Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNS UNLOCKER - jak usunac

juventino87 21 Lis 2016 18:21 408 7
  • #1 21 Lis 2016 18:21
    juventino87
    Poziom 2  

    Witajcie. Proszę o pomoc w usunięciu DNS Unblocker.

    FRST wklej.org/id/2963793/
    Addition .../2963791

    0 7
  • CControls
  • #2 21 Lis 2016 18:23
    Acorus 20
    Spec od komputerów

    Wklej porządnie Addition.txt

    0
  • #3 21 Lis 2016 19:00
    krzychupar
    Poziom 40  

    Obydwa logi daj jako załączniki a nie przez jakieś badziewie wlej, przez które później trzeba kombinować.

    0
  • CControls
  • Pomocny post
    #5 21 Lis 2016 19:36
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    Task: {0248530A-7CF2-459B-8C20-5F5F2A913982} - System32\Tasks\Superclean => c:\programdata\{a37de41a-d643-fca0-a37d-de41ad64906b}\hqghumeaylnlf.exe <==== UWAGA
    Task: {06576080-9675-4F16-9402-A4FA0A85E791} - System32\Tasks\psv_Zoofresh => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Zumron.reg" &amp; del "C:\ProgramData\BluetoothPoint\Zumron.reg" &amp; SCHTASKS /Delete /TN "psv_Zoofresh" /F <==== UWAGA
    Task: {07B5391A-CFD9-4DEB-9F33-1D956BFAE89C} - System32\Tasks\psv_Faxex => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Donex.reg" &amp; del "C:\ProgramData\BluetoothPoint\Donex.reg" &amp; SCHTASKS /Delete /TN "psv_Faxex" /F <==== UWAGA
    Task: {0818116F-6EC1-4A89-B445-990B3C98AA74} - System32\Tasks\psv_Betatrax => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Triscore.reg" &amp; del "C:\ProgramData\BluetoothPoint\Triscore.reg" &amp; SCHTASKS /Delete /TN "psv_Betatrax" /F <==== UWAGA
    Task: {0CEEFC5A-506F-4245-8641-6AF9BA7DE2B1} - System32\Tasks\psv_UnoLam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Run-Dox.reg" &amp; del "C:\ProgramData\BluetoothPoint\Run-Dox.reg" &amp; SCHTASKS /Delete /TN "psv_UnoLam" /F <==== UWAGA
    Task: {0EF1503D-5730-4489-901B-BE15AA6DE156} - System32\Tasks\psv_Laotlab => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Konkhotphase.reg" &amp; del "C:\ProgramData\BluetoothPoint\Konkhotphase.reg" &amp; SCHTASKS /Delete /TN "psv_Laotlab" /F <==== UWAGA
    Task: {100A9DA2-A506-4782-9242-47AC09D3A459} - System32\Tasks\psv_Fin-Tech => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Son-La.reg" &amp; del "C:\ProgramData\BluetoothPoint\Son-La.reg" &amp; SCHTASKS /Delete /TN "psv_Fin-Tech" /F <==== UWAGA
    Task: {17BDB815-C344-4721-B13D-983A41542D77} - System32\Tasks\DNSLAKEWOOD => dnslakewood.exe <==== UWAGA
    Task: {1DA8E8CD-F2EA-4A2C-937E-A5F4641A6BC2} - System32\Tasks\psv_hk0vlz1e => /c regedit.exe /s "C:\ProgramData\Itstock\kqtctncz.rir.reg" &amp; del "C:\ProgramData\Itstock\kqtctncz.rir.reg" &amp; SCHTASKS /Delete /TN "psv_hk0vlz1e" /F <==== UWAGA
    Task: {1E0AADC8-1238-4D22-89EC-A49C1280945C} - System32\Tasks\psv_Fixlam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\ConZimtone.reg" &amp; del "C:\ProgramData\BluetoothPoint\ConZimtone.reg" &amp; SCHTASKS /Delete /TN "psv_Fixlam" /F <==== UWAGA
    Task: {203B46B1-4B29-43DF-A6D4-BF724E03B6AE} - System32\Tasks\psv_uc0045xc => /c regedit.exe /s "C:\ProgramData\Itstock\xcq5blmn.oud.reg" &amp; del "C:\ProgramData\Itstock\xcq5blmn.oud.reg" &amp; SCHTASKS /Delete /TN "psv_uc0045xc" /F <==== UWAGA
    Task: {221DC781-ACC0-4E51-896E-753DA71778A1} - System32\Tasks\psv_Stanair => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Tran-La.reg" &amp; del "C:\ProgramData\BluetoothPoint\Tran-La.reg" &amp; SCHTASKS /Delete /TN "psv_Stanair" /F <==== UWAGA




    Task: {2AE08D43-0B84-4348-81A2-4D1B855152EF} - System32\Tasks\psv_Vila-Lam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Tancore.reg" &amp; del "C:\ProgramData\BluetoothPoint\Tancore.reg" &amp; SCHTASKS /Delete /TN "psv_Vila-Lam" /F <==== UWAGA
    Task: {30AD9A0D-F3F6-48B5-BB96-52A654F47F72} - System32\Tasks\psv_nqnlgd1k => /c regedit.exe /s "C:\ProgramData\Itstock\fvybkef2.2zg.reg" &amp; del "C:\ProgramData\Itstock\fvybkef2.2zg.reg" &amp; SCHTASKS /Delete /TN "psv_nqnlgd1k" /F <==== UWAGA
    Task: {34238C27-4001-437D-B2B5-C7C094366E0A} - System32\Tasks\psv_Sunlamtam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\ConQuosing.reg" &amp; del "C:\ProgramData\BluetoothPoint\ConQuosing.reg" &amp; SCHTASKS /Delete /TN "psv_Sunlamtam" /F <==== UWAGA
    Task: {3AF95457-FA57-4DF7-8FB3-89FE300E74B8} - System32\Tasks\psv_ScotTom => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\RankTamfan.reg" &amp; del "C:\ProgramData\BluetoothPoint\RankTamfan.reg" &amp; SCHTASKS /Delete /TN "psv_ScotTom" /F <==== UWAGA
    Task: {3B70597A-9009-4BB2-B388-948F46796B04} - System32\Tasks\psv_Bamstring => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\GeoRemsoft.reg" &amp; del "C:\ProgramData\BluetoothPoint\GeoRemsoft.reg" &amp; SCHTASKS /Delete /TN "psv_Bamstring" /F <==== UWAGA
    Task: {3C3009F1-2030-43E0-8E20-5249797DFFD7} - System32\Tasks\NobeanUpdateTaskMachineUA => C:\Program Files (x86)\Nobean\Update\NobeanUpdate.exe <==== UWAGA
    Task: {4693379C-BCD0-4175-99D1-C30CBE668F0B} - System32\Tasks\{D16FCFE7-66C4-784C-8135-752AE1ACE4BF} => C:\ProgramData\{AD8C1939-1A27-AE92-3E27-D5A3C9B25932}\10205D34-A78B-EA9F-D1E3-FF8376D2F975.exe <==== UWAGA
    Task: {4894ADA4-33AF-481A-8767-EB113BC4E4C2} - System32\Tasks\psv_Inch-Is => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\X-bam.reg" &amp; del "C:\ProgramData\BluetoothPoint\X-bam.reg" &amp; SCHTASKS /Delete /TN "psv_Inch-Is" /F <==== UWAGA
    Task: {525A25F9-78B1-4085-8DA5-3C240F308745} - System32\Tasks\{7AEFAD1B-68D9-9059-9B2B-FA25B4A9BF7A} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\4cd52f3c\601d2144.dll" <==== UWAGA
    Task: {558D5145-879A-45CF-9F59-D2E247A5DA79} - System32\Tasks\psv_FreeZuncom => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Phystough.reg" &amp; del "C:\ProgramData\BluetoothPoint\Phystough.reg" &amp; SCHTASKS /Delete /TN "psv_FreeZuncom" /F <==== UWAGA
    Task: {60F674B7-B9C4-4016-9CC0-3A73F164074B} - System32\Tasks\psv_Silbam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Dantech.reg" &amp; del "C:\ProgramData\BluetoothPoint\Dantech.reg" &amp; SCHTASKS /Delete /TN "psv_Silbam" /F <==== UWAGA
    Task: {66227646-D48D-43B0-81FD-002687FE7896} - System32\Tasks\psv_BlueNimeco => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Iceplus.reg" &amp; del "C:\ProgramData\BluetoothPoint\Iceplus.reg" &amp; SCHTASKS /Delete /TN "psv_BlueNimeco" /F <==== UWAGA
    Task: {698627E4-DC40-4DD0-837A-3EF4A4E132B0} - System32\Tasks\NobeanUpdateTaskMachineCore => C:\Program Files (x86)\Nobean\Update\NobeanUpdate.exe <==== UWAGA
    Task: {6CD27FD3-E07A-4172-81B6-F424F62F995A} - System32\Tasks\psv_Faxtone => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Lamhome.reg" &amp; del "C:\ProgramData\BluetoothPoint\Lamhome.reg" &amp; SCHTASKS /Delete /TN "psv_Faxtone" /F <==== UWAGA
    Task: {6DE0B4B9-4980-45E0-9210-A9D1808B01AA} - System32\Tasks\psv_Plusrantouch => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Hotsilstring.reg" &amp; del "C:\ProgramData\BluetoothPoint\Hotsilstring.reg" &amp; SCHTASKS /Delete /TN "psv_Plusrantouch" /F <==== UWAGA
    Task: {6EE9A54F-3829-4DBE-A7E5-662437018CEA} - System32\Tasks\psv_LatHold => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Dondax.reg" &amp; del "C:\ProgramData\BluetoothPoint\Dondax.reg" &amp; SCHTASKS /Delete /TN "psv_LatHold" /F <==== UWAGA
    Task: {727DDCF7-745A-4E72-BF0C-03E16BEF9D51} - System32\Tasks\psv_S-lab => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Ranflex.reg" &amp; del "C:\ProgramData\BluetoothPoint\Ranflex.reg" &amp; SCHTASKS /Delete /TN "psv_S-lab" /F <==== UWAGA
    Task: {72B0FCB7-F897-4F04-B448-4765A50123E5} - System32\Tasks\psv_KonGocof => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Flexlex.reg" &amp; del "C:\ProgramData\BluetoothPoint\Flexlex.reg" &amp; SCHTASKS /Delete /TN "psv_KonGocof" /F <==== UWAGA
    Task: {76DF889D-579D-4F9E-9F79-A34E71C306DD} - System32\Tasks\psv_Cofdex => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Gooding.reg" &amp; del "C:\ProgramData\BluetoothPoint\Gooding.reg" &amp; SCHTASKS /Delete /TN "psv_Cofdex" /F <==== UWAGA
    Task: {7D6CDDEF-ECAD-49F9-A58D-0039CB056C5E} - System32\Tasks\psv_Sailstring => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Vento-Hold.reg" &amp; del "C:\ProgramData\BluetoothPoint\Vento-Hold.reg" &amp; SCHTASKS /Delete /TN "psv_Sailstring" /F <==== UWAGA
    Task: {7FB401B9-88F6-4F44-BC5E-D18C6C588472} - System32\Tasks\psv_OpeDom => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\StockDamis.reg" &amp; del "C:\ProgramData\BluetoothPoint\StockDamis.reg" &amp; SCHTASKS /Delete /TN "psv_OpeDom" /F <==== UWAGA
    Task: {811933CD-A16D-4201-8FDF-705D9219AD08} - System32\Tasks\psv_Zoowarm => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Volt-Nix.reg" &amp; del "C:\ProgramData\BluetoothPoint\Volt-Nix.reg" &amp; SCHTASKS /Delete /TN "psv_Zoowarm" /F <==== UWAGA
    Task: {863125F3-E689-40C5-AB1B-0882E1223F28} - System32\Tasks\psv_Goldjaydex => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\SaltStock.reg" &amp; del "C:\ProgramData\BluetoothPoint\SaltStock.reg" &amp; SCHTASKS /Delete /TN "psv_Goldjaydex" /F <==== UWAGA
    Task: {8DC8BE4F-B64D-45C6-A9A8-9C5D9DFB4AC4} - System32\Tasks\psv_Tindoncof => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Tripplesoft.reg" &amp; del "C:\ProgramData\BluetoothPoint\Tripplesoft.reg" &amp; SCHTASKS /Delete /TN "psv_Tindoncof" /F <==== UWAGA
    Task: {9979BC85-FC30-4AED-BB5D-FCA56915D367} - System32\Tasks\psv_Stanruntax => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\SonTrax.reg" &amp; del "C:\ProgramData\BluetoothPoint\SonTrax.reg" &amp; SCHTASKS /Delete /TN "psv_Stanruntax" /F <==== UWAGA
    Task: {9D5BED3D-DF38-49A5-ADC9-F1AB7F4FC524} - System32\Tasks\psv_Trustwarm => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\ZenDondax.reg" &amp; del "C:\ProgramData\BluetoothPoint\ZenDondax.reg" &amp; SCHTASKS /Delete /TN "psv_Trustwarm" /F <==== UWAGA
    Task: {A0205226-6F0F-4B9C-B1E3-EB4AA55F0FA6} - System32\Tasks\Price Fountain => C:\Users\LAPTOP\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: {A13012FA-5AA6-4899-94F9-460940933AF6} - System32\Tasks\psv_ZathNix => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Med-Stock.reg" &amp; del "C:\ProgramData\BluetoothPoint\Med-Stock.reg" &amp; SCHTASKS /Delete /TN "psv_ZathNix" /F <==== UWAGA
    Task: {A6E8CC43-5B61-4985-A304-BF1AD54CF31B} - System32\Tasks\psv_Faxnix => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Unitone.reg" &amp; del "C:\ProgramData\BluetoothPoint\Unitone.reg" &amp; SCHTASKS /Delete /TN "psv_Faxnix" /F <==== UWAGA
    Task: {AFF59C64-7AF2-4A4C-ADE8-C8283D967AA0} - System32\Tasks\psv_Blue-Fax => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\HaySiljob.reg" &amp; del "C:\ProgramData\BluetoothPoint\HaySiljob.reg" &amp; SCHTASKS /Delete /TN "psv_Blue-Fax" /F <==== UWAGA
    Task: {C3792891-B2BB-4E4F-86DE-6C558C6F44EC} - System32\Tasks\{33AFB52E-A3A1-1847-D65F-92F8774BC37E} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMA (dane wartości zawierają 7532 znaków więcej).
    Task: {C639B97E-E366-47DF-A6D7-47BB3B1BEE97} - System32\Tasks\psv_Joyhold => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Isfax.reg" &amp; del "C:\ProgramData\BluetoothPoint\Isfax.reg" &amp; SCHTASKS /Delete /TN "psv_Joyhold" /F <==== UWAGA
    Task: {C833D3C5-D86F-44CB-9446-E18D0B5EA6CE} - System32\Tasks\PFExe => C:\Users\LAPTOP\AppData\Local\PriceFountain\pricefountain.exe <==== UWAGA
    Task: {C855EF09-F948-456D-BECB-DC69945ADE64} - System32\Tasks\psv_Cantouch => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Tresrantone.reg" &amp; del "C:\ProgramData\BluetoothPoint\Tresrantone.reg" &amp; SCHTASKS /Delete /TN "psv_Cantouch" /F <==== UWAGA
    Task: {D4D00C1D-4DB8-4FC0-B6D6-EF634F7BFA4F} - System32\Tasks\psv_Lotplus => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Bluekayla.reg" &amp; del "C:\ProgramData\BluetoothPoint\Bluekayla.reg" &amp; SCHTASKS /Delete /TN "psv_Lotplus" /F <==== UWAGA
    Task: {DB069582-05DE-41F5-AAFD-19B13E638148} - System32\Tasks\psv_Stimbam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Voltlab.reg" &amp; del "C:\ProgramData\BluetoothPoint\Voltlab.reg" &amp; SCHTASKS /Delete /TN "psv_Stimbam" /F <==== UWAGA
    Task: {DDDB7402-6638-4980-9EA3-DE562FE5EA52} - System32\Tasks\psv_Silverzenlex => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Tech-Trax.reg" &amp; del "C:\ProgramData\BluetoothPoint\Tech-Trax.reg" &amp; SCHTASKS /Delete /TN "psv_Silverzenlex" /F <==== UWAGA
    Task: {E2A7C2D3-778F-4074-B63F-5C60569C2787} - System32\Tasks\psv_ZathRanstring => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Zondax.reg" &amp; del "C:\ProgramData\BluetoothPoint\Zondax.reg" &amp; SCHTASKS /Delete /TN "psv_ZathRanstring" /F <==== UWAGA
    Task: {E9A293BD-BCAF-40D8-BED8-B31038BDC91E} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{f4adb3fc-13e1-fe43-f4ad-db3fc13ecff0}\hqghumeaylnlf.exe <==== UWAGA
    Task: {F335A05D-FCB6-4BB2-9819-B9F079BA224F} - System32\Tasks\psv_Fresh-Top => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\AlphaJob.reg" &amp; del "C:\ProgramData\BluetoothPoint\AlphaJob.reg" &amp; SCHTASKS /Delete /TN "psv_Fresh-Top" /F <==== UWAGA
    Task: {F8EF2ABB-18A1-47E2-9295-B8192EB913FD} - System32\Tasks\psv_MatTip => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Nimdox.reg" &amp; del "C:\ProgramData\BluetoothPoint\Nimdox.reg" &amp; SCHTASKS /Delete /TN "psv_MatTip" /F <==== UWAGA
    Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{f4adb3fc-13e1-fe43-f4ad-db3fc13ecff0}\hqghumeaylnlf.exe <==== UWAGA
    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\LAPTOP\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{a37de41a-d643-fca0-a37d-de41ad64906b}\hqghumeaylnlf.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\LAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1466...p;uid=TOSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT
    Hosts:
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-3188330250-300297266-230584344-1000\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{27A0D2A0-E3FB-4BE1-B03D-7FCA01A23A0F}: [NameServer] 82.163.143.157 82.163.142.159
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3188330250-300297266-230584344-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/hm?eq=U...LAABAEQYFIk0FA1ADB0VXfVBdFElXTwhpNVdfDVw/REE=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1470...p;uid=TOSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1470...p;uid=TOSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1470...p;uid=TOSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3188330250-300297266-230584344-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...Jxl8lgzloHq3ahIdm42xpba2XxKOArqJr4KLFb&q={searchTerms}
    HKU\S-1-5-21-3188330250-300297266-230584344-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    HKU\S-1-5-21-3188330250-300297266-230584344-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1470...p;uid=TOSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfXNND14dRHtGNA==&q={searchTerms}
    SearchScopes: HKLM -> OldSearch URL = hxxp://www.istartsurf.com/web/?type=ds&ts...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfXNND14dRHtGNA==&q={searchTerms}
    SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfXNND14dRHtGNA==&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...Jxl8lgzloHq3ahIdm42xpba2XxKOArqJr4KLFb&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14494712...2ce05d865ff270268acg4zdz1t0z0m8geoee4m&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> DefaultScope {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...UFT&ts=1437910864&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> OldSearch URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...UFT&ts=1437910864&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> {A995E0AB-B11F-4BC0-83BE-A4F47BE8D7EB} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...UFT&ts=1437910864&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...UFT&ts=1437910864&type=default&q={searchTerms}
    FF NewTab: Mozilla\Firefox\Profiles\2h7jsmwz.default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0...ZWAhBEhNBNARaB0tXUUEeJl9NER8fHH9WLl5UBHcUVQ==
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\2h7jsmwz.default -> Default
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\2h7jsmwz.default -> nice
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\2h7jsmwz.default -> Default
    FF Homepage: Mozilla\Firefox\Profiles\2h7jsmwz.default -> hxxp://searchinterneat-a.akamaihd.net/hm?eq=U...LAABAEQYFIk0FA18DB0VXfV9eFElXTwhpNVdfDVw/REE=
    FF Keyword.URL: Mozilla\Firefox\Profiles\2h7jsmwz.default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTR0cFME0FB18EURNNfXNND14dRHtGNA==&q={searchTerms}
    FF NewTab: Firefox\Firefox\Profiles\2h7jsmwz.default -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=9396cf6162ef00b75e7484dg7zeq0q4w8zao4z9q9o
    FF DefaultSearchEngine: Firefox\Firefox\Profiles\2h7jsmwz.default -> nice
    FF SearchEngineOrder.1: Firefox\Firefox\Profiles\2h7jsmwz.default -> nice
    FF SelectedSearchEngine: Firefox\Firefox\Profiles\2h7jsmwz.default -> nice
    FF Homepage: Firefox\Firefox\Profiles\2h7jsmwz.default -> goo
    FF Keyword.URL: Firefox\Firefox\Profiles\2h7jsmwz.default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTR0cFME0FB18EURNNfXNND14dRHtGNA==&q={searchTerms}
    FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\extensions\sweetsearch@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [ffsearch_toolbar] - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\extensions\ffsearch_toolbar
    FF HKU\S-1-5-21-3188330250-300297266-230584344-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nie znaleziono
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-11-19]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursites123.xml [2016-03-21]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-23] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [Brak pliku]
    CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
    CHR HKU\S-1-5-21-3188330250-300297266-230584344-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [kbblaapkjgohmoafkoiiaeacfebbliae] - hxxps://clients2.google.com/service/update2/crx
    S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S1 wafd_1_10_0_19; system32\drivers\wafd_1_10_0_19.sys [X]
    2015-04-14 21:07 - 2015-04-14 21:07 - 0000079 _____ () C:\Program Files (x86)\prefs.js
    2015-05-13 14:40 - 2016-03-29 17:40 - 0000024 _____ () C:\Users\LAPTOP\AppData\Roaming\appdataFr25.bin
    2015-01-21 19:54 - 2015-05-11 19:32 - 0000020 _____ () C:\Users\LAPTOP\AppData\Roaming\appdataFr3.bin
    2016-02-14 16:41 - 2016-02-14 16:41 - 0000000 _____ () C:\Users\LAPTOP\AppData\Roaming\mediaload.io.url.lock
    2015-01-08 17:02 - 2016-03-28 14:59 - 0000134 _____ () C:\Users\LAPTOP\AppData\Roaming\WB.CFG
    2015-09-01 14:21 - 2015-09-01 14:21 - 0000000 _____ () C:\ProgramData\temp
    2015-10-27 06:32 - 2016-03-21 18:03 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    1
  • Pomocny post
    #6 21 Lis 2016 19:58
    Acorus 20
    Spec od komputerów

    Odinstaluj Java 8 Update 51. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {0248530A-7CF2-459B-8C20-5F5F2A913982} - System32\Tasks\Superclean => c:\programdata\{a37de41a-d643-fca0-a37d-de41ad64906b}\hqghumeaylnlf.exe <==== UWAGA
    Task: {06576080-9675-4F16-9402-A4FA0A85E791} - System32\Tasks\psv_Zoofresh => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Zumron.reg" &amp; del "C:\ProgramData\BluetoothPoint\Zumron.reg" &amp; SCHTASKS /Delete /TN "psv_Zoofresh" /F <==== UWAGA
    Task: {07B5391A-CFD9-4DEB-9F33-1D956BFAE89C} - System32\Tasks\psv_Faxex => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Donex.reg" &amp; del "C:\ProgramData\BluetoothPoint\Donex.reg" &amp; SCHTASKS /Delete /TN "psv_Faxex" /F <==== UWAGA
    Task: {0818116F-6EC1-4A89-B445-990B3C98AA74} - System32\Tasks\psv_Betatrax => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Triscore.reg" &amp; del "C:\ProgramData\BluetoothPoint\Triscore.reg" &amp; SCHTASKS /Delete /TN "psv_Betatrax" /F <==== UWAGA
    Task: {0CEEFC5A-506F-4245-8641-6AF9BA7DE2B1} - System32\Tasks\psv_UnoLam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Run-Dox.reg" &amp; del "C:\ProgramData\BluetoothPoint\Run-Dox.reg" &amp; SCHTASKS /Delete /TN "psv_UnoLam" /F <==== UWAGA
    Task: {0EF1503D-5730-4489-901B-BE15AA6DE156} - System32\Tasks\psv_Laotlab => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Konkhotphase.reg" &amp; del "C:\ProgramData\BluetoothPoint\Konkhotphase.reg" &amp; SCHTASKS /Delete /TN "psv_Laotlab" /F <==== UWAGA
    Task: {100A9DA2-A506-4782-9242-47AC09D3A459} - System32\Tasks\psv_Fin-Tech => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Son-La.reg" &amp; del "C:\ProgramData\BluetoothPoint\Son-La.reg" &amp; SCHTASKS /Delete /TN "psv_Fin-Tech" /F <==== UWAGA
    Task: {17BDB815-C344-4721-B13D-983A41542D77} - System32\Tasks\DNSLAKEWOOD => dnslakewood.exe <==== UWAGA
    Task: {1DA8E8CD-F2EA-4A2C-937E-A5F4641A6BC2} - System32\Tasks\psv_hk0vlz1e => /c regedit.exe /s "C:\ProgramData\Itstock\kqtctncz.rir.reg" &amp; del "C:\ProgramData\Itstock\kqtctncz.rir.reg" &amp; SCHTASKS /Delete /TN "psv_hk0vlz1e" /F <==== UWAGA
    Task: {1E0AADC8-1238-4D22-89EC-A49C1280945C} - System32\Tasks\psv_Fixlam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\ConZimtone.reg" &amp; del "C:\ProgramData\BluetoothPoint\ConZimtone.reg" &amp; SCHTASKS /Delete /TN "psv_Fixlam" /F <==== UWAGA
    Task: {203B46B1-4B29-43DF-A6D4-BF724E03B6AE} - System32\Tasks\psv_uc0045xc => /c regedit.exe /s "C:\ProgramData\Itstock\xcq5blmn.oud.reg" &amp; del "C:\ProgramData\Itstock\xcq5blmn.oud.reg" &amp; SCHTASKS /Delete /TN "psv_uc0045xc" /F <==== UWAGA
    Task: {221DC781-ACC0-4E51-896E-753DA71778A1} - System32\Tasks\psv_Stanair => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Tran-La.reg" &amp; del "C:\ProgramData\BluetoothPoint\Tran-La.reg" &amp; SCHTASKS /Delete /TN "psv_Stanair" /F <==== UWAGA
    Task: {2AE08D43-0B84-4348-81A2-4D1B855152EF} - System32\Tasks\psv_Vila-Lam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Tancore.reg" &amp; del "C:\ProgramData\BluetoothPoint\Tancore.reg" &amp; SCHTASKS /Delete /TN "psv_Vila-Lam" /F <==== UWAGA
    Task: {30AD9A0D-F3F6-48B5-BB96-52A654F47F72} - System32\Tasks\psv_nqnlgd1k => /c regedit.exe /s "C:\ProgramData\Itstock\fvybkef2.2zg.reg" &amp; del "C:\ProgramData\Itstock\fvybkef2.2zg.reg" &amp; SCHTASKS /Delete /TN "psv_nqnlgd1k" /F <==== UWAGA
    Task: {34238C27-4001-437D-B2B5-C7C094366E0A} - System32\Tasks\psv_Sunlamtam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\ConQuosing.reg" &amp; del "C:\ProgramData\BluetoothPoint\ConQuosing.reg" &amp; SCHTASKS /Delete /TN "psv_Sunlamtam" /F <==== UWAGA
    Task: {3AF95457-FA57-4DF7-8FB3-89FE300E74B8} - System32\Tasks\psv_ScotTom => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\RankTamfan.reg" &amp; del "C:\ProgramData\BluetoothPoint\RankTamfan.reg" &amp; SCHTASKS /Delete /TN "psv_ScotTom" /F <==== UWAGA
    Task: {3B70597A-9009-4BB2-B388-948F46796B04} - System32\Tasks\psv_Bamstring => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\GeoRemsoft.reg" &amp; del "C:\ProgramData\BluetoothPoint\GeoRemsoft.reg" &amp; SCHTASKS /Delete /TN "psv_Bamstring" /F <==== UWAGA
    Task: {3C3009F1-2030-43E0-8E20-5249797DFFD7} - System32\Tasks\NobeanUpdateTaskMachineUA => C:\Program Files (x86)\Nobean\Update\NobeanUpdate.exe <==== UWAGA
    Task: {4693379C-BCD0-4175-99D1-C30CBE668F0B} - System32\Tasks\{D16FCFE7-66C4-784C-8135-752AE1ACE4BF} => C:\ProgramData\{AD8C1939-1A27-AE92-3E27-D5A3C9B25932}\10205D34-A78B-EA9F-D1E3-FF8376D2F975.exe <==== UWAGA
    Task: {4894ADA4-33AF-481A-8767-EB113BC4E4C2} - System32\Tasks\psv_Inch-Is => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\X-bam.reg" &amp; del "C:\ProgramData\BluetoothPoint\X-bam.reg" &amp; SCHTASKS /Delete /TN "psv_Inch-Is" /F <==== UWAGA
    Task: {525A25F9-78B1-4085-8DA5-3C240F308745} - System32\Tasks\{7AEFAD1B-68D9-9059-9B2B-FA25B4A9BF7A} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\4cd52f3c\601d2144.dll" <==== UWAGA
    Task: {558D5145-879A-45CF-9F59-D2E247A5DA79} - System32\Tasks\psv_FreeZuncom => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Phystough.reg" &amp; del "C:\ProgramData\BluetoothPoint\Phystough.reg" &amp; SCHTASKS /Delete /TN "psv_FreeZuncom" /F <==== UWAGA
    Task: {55C41426-AD4F-4114-B80C-C36115F578DC} - System32\Tasks\{40CE3B63-542B-44DD-BBAA-2425793E37B2} => pcalua.exe -a C:\Users\LAPTOP\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
    Task: {60F674B7-B9C4-4016-9CC0-3A73F164074B} - System32\Tasks\psv_Silbam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Dantech.reg" &amp; del "C:\ProgramData\BluetoothPoint\Dantech.reg" &amp; SCHTASKS /Delete /TN "psv_Silbam" /F <==== UWAGA
    Task: {66227646-D48D-43B0-81FD-002687FE7896} - System32\Tasks\psv_BlueNimeco => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Iceplus.reg" &amp; del "C:\ProgramData\BluetoothPoint\Iceplus.reg" &amp; SCHTASKS /Delete /TN "psv_BlueNimeco" /F <==== UWAGA
    Task: {698627E4-DC40-4DD0-837A-3EF4A4E132B0} - System32\Tasks\NobeanUpdateTaskMachineCore => C:\Program Files (x86)\Nobean\Update\NobeanUpdate.exe <==== UWAGA
    Task: {6CD27FD3-E07A-4172-81B6-F424F62F995A} - System32\Tasks\psv_Faxtone => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Lamhome.reg" &amp; del "C:\ProgramData\BluetoothPoint\Lamhome.reg" &amp; SCHTASKS /Delete /TN "psv_Faxtone" /F <==== UWAGA
    Task: {6DE0B4B9-4980-45E0-9210-A9D1808B01AA} - System32\Tasks\psv_Plusrantouch => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Hotsilstring.reg" &amp; del "C:\ProgramData\BluetoothPoint\Hotsilstring.reg" &amp; SCHTASKS /Delete /TN "psv_Plusrantouch" /F <==== UWAGA
    Task: {6EE9A54F-3829-4DBE-A7E5-662437018CEA} - System32\Tasks\psv_LatHold => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Dondax.reg" &amp; del "C:\ProgramData\BluetoothPoint\Dondax.reg" &amp; SCHTASKS /Delete /TN "psv_LatHold" /F <==== UWAGA
    Task: {727DDCF7-745A-4E72-BF0C-03E16BEF9D51} - System32\Tasks\psv_S-lab => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Ranflex.reg" &amp; del "C:\ProgramData\BluetoothPoint\Ranflex.reg" &amp; SCHTASKS /Delete /TN "psv_S-lab" /F <==== UWAGA
    Task: {72B0FCB7-F897-4F04-B448-4765A50123E5} - System32\Tasks\psv_KonGocof => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Flexlex.reg" &amp; del "C:\ProgramData\BluetoothPoint\Flexlex.reg" &amp; SCHTASKS /Delete /TN "psv_KonGocof" /F <==== UWAGA
    Task: {76DF889D-579D-4F9E-9F79-A34E71C306DD} - System32\Tasks\psv_Cofdex => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Gooding.reg" &amp; del "C:\ProgramData\BluetoothPoint\Gooding.reg" &amp; SCHTASKS /Delete /TN "psv_Cofdex" /F <==== UWAGA
    Task: {7D6CDDEF-ECAD-49F9-A58D-0039CB056C5E} - System32\Tasks\psv_Sailstring => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Vento-Hold.reg" &amp; del "C:\ProgramData\BluetoothPoint\Vento-Hold.reg" &amp; SCHTASKS /Delete /TN "psv_Sailstring" /F <==== UWAGA
    Task: {7FB401B9-88F6-4F44-BC5E-D18C6C588472} - System32\Tasks\psv_OpeDom => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\StockDamis.reg" &amp; del "C:\ProgramData\BluetoothPoint\StockDamis.reg" &amp; SCHTASKS /Delete /TN "psv_OpeDom" /F <==== UWAGA
    Task: {811933CD-A16D-4201-8FDF-705D9219AD08} - System32\Tasks\psv_Zoowarm => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Volt-Nix.reg" &amp; del "C:\ProgramData\BluetoothPoint\Volt-Nix.reg" &amp; SCHTASKS /Delete /TN "psv_Zoowarm" /F <==== UWAGA
    Task: {863125F3-E689-40C5-AB1B-0882E1223F28} - System32\Tasks\psv_Goldjaydex => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\SaltStock.reg" &amp; del "C:\ProgramData\BluetoothPoint\SaltStock.reg" &amp; SCHTASKS /Delete /TN "psv_Goldjaydex" /F <==== UWAGA
    Task: {8DC8BE4F-B64D-45C6-A9A8-9C5D9DFB4AC4} - System32\Tasks\psv_Tindoncof => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Tripplesoft.reg" &amp; del "C:\ProgramData\BluetoothPoint\Tripplesoft.reg" &amp; SCHTASKS /Delete /TN "psv_Tindoncof" /F <==== UWAGA
    Task: {9979BC85-FC30-4AED-BB5D-FCA56915D367} - System32\Tasks\psv_Stanruntax => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\SonTrax.reg" &amp; del "C:\ProgramData\BluetoothPoint\SonTrax.reg" &amp; SCHTASKS /Delete /TN "psv_Stanruntax" /F <==== UWAGA
    Task: {9D5BED3D-DF38-49A5-ADC9-F1AB7F4FC524} - System32\Tasks\psv_Trustwarm => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\ZenDondax.reg" &amp; del "C:\ProgramData\BluetoothPoint\ZenDondax.reg" &amp; SCHTASKS /Delete /TN "psv_Trustwarm" /F <==== UWAGA
    Task: {A0205226-6F0F-4B9C-B1E3-EB4AA55F0FA6} - System32\Tasks\Price Fountain => C:\Users\LAPTOP\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: {A13012FA-5AA6-4899-94F9-460940933AF6} - System32\Tasks\psv_ZathNix => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Med-Stock.reg" &amp; del "C:\ProgramData\BluetoothPoint\Med-Stock.reg" &amp; SCHTASKS /Delete /TN "psv_ZathNix" /F <==== UWAGA
    Task: {A6E8CC43-5B61-4985-A304-BF1AD54CF31B} - System32\Tasks\psv_Faxnix => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Unitone.reg" &amp; del "C:\ProgramData\BluetoothPoint\Unitone.reg" &amp; SCHTASKS /Delete /TN "psv_Faxnix" /F <==== UWAGA
    Task: {AFF59C64-7AF2-4A4C-ADE8-C8283D967AA0} - System32\Tasks\psv_Blue-Fax => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\HaySiljob.reg" &amp; del "C:\ProgramData\BluetoothPoint\HaySiljob.reg" &amp; SCHTASKS /Delete /TN "psv_Blue-Fax" /F <==== UWAGA
    Task: {C639B97E-E366-47DF-A6D7-47BB3B1BEE97} - System32\Tasks\psv_Joyhold => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Isfax.reg" &amp; del "C:\ProgramData\BluetoothPoint\Isfax.reg" &amp; SCHTASKS /Delete /TN "psv_Joyhold" /F <==== UWAGA
    Task: {C833D3C5-D86F-44CB-9446-E18D0B5EA6CE} - System32\Tasks\PFExe => C:\Users\LAPTOP\AppData\Local\PriceFountain\pricefountain.exe <==== UWAGA
    Task: {C855EF09-F948-456D-BECB-DC69945ADE64} - System32\Tasks\psv_Cantouch => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Tresrantone.reg" &amp; del "C:\ProgramData\BluetoothPoint\Tresrantone.reg" &amp; SCHTASKS /Delete /TN "psv_Cantouch" /F <==== UWAGA
    Task: {D4D00C1D-4DB8-4FC0-B6D6-EF634F7BFA4F} - System32\Tasks\psv_Lotplus => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Bluekayla.reg" &amp; del "C:\ProgramData\BluetoothPoint\Bluekayla.reg" &amp; SCHTASKS /Delete /TN "psv_Lotplus" /F <==== UWAGA
    Task: {DB069582-05DE-41F5-AAFD-19B13E638148} - System32\Tasks\psv_Stimbam => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Voltlab.reg" &amp; del "C:\ProgramData\BluetoothPoint\Voltlab.reg" &amp; SCHTASKS /Delete /TN "psv_Stimbam" /F <==== UWAGA
    Task: {DDDB7402-6638-4980-9EA3-DE562FE5EA52} - System32\Tasks\psv_Silverzenlex => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Tech-Trax.reg" &amp; del "C:\ProgramData\BluetoothPoint\Tech-Trax.reg" &amp; SCHTASKS /Delete /TN "psv_Silverzenlex" /F <==== UWAGA
    Task: {E2A7C2D3-778F-4074-B63F-5C60569C2787} - System32\Tasks\psv_ZathRanstring => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Zondax.reg" &amp; del "C:\ProgramData\BluetoothPoint\Zondax.reg" &amp; SCHTASKS /Delete /TN "psv_ZathRanstring" /F <==== UWAGA
    Task: {E9A293BD-BCAF-40D8-BED8-B31038BDC91E} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{f4adb3fc-13e1-fe43-f4ad-db3fc13ecff0}\hqghumeaylnlf.exe <==== UWAGA
    Task: {F335A05D-FCB6-4BB2-9819-B9F079BA224F} - System32\Tasks\psv_Fresh-Top => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\AlphaJob.reg" &amp; del "C:\ProgramData\BluetoothPoint\AlphaJob.reg" &amp; SCHTASKS /Delete /TN "psv_Fresh-Top" /F <==== UWAGA
    Task: {F8EF2ABB-18A1-47E2-9295-B8192EB913FD} - System32\Tasks\psv_MatTip => /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Nimdox.reg" &amp; del "C:\ProgramData\BluetoothPoint\Nimdox.reg" &amp; SCHTASKS /Delete /TN "psv_MatTip" /F <==== UWAGA
    Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{f4adb3fc-13e1-fe43-f4ad-db3fc13ecff0}\hqghumeaylnlf.exe <==== UWAGA
    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\LAPTOP\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{a37de41a-d643-fca0-a37d-de41ad64906b}\hqghumeaylnlf.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\LAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1466...p;uid=TOSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT
    MSCONFIG\startupreg: PriceFountain => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\LAPTOP\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat"
    HKU\S-1-5-21-3188330250-300297266-230584344-1000\...\Run: [BingSvc] => C:\Users\LAPTOP\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-04-09] (© 2015 Microsoft Corporation)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-3188330250-300297266-230584344-1000\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{27A0D2A0-E3FB-4BE1-B03D-7FCA01A23A0F}: [NameServer] 82.163.143.157 82.163.142.159
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3188330250-300297266-230584344-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/hm?eq=U...LAABAEQYFIk0FA1ADB0VXfVBdFElXTwhpNVdfDVw/REE=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1470...p;uid=TOSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1470...p;uid=TOSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1470...p;uid=TOSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    HKU\S-1-5-21-3188330250-300297266-230584344-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...Jxl8lgzloHq3ahIdm42xpba2XxKOArqJr4KLFb&q={searchTerms}
    HKU\S-1-5-21-3188330250-300297266-230584344-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    HKU\S-1-5-21-3188330250-300297266-230584344-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1470...p;uid=TOSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfXNND14dRHtGNA==&q={searchTerms}
    SearchScopes: HKLM -> OldSearch URL = hxxp://www.istartsurf.com/web/?type=ds&ts...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfXNND14dRHtGNA==&q={searchTerms}
    SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfXNND14dRHtGNA==&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...Jxl8lgzloHq3ahIdm42xpba2XxKOArqJr4KLFb&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...OSHIBAXMK2565GSXN_80JPT2UFTXX80JPT2UFT&q={searchTerms}
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14494712...2ce05d865ff270268acg4zdz1t0z0m8geoee4m&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> DefaultScope {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...UFT&ts=1437910864&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> OldSearch URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...UFT&ts=1437910864&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> {A995E0AB-B11F-4BC0-83BE-A4F47BE8D7EB} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...UFT&ts=1437910864&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3188330250-300297266-230584344-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...UFT&ts=1437910864&type=default&q={searchTerms}
    BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-11-21] (AVG)
    FF NewTab: Mozilla\Firefox\Profiles\2h7jsmwz.default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0...ZWAhBEhNBNARaB0tXUUEeJl9NER8fHH9WLl5UBHcUVQ==
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\2h7jsmwz.default -> nice
    FF Homepage: Mozilla\Firefox\Profiles\2h7jsmwz.default -> hxxp://searchinterneat-a.akamaihd.net/hm?eq=U...LAABAEQYFIk0FA18DB0VXfV9eFElXTwhpNVdfDVw/REE=
    FF Keyword.URL: Mozilla\Firefox\Profiles\2h7jsmwz.default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTR0cFME0FB18EURNNfXNND14dRHtGNA==&q={searchTerms}
    FF Extension: (xRocket Toolbar) - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\Extensions\arthurj8283@gmail.com [2016-06-21] [Brak podpisu cyfrowego]
    FF Extension: (Bing Search) - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-04-09]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\searchplugins\bing-.xml [2016-04-09]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\searchplugins\delta-homes.xml [2015-09-25]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\searchplugins\findit.xml [2016-06-21]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\searchplugins\luck.xml [2016-11-21]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\searchplugins\nice.xml [2016-10-09]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\searchplugins\nuesearch.xml [2016-08-10]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\searchplugins\search-simple.xml [2015-03-19]
    FF NewTab: Firefox\Firefox\Profiles\2h7jsmwz.default -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=9396cf6162ef00b75e7484dg7zeq0q4w8zao4z9q9o
    FF DefaultSearchEngine: Firefox\Firefox\Profiles\2h7jsmwz.default -> nice
    FF SearchEngineOrder.1: Firefox\Firefox\Profiles\2h7jsmwz.default -> nice
    FF SelectedSearchEngine: Firefox\Firefox\Profiles\2h7jsmwz.default -> nice
    FF Homepage: Firefox\Firefox\Profiles\2h7jsmwz.default -> goo
    FF Keyword.URL: Firefox\Firefox\Profiles\2h7jsmwz.default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTR0cFME0FB18EURNNfXNND14dRHtGNA==&q={searchTerms}
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Firefox\Firefox\Profiles\2h7jsmwz.default\searchplugins\delta-homes.xml [2015-09-25]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Firefox\Firefox\Profiles\2h7jsmwz.default\searchplugins\findit.xml [2016-06-21]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Firefox\Firefox\Profiles\2h7jsmwz.default\searchplugins\nice.xml [2016-06-24]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Firefox\Firefox\Profiles\2h7jsmwz.default\searchplugins\nuesearch.xml [2016-06-21]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Firefox\Firefox\Profiles\2h7jsmwz.default\searchplugins\search-simple.xml [2015-03-19]
    FF SearchPlugin: C:\Users\LAPTOP\AppData\Roaming\Firefox\Firefox\Profiles\2h7jsmwz.default\searchplugins\searchinme.xml [2016-07-28]
    FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\extensions\sweetsearch@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [ffsearch_toolbar] - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\extensions\ffsearch_toolbar
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\extensions\default_newtabff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\LAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\2h7jsmwz.default\extensions\arthurj8283@gmail.com
    FF HKU\S-1-5-21-3188330250-300297266-230584344-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nie znaleziono
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-11-19]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursites123.xml [2016-03-21]
    CHR HKU\S-1-5-21-3188330250-300297266-230584344-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [kbblaapkjgohmoafkoiiaeacfebbliae] - hxxps://clients2.google.com/service/update2/crx
    R2 vToolbarUpdater40.3.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe [1349704 2016-11-21] (AVG Secure Search)
    S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S1 wafd_1_10_0_19; system32\drivers\wafd_1_10_0_19.sys [X]
    2016-11-21 14:05 - 2016-11-21 14:05 - 00000000 ____D C:\Users\LAPTOP\AppData\Roaming\eCyber
    2016-11-21 13:08 - 2016-11-21 13:08 - 00003276 _____ C:\Windows\System32\Tasks\psv_Faxex
    2016-11-07 21:46 - 2016-11-07 21:46 - 00003306 _____ C:\Windows\System32\Tasks\psv_Sailstring
    2016-11-07 21:44 - 2016-11-07 21:44 - 00003294 _____ C:\Windows\System32\Tasks\psv_Betatrax
    2016-11-07 21:44 - 2016-11-07 21:44 - 00003280 _____ C:\Windows\System32\Tasks\psv_Inch-Is
    2016-11-21 16:19 - 2015-08-07 09:59 - 00000000 ____D C:\Users\LAPTOP\AppData\Local\PriceFountain
    2016-11-21 16:14 - 2016-08-01 22:58 - 00000000 ____D C:\ProgramData\qwinpq
    2016-11-21 16:14 - 2016-06-21 13:10 - 00000000 ____D C:\ProgramData\uckt
    2016-11-21 16:14 - 2016-06-21 12:42 - 00000000 ____D C:\ProgramData\UwinpU
    2016-11-21 16:14 - 2016-03-17 22:51 - 00000000 ____D C:\ProgramData\pWdMp
    2016-11-21 16:14 - 2016-03-14 14:55 - 00000000 ____D C:\ProgramData\yWdMy
    2016-11-21 16:14 - 2016-03-11 19:23 - 00000000 ____D C:\ProgramData\MWdMM
    2016-11-21 16:14 - 2015-12-25 13:36 - 00000000 ____D C:\ProgramData\SWdMS
    2016-11-21 16:14 - 2015-12-17 21:28 - 00000000 ____D C:\ProgramData\Tmp0x0x
    2016-11-21 16:14 - 2015-10-27 06:32 - 00000000 ____D C:\ProgramData\QWMiniProQ
    2016-11-21 16:13 - 2016-08-29 13:49 - 00000000 ____D C:\ProgramData\jwinpj
    2016-11-21 16:13 - 2016-08-10 22:40 - 00000000 ____D C:\ProgramData\6winp6
    2016-11-21 16:13 - 2016-02-26 18:37 - 00000000 ____D C:\ProgramData\4cd52f3c
    2016-11-21 16:13 - 2016-01-08 07:29 - 00000000 ____D C:\ProgramData\iWdMi
    2016-11-21 16:13 - 2015-12-25 13:34 - 00000000 ____D C:\ProgramData\6WdM6
    2016-11-21 16:13 - 2015-12-11 07:09 - 00000000 ____D C:\ProgramData\lWdMl
    2016-11-21 16:13 - 2015-06-21 22:04 - 00000000 ____D C:\Program Files (x86)\SaveoNewaAAppz
    2016-11-21 16:13 - 2015-06-21 22:03 - 00000000 ____D C:\Program Files (x86)\SaveNewaApppz
    2016-11-21 16:13 - 2015-06-21 22:03 - 00000000 ____D C:\Program Files (x86)\SAveaNewaAAppz
    2016-11-21 16:13 - 2015-04-05 06:22 - 00000000 ____D C:\Program Files (x86)\TheFreeDictionarycom Extension
    2016-11-21 16:13 - 2015-02-26 22:18 - 00000000 ____D C:\Program Files (x86)\Pirate Bay Advanced Search
    2016-11-21 16:13 - 2015-02-26 20:19 - 00000000 ____D C:\Program Files (x86)\Sinhala Meaning
    2016-11-21 16:13 - 2015-02-17 16:14 - 00000000 ____D C:\Program Files (x86)\Thor Lego Adventures
    2016-11-21 16:13 - 2015-01-29 13:13 - 00000000 ____D C:\Program Files (x86)\Tumblr Collage
    2016-11-21 16:13 - 2015-01-29 13:12 - 00000000 ____D C:\Program Files (x86)\TakeTTheCouaponn
    2016-11-21 16:12 - 2015-06-17 06:56 - 00000000 ____D C:\Program Files (x86)\MiuiTab
    2016-11-21 16:12 - 2015-06-04 08:40 - 00000000 ____D C:\Program Files (x86)\JonniCoupoin
    2016-11-21 16:12 - 2015-03-16 19:49 - 00000000 ____D C:\Program Files (x86)\Paste Lorem ipsum
    2016-11-21 16:11 - 2015-09-20 19:08 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
    2016-11-21 16:11 - 2015-05-16 22:25 - 00000000 ____D C:\Program Files (x86)\DiscountEXtenasi
    2016-11-21 16:11 - 2015-03-16 19:49 - 00000000 ____D C:\Program Files (x86)\DiiScoountExxtensi
    2016-11-21 16:11 - 2015-02-26 20:18 - 00000000 ____D C:\Program Files (x86)\coionseaive
    2016-11-21 16:11 - 2015-02-26 20:18 - 00000000 ____D C:\Program Files (x86)\CaoopuNk
    2016-11-21 16:11 - 2015-02-17 16:14 - 00000000 ____D C:\Program Files (x86)\AlliSaver
    2016-11-21 16:00 - 2016-09-19 19:12 - 00000000 ____D C:\Program Files (x86)\InterHop
    2016-11-21 15:59 - 2015-06-17 21:58 - 00000000 ____D C:\Program Files (x86)\Bewildered Wine
    2016-11-21 15:59 - 2015-05-15 23:03 - 00000000 ____D C:\Program Files (x86)\Distressed Audience
    2016-11-21 15:51 - 2016-06-21 13:13 - 00000000 ____D C:\ProgramData\Nobean
    2016-11-21 15:50 - 2016-09-19 19:12 - 00000000 ____D C:\ProgramData\RwinpR
    2016-11-21 15:50 - 2016-08-28 18:22 - 00000000 ____D C:\Program Files (x86)\WinSaber
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • #7 22 Lis 2016 17:07
    juventino87
    Poziom 2  

    smiga, dziekuje!

    0