Kolobos

W logach nie ma nic ciekawego, jezeli bylo to okno przegladarki to nie ma sie czym martwic. Odinstaluj: DAEMON Tools Toolbar Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner Wykonaj skrypt w OTL: :OTL IE - HKUS-1-5-21-3364991459-1031697208-3663002682-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page = my.daemon-search.com IE - HKUS-1-5-21-3364991459-1031697208-3663002682-1000..SearchScopes{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTe IE - HKUS-1-5-21-3364991459-1031697208-3663002682-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMicrosoftInternet ExplorerMain,Start Page = my.daemon-search.com IE - HKUS-1-5-21-3364991459-1031697208-3663002682-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..SearchScopes{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} O3:64bit: - HKLM..Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:Program Files (x86)DAEMON Tools ToolbarDTToolbar64.dll () O3 - HKLM..Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:Program Files (x86)DAEMON Tools ToolbarDTToolbar.dll () O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found O4 - HKUS-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found O4 - HKUS-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found [2014-02-26 17:24:30 | 000,000,000 | ---D | C] -- C:Program Files (x86)DAEMON Tools Toolbar [2014-03-16 23:26:11 | 000,000,000 | ---D | M] -- C:UsersAKAppDataRoamingOpenCandy

Infekcje mozna wykluczyc. Uruchom moze jakiegos linuksa livecd i sprawdz czy tam tez wystepuje ten problem. Jezeli tez to problem jest sprzetowy.

Wszystko wyglada ok.

Wylacz na razie: uTorrent.exe speedfan.exe SysInfoMyWork.exe Wykonaj skrypt w OTL: :OTL [2014-03-03 23:44:09 | 000,195,932 | ---- | M] () (No name found) -- C:Documents and SettingsPentiumDane aplikacjiMozillaFirefoxProfiles12zxk4bd.defaultextensionsjid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi O4 - HKLM..Run: [99] wscript.exe //B "C:Documents and SettingsPentiumDane aplikacji99.vbs" File not found O4 - HKUS-1-5-21-1123561945-1614895754-1606980848-1003..Run: [99] wscript.exe //B "C:Documents and SettingsPentiumDane aplikacji99.vbs" File not found [2014-03-07 12:30:14 | 005,711,966 | ---- | M] ( ) -- C:Documents and SettingsPentiumMoje dokumentyTorpedoSetup.exe [2014-03-07 12:31:29 | 005,711,966 | ---- | C] ( ) -- C:Documents and SettingsPentiumMoje dokumentyTorpedoSetup (4).exe [2014-03-07 12:31:24 | 005,711,966 | ---- | C] ( ) -- C:Documents and SettingsPentiumMoje dokumentyTorpedoSetup (3).exe [2014-03-07 12:31:23 | 005,711,966 | ---- | C] ( ) -- C:Documents and SettingsPentiumMoje dokumentyTorpedoSetup (2).exe [2014-03-07 12:31:21 | 005,711,966 | ---- | C] ( ) -- C:Documents and SettingsPentiumMoje dokumentyTorpedoSetup (1).exe [2014-02-14 00:18:09 | 000,000,432 | ---- | C] () -- C:WINDOWStasksAt2.job [2014-02-09 20:18:30 | 000,000,430 | ---- | C] () -- C:WINDOWStasksAt1.job

Czy problem dotyczy wszystkich przegladarek?

Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner Daj oba logi z OTL: http://oldtimer.geekstogo.com/OTL.exe Dodatkowo zaznacz: lop, purity oraz wszyscy uzytkownicy. Oba wklej na wklej.org i podaj linki. Zrob pelny skan przy pomocy http://ftp.drweb.com/pub/drweb/cureit/launch.exe

Wykonaj skrypt w OTL: :OTL IE:64bit: - HKLM..SearchScopes{98F168C4-A444-4C21-AFC1-A4327B4D559D}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM..SearchScopes{98F168C4-A444-4C21-AFC1-A4327B4D559D}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU..SearchScopes{98F168C4-A444-4C21-AFC1-A4327B4D559D}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} CHR - Extension: Plus-HD-7.6 = C:UsersMonikaAppDataLocalGoogleChromeUser DataDefaultExtensionshcjdanpjacpeeppdjkppebobilhaglfo15647.2202.7956_0crossrider CHR - Extension: Plus-HD-7.6 = C:UsersMonikaAppDataLocalGoogleChromeUser DataDefaultExtensionshcjdanpjacpeeppdjkppebobilhaglfo15647.2202.7956_0 O2:64bit: - BHO: (Plus-HD-7.6) - {11111111-1111-1111-1111-110511071178} - C:Program Files (x86)Plus-HD-7.6Plus-HD-7.6-bho64.dll File not found :Files C:UsersMonikaAppDataLocalGoogleChromeUser DataDefaultExtensionshcjdanpjacpeeppdjkppebobilhaglfo

Jest jeszcze: http://driverpacks.net/

Sprawdz te: ftp://ftp.work.acer-euro.com/notebook/TravelMate_52X/driver/Win2K/VGA/NSetup.exe

Usun skroty przegladarek i utworz nowe. Nie chce myslec co robisz w przypadku prawdziwych problemow z komputerem skoro chcesz reinstalowac system z powodu strony startowej.

Wybierz w OTL Sprzatanie i to wszystko.

Mozliwe, ze to infekcja jakims prechistorycznym wirusem. Zrob pelny skan przy pomocy Mbam: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ oraz: http://ftp.drweb.com/pub/drweb/cureit/launch.exe

Odinstaluj: WPM GrabRez Wykonaj skrypt w OTL: :OTL PRC - [2014-02-03 23:28:26 | 000,103,192 | ---- | M] () -- C:Program FilesGrabRezbinutilGrabRez.exe PRC - [2014-02-01 03:43:44 | 000,103,192 | ---- | M] () -- C:Program FilesGrabRezupdateGrabRez.exe SRV - [2014-02-03 23:28:26 | 000,103,192 | ---- | M] () [Auto | Running] -- C:Program FilesGrabRezbinutilGrabRez.exe -- (Util GrabRez) SRV - [2014-02-01 03:43:44 | 000,103,192 | ---- | M] () [Auto | Running] -- C:Program FilesGrabRezupdateGrabRez.exe -- (Update GrabRez) IE - HKLMSOFTWAREMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.awesomehp.com/web/?type=ds&ts=1391461987&from=ild&uid=ST3160812AS_4LS24S7YXXXX4LS24S7Y&q={searchTerms} IE - HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.awesomehp.com/web/?type=ds&ts=1391461987&from=ild&uid=ST3160812AS_4LS24S7YXXXX4LS24S7Y&q={searchTerms} O2 - BHO: (GrabRez) - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:Program FilesGrabRezGrabRezBHO.dll (GrabRez) O20 - WinlogonNotifyWRNotifier: DllName - (WRLogonNTF.dll) - File not found O24[2014-02-03 22:13:26 | 000,000,000 | ---D | C] -- D:Documents and SettingsAll UsersDane aplikacjiWPM [2014-02-03 22:12:12 | 000,000,000 | ---D | C] -- C:Program FilesGrabRez [2014-02-07 17:24:14 | 000,000,282 | ---- | M] () -- C:WINDOWStasksGo for FilesUpdate.job [2014-02-03 22:11:51 | 000,001,444 | ---- | C] () -- C:WINDOWStasksTorntv V6.0-codedownloader.job [2014-02-03 22:11:44 | 000,002,404 | ---- | C] () -- C:WINDOWStasksTorntv V6.0-firefoxinstaller.job [2014-02-03 22:11:40 | 000,002,148 | ---- | C] () -- C:WINDOWStasksTorntv V6.0-chromeinstaller.job [2008-11-22 14:15:20 | 000,000,000 | ---D | M] -- D:Documents and SettingsAll UsersDane aplikacjiInstallations [2014-02-03 22:13:28 | 000,000,000 | ---D | M] -- D:Documents and SettingsAll UsersDane aplikacjiWPM Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner Zrob pelny skan przy pomocy Mbam: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Odinstaluj: McAfee Security Scan Plus SweetIM for Messenger 3.7 Update Manager for SweetPacks 1.1 Ashampoo PO Toolbar DAEMON Tools Toolbar DealPly fst_pl_30 IB Updater Service Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner Wykonaj skrypt w OTL: :OTL PRC - [2014-01-30 09:15:29 | 000,103,200 | ---- | M] () -- C:Program Files (x86)SquirrelWebupdateSquirrelWeb.exe PRC - [2014-01-30 08:42:23 | 000,103,200 | ---- | M] () -- C:Program Files (x86)SquirrelWebbinutilSquirrelWeb.exe PRC - [2014-01-06 17:30:02 | 001,015,088 | ---- | M] () -- C:WindowsSysWOW64jmdpstij.exe PRC - [2014-01-02 13:17:00 | 004,001,224 | ---- | M] () -- C:Program Files (x86)fst_pl_30fst_pl_30.exe PRC - [2014-01-02 13:17:00 | 003,153,904 | ---- | M] () -- C:UsersMaciekAppDataLocalfst_pl_30upfst_pl_30.exe PRC - [2012-08-15 18:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe PRC - [2012-05-29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:Program Files (x86)SweetIMMessengerSweetIM.exe SRV:64bit: - [2013-12-29 11:12:40 | 001,833,776 | ---- | M] () [Auto | Running] -- C:WindowsSysNativedmwu.exe -- (IBUpdaterService) SRV - [2014-01-30 09:15:29 | 000,103,200 | ---- | M] () [Auto | Running] -- C:Program Files (x86)SquirrelWebupdateSquirrelWeb.exe -- (Update SquirrelWeb) SRV - [2014-01-30 08:42:23 | 000,103,200 | ---- | M] () [Auto | Running] -- C:Program Files (x86)SquirrelWebbinutilSquirrelWeb.exe -- (Util SquirrelWeb) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:Program FilesEnigma Software GroupSpyHunteresgiguard.sys -- (esgiguard) IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://home.sweetim.com/?crg=3.26010003&st=12&barid={8C59726A-BD32-46C0-8E01-B616B0F3424F} IE - HKLM..URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:Program Files (x86)Ashampoo_POprxtbAsh2.dll (Conduit Ltd.) IE - HKLM..SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={8C59726A-BD32-46C0-8E01-B616B0F3424F} IE - HKUS-1-5-21-255627737-1717443034-2057343401-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481033&CUI=UN14932999986992327 IE - HKUS-1-5-21-255627737-1717443034-2057343401-1000..URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:Program Files (x86)Ashampoo_POprxtbAsh2.dll (Conduit Ltd.) IE - HKUS-1-5-21-255627737-1717443034-2057343401-1000..SearchScopes,DefaultScope = {5F53DF1C-95E0-4088-8604-A45878E57380} IE - HKUS-1-5-21-255627737-1717443034-2057343401-1000..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKUS-1-5-21-255627737-1717443034-2057343401-1000..SearchScopes{078FB664-DF98-4a60-A268-ADDF0F9E41FF}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKUS-1-5-21-255627737-1717443034-2057343401-1000..SearchScopes{5F53DF1C-95E0-4088-8604-A45878E57380}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033 IE - HKUS-1-5-21-255627737-1717443034-2057343401-1000..SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid=&&st=23 CHR - Extension: DealPly = C:UsersMaciekAppDataLocalGoogleChromeUser DataDefaultExtensionsgaiilaahiahdejapggenmdmafpmbipje3.0.7.2_0 CHR - Extension: DealPly = C:UsersMaciekAppDataLocalGoogleChromeUser DataDefaultExtensionsgaiilaahiahdejapggenmdmafpmbipje3.0.7.2_1 CHR - Extension: DealPly = C:UsersMaciekAppDataLocalGoogleChromeUser DataDefaultExtensionsgaiilaahiahdejapggenmdmafpmbipje3.8.0.0_0 CHR - Extension: DealPly = C:UsersMaciekAppDataLocalGoogleChromeUser DataDefaultExtensionsgaiilaahiahdejapggenmdmafpmbipje3.9.7.0_0 CHR - Extension: DealPly = C:UsersMaciekAppDataLocalGoogleChromeUser DataDefaultExtensionsgaiilaahiahdejapggenmdmafpmbipje3.9.7.9_0 CHR - Extension: SquirrelWeb = C:UsersMaciekAppDataLocalGoogleChromeUser DataDefaultExtensionsgdnafjfahbdfphihncgadbegiaebehio1.0.0_0 CHR - Extension: SquirrelWeb = C:UsersMaciekAppDataLocalGoogleChromeUser DataDefaultExtensionsgdnafjfahbdfphihncgadbegiaebehio1.0.0_1 CHR - Extension: SquirrelWeb = C:UsersMaciekAppDataLocalGoogleChromeUser DataDefaultExtensionsgdnafjfahbdfphihncgadbegiaebehio1.0.0_2 O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:Program Files (x86)DealPlyDealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:Program Files (x86)Ashampoo_POprxtbAsh2.dll (Conduit Ltd.) O2 - BHO: (SquirrelWeb) - {dd86af49-1ef1-4532-89f7-41eda1dbbe6d} - C:Program Files (x86)SquirrelWebSquirrelWebbho.dll (SquirrelWeb) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:Program Files (x86)SweetIMToolbarsInternet ExplorermgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM..Toolbar: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:Program Files (x86)Ashampoo_POprxtbAsh2.dll (Conduit Ltd.) O3 - HKLM..Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:Program Files (x86)SweetIMToolbarsInternet ExplorermgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKUS-1-5-21-255627737-1717443034-2057343401-1000..ToolbarWebBrowser: (Ashampoo PO Toolbar) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - C:Program Files (x86)Ashampoo_POprxtbAsh2.dll (Conduit Ltd.) O4 - HKLM..Run: [fst_pl_30] C:Program Files (x86)fst_pl_30fst_pl_30.exe () O4 - HKLM..Run: [mobilegeni daemon] C:Program Files (x86)MobogenieDaemonProcess.exe File not found O4 - HKLM..Run: [sweetIM] C:Program Files (x86)SweetIMMessengerSweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..Run: [sweetpacks Communicator] C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKUS-1-5-21-255627737-1717443034-2057343401-1000..Run: [backgroundContainer] C:UsersMaciekAppDataLocalConduitBackgroundContainerBackgroundContainer.dll (Conduit Ltd.) O4 - HKUS-1-5-21-255627737-1717443034-2057343401-1000..Run: [NextLive] C:UsersMaciekAppDataRoamingnewnext.menengine.dll (NewNextDotMe) O4 - HKLM..RunOnce: [upfst_pl_30.exe] C:UsersMaciekAppDataLocalfst_pl_30upfst_pl_30.exe () O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found O4 - HKUS-1-5-21-255627737-1717443034-2057343401-1001..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1) O33 - MountPoints2{81bc2622-90a9-11e2-8615-f46d0490c4bf}Shell - "" = AutoRun O33 - MountPoints2{81bc2622-90a9-11e2-8615-f46d0490c4bf}ShellAutoRuncommand - "" = C:Windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:index.html [2014-01-24 17:03:59 | 000,000,000 | ---D | C] -- C:Program FilesEnigma Software Group [2014-01-18 14:37:56 | 000,000,000 | ---D | C] -- C:Program Files (x86)predm [2014-01-18 14:37:29 | 000,000,000 | ---D | C] -- C:Program Files (x86)SquirrelWeb [2014-01-11 10:20:40 | 000,000,000 | ---D | C] -- C:UsersMaciekAppDataLocalfst_pl_30 [2014-01-11 10:20:40 | 000,000,000 | ---D | C] -- C:Program Files (x86)fst_pl_30 [2014-01-11 10:20:40 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsFREESOFTTODAY [2014-01-11 10:20:12 | 000,000,000 | ---D | C] -- C:UsersMaciek.android [2014-01-11 10:20:11 | 000,000,000 | ---D | C] -- C:UsersMaciekAppDataLocalcache [2014-01-11 10:20:10 | 000,000,000 | ---D | C] -- C:UsersMaciekAppDataRoamingnewnext.me [2014-01-11 10:20:10 | 000,000,000 | ---D | C] -- C:UsersMaciekDocumentsMobogenie [2014-01-11 10:20:10 | 000,000,000 | ---D | C] -- C:UsersMaciekAppDataLocalMobogenie [2014-01-11 10:20:10 | 000,000,000 | ---D | C] -- C:UsersMaciekAppDataLocalgenienext [2014-01-11 10:19:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mobogenie [2014-01-08 17:55:52 | 000,000,000 | ---D | C] -- C:WindowsSysNativeljkb [2014-01-08 17:55:52 | 000,000,000 | ---D | C] -- C:WindowsSysWow64jmdp [2014-01-21 19:31:16 | 000,000,104 | ---- | M] () -- C:UsersMaciekAppDataRoamingWB.CFG [2014-01-11 10:32:24 | 000,001,062 | ---- | C] () -- C:UsersMaciekDesktopContinue AnySend Installation.lnk [2014-01-11 10:20:18 | 000,001,072 | ---- | C] () -- C:UsersMaciekDesktopContinue AnyProtect Installation.lnk [2013-03-12 19:31:34 | 000,000,000 | ---D | M] -- C:UsersMaciekAppDataRoamingDealPly [2014-01-30 19:25:12 | 000,000,000 | ---D | M] -- C:UsersMaciekAppDataRoamingnewnext.me

Combofix to nie pierwszy lepszy skaner na zadanie tylko program mocno ingerujacy w system i jego ustawienia. Nie nalezy go uzywac, a tym bardziej polecac jako cudowne lekarstwo na wszystko!

Wszystkie trzy to programy systemowe, usuwanie ich to nie rozwiazanie.

To bezuzyteczne i calkowicie zbedne programy. W logach nie widac sladu infekcji. Process Explorer: http://technet.microsoft.com/pl-pl/sysinternals/bb896653.aspx

Odinstaluj: HiJackThis (Version: 1.0.0 - Trend Micro) Registry First Aid 9 (Version: 9.1.0 - RoseCitySoftware) Po przeskanowaniu TDSSKiller utworzy log na C:. Uruchom Process Explorer i zobacz co dokladnie uruchamia proces net i taskkill.

Masz tp-linka lub modem gsm? Daj oba logi z OTL: http://oldtimer.geekstogo.com/OTL.exe Dodatkowo zaznacz: lop, purity oraz wszyscy uzytkownicy. Wklej na wklej.org i podaj linki.

Daj oba logi z FRST: http://www.fixitpc.pl/topic/61-diagnostyka-ogólne-raporty-systemowe/#entry119294 Do tego log z TDSSKiller.

Odinstaluj Ashampoo WinOptimizer 7 oraz SpyBot. Skrypt dla OTL: :OTL DRV - File not found [Kernel | On_Demand | Stopped] -- -- (rqcdbgmk) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme) O4 - Startup: C:Documents and SettingsAntonioMenu StartProgramyAutostartFalcon.lnk = File not found

Zostaw Avast, zreszta to i tak nie ma roznicy. Mozesz uzywac nawet MSE. Przeskanuj tylko ST3500320AS, drugi jest ok z tego co widze. Vtune mozesz odinstalowac. Mhdd dziala rowniez z pendrive'a.

Jeden kwadracik to prawie 400MB. Moze tam ich byc duzo wiecej niz jeden. Do tego dochodza jeszcze wolne sktory, ktorych zapewne tez troche jest. Daj screen z CrystalDiskInfo: http://portableapps.com/apps/utilities/crystaldiskinfo_portable

Wykonaj skanowanie powierzchni dysku przy pomocy mhdd, po zakonczeniu daj zdjecie ekranu. Nigdy nie instaluj dwoch antywirusow. Odinstaluj: HiJackThis Avira VuuPC Packages Wykonaj skrypt w OTL: :OTL O3 - HKUS-1-5-21-743041965-1748052426-3471448022-1001..ToolbarWebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..Run: [fst_pl_14] File not found O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found O4 - HKUS-1-5-21-743041965-1748052426-3471448022-1003..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found [2014-01-11 19:27:56 | 000,000,000 | ---D | C] -- C:UsersTorcikAppDataRoamingOpenCandy [2014-01-11 19:04:43 | 000,000,000 | ---D | C] -- C:ProgramDataInstallMate [2013-12-28 20:23:05 | 000,000,000 | ---D | C] -- C:AdwCleaner

Daj screen z CrystalDiskInfo: http://portableapps.com/apps/utilities/crystaldiskinfo_portable oraz screen z Process Explorer. Do tego oba logi z OTL: http://oldtimer.geekstogo.com/OTL.exe Dodatkowo zaznacz: lop, purity oraz wszyscy uzytkownicy. Wklej na wklej.org i podaj linki.