shark010 Opublikowano 5 Marca 2015 Zgłoś Udostępnij Opublikowano 5 Marca 2015 Witam Mam problem z laptopem kolegi. Nie moge sie zalogować na konto "adam" - tak nazwał konto kolega (wczesniej konto nazywało sie prawdopodobnie "faf"). Czytałem troszke na ten temat w internecie i widziałem jest szansa na odzyskanie tego profilu i rzeczy. Nie wykluczam też działania wirusa. Objawy:po właczeniu się widowsa pokazują sie profile do wyboru "Adam" i "gość". Po kliknieciu na jakikolwiek profil wyskakuje informacja "Logowanie usługi usługa profilów użytkowników niepowiodło się. Nie można załadować profilu użytkownika.". Po takiej informacji uruchomiłem tryb awaryjny i podczas wybierania konta "adam" zalogował się z tym że pojawiła sie informacja " lokalizacja niedostępna c:\windows\sustem32\config\systemprofile\desktop odwołuje sie do lokalizacji, która ..... ". Po uruchomieniu menadżera i sprawdzeniu aktywnych użytkowników pokazuje mi jednego aktywnego użytkownika "faf". Zrobiłem logi FRST. Niestety nie moge zrobić loga GMER, poniewaz po uruchomieniu programu wyskakuje mi informacja "CreateFile c:\windows\system32\config\system~1\AppData\Local\Temp\ugfcqacc.sys. Nie mozna odnaleśc ścieżki. System operacyjny: Windows 7 Professional Service Pack 1 (X64) Addition.txt FRST.txt Shortcut.txt Odnośnik do komentarza
picasso Opublikowano 5 Marca 2015 Zgłoś Udostępnij Opublikowano 5 Marca 2015 Logi z przestarzałego OTL nie są już obowiązkowego i usuwam. Temat przenoszę do działu Windows, bo zasadniczy problem dotyczy profilu. Wprawdzie jest tu ogromna kupa śmieci adware, ale to problem podrzędny i nie będę się zajmować czyszczeniem tego kompleksowo w sytuacji, gdy nawet środowisko nie jest widziane poprawnie. To potem. Problem główny nie jest pochodną infekcji. Tu nastąpiła utrata dostępu do konta: Loaded Profiles: False (Available profiles: ) ==================== Accounts: ============================= Administrator (S-1-5-21-554914868-1295861038-1199024560-500 - Administrator - Disabled) faf (S-1-5-21-554914868-1295861038-1199024560-1004 - Administrator - Enabled) Gość (S-1-5-21-554914868-1295861038-1199024560-501 - Limited - Enabled) Application errors: ================== Error: (03/05/2015 07:18:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: as-Komputer) Description: System Windows nie może załadować profilu użytkownika, ale wykonał logowanie przy użyciu domyślnego profilu systemowego. SZCZEGÓŁY - System nie może odnaleźć określonej ścieżki. Widać tu konto "faf", gdyż FRST pobiera nazwę wewnętrzną, a nie nazwę wyświetlaną którą ktoś sobie zmienił. Konto nawet nie ma sprecyzowanej powiązanej ścieżki na dysku, nie jest w ogóle połączone z folderem C:\Users\faf. I nie wiadomo czy folder konta jest cały, bo jeśli nie, to jest to nieprawialne i nie pomoże operacja poniżej, skończy się na założeniu nowego konta. Zacznij od: 1. Potrzebne konto pośrednie do przeprowadzenia operacji. Włącz wbudowane konto Administrator. Start > w polu szukania wpisz lusrmgr.msc > z prawokliku Uruchom jako Administrator. Dwuklik w Użytkownicy > dwuklik w Administratora i włącz konto. 2. Wyloguj się całkowicie z obecnego tymczasowego konta poprzez pełny restart komputera a nie opcje Wyloguj / Przełącz użytkownika. Zaloguj się na Administratora. Uruchom na nim Reprofiler. Połącz konto faf z folderem C:\Users\faf. 3. Zresetuj komputer. Zaloguj się na adam/faf. Jeśli logowanie nastąpi pomyślnie i nie będzie komunikatu o logowaniu via profil tymczasowy, zrób nowe raporty z FRST (wszystkie trzy). Jeśli nie nastąpi żadna zmiana, trzeba będzie konto likwidować i zakładać nowe, ale to dopiero po czyszczeniu adware. Odnośnik do komentarza
shark010 Opublikowano 5 Marca 2015 Autor Zgłoś Udostępnij Opublikowano 5 Marca 2015 Dziekuje udało sie zalogowac na konto adam/faf. Przesyłam logi z FRST w celu dalszego porzątkowania Addition.txt FRST.txt Shortcut.txt Odnośnik do komentarza
picasso Opublikowano 5 Marca 2015 Zgłoś Udostępnij Opublikowano 5 Marca 2015 Tak jest, konto poprawnie powiązane z folderem. Teraz możemy się zająć czyszczeniem adware i innych rzeczy: 1. Przez Panel sterowania odinstaluj: - Adware: allday savings, Bonanza Deals (remove only), Defaulttab, Delta Chrome Toolbar, istartsurf uninstall, Remote Desktop Access (VuuPC), V-9.1HD, WebConnect 3.0.0, WindowsMangerProtect20.0.0.502 - Stare wersje i zbędniki: Adobe Acrobat 5.0 CE, Adobe Reader 9.4.0 - Polish, Adobe Shockwave Player 12.0, Google Chrome, Google Toolbar for Internet Explorer, Java 7 Update 60, Java 8 Update 25 (64-bit), Java 6 Update 32, Trend Micro Internet Security. 2. Zrób ponownie trzy logi FRST. Odnośnik do komentarza
shark010 Opublikowano 6 Marca 2015 Autor Zgłoś Udostępnij Opublikowano 6 Marca 2015 Czesc juz jestem przesyłam kolejne pliki po czyszczeniu i odinstalowaniu staroci. Zobaczyłe ze nie moge stworzyc ikony "mój komputer" czy to normalne? Addition.txt FRST.txt Shortcut.txt Odnośnik do komentarza
picasso Opublikowano 6 Marca 2015 Zgłoś Udostępnij Opublikowano 6 Marca 2015 O co chodzi z ikoną "Mój komputer" - co konkretnie widzisz? Dalsze czyszczenie: 1. Deinstalacje: - Nie zostały odinstalowane te pozycje: Adobe Acrobat 5.0 CE, Java 8 Update 25 (64-bit) - Uruchom narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście odpadki Google Toolbar for Internet Explorer, Google Update Helper > Dalej. Narzędzie należy uruchomić dwa razy, nie umożliwia hurtowej operacji. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-24] (NetFilterSDK.com) R1 {664f7cae-01d9-48b5-bc90-e3c3d6bb0ddb}w64; C:\Windows\System32\drivers\{664f7cae-01d9-48b5-bc90-e3c3d6bb0ddb}w64.sys [61128 2014-04-24] (StdLib) R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys [61112 2014-06-30] (StdLib) R1 {78621d41-c71d-4d6b-a4da-c1af0f310e3e}w64; C:\Windows\System32\drivers\{78621d41-c71d-4d6b-a4da-c1af0f310e3e}w64.sys [48840 2014-11-27] (StdLib) R1 {951b00f5-f3a4-4dc9-9aac-412d27c14053}w64; C:\Windows\System32\drivers\{951b00f5-f3a4-4dc9-9aac-412d27c14053}w64.sys [48840 2014-11-28] (StdLib) R1 {f365189d-3e18-4f01-8423-a1ed102ed962}w64; C:\Windows\System32\drivers\{f365189d-3e18-4f01-8423-a1ed102ed962}w64.sys [48840 2014-11-30] (StdLib) R2 AllDaySavingsService64; C:\Program Files (x86)\D52E2FDD-4553-4F81-BE20-F1405B80CAA4\cnfygfszki64.exe [172544 2014-07-24] () [File not signed] R2 DefaultTabUpdate; C:\Users\adam\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-28] () [File not signed] R2 hzunyanhtn64; C:\Program Files\005\hzunyanhtn64.exe [709120 2014-07-30] () [File not signed] R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-07-29] (Cherished Technololgy LIMITED) [File not signed] R2 MaintainerSvc3.63.6844702; C:\ProgramData\9770d137-0554-4a98-9776-1cfcef3857da\maintainer.exe [123680 2015-03-01] () R2 Verifies and fixes application compatibility issues; C:\Users\faf\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] () [File not signed] S2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [X] S3 ATICDSDr; \??\C:\Users\as\AppData\Local\Temp\ATICDSDr.sys [X] S2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [X] S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe /svc [X] S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe /medsvc [X] S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [X] S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] U3 tmlwf; No ImagePath U3 tmwfp; No ImagePath S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM-x32\...\Run: [setwallpaper] => c:\programdata\SetWallpaper.cmd HKLM-x32\...\Run: [fst_pl_205] => "C:\Program Files (x86)\fst_pl_205\fst_pl_205.exe" HKLM-x32\...\Run: [rec_pl_2] => [X] AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll" File Not Found Task: {0514E1BB-4283-475F-A734-F4EBF03A01F6} - System32\Tasks\{8DDED7D3-4F12-4BDC-A9B8-CD3D88B52E2A} => E:\autorun.exe Task: {06029EE3-0B08-4331-903D-4110AB97AD67} - System32\Tasks\{13E3320E-5E99-49D7-B744-F661A946EA56} => C:\Users\as\Desktop\RailRoads.exe Task: {0711C557-5416-4068-9885-F5936C24B6AA} - System32\Tasks\{AFB5D6BD-5582-47C6-8806-4B801A72589A} => pcalua.exe -a E:\1\Setup.exe -d E:\1 Task: {07DDC780-CDF1-43D6-B24D-BA3CED4502AC} - System32\Tasks\{5ACB43A9-9A68-44A8-944F-8C0703D051A7} => D:\Zip Zoom Racer\launcher.exe Task: {10E84168-8514-4FAA-A2B8-2264A1616AA0} - System32\Tasks\{C01FCF43-8230-49CC-8351-AB73DDFF9F30} => pcalua.exe -a C:\Users\faf\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=smt Task: {15FF4723-DD3A-422C-8027-2FF67374A517} - System32\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-5 => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-5.exe Task: {161DCB25-D9FC-44AB-B42D-3CA4AB36ABA6} - System32\Tasks\{D197A53C-D747-4C41-9122-A81946BEEE1E} => D:\RD2.exe Task: {16B9961E-C208-4451-AE8E-9B5E7F7B1D95} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe Task: {1785C334-F9E8-4ECB-9DEF-19A2959F977A} - System32\Tasks\BitGuard => Sc.exe start BitGuard Task: {1BE9E2CA-C361-41FF-9201-905F8B4BD792} - System32\Tasks\{7307B437-DBDD-4273-8852-B68854EFABBC} => Firefox.exe http://ui.skype.com/ui/0/7.1.0.105/pl/abandoninstall?page=tsProgressBar Task: {1D667BA0-EE14-4876-BD61-97CABFBC09FA} - System32\Tasks\{565E926C-DF8F-454A-BB73-B81B559F7FE2} => D:\outfront.exe Task: {24DEA923-6795-4C7B-B212-B7C17A37BE1A} - System32\Tasks\{DE690074-E5E7-4841-A542-30E2EF7260DA} => pcalua.exe -a D:\HardwareSetup.exe -d D: Task: {25162CA9-E78F-4841-9026-67AEBF9679AD} - System32\Tasks\{30066ECD-66D2-48A2-9CCB-89961CAA0309} => C:\Program Files (x86)\Cenega\Outfront\outfront.exe Task: {27002AE9-5DFB-4840-83BC-C3AE012B7402} - System32\Tasks\{ECFD5303-4935-4960-B5B7-58860BCD783A} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.14.0.104&LastError=302 Task: {2E71A95A-1CBE-4C90-B340-59C3B966D6A6} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe Task: {2F667C8E-A1C2-43C5-8C92-B141EB710F7D} - System32\Tasks\{77DA200C-6236-4461-B9EE-4B178D19909A} => C:\Program Files (x86)\JoWooD\Panzer Elite Action – Dunes of War Singleplayer Demo\pea.exe Task: {2FC7F822-9E34-4A4F-A988-585008F92A61} - System32\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-6 => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-6.exe Task: {32405DCB-E791-4C62-B369-4E11FFEF7E13} - System32\Tasks\{B4CB70F5-D5BD-49B9-956C-A6CA2B265D8D} => C:\Program Files (x86)\Oxygen\Conspiracy , Weapons of mass destruction\cwmd.exe [2005-04-29] (Kuju Entertainment Ltd) Task: {333040EC-8724-429A-8D5B-F17FE28120C1} - System32\Tasks\{9894DF97-0E47-4BD2-A8B5-DEF754A320BB} => pcalua.exe -a E:\setup.exe -d E:\ Task: {3780E172-D7B2-4F08-939A-E5B4B77877AA} - System32\Tasks\{2D194A4A-A868-4F93-9388-7A555CD9913F} => C:\BrickForce\BfLauncher.exe Task: {3C10AF2F-CBA2-4477-BFBB-45BB5CEADC16} - System32\Tasks\{4B8E9FA4-8172-46B7-AFD1-2BA91A387F86} => pcalua.exe -a E:\Setupnow.exe -d E:\ Task: {43066817-9B22-4D49-9283-6A86196ABA93} - System32\Tasks\{10757F15-FA3A-420E-B059-88294A5BDE58} => C:\Users\as\Desktop\LEGO® Batman™ 2 Demo\LEGOBatman2Demo.exe Task: {474BE34B-EBCD-48A4-A589-48254390F35D} - System32\Tasks\{F8E31256-AC99-4AEA-BC3B-C81730D37AC6} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\The Sims 2\Support\The Sims 2_code.exe" -d "C:\Program Files (x86)\EA GAMES\The Sims 2\Support" Task: {490FDB46-19C2-426A-B188-467F73593049} - System32\Tasks\{8EB4E3F1-C593-4CBD-A937-0D78DD8D7B7F} => pcalua.exe -a C:\Windows\snuninst.exe -d C:\Windows Task: {4A06082B-C4D5-4685-95BB-8296AA99D676} - System32\Tasks\{CB57D96C-F342-47BE-8B56-E904FFE92068} => C:\Program Files (x86)\B2B Games\Hugo Creator - Rodzina\Hugo Creator Family.exe Task: {4C72399E-3D84-4034-B922-7552E8381EB0} - System32\Tasks\{96B975F4-CDFC-4B43-96A2-FAF301637379} => C:\Program Files (x86)\Play\Jeżyk\Jezyk.exe Task: {540B3699-4F4C-4FF6-9B7C-FB96AC05D4CF} - System32\Tasks\{5455FDE2-B0B4-4AE5-A0C4-91CA8A4A8495} => C:\Program Files (x86)\B2B Games\Hugo Creator - Rodzina\Hugo Creator Family.exe Task: {5C014063-0E7D-4FED-B044-4B6A6AA2A71B} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe [2015-01-24] () Task: {654D008C-E665-47AC-AD58-D9509F95F513} - System32\Tasks\{7BD39BDB-EF62-4AF2-9C7E-E66E06E1802F} => C:\Program Files (x86)\B2B Games\Hugo Creator - Na Safari\Hugo Creator Safari.exe Task: {67438034-623C-4D35-B43E-37D0E18C0087} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-02-27] (ATK) Task: {69B48A5D-D199-4B9A-8399-E83FBA3AECA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {6D186E74-2C85-4C50-9913-2BA3648D9ECE} - System32\Tasks\{794EF496-3DEE-4135-9818-A32B1D19DF7C} => pcalua.exe -a F:\Setup.exe -d F:\ Task: {6E71ED94-0874-4F81-BBF1-6B3E861E25C5} - System32\Tasks\Yahoo! Search => C:\Users\faf\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe [2015-01-24] (Pay By Ads LTD) Task: {71701C21-AE17-40DC-94F4-9E89D91F0C29} - System32\Tasks\{1F248A31-557F-4551-9DA1-EBFC0A189FE6} => C:\Program Files (x86)\Cenega\Outfront\outfront.exe Task: {78596795-A66E-4A2E-A4BD-09F21E501630} - System32\Tasks\{6B5CAF91-671F-4F41-A9BA-43F5EC7C44A8} => C:\Program Files (x86)\B2B Games\Hugo Creator - Rodzina\Hugo Creator Family.exe Task: {7B257B26-F027-42BD-A7AB-A3B81FDD54BA} - System32\Tasks\{7E49307F-D051-42F0-852F-53AC725998FC} => C:\Program Files (x86)\Atari\DRIV3R\Driv3r.exe Task: {7B822133-D412-4451-8226-07DBD515393D} - System32\Tasks\{95A8140A-B7DF-4AB3-B244-A41AAD4F8AAA} => pcalua.exe -a E:\autorun.exe -d E:\ Task: {7ECEC814-635F-474B-82BF-BFD5934FF4B4} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe Task: {7FF9E954-59C2-4236-A10B-4943D9011960} - System32\Tasks\{DC5C061B-8CCD-4F05-9AE9-BC26819119F8} => E:\autorun.exe Task: {810BF08F-E153-4716-B664-62DB7A86B86F} - System32\Tasks\{4612E135-0A0C-4713-B051-52B0D586D553} => pcalua.exe -a "D:\Zip Zoom Racer\PhysX_driver.exe" -d "D:\Zip Zoom Racer" Task: {81792CD7-4DEC-4E66-8636-3779A36356E9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-554914868-1295861038-1199024560-1002 Task: {8568A1EC-1053-4CD8-A09B-C27E91BBEA15} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: {85DA1371-1FED-45F0-9B8E-D9EE0658BFCA} - System32\Tasks\{871D8787-987B-41A1-80AE-896F295F1895} => C:\Program Files (x86)\Atari\DRIV3R\Driv3r.exe Task: {89FC9A52-D6F4-4B78-B1BC-1EF349FEBC11} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {8DECFDF9-4C24-442B-825D-C42F1D7C8A2E} - System32\Tasks\{F6BDF8E4-FA55-4732-9101-7AA3772563AF} => D:\RailRoads.exe Task: {8FD2F7AC-D86F-440A-A9A0-8A8FFC7E7251} - System32\Tasks\{C3164E8C-0A4C-4547-8142-7C85CDA78D27} => C:\Program Files (x86)\Titanic - symulator podwodnych operacji\Titanic.exe Task: {93F5C217-AB94-4E4B-99A0-20C7A049656B} - System32\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-2 => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-2.exe Task: {972B9A63-5BD4-463F-8860-7134A4969819} - System32\Tasks\{697D2470-33F0-46E1-926E-C4AE3A953E19} => C:\Program Files (x86)\Techland\Symulator Śmieciarki\GarbageTruckSimulator.exe Task: {97F44397-4D5C-47D3-8687-E5DCD40F1225} - System32\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-1 => C:\Program Files (x86)\V-9.1HD\V-9.1HD-codedownloader.exe Task: {9D5A5A7B-703E-4371-9BA4-AD5470235FFC} - System32\Tasks\Math Problem Solver Optimize => C:\Users\faf\AppData\Local\Math Problem Solver\Optimize.exe [2014-01-20] () Task: {9E92B22A-B879-47A4-8CEB-92B5347B3012} - System32\Tasks\{5673EDB2-92CF-47F4-A6B7-BA2B497AF102} => pcalua.exe -a E:\setup.exe -d E:\ Task: {9F16BFE3-C7AF-4A42-ABF9-34162A3AF4FD} - System32\Tasks\{4103253E-7B95-47B5-A579-92941F2EFCFC} => C:\Program Files (x86)\Play\Zip Zoom Racer\launcher.exe Task: {9F39F7CD-EB0F-492F-B708-680AEB62125E} - System32\Tasks\{767A88C4-FCB1-4C49-AFEF-886890B46FE5} => pcalua.exe -a E:\Setup.exe -d E:\ Task: {A0F1B1B0-FBDF-4FDB-A506-7A6A4438CDB9} - System32\Tasks\{8FD71E94-3102-44BA-BDB7-39F87F53FE3F} => C:\Program Files (x86)\B2B Games\Hugo Creator - Rodzina\Hugo Creator Family.exe Task: {A5040445-8984-48B9-B76A-CAC2B9BB1788} - System32\Tasks\{210409E9-645A-4046-A6AC-2B88FE7E2F8A} => D:\Zip Zoom Racer\launcher.exe Task: {A77164F2-6D21-4456-8472-BE0C520F3350} - System32\Tasks\{AA479ACF-459C-4832-A6FE-C2C660AE857A} => C:\ToxSickLabs\Bridge\Bridge.exe [2012-03-05] () Task: {A7E4FDED-D0F7-40CB-AF66-28B576E0AC7D} - System32\Tasks\{DFB2E1C3-C915-46AB-A7B3-AC94F4CD571C} => C:\ToxSickLabs\Bridge\Bridge.exe [2012-03-05] () Task: {A8890A2C-3BF8-4F0A-A364-47E1E273AB25} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: {AC034702-BE6B-45FF-B032-73724A1263C7} - System32\Tasks\{E7D301FF-20E4-4F09-B636-625492AEB500} => C:\Program Files (x86)\B2B Games\Hugo Creator - Na Safari\Hugo Creator Safari.exe Task: {AD0A7FDF-64EB-4344-A829-6AD8B8AA7605} - System32\Tasks\{ECED30C5-23A7-40F7-AFEA-4684F92C99D9} => D:\FlightGear\bin\Win64\fgrun.exe Task: {AF45F368-6D23-443C-99D1-AB3E512B1FC0} - System32\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-7 => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-7.exe Task: {AF50D2B6-9DB2-4417-B4A7-4228B1820B6B} - System32\Tasks\{5B262146-9ABA-4C66-8B67-6D08298125DE} => C:\Program Files (x86)\JoWooD\Panzer Elite Action – Dunes of War Singleplayer Demo\pea.exe Task: {B3911D6D-6716-40D8-8F0A-AAC98338C92A} - System32\Tasks\{77E25801-C47E-408A-978C-DA5805B44235} => pcalua.exe -a C:\WINDOWS\ISUN0415.EXE -c -f"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0 CE\NT\Uninst.isu" -c"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0 CE\NT\Uninst.dll" Task: {B4F08183-C64D-4AA8-A962-D927E9C5E7F8} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Macromed\Shockwave 10\SymInstallStub.exe [2013-05-24] (Symantec Corporation) Task: {B788AE3D-CE92-4A69-8395-CF7FF83C7D71} - System32\Tasks\{D737A89C-8C71-4F68-A8D2-11DA24C432FB} => D:\RD2.exe Task: {BC695C45-AC9D-4508-BB8B-395F1A568E05} - System32\Tasks\BonanzaDealsUpdate => C:\Program Task: {BEFF7E1C-FFB9-4B3C-94C4-8BBCE2B87199} - System32\Tasks\{C3521DB6-FFDD-4B79-BEAB-8C160AB99551} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe [2005-08-05] () Task: {BF4C4470-38FF-4477-8296-E5EA24DF2333} - System32\Tasks\{5ABCBF80-557A-43D6-807D-EDC5A16C3060} => E:\1\Setup.exe Task: {C27E81FB-3BB9-49AA-8EDF-6AA3C39A8D8A} - System32\Tasks\{3A1C938A-ADDB-4156-907B-38B1B473B527} => D:\FlightGear\bin\Win64\fgrun.exe Task: {C4DF8925-9992-44D0-9891-78FB1DCF0EE9} - System32\Tasks\{3FC678F4-14FE-47AE-9509-D39A03616ABC} => pcalua.exe -a C:\Users\as\Desktop\ATI\SUPPORT\6-4_xp-2k_dd_31959\makensisw.exe -d C:\Users\as\Desktop\ATI\SUPPORT\6-4_xp-2k_dd_31959 Task: {C51436FC-643F-4D3B-A8C0-44FF9C297E7D} - System32\Tasks\{C40CDB90-8229-4B4B-9ECB-A82A6CFE3494} => C:\Program Files (x86)\JoWooD\Panzer Elite Action – Dunes of War Singleplayer Demo\pea.exe Task: {C5F3FEB8-52A8-4E71-8FA4-9199EB40EFB3} - System32\Tasks\{197E124D-F962-4F63-9D0C-3538FA7FC06D} => C:\Program Files (x86)\JoWooD\Panzer Elite Action – Dunes of War Singleplayer Demo\pea.exe Task: {C63F3A3E-8B98-4321-BAAD-24EEFF54CDF3} - System32\Tasks\{9FF561E8-F7B4-4B5F-84E3-7AFF1F0F0CD9} => E:\autorun.exe Task: {C6DDB8C1-A0A4-4C29-B2F4-A12E716FC935} - System32\Tasks\{7FCD1D2C-741E-498D-827E-3503D718DD6A} => D:\AngryBirdsBreakfast1.exe [2013-06-11] () Task: {C82F10C1-1AF4-41A3-8304-959388B0B7AD} - System32\Tasks\{F598D91E-85F7-4517-8BA7-DEEC496AC1A0} => D:\RailRoads.exe Task: {C90196AF-B785-4865-AB36-981927DBC6E6} - System32\Tasks\{605CB7FD-A5E7-438F-8E14-C065CE28DDB0} => C:\Program Files (x86)\Cenega\Outfront\outfront.exe Task: {C9D403E1-C46C-4D76-B9E8-065A114C3ACD} - System32\Tasks\Math Problem Solver CPU => C:\Users\faf\AppData\Local\Math Problem Solver\cpu\Solve.exe [2014-01-23] () Task: {CE2F886B-4C45-4666-93DC-67D465219526} - System32\Tasks\{81DB7555-A6D5-4A7B-A8A3-D935711AE66A} => C:\Program Files (x86)\B2B Games\Hugo Creator - Na Safari\Hugo Creator Safari.exe Task: {CF414DA9-1EDB-4A87-B06C-E1066D167A6C} - System32\Tasks\{11A7D0F7-6E0E-4127-8BCA-6D5C760BAC57} => pcalua.exe -a C:\Users\faf\Desktop\MinecraftZyczu.exe -d C:\Users\faf\Desktop Task: {D0A529A7-86EF-492C-948F-7102F98077E7} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe [2015-01-24] () Task: {D18DAC1E-39B5-4FD9-8605-E9B7BA79DFC0} - System32\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-3 => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-3.exe Task: {D24EA8AE-AA66-4B52-BC07-10A1DC084B92} - System32\Tasks\{BB175075-9E8A-48E8-8014-EAE5AF24D80F} => C:\Program Files (x86)\Play\Zip Zoom Racer\launcher.exe Task: {D901A003-BBAB-4B08-9D51-711568001EDD} - System32\Tasks\{D56E2EAC-52E0-458F-B136-78208C93D3F5} => C:\Program Files (x86)\Play\Zip Zoom Racer\launcher.exe Task: {E214DECE-8D29-4C55-B32D-B25C6FB0AEA7} - System32\Tasks\{3C2479D6-7C15-48D7-B6F3-A3B49C5F384E} => C:\Program Files (x86)\Empire Interactive\Starship Troopers\STGame.exe Task: {E3DF7D00-18AF-4FA0-8BD5-F42E7E13AA7C} - System32\Tasks\{37026E29-3C56-46FD-B729-51A2D0B6E74C} => D:\Zip Zoom Racer\launcher.exe Task: {E44B9F54-A151-4FF3-9A23-A82F4B1A6110} - System32\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-5_user => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-5.exe Task: {E74DF98E-8AB4-4368-AF33-7FEFDEE8440C} - System32\Tasks\{9B383E3C-1AD4-4578-9DA2-137356AF5E63} => pcalua.exe -a E:\autorun.exe -d E:\ Task: {EBB3D859-E213-4929-93DB-23BAB8598E99} - System32\Tasks\{78ABB6BC-36E7-481E-B714-019DFDCF4E76} => C:\Program Files (x86)\Wiktor Wiewior 3D\Wiktor Tajemnica Krzywej Wiezy\Tajemnica Krzywej Wiezy.exe Task: {EBCB255E-9A46-42DD-BD58-DADFF23EA36E} - System32\Tasks\Math Problem Solver GPU => C:\Users\faf\AppData\Local\Math Problem Solver\gpu\dummysleep.exe [2014-05-11] () Task: {EE8E2E45-B562-4308-B1AA-237193979974} - System32\Tasks\{32C1351C-EF61-490C-A1B9-13F0E7A8A0CF} => D:\outfront.exe Task: {EFFC24ED-7F37-49B1-9B74-77E434C42D29} - System32\Tasks\Yahoo! Search Updater => C:\Users\faf\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrsetup.exe [2015-01-24] (Pay By Ads LTD) Task: {F0EC06FD-D865-41AC-8C42-F9FF02108780} - System32\Tasks\{8A0FF44B-D795-4750-A78E-FEA0E329732A} => pcalua.exe -a E:\setup.exe -d E:\ Task: {F367E1F3-03BA-4EEB-90A8-8D1631DD68A6} - System32\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-11 => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-11.exe Task: {F4A7C470-F910-4328-A8C2-A3C2B928377F} - System32\Tasks\{4FF48FAC-5133-4E32-AE50-BE5C1034B807} => D:\Program Files\Driv3r.exe Task: {F5A1836E-4BB3-4F81-B6E4-E6FD454A889B} - System32\Tasks\{D88F4B6F-F91A-4C1F-A8DC-F07C56738E5C} => D:\RailRoads.exe Task: {F76DB89D-8F64-422C-AFEE-425E6D5377DE} - System32\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-4 => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-4.exe Task: {FB46B300-4072-4FFD-B882-2BF22D441DD1} - System32\Tasks\{86BB28D4-3642-4AC4-B861-9534B5F6DBE8} => C:\Program Files (x86)\EA GAMES\Need for Speed Most Wanted\speed.exe [2005-11-01] () Task: {FBD5E5B8-82E0-4031-99D3-1561AEEFE9A0} - System32\Tasks\{C9DE3DAC-D60C-4E00-800F-7E8B07A1A55F} => C:\Program Files (x86)\Cenega\Outfront\outfront.exe Task: {FE660247-E575-46CE-ABD2-A75A0C008995} - System32\Tasks\{7E4CD950-1319-4B29-8BC5-894CDDAA00E5} => pcalua.exe -a "C:\Program Files (x86)\Red Storm Entertainment\Tom Clancy's Rainbow Six\mplaynow.exe" -d "C:\Program Files (x86)\Red Storm Entertainment\Tom Clancy's Rainbow Six" Task: C:\Windows\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-1.job => C:\Program Files (x86)\V-9.1HD\V-9.1HD-codedownloader.exe\/kEZvHhN /BvqwMKRRV=task /EqZChA='V-9.1HD' /YzTCtuIG=61776 /VDSXnF='001257' /LejFzdG='0' /XrkzYxIf='0' /osWuGH=8527B439A7CE42DF9CE91A9DA6554CAAIE /OkoFNyzJ=bebafce784120c7a6c5e73ab7d2b6a81 /DvczpVO=1_34_07_29 /hnwNxgK=1.34.7.29 /iZZHwkypp=1406795016 /OpWSK=http://stats.infogenservice.com /qbPPTed=http://errors.infogenservice.com /wXMVR=http://js.infogenservice.com /UPKRaF=ie /iKfie='V-9.1HD' /jWvMqDc=http://js.clientdemocloud.com /nyxGvI /jxGtXLdNm='{asw:[32768, 8388609, 4096]}' /DTZZpo='http://update.infogenservice.com/ie_code_agent_updates/{CAMP_ID}/update.jso Task: C:\Windows\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-11.job => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-11.exe Task: C:\Windows\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-2.job => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-2.exeć/guOKa /EqZChA='V-9.1HD' /YzTCtuIG=61776 /VDSXnF='001257' /LejFzdG='0' /XrkzYxIf='0' /osWuGH=8527B439A7CE42DF9CE91A9DA6554CAAIE /OkoFNyzJ=bebafce784120c7a6c5e73ab7d2b6a81 /DvczpVO=1_34_07_29 /iZZHwkypp=1406795016 /OpWSK=http://stats.infogenservice.com /qbPPTed=http://errors.infogenservice.com /DQLEbHJ=11111111-1111-1111-1111-110611171176 /UPKRaF=ie /hEZIg /nyxGvI /DTZZpo='http://update.infogenservice.com/ie_enable_agent_updates/{CAMP_ID}/update.jso Task: C:\Windows\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-3.job => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-3.exe Task: C:\Windows\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-4.job => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-4.exeg/nkzjZcFBn /EqZChA='V-9.1HD' /qlxcGC C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726.xpi' /YzTCtuIG=61776 /VDSXnF='001257' /LejFzdG='0' /XrkzYxIf='0' /osWuGH=8527B439A7CE42DF9CE91A9DA6554CAAIE /OkoFNyzJ=bebafce784120c7a6c5e73ab7d2b6a81 /DvczpVO=1_34_07_29 /hnwNxgK=1.34.7.29 /iZZHwkypp=1406795016 /OpWSK=http://stats.infogenservice.com /qbPPTed=http://errors.infogenservice.com /lEFIz=300 /ACasbnEEB=EXONUDC1159428@DGG30572216.com /sGYakn=0.95 /jruisSKQ=aEXONUDC1159428DGG30572216com61776 /iQmEO=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/61776.rdf /xeGpzIbV='V-9.1HD' /KArjqOk='Turn YouTube videos to High Definition by default' /tDukbcU='V-9.1HD' /UPKRaF=ie /jxGtXLdNm='{asw:[32768, 8388609, 4096]}' /nyxGvI /qzTsqQUe /frIJMnIz /DTZZpo='http://update.infogenservice.com/ff_agent_updates/{CAMP_ID}/update.jso Task: C:\Windows\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-5.job => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-5.exe/wUHEfDgmy /EqZChA='V-9.1HD' /YzTCtuIG=61776 /VDSXnF='001257' /LejFzdG='0' /XrkzYxIf='0' /osWuGH=8527B439A7CE42DF9CE91A9DA6554CAAIE /OkoFNyzJ=bebafce784120c7a6c5e73ab7d2b6a81 /DvczpVO=1_34_07_29 /iZZHwkypp=1406795016 /OpWSK=http://stats.infogenservice.com /qbPPTed=http://errors.infogenservice.com /kCBrMXX=http://ipgeoapi.com/ /ncezkrVqY=http://update.infogenservice.com /YlrnqCpg=2 /lZGIdx=http://logs.infogenservice.com /DTZZpo='http://update.infogenservice.com/updater_agent_updates/{CAMP_ID}/update.jso Task: C:\Windows\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-5_user.job => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-5.exe&/wUHEfDgmy /EqZChA='V-9.1HD' /YzTCtuIG=61776 /VDSXnF='001257' /LejFzdG='0' /XrkzYxIf='0' /osWuGH=8527B439A7CE42DF9CE91A9DA6554CAAIE /OkoFNyzJ=bebafce784120c7a6c5e73ab7d2b6a81 /DvczpVO=1_34_07_29 /iZZHwkypp=1406795016 /OpWSK=http://stats.infogenservice.com /qbPPTed=http://errors.infogenservice.com /kCBrMXX=http://ipgeoapi.com/ /ncezkrVqY=http://update.infogenservice.com /YlrnqCpg=2 /lZGIdx=http://logs.infogenservice.com /DTZZpo='http://update.infogenservice.com/updater_agent_updates/{CAMP_ID}/update.jso Task: C:\Windows\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-6.job => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-6.exeŐ/EqZChA='V-9.1HD' /YzTCtuIG=61776 /VDSXnF='001257' /LejFzdG='0' /XrkzYxIf='0' /osWuGH=8527B439A7CE42DF9CE91A9DA6554CAAIE /OkoFNyzJ=bebafce784120c7a6c5e73ab7d2b6a81 /DvczpVO=1_34_07_29 /hnwNxgK=1.34.7.29 /iZZHwkypp=1406795016 /OpWSK=http://stats.infogenservice.com /qbPPTed=http://errors.infogenservice.com /wXMVR=http://js.infogenservice.com /UPKRaF=ie /zXKiCY /iKfie=V-9.1HD /FSSyh10d59adb-8372-41a0-8936-1f022c02dcba.dll /NhzuFa02f4ac4-05d2-4a05-91f2-c72949dc34d5.dll /fFlkIFAm7b13006e-bee7-4c26-8be2-4a2fbdaa1726-64.exe /nRYEKX='nova' /jWvMqDc=http://js.clientdemocloud.com /jxGtXLdNm='{asw:[32768, 8388609, 4096]}' /DTZZpo='http://update.infogenservice.com/novarun/{CAMP_ID}/update.jso Task: C:\Windows\Tasks\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-7.job => C:\Program Files (x86)\V-9.1HD\7b13006e-bee7-4c26-8be2-4a2fbdaa1726-7.exeď/htPKlQl /EqZChA='V-9.1HD' /YzTCtuIG=61776 /VDSXnF='001257' /LejFzdG='0' /XrkzYxIf='0' /osWuGH=8527B439A7CE42DF9CE91A9DA6554CAAIE /OkoFNyzJ=bebafce784120c7a6c5e73ab7d2b6a81 /DvczpVO=1_34_07_29 /hnwNxgK=1.34.7.29 /iZZHwkypp=1406795016 /OpWSK=http://stats.infogenservice.com /qbPPTed=http://errors.infogenservice.com /wXMVR=http://js.infogenservice.com /UPKRaF=ie /zXKiCY /iKfie=V-9.1HD /FSSyh10d59adb-8372-41a0-8936-1f022c02dcba.dll /NhzuFa02f4ac4-05d2-4a05-91f2-c72949dc34d5.dll /fFlkIFAm7b13006e-bee7-4c26-8be2-4a2fbdaa1726-64.exe /nRYEKX='nova' /jWvMqDc=http://js.clientdemocloud.com /jxGtXLdNm='{asw:[32768, 8388609, 4096]}' /BvqwMKRRV=task /DTZZpo='http://update.infogenservice.com/novacode/{CAMP_ID}/update.jso Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d007fdfbb5812b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Macromed\Shockwave 10\SymInstallStub.exe GroupPolicy: Group Policy on Chrome detected CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M ShortcutWithArgument: C:\Users\faf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140829 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140829 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M&q={searchTerms} BHO: V-9.1HD -> {11111111-1111-1111-1111-110611171176} -> C:\Program Files (x86)\V-9.1HD\V-9.1HD-bho64.dll No File BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File BHO-x32: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File BHO-x32: V-9.1HD -> {11111111-1111-1111-1111-110611171176} -> C:\Program Files (x86)\V-9.1HD\V-9.1HD-bho.dll No File BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File BHO-x32: AllDaySavings -> {fbdff406-2c4c-5d35-8469-34bb67ea3353} -> C:\Program Files\D52E2FDD-4553-4F81-BE20-F1405B80CAA4\kzhxnitccw.dll No File BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1406665448&from=smt&uid=ST9640320AS_5WX0YG2MXXXX5WX0YG2M FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File C:\Program Files\005 C:\Program Files\AllDaySavings C:\Program Files (x86)\D52E2FDD-4553-4F81-BE20-F1405B80CAA4 C:\Program Files (x86)\Google C:\Program Files (x86)\SupTab C:\Program Files (x86)\WebConnect C:\ProgramData\N8Lvx2Q.dat C:\ProgramData\9770d137-0554-4a98-9776-1cfcef3857da C:\ProgramData\Google C:\ProgramData\IePluginServices C:\ProgramData\TEMP C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.0 CE.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AidemMedia C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auran C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\18 Wheels of Steel - Extreme Trucker C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\18 Wheels of Steel - Pedal to the Metal C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Code of Honor 2 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Crash Time II C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Crash Time III C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\ESR C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Farma C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\GSR C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Jet Storm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Najemnicy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Starmageddon 2 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Symulator wyburzania budynków C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Wings of Honour - Battles of the Red Baron C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters\ToCA Race Driver 2 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Content Transfer C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyanide C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gregion 3.1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTR 2 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki\Hitman - Krwawa Forsa C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki\XIII C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Battlefront II C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland\FlatOut 2 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland\Speedway Liga C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland\Symulator Autobusu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland\Symulator Czołgu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland\Symulator Misji na Marsa\Symulator Misji na Marsa.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland\Symulator Pojazdów Specjalnych C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Techland\Symulator Śmieciarki C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transformers - The Game C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games\Scooby-Doo Pierwsze Strachy DEMO C:\Users\adam C:\Users\All Users\dtdata C:\Users\faf\hash.dat C:\Users\faf\AppData\Local\Microsoft\Windows\GameExplorer\{69F8FE42-5187-4C72-91A4-6EBF8A526C63} C:\Users\faf\AppData\Local\Google C:\Users\faf\AppData\Local\Math Problem Solver C:\Users\faf\AppData\Local\Pay-By-Ads C:\Users\faf\AppData\Roaming\5a41cb52.dat C:\Users\faf\AppData\Roaming\Compatibility Verifier C:\Users\faf\AppData\Roaming\InetStat C:\Users\faf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype (*).lnk C:\Users\faf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (*).lnk C:\Users\faf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player (*).lnk C:\Users\faf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk C:\Users\faf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome C:\Users\faf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat C:\Users\faf\Desktop\gry\The Escapists v0.759\The Escapists.lnk C:\Windows\TMFilter.log C:\Windows\System32\drivers\{664f7cae-01d9-48b5-bc90-e3c3d6bb0ddb}w64.sys C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys C:\Windows\System32\drivers\{78621d41-c71d-4d6b-a4da-c1af0f310e3e}w64.sys C:\Windows\System32\drivers\{951b00f5-f3a4-4dc9-9aac-412d27c14053}w64.sys C:\Windows\System32\drivers\{f365189d-3e18-4f01-8423-a1ed102ed962}w64.sys C:\Windows\system32\Drivers\etc\tmvsthfss.bin C:\Windows\system32\Drivers\etc\tmvsthfud.bin C:\Windows\System32\drivers\netfilter64.sys C:\Windows\system32\%LocalAppData% C:\Windows\SysWOW64\Adobe C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\defaulttab C:\Windows\SysWOW64\Macromed\Shockwave 10 Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216032FF} /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\V-9.1HD /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: attrib /d /s -r -s -h C:\FOUND.* CMD: for /d %f in (C:\FOUND.*) do rd /s /q "%f" CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files" CMD: dir /a "C:\Program Files (x86)\Common Files" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\faf\AppData\Local CMD: dir /a C:\Users\faf\AppData\LocalLow CMD: dir /a C:\Users\faf\AppData\Roaming CMD: dir /a C:\Windows\system32\config\systemprofile\AppData\Local CMD: dir /a C:\Windows\system32\config\systemprofile\AppData\LocalLow CMD: dir /a C:\Windows\system32\config\systemprofile\AppData\Roaming CMD: dir /a C:\Windows\SysWow64\config\systemprofile\AppData\Local CMD: dir /a C:\Windows\SysWow64\config\systemprofile\AppData\LocalLow CMD: dir /a C:\Windows\SysWow64\config\systemprofile\AppData\Roaming EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Wyczyść Firefox: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj / Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone. 4. Zrób nowe logi FRST (wszystkie trzy). Dołącz też plik fixlog.txt. Odnośnik do komentarza
shark010 Opublikowano 6 Marca 2015 Autor Zgłoś Udostępnij Opublikowano 6 Marca 2015 Na pulpicie widnieje tylko ikona kosza. a gdu chce dodac ikone np. "moj komputer" to sie nie pojawia 1. Niestety nie moge odinstalowac Adobe acrobat 5.0 ponieważ wyskakuje bład " nie mozna zlokalizowac pliku opisu instalacji c:\program files (x86)\ program files\ adobe\acrobat 5.0\nt\uninst.isu . Usuwanie nie moze byc kontyuowane."To samo tyczy sie odinstalowania Jawa 6 update 32 wyskakuje error 1723. o brakujacym DLL.2. Zrobiłem fix i daje nowe logi. FF tez restartowałem.edit.Niestety dzis po utuchomieni laptopa znow wyskoczyl blad c:\windows\system32\config\systemprofile\desktop.http://imgur.com/hCOzBKf- zdj inf z reprofiler W związku z brakiem odpowiedzi postanowiłem zrobić reinstalacje windowsa z jednym docelowym kontem użytkownika Pieknie dziekuje za pomoc i wszystkiego najleposzego z okazji dnia kobiet picasso :thumbsup: Addition.txt Fixlog.txt FRST.txt Shortcut.txt Odnośnik do komentarza
Rekomendowane odpowiedzi