Youtube Accelerator, Shopper Pro, SensePlus, YTA


(Etheor2) #1

Witajcie.

 

Problem mam następujący: ostatnio coś laptop przestał ładować szybko Windowsa Viste. Mało tego zauważyłem kilka folderów w Program Files, które zostały utworzone samoczynnie, czyli nie instalowałem jakiegoś oprogramowania z nieznanego mi źródła, etc. Generalnie nawet bym nie wiedział o tym wszytkim, gdyby nie uciążliwe reklamy serwowane przez SensePlus. Sprawdziłem pod tym kątem mój komputer i byłem w szoku. Od groma jakiegoś badziewia przedostało się do systemu. Dodatkowo Windows Defender zaczął wyrzucać komunikaty o błędzie, w efekcie w ogóle nie mogę się dostać do niego. 

 

Dla przykładu forum dobreprogramy wygląda teraz tak:

 

Komputer najpierw przeskanowałem Mbamem. Znalazł kilka rzeczy, które usunął, i niby nic nie widzi.

 

Następnie za radami na forach spróbowałem AdwCleaner. To co mógł usunął, natomiast w zakładce "zadania" widnieje wciąż coś takiego, i po każdym restarcie ujawnia się ponownie:

 

Komputer niby zaczął uruchamiać się szybciej, ale wciąż siedzą w systemie niechciane pliki, i do tego te reklamy.

 

Folder Temp wygląda następująco:

 

Sam gmer wysypuje się po chwili od uruchomienia:

 

OTL natomiast przeprowadził skany i wyrzucił takie logi:

 

OTL.txt:

OTL logfile created on: 2015-01-03 14:22:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\laptox\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1,99 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 30,52% Memory free
4,22 Gb Paging File | 2,47 Gb Available in Paging File | 58,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,95 Gb Total Space | 64,18 Gb Free Space | 59,45% Space Free | Partition Type: NTFS
Drive D: | 106,38 Gb Total Space | 94,41 Gb Free Space | 88,75% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOX-TEST | User Name: laptox | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2015-01-03 14:22:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\laptox\Desktop\OTL (1).exe
PRC - [2015-01-03 13:39:58 | 002,173,952 | ---- | M] () -- c:\users\laptox\desktop\adwcleaner.exe
PRC - [2014-12-18 21:49:14 | 000,535,160 | ---- | M] () -- C:\Program Files\Opera\26.0.1656.60\opera_crashreporter.exe
PRC - [2014-12-18 21:49:04 | 050,337,912 | ---- | M] (Opera Software) -- C:\Program Files\Opera\26.0.1656.60\opera.exe
PRC - [2014-12-03 19:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014-08-22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014-08-22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014-08-22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009-04-11 14:18:35 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-03-13 13:43:00 | 001,466,368 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007-03-14 14:50:24 | 004,399,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2015-01-03 13:39:58 | 002,173,952 | ---- | M] () -- c:\users\laptox\desktop\adwcleaner.exe
MOD - [2014-12-18 21:49:23 | 009,312,888 | ---- | M] () -- C:\Program Files\Opera\26.0.1656.60\pdf.dll
MOD - [2014-12-18 21:49:14 | 000,535,160 | ---- | M] () -- C:\Program Files\Opera\26.0.1656.60\opera_crashreporter.exe
MOD - [2014-12-18 21:48:54 | 000,991,352 | ---- | M] () -- C:\Program Files\Opera\26.0.1656.60\ffmpegsumo.dll
MOD - [2014-11-29 22:26:17 | 014,910,128 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\pepflashplayer32_15_0_0_215.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2014-12-03 19:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014-08-22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014-08-22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2008-01-21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014-11-24 12:16:00 | 000,116,184 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2014-07-17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013-09-30 16:26:46 | 000,015,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2013-09-30 16:26:44 | 000,010,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2013-06-04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013-06-04 09:15:02 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010-06-23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009-09-05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-03-13 13:50:18 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 0C 81 8D 36 13 D0 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}src=IE-SearchBoxFORM=IE8SRC
IE - HKCU\..\SearchScopes\{656F7FE5-2F5B-44F4-9C17-34A71761ADF3}: "URL" = https://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=888596p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O4 - HKLM..\Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1420290380 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{350DAFDF-6A3B-4A1C-95E6-34FB840DF372}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\laptox\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\laptox\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [NTFS]
O33 - MountPoints2\{c9b6c228-3143-11e4-822d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c9b6c228-3143-11e4-822d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2015-01-03 14:22:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\laptox\Desktop\OTL (1).exe
[2015-01-03 14:03:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\YTAHelper
[2015-01-03 14:03:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GOOBZO
[2015-01-03 14:01:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ShopperPro
[2015-01-03 13:40:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015-01-03 00:34:40 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015-01-03 00:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015-01-03 00:34:11 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015-01-03 00:34:11 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015-01-03 00:34:11 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015-01-03 00:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015-01-03 00:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015-01-03 00:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2015-01-03 00:05:54 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx
[2015-01-03 00:05:27 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Local\Installer
[2015-01-03 00:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2015-01-03 00:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2015-01-02 22:20:42 | 000,000,000 | ---D | C] -- C:\Users\laptox\Documents\Downloads
[2015-01-02 22:18:07 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Local\transmission
[2015-01-02 22:17:01 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Roaming\transmission
[2015-01-02 22:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
[2015-01-02 22:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo
[2015-01-02 20:09:59 | 000,744,520 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2015-01-02 20:09:46 | 000,104,384 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2015-01-02 20:09:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2015-01-02 20:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission-Qt
[2015-01-02 20:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Transmission
[2015-01-02 15:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2015-01-02 15:50:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2015-01-02 13:05:35 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Roaming\vlc
[2015-01-02 13:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2015-01-02 13:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014-12-27 21:07:01 | 000,106,496 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2014-12-27 21:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2014-12-27 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2014-12-26 23:10:51 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Roaming\MPC-HC
[2014-12-25 01:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2014-12-25 01:16:32 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Roaming\BESTplayer
[2014-12-21 14:24:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2014-12-21 01:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
[2014-12-13 00:51:36 | 000,875,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll
[2014-12-13 00:51:36 | 000,535,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll
[2014-12-12 23:54:57 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Roaming\HP
[2014-12-12 21:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Plus for IE
[2014-12-12 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Local\gtk-2.0
[2014-12-12 16:01:50 | 000,000,000 | ---D | C] -- C:\Users\laptox\.thumbnails
[2014-12-12 15:55:44 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Local\fontconfig
[2014-12-12 15:55:40 | 000,000,000 | ---D | C] -- C:\Users\laptox\.gimp-2.8
[2014-12-12 15:55:39 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Local\gegl-0.2
[2014-12-12 15:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2014-12-12 15:34:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014-12-11 13:16:25 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Roaming\AVG
[2014-12-11 13:14:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2014-12-11 13:11:54 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Local\Avg
[2014-12-11 13:09:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014-12-11 13:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014-12-11 13:09:07 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Roaming\IHlpr
[2014-12-11 13:07:21 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Roaming\DAEMON Tools Lite
[2014-12-11 13:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2014-12-11 11:39:20 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014-12-11 11:39:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014-12-11 11:39:19 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014-12-11 11:39:19 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014-12-11 11:39:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014-12-11 11:39:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014-12-11 11:39:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014-12-11 11:39:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014-12-11 11:39:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014-12-11 11:39:12 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014-12-11 11:39:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014-12-11 11:39:11 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014-12-11 11:39:10 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014-12-10 03:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014-12-07 01:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014-12-07 01:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014-12-07 01:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014-12-07 00:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2014-12-07 00:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2014-12-07 00:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2014-12-07 00:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2014-12-07 00:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014-12-07 00:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2014-12-07 00:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014-12-07 00:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2014-12-07 00:42:40 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpzll5ha.dll
[2014-12-07 00:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014-12-07 00:41:44 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2014-12-07 00:38:00 | 000,267,864 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2014-12-07 00:37:59 | 000,675,840 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpowiax3.dll
[2014-12-07 00:37:59 | 000,569,344 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpotscl3.dll
[2014-12-07 00:37:59 | 000,364,544 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2014-12-07 00:37:59 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst10.dll
[2014-12-07 00:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014-12-04 22:46:33 | 000,000,000 | ---D | C] -- C:\Users\laptox\AppData\Local\NeoSmart_Technologies
[2014-12-04 20:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2015-01-03 14:22:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\laptox\Desktop\OTL (1).exe
[2015-01-03 14:13:20 | 000,633,712 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015-01-03 14:13:20 | 000,119,278 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015-01-03 14:06:14 | 000,001,338 | ---- | M] () -- C:\Windows\tasks\VNUN.job
[2015-01-03 14:06:13 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015-01-03 14:06:13 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015-01-03 14:06:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015-01-03 14:06:02 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2015-01-03 13:39:58 | 002,173,952 | ---- | M] () -- C:\Users\laptox\Desktop\AdwCleaner.exe
[2015-01-03 12:53:51 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015-01-03 00:14:42 | 000,018,189 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2015-01-03 00:05:54 | 000,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx
[2015-01-02 23:44:47 | 000,001,698 | ---- | M] () -- C:\Users\laptox\Desktop\Diablo II.lnk
[2015-01-02 23:41:29 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2015-01-02 23:41:29 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2015-01-02 23:41:29 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2015-01-02 22:06:03 | 000,086,528 | ---- | M] () -- C:\Windows\bnetunin.exe
[2015-01-02 22:06:03 | 000,061,440 | ---- | M] () -- C:\Windows\diabunin.exe
[2015-01-02 15:51:37 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2015-01-02 15:46:48 | 000,257,155 | ---- | M] () -- C:\ProgramData\1420209775.bdinstall.bin
[2015-01-02 13:19:46 | 000,002,288 | ---- | M] () -- C:\Users\laptox\AppData\Local\recently-used.xbel
[2015-01-02 00:49:35 | 000,254,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014-12-31 22:32:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2014-12-27 21:07:01 | 000,106,496 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2014-12-27 21:07:01 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2014-12-22 22:07:10 | 000,336,140 | ---- | M] () -- C:\Users\laptox\Documents\Bez nazwy.xcf
[2014-12-18 22:25:28 | 000,074,000 | ---- | M] (BitDefender SRL) -- C:\Windows\System32\bdsandboxuiskin.dll
[2014-12-18 22:25:01 | 000,026,624 | ---- | M] (BitDefender SRL) -- C:\Windows\System32\bdsandboxuh.dll
[2014-12-14 23:03:27 | 000,030,206 | ---- | M] () -- C:\Users\laptox\Documents\untitled_.odt
[2014-12-13 00:51:36 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll
[2014-12-13 00:51:36 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll
[2014-12-12 23:54:48 | 000,153,375 | ---- | M] () -- C:\Windows\hpoins14.dat
[2014-12-11 22:01:57 | 000,000,266 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014-12-07 20:06:26 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014-12-07 20:06:26 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014-12-04 17:24:27 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2014-12-04 17:24:27 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2015-01-03 13:39:29 | 002,173,952 | ---- | C] () -- C:\Users\laptox\Desktop\AdwCleaner.exe
[2015-01-03 01:00:05 | 000,001,338 | ---- | C] () -- C:\Windows\tasks\VNUN.job
[2015-01-02 23:44:26 | 000,001,698 | ---- | C] () -- C:\Users\laptox\Desktop\Diablo II.lnk
[2015-01-02 22:06:03 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2015-01-02 22:06:03 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2015-01-02 15:51:37 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2015-01-02 15:51:31 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2015-01-02 15:46:48 | 000,257,155 | ---- | C] () -- C:\ProgramData\1420209775.bdinstall.bin
[2015-01-02 13:19:46 | 000,002,288 | ---- | C] () -- C:\Users\laptox\AppData\Local\recently-used.xbel
[2014-12-31 22:32:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2014-12-27 21:12:57 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2014-12-27 21:12:57 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2014-12-27 21:12:57 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2014-12-27 21:07:03 | 000,018,189 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2014-12-27 21:07:01 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2014-12-22 21:40:41 | 000,336,140 | ---- | C] () -- C:\Users\laptox\Documents\Bez nazwy.xcf
[2014-12-15 22:27:26 | 000,030,206 | ---- | C] () -- C:\Users\laptox\Documents\untitled_.odt
[2014-12-12 15:54:51 | 000,000,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014-12-11 12:57:16 | 002,881,848 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2014-12-11 12:57:15 | 000,015,688 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2014-12-11 12:57:06 | 000,010,320 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2014-12-11 12:55:56 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014-12-07 01:10:53 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2014-12-07 00:41:07 | 000,153,375 | ---- | C] () -- C:\Windows\hpoins14.dat
[2014-12-07 00:41:07 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2014-12-07 00:37:57 | 000,506,560 | ---- | C] () -- C:\Windows\System32\autorun.inf
[2014-12-04 17:24:21 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2014-12-04 17:24:21 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2014-12-02 22:52:16 | 000,007,680 | ---- | C] () -- C:\Users\laptox\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014-09-28 03:12:16 | 000,045,400 | ---- | C] () -- C:\Windows\System32\DiscHandler.exe
[2014-09-01 09:18:44 | 000,001,248 | ---- | C] () -- C:\Users\laptox\AppData\Roaming\VNUN
[2014-08-31 20:37:53 | 000,000,680 | ---- | C] () -- C:\Users\laptox\AppData\Local\d3d9caps.dat
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2006-11-02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 14:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 14:18:35 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 14:18:24 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 116 bytes - C:\ProgramData\TEMP:56E2E879

 End of report

Extras.txt:

OTL Extras logfile created on: 2015-01-03 14:22:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\laptox\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1,99 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 30,52% Memory free
4,22 Gb Paging File | 2,47 Gb Available in Paging File | 58,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,95 Gb Total Space | 64,18 Gb Free Space | 59,45% Space Free | Partition Type: NTFS
Drive D: | 106,38 Gb Total Space | 94,41 Gb Free Space | 88,75% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOX-TEST | User Name: laptox | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\extension]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\extension]
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\key\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FDB42BF-A025-4D45-BA47-C685698E66A3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{26FB880A-51E4-466E-9C7B-5A4A36E4CD58}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2A8A9544-42FB-4C0E-B5B2-D64D9E37EB67}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3F4A6FEA-6FCA-4F55-A9E4-E540B894ACB9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4E38D386-179A-4A55-9220-53986F249812}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6D7D89AA-51DF-4BD9-AB00-FF0986F3A9FE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{751ABAA5-259F-468F-888F-42E5CF1CF8F6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{94662B18-3FA8-45B2-90C6-83FD0F9A4A8F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{95BF6643-E1C7-4425-B316-FC9A628D6448}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DDA33F4A-6BB8-4EDC-B036-B3FB6F5E49DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B8EF2DF-618B-4C9A-8247-2A1C700D08AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4EE42616-4438-452B-AEAE-DF0C8099841E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EEA526C5-C2C4-434A-8F20-03A783E06BD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F6604241-935E-4777-BCB6-B16769B55A6F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{67D68150-0FA7-4C08-A0C4-8A6AA07899A5}C:\program files\transmission\transmission-qt.exe" = protocol=6 | dir=in | app=c:\program files\transmission\transmission-qt.exe | 
"UDP Query User{9C046B77-402C-49D3-A6D2-429160CC8F85}C:\program files\transmission\transmission-qt.exe" = protocol=17 | dir=in | app=c:\program files\transmission\transmission-qt.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}" = LibreOffice 4.3.5.2
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{81600979-7581-42F1-AC2D-B653C814FE00}" = Adblock plus dla IE (32-bitowego)
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski)
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.13) - Polish
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{C83B8B35-C2C4-3302-9A6E-C2AF1A59E8D6}" = Microsoft .NET Framework 4.5.1 (PLK)
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E8706A0A-D596-4ef8-B924-2D69BD75D95E}" = Doradca uaktualnienia systemu Windows 7
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Pepper" = Adobe Flash Player 15 Pepper
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Battle.net" = Battle.net
"Diablo" = Diablo
"Diablo II" = Diablo II
"Diablo Mod PL" = Diablo Mod PL
"ffdshow_is1" = ffdshow v1.3.4533 [2014-09-29]
"GIMP-2_is1" = GIMP 2.8.14
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 2.0.4.1028
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Opera 26.0.1656.60" = Opera Stable 26.0.1656.60
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Transmission-Qt" = Transmission-Qt
"VLC media player" = VLC media player
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[Application Events]
Error - 2014-12-12 10:33:19 | Computer Name = laptox-test | Source = Perflib | ID = 1008
Description = 
 
Error - 2014-12-21 14:13:50 | Computer Name = laptox-test | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd helppane.exe, wersja 6.0.6001.18000, sygnatura
 czasowa 0x4791945e, moduł powodujący błąd helppane.exe, wersja 6.0.6001.18000, 
sygnatura czasowa 0x4791945e, kod wyjątku 0xc0000005, przesunięcie błędu 0x000330d7,
identyfikator
 procesu 0x16d0, godzina rozpoczęcia aplikacji 0x01d01d49c03c4da0.
 
Error - 2014-12-22 16:44:08 | Computer Name = laptox-test | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd gimp-2.8.exe, wersja 2.8.14.0, sygnatura
 czasowa 0x00000000, moduł powodujący błąd libgobject-2.0-0.dll, wersja 2.40.0.0,
 sygnatura czasowa 0x3ead3e9f, kod wyjątku 0xc0000005, przesunięcie błędu 0x0000d662,
identyfikator
 procesu 0x17ec, godzina rozpoczęcia aplikacji 0x01d01e27912aee20.
 
Error - 2015-01-02 15:11:56 | Computer Name = laptox-test | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 2015-01-02 15:11:56 | Computer Name = laptox-test | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 2015-01-02 19:32:59 | Computer Name = laptox-test | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\LAVVideo.ax".
Nie
 można odnaleźć zestawu zależnego LAVFilters.Dependencies,type="win32",version="1.0.0.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2015-01-02 19:33:00 | Computer Name = laptox-test | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\system32\LAVAudio.ax".
Nie
 można odnaleźć zestawu zależnego LAVFilters.Dependencies,type="win32",version="1.0.0.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2015-01-02 19:36:37 | Computer Name = laptox-test | Source = MsiInstaller | ID = 11309
Description = 
 
Error - 2015-01-02 20:00:09 | Computer Name = laptox-test | Source = MsiInstaller | ID = 11309
Description = 
 
Error - 2015-01-03 08:44:17 | Computer Name = laptox-test | Source = ESENT | ID = 467
Description = Windows (2104) Windows: Baza danych C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
 Indeks System_ItemFolderPathDisplayNarrow415 tabeli SystemIndex_0A jest uszkodzony
 (0).
 
[System Events]
Error - 2015-01-02 19:56:05 | Computer Name = laptox-test | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 2015-01-03 08:22:14 | Computer Name = laptox-test | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 2015-01-03 08:44:19 | Computer Name = laptox-test | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 2015-01-03 08:44:19 | Computer Name = laptox-test | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 2015-01-03 08:44:19 | Computer Name = laptox-test | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 2015-01-03 08:44:20 | Computer Name = laptox-test | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 2015-01-03 08:44:25 | Computer Name = laptox-test | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 2015-01-03 08:47:29 | Computer Name = laptox-test | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 2015-01-03 08:54:41 | Computer Name = laptox-test | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 2015-01-03 09:07:46 | Computer Name = laptox-test | Source = Service Control Manager | ID = 7000
Description = 
 
 
 End of report

Proszę zatem Was o pomoc.


(Atis) #2

Nowy log obowiązkowy - Farbar Recovery Scan Tool


(Etheor2) #3

FRST:

http://wklej.org/id/1582730/

 

Addition:

http://wklej.org/id/1582729/


(Atis) #4

(Etheor2) #5

@Atis, poprawione. Coś jeszcze może od razu wrzucić, abyśmy się tak nie rozdrabniali?


(Atis) #6

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1637330327-1006262202-46256929-1000 -> {656F7FE5-2F5B-44F4-9C17-34A71761ADF3} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
U3 uxloqfow; \??\C:\Users\laptox\AppData\Local\Temp\uxloqfow.sys [X]
C:\AdwCleaner
C:\Users\Public\Documents\YTAHelper
C:\Users\Public\Documents\GOOBZO
C:\Users\Public\Documents\ShopperPro
CustomCLSID: HKU\S-1-5-21-1637330327-1006262202-46256929-1000_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\Users\laptox\Desktop\BESTplayer.exe No File
Task: {0A3452D9-12D4-459B-80B3-10DA6BA675E1} - \246791ca-c8e1-4562-8863-629bef584158-5_user No Task File <==== ATTENTION
Task: {0AC96EE5-F109-4BAD-BE8D-92263BE8A665} - \246791ca-c8e1-4562-8863-629bef584158-1 No Task File <==== ATTENTION
Task: {16692677-A5E2-44C8-B277-047E1BE511C7} - System32\Tasks\YTAUpdate => C:\PROGRA~1\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {249E964A-5B39-4F5D-B65C-58C219170F8E} - \ShopperPro No Task File <==== ATTENTION
Task: {2DBE9B65-7590-4DAA-B00B-08613A1F29FB} - \7431a2ec-b65c-47ec-9ac2-85932f3e39d7-1 No Task File <==== ATTENTION
Task: {41872B67-2BA0-4835-8EC9-AC69750267C8} - \246791ca-c8e1-4562-8863-629bef584158-11 No Task File <==== ATTENTION
Task: {4DAD799A-941C-4594-9C0D-E81A78F1B9B2} - \7431a2ec-b65c-47ec-9ac2-85932f3e39d7-2 No Task File <==== ATTENTION
Task: {5E448C0A-2B84-408A-B156-E571656B9052} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {6246E8E0-B1E8-4BB5-8BFD-C5C20FD307B8} - \7431a2ec-b65c-47ec-9ac2-85932f3e39d7-5_user No Task File <==== ATTENTION
Task: {6757A75A-C96C-4FC3-AD3A-2C00C3F0B81E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {6980F196-D87D-459E-AAEB-FC2EB45757CE} - \SPBIW_UpdateTask_Time_323733333731373033382d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {7D2A8268-60E3-45D7-88EA-7613E0BF8429} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {83AC1EB4-9786-4479-ABD1-68E3C2F2EA95} - System32\Tasks\VNUN => C:\Users\laptox\AppData\Roaming\VNUN.exe <==== ATTENTION
Task: {9E1079CC-2CB7-40A8-80B8-2A7E738204DB} - \7431a2ec-b65c-47ec-9ac2-85932f3e39d7-5 No Task File <==== ATTENTION
Task: {A08E11DD-1532-4182-9B29-257ABDA14931} - System32\Tasks\{BB966322-2B3D-4D51-AE33-F482389D1C5E} => pcalua.exe -a "C:\Program Files\Diablo II\PLAYD2.EXE" -d "C:\Program Files\Diablo II"
Task: {B3AEFB8D-0610-4545-A602-89587A455928} - \246791ca-c8e1-4562-8863-629bef584158-5 No Task File <==== ATTENTION
Task: {C69ACF2C-BACD-4AA2-BB8B-8B38DD6E2A4E} - \246791ca-c8e1-4562-8863-629bef584158-2 No Task File <==== ATTENTION
Task: {CB097003-A79F-4A46-9267-2B599E75D919} - \SPDriver No Task File <==== ATTENTION
Task: {DE29B570-FCB6-412B-AFA7-6B71345782EF} - \7431a2ec-b65c-47ec-9ac2-85932f3e39d7-11 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\VNUN.job => C:\Users\laptox\AppData\Roaming\VNUN.exe <==== ATTENTION
C:\Users\laptox\AppData\Roaming\*.exe
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Etheor2) #7

Fixlist.txt wrzucić konkretnie do jakiegoś folderu?


(Atis) #8

Tam gdzie jest program FRST: C:\Users\laptox\Desktop


(Atis) #9

Tam gdzie jest program FRST: C:\Users\laptox\Desktop


(Etheor2) #10

Fixlog:

http://wklej.org/id/1583060/

 

FRST:

http://wklej.org/id/1583068/


(Atis) #11

Skasuj folder C:\FRST

Usuń stare punkty przywracania: KLIK

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Adobe Flash Player 15 ActiveX

Adobe Flash Player 15 Plugin

Adobe Reader X

Zainstaluj:

Flash Player 16.0.0.235 Plugin

Flash Player 16.0.0.235 ActiveX

Adobe Reader XI 11.0.10


(Etheor2) #12

Jednak dalej nic. Sense Plus nadal wyrzuca reklamy, a rada dotycząca instalacji nie na oślep jest źle trafiona w stosunku co do mojej osoby. Jeszcze chwila i wracam do linuxa, który nigdy się tak nie krzaczył jak ten windows.


(Atis) #13

Czy twierdzisz, że szkodliwe programy adware samodzielnie się zainstalowały?

Raporty z FRST nie uwzględniają Opery, więc usuń szkodliwe rozszerzenia.

W pasek adresu wpisz: opera://extensions


(Etheor2) #14

Napiszę w ten sposób, nie używam komputera od roku, czy od dwóch. Przerabiałem masę systemów operacyjnych począwszy od Windows95 i różne dystrybucje Linux. Wczoraj jedno co zrobiłem to usunąłem BitDefendera, na którym skończyła się ważność, a po chwili komputer był cały zasyfiony. Nie były żadne programy instalowane oprócz Microsoft Security Essentials pobranego bezpośrednio od Microsoftu.

 

Temat prawdopodobnie rozwiązany, więc dziękuję za pomoc.