Dzień dobry,
Odebrałam maila od Adobe (jestem ich klientką) ale niestety mail był raczej z lewego źródła. Zorientowałam się za późno i kliknęłam na załącznik w postaci pliku tekstowego. Wyświetliło się to
1. Open the document in Microsoft Office. Previewing online does not work for protected documents.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKU\S-1-5-21-2800539321-3908152613-2104602115-1000\...\Run: [AdobeBridge] = [X]
ShellIconOverlayIdentifiers: [GGDriveOverlay1] - {E68D0A50-3C40-4712-B90D-DCFA93FF2534} = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay2] - {E68D0A51-3C40-4712-B90D-DCFA93FF2534} = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay3] - {E68D0A52-3C40-4712-B90D-DCFA93FF2534} = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay4] - {E68D0A53-3C40-4712-B90D-DCFA93FF2534} = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia ======= UWAGA
HKU\S-1-5-21-2800539321-3908152613-2104602115-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia ======= UWAGA
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=hitachixhds721050cla360_jp1521fp2adaxb2adaxbx
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=hitachixhds721050cla360_jp1521fp2adaxb2adaxbx
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=hitachixhds721050cla360_jp1521fp2adaxb2adaxbx
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=hitachixhds721050cla360_jp1521fp2adaxb2adaxbx
SearchScopes: HKLM - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=hitachixhds721050cla360_jp1521fp2adaxb2adaxbxts=1420449558
SearchScopes: HKLM-x32 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=hitachixhds721050cla360_jp1521fp2adaxb2adaxbxts=1420449558
SearchScopes: HKU\S-1-5-19 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=hitachixhds721050cla360_jp1521fp2adaxb2adaxbxts=1420449558
SearchScopes: HKU\S-1-5-19 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=hitachixhds721050cla360_jp1521fp2adaxb2adaxbxts=1420449558
SearchScopes: HKU\S-1-5-20 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=hitachixhds721050cla360_jp1521fp2adaxb2adaxbxts=1420449558
SearchScopes: HKU\S-1-5-20 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=hitachixhds721050cla360_jp1521fp2adaxb2adaxbxts=1420449558
SearchScopes: HKU\S-1-5-21-2800539321-3908152613-2104602115-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Brak nazwy - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Brak pliku
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-23] (Oracle Corporation)
FF Extension: PriceFountain - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\4977jcuz.default\extensions\staged\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2014-10-26] [Brak podpisu cyfrowego]
CHR DefaultSearchURL: Default - hxxp://do-search.com/web/?type=dsppts=1433918239z=d0dd7bb6a9c462ed60d7004g3z1c3cdt6g3b0o4c8bfrom=coruid=HitachiXHDS721050CLA360_JP1521FP2ADAXB2ADAXBXq={searchTerms}
S2 WLSVC; C:\Program Files\Thomson\TG122n\WLSVC.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-01-28 08:23 - 2015-06-12 06:15 - 00000000 ____ D C:\ProgramData\boost_interprocess
2012-03-28 09:39 - 2012-03-28 09:39 - 0017408 _____ () C:\Users\PC\AppData\Local\WebpageIcons.db
CustomCLSID: HKU\S-1-5-21-2800539321-3908152613-2104602115-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 - C:\Users\PC\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll = Brak pliku
Task: {139C3548-0883-4460-9289-88412A3B3340} - System32\Tasks\{85B0B848-8122-4ED2-ADC1-953D2EF1686A} = pcalua.exe -a C:\Users\PC\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tt4u -simple=0 ==== UWAGA
Task: {49004CD4-5323-441D-8A49-3E9112A9AEAE} - System32\Tasks\{0DDADC93-A980-4E08-8B24-4131B415D4E8} = pcalua.exe -a C:\Users\PC\Downloads\ToolbarUtilityTool.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5CBB2BB9-A76A-4781-BF64-53673C06C335} - System32\Tasks\{72ED5613-9DDB-483D-9673-136E08F27310} = pcalua.exe -a C:\Users\PC\AppData\Roaming\do-search\UninstallManager.exe -c -ptid=cor
Task: {7EF5423E-2D0E-4285-A028-8AD69678DD63} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2800539321-3908152613-2104602115-1000 = C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {90918E04-FB8B-4366-A9B3-9AB2726F0794} - System32\Tasks\{EE8E17B4-4F1D-41D1-ACA1-5FDA31EF6A8A} = E:\Autorun.exe
Task: {BD6AE4AA-81CE-4BFE-9FA3-108A10BE2048} - System32\Tasks\{81E29EC4-30C1-4F76-B1E0-7ADC879579D0} = pcalua.exe -a E:\install_UPC_XpSp1.exe -d E:\
Task: {E040FD5A-CE8B-493B-8A54-EC1491A72ECC} - System32\Tasks\{E3D717D1-56BE-45EF-9BEA-9F8AB7AC03F5} = C:\Users\PC\AppData\Local\GG\Application\gghub.exe
Task: {F71DAF81-E084-408C-AF6E-C79CEE4D9C95} - System32\Tasks\{F4DA2033-A527-4209-9B9E-637184E743AB} = pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Plug-ins\Nik Software\Color Efex Pro 3.0 Complete\Uninstall.exe" -d "C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Plug-ins\Nik Software\Color Efex Pro 3.0 Complete"
EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Skasuj folder C:\FRST
Zrobione 
Czyli już po bólu ? A tak z czystej ciekawości było coś poważnego ?
Bardzo, bardzo dziękuję za pomoc
Nie było żadnego poważnego wirusa tylko adware PriceFountain itp.