folder\firefox.exe
    FirewallRules: [{5F3D5C9C-2B3C-4F1A-9F86-7571444E4941}] => (Allow) C:\Users\Natalia\Desktop\New Folder\New Folder\firefox.exe
    StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
    StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

    ============================

    0
  • Pomocny post
    #4 04 Sie 2016 17:48
    Kolobos
    Spec od komputerów

    Nigdzie nie pisalem, ze po uzyciu adwc problem ustapi. Uzyles tylko dlatego, zebym mial mniej sprawdzania.

    Miales zamiescic frst.txt ORAZ addition.txt w ZALACZNIKU, a nie wklejac w tresci jeden log.

    0
  • #5 04 Sie 2016 17:59
    bestia098
    Poziom 2  

    addition cz2

    Spoiler:
    ==================== Restore Points =========================

    03-08-2016 19:47:51 Norton_Power_Eraser_20160803194751178

    ==================== Faulty Device Manager Devices =============

    Name: isatap.{74BA8329-ACF9-4B6D-9946-0A4D9E30DF0D}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{E2838ADF-287B-4F59-96A2-4D5E26779663}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{F5F5AE92-1E9D-438B-85EB-1D819FD041D1}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{E2838ADF-287B-4F59-96A2-4D5E26779663}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{F5F5AE92-1E9D-438B-85EB-1D819FD041D1}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{F5F5AE92-1E9D-438B-85EB-1D819FD041D1}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/04/2016 04:35:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/04/2016 04:21:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\NATALIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/04/2016 04:21:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\NATALIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/04/2016 04:20:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\NATALIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/04/2016 04:20:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\NATALIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/04/2016 04:19:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
    Description: http://ctldl.windowsupdate.com/msdownload/upd...B632455F9CBEEC575F80DCE96E2CC7B278B7.crt12017 (0x2ef1)

    Error: (08/04/2016 04:16:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
    Description: http://ctldl.windowsupdate.com/msdownload/upd...B632455F9CBEEC575F80DCE96E2CC7B278B7.crt12017 (0x2ef1)

    Error: (08/04/2016 12:55:28 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application H5_Game.exe, version 1.60.0.51, time stamp 0x4706f9e4, faulting module H5_Game.exe, version 1.60.0.51, time stamp 0x4706f9e4, exception code 0xc0000005, fault offset 0x00443036,
    process id 0x1420, application start time 0xH5_Game.exe0.

    Error: (08/03/2016 08:10:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/03/2016 08:06:09 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
    Description: The handle is invalid


    System errors:
    =============
    Error: (08/04/2016 04:36:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: iSafeNetFilter

    Error: (08/04/2016 04:36:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: YAC NDIS Driver%%2 = The system cannot find the file specified.

    Error: (08/04/2016 04:36:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Uvovre%%2 = The system cannot find the file specified.

    Error: (08/04/2016 04:36:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Mobile Partner. OUC%%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (08/04/2016 04:36:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000Mobile Partner. OUC

    Error: (08/04/2016 04:36:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Internet Manager. OUC%%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (08/04/2016 04:36:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000Internet Manager. OUC

    Error: (08/04/2016 04:36:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Parallel port driver%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (08/04/2016 04:18:13 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
    Description: The device Root\LEGACY_SMR501\0000 disappeared from the system without first being prepared for removal.

    Error: (08/04/2016 04:18:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Windows Media Player Network Sharing Service1300001Restart the service


    CodeIntegrity:
    ===================================
    Date: 2016-08-04 17:28:48.494
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\sysdiag.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-04 17:28:46.918
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\sysdiag.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-04 17:28:45.436
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\sysdiag.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-04 17:28:43.923
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\sysdiag.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-04 17:28:39.695
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-04 17:28:38.073
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-04 17:28:36.341
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-04 17:28:34.641
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-04 17:28:32.457
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-04 17:28:31.240
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
    Percentage of memory in use: 69%
    Total physical RAM: 2037.69 MB
    Available physical RAM: 611.69 MB
    Total Virtual: 4318.65 MB
    Available Virtual: 2141.21 MB

    ==================== Drives ================================

    Drive c: (SQ004680V03) (Fixed) (Total:50 GB) (Free:7.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 5690CF23)
    Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Active) - (Size=50 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt


    Dodano po 10 [minuty]:

    cos mi tu szwankuje , nie widze tekstu musze go potswietlac

    0
  • #6 04 Sie 2016 18:15
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Advanced SystemCare 8
    Google Toolbar for Internet Explorer
    Java(TM) 6 Update 3
    Surfing Protection
    YAC(Yet Another Cleaner!)

    Zainstaluj http://ninite.com/java/

    W menadzerze urzadzen usun wszystkie: Microsoft ISATAP Adapter

    Uruchom system w trybie awaryjnym i tam wykonaj podany Fixlist.txt.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {33490407-DB0D-4275-861D-95F89787702A} - System32\Tasks\Opera scheduled Autoupdate 1422819641 => C:\Program Files\Opera\launcher.exe [2016-04-11] (Opera Software)
    Task: {8E073AF6-8E71-46D8-B240-1F7C6E8934A3} - System32\Tasks\Driver Booster SkipUAC (Natalia) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
    Task: {CC06E2ED-E405-4023-8A85-3C791685D629} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
    Task: {EC4F9314-4D27-4D03-85FF-A9C486A10C41} - \Microsoft\Windows Defender\MP Scheduled Scan -> No File <==== ATTENTION
    Task: {EE0E836F-F691-4C97-95F6-BB55C87493E1} - System32\Tasks\ASC8_SkipUac_Natalia => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-04-09] (IObit)
    2016-08-03 12:29 - 2015-07-27 14:14 - 00277608 ____N () C:\Program Files\Elex-tech\YAC\iSafeSrvMon.dll
    2016-08-03 12:29 - 2015-05-25 12:32 - 00068432 ____N () C:\Program Files\Elex-tech\YAC\zlib1.dll
    2016-08-03 12:29 - 2015-08-06 05:51 - 00582144 ____N () C:\Program Files\Elex-tech\YAC\curlpp.dll
    2016-08-03 12:30 - 2015-08-21 04:02 - 00176976 ____N () C:\Program Files\Elex-tech\YAC\tws\unrar.dll
    2016-08-03 12:30 - 2015-08-21 04:02 - 00087744 ____N () C:\Program Files\Elex-tech\YAC\tws\unacev2.dll
    Hosts:
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
    HKLM\...\Run: [cmsc] => c:\program files\cmcm\Clean Master\cmtray.exe [771912 2016-06-21] (Kingsoft Corporation)
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {067804d6-ca7e-11e4-a45d-d840cac23dd4} - E:\AutoRun.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {0f01d914-5f02-11e5-b34e-a66a571e9670} - D:\AutoRun.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {19daa2ff-44ee-11e5-ad43-9b6dcca819e4} - D:\AutoRun.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {2913089a-c5c4-11e4-b2f6-86e9c561b351} - E:\AutoRun.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {4bf0bd21-462e-11e5-ae37-947de7db3afb} - F:\AutoRun.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {6a93f5d1-898c-11e5-b3fe-bbd4571c9149} - F:\AutoRun.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {7432e3c5-4d01-11e6-92a4-0c5b8f279a64} - F:\LG_PC_Programs.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {844b3cd1-a0ea-11e4-b32f-9a066336ab05} - E:\AutoRun.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {c1f29a3f-a0d7-11e4-8f51-93751bfac3d0} - E:\AutoRun.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {c1f29a68-a0d7-11e4-8f51-fccb64c3b6df} - E:\AutoRun.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {c20aa0b4-ae0f-11e4-bc51-c1b0f2c3ca8e} - E:\AutoRun.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {c8a4abb9-bb7e-11e5-ac29-f610a4749231} - D:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-1464668405-4017746914-3805442167-1000\...\MountPoints2: {de33c182-ef6e-11e4-a2cc-ce16d0637f9a} - D:\AutoRun.exe
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\6kb7ltmg.default\extensions\iobitascsurfingprotection@iobit.com [2015-04-16] [not signed]
    R2 cmcore; c:\program files\cmcm\Clean Master\cmcore.exe [315208 2016-06-21] (Kingsoft Corporation)
    R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-04-16] (Elex do Brasil Participações Ltda) [File not signed]
    S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
    S3 HipsDaemon; "C:\Program Files\Huorong\Sysdiag\bin\HipsDaemon.exe" -sHipsDaemon [X]
    S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
    S2 Uvovre; "C:\Users\Natalia\AppData\Roaming\Siiffoadg\Siiffoadg.exe" -cms [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-08-03] ()
    R0 hrfwdrv; C:\Windows\System32\DRIVERS\hrfwdrv.sys [29632 2016-07-21] (Huorong Borui (Beijing) Technology Co., Ltd.)
    R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [225896 2015-05-14] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2015-08-20] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [52712 2015-08-20] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2015-11-27] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [67288 2015-09-10] (Elex do Brasil Participações Ltda)
    R3 ksapi; C:\Windows\system32\drivers\ksapi.sys [81768 2016-06-21] (Kingsoft Corporation)
    R1 sysdiag; C:\Windows\System32\DRIVERS\sysdiag.sys [332736 2016-07-21] (Huorong Borui (Beijing) Technology Co., Ltd.)
    S3 cpuz137; \??\C:\Users\Natalia\AppData\Local\Temp\cpuz137\cpuz137_x32.sys [X]
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
    S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
    2016-08-04 16:05 - 2016-08-04 16:40 - 00000000 ____D C:\AdwCleaner
    2016-08-04 12:02 - 2016-08-04 12:06 - 00001061 _____ C:\Users\Natalia\Desktop\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0.lnk
    2016-08-03 12:55 - 2016-06-29 08:55 - 55135848 _____ C:\Users\Natalia\AppData\Roaming\qqpcmgr_v11.7.17772.224_73233_Silence.exe
    2016-08-03 12:32 - 2016-08-03 12:32 - 00000000 ____D C:\Program Files\Huorong
    2016-08-03 12:28 - 2016-08-03 12:28 - 00000000 ____D C:\Program Files\Elex-tech
    2016-08-03 12:09 - 2016-02-18 10:10 - 05267952 _____ () C:\Users\Natalia\AppData\Roaming\ziptool_wc-9015_setup.exe
    2016-08-03 11:47 - 2016-08-03 11:47 - 00000000 ____D C:\Windows\system32\hed
    2016-08-03 11:26 - 2016-08-03 11:26 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-08-03 10:53 - 2016-08-04 17:26 - 00000000 ____D C:\Users\Natalia\AppData\Roaming\Siiffoadg
    2016-07-21 12:21 - 2016-07-21 12:21 - 00332736 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\sysdiag.sys
    2016-07-21 12:21 - 2016-07-21 12:21 - 00236672 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\dtrampo.dll
    2016-07-21 12:21 - 2016-07-21 12:21 - 00041920 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\hrwfpdrv.sys
    2016-07-21 12:21 - 2016-07-21 12:21 - 00029632 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\hrfwdrv.sys
    2016-08-03 12:55 - 2016-06-29 08:55 - 55135848 _____ () C:\Users\Natalia\AppData\Roaming\qqpcmgr_v11.7.17772.224_73233_Silence.exe
    2016-08-03 12:09 - 2016-02-18 10:10 - 5267952 _____ () C:\Users\Natalia\AppData\Roaming\ziptool_wc-9015_setup.exe
    C:\ProgramData\SMRResults501.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    0