Dzień dobry, ciągle wyskakują okienka z reklamami, wolno pisze teksty, (np tu), skanowałem , AdwCleaner, MBAM, Sality Killer, Cureit. W załączniku logi z OTL.
OTL Extras logfile created on: 2015-06-17 15:38:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tereska\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,82 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 56,89% Memory free
7,64 Gb Paging File | 5,61 Gb Available in Paging File | 73,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118,24 Gb Total Space | 77,63 Gb Free Space | 65,66% Space Free | Partition Type: NTFS
Drive D: | 347,42 Gb Total Space | 338,00 Gb Free Space | 97,29% Space Free | Partition Type: NTFS
Computer Name: TERESKADOM | User Name: tereska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; extension & gt; ]
.html[@ = OperaStable] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; extension & gt; ]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\ & lt; extension & gt; ]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; key & gt; \shell\[command]\command]
batfile [open] -- " %1 " %*
cmdfile [open] -- " %1 " %*
comfile [open] -- " %1 " %*
exefile [open] -- " %1 " %*
helpfile [open] -- Reg Error: Key error.
http [open] -- " C:\Program Files (x86)\Opera\launcher.exe " -noautoupdate -- " %1 "
https [open] -- " C:\Program Files (x86)\Opera\launcher.exe " -noautoupdate -- " %1 "
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe " %1 " (Microsoft Corporation)
InternetShortcut [open] -- " C:\Windows\System32\rundll32.exe " " C:\Windows\System32\ieframe.dll " ,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- " C:\Windows\System32\rundll32.exe " " C:\Windows\System32\mshtml.dll " ,PrintHTML " %1 " (Microsoft Corporation)
piffile [open] -- " %1 " %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- " %1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- " %1 " /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with & IrfanView] -- " C:\Program Files (x86)\IrfanView\i_view32.exe " " %1 /thumbs " (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd " %V " (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE " %L "
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; key & gt; \shell\[command]\command]
batfile [open] -- " %1 " %*
cmdfile [open] -- " %1 " %*
comfile [open] -- " %1 " %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe " %1 " ,%* (Microsoft Corporation)
exefile [open] -- " %1 " %*
helpfile [open] -- Reg Error: Key error.
http [open] -- " C:\Program Files (x86)\Opera\launcher.exe " -noautoupdate -- " %1 "
https [open] -- " C:\Program Files (x86)\Opera\launcher.exe " -noautoupdate -- " %1 "
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe " %1 " (Microsoft Corporation)
piffile [open] -- " %1 " %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- " %1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- " %1 " /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with & IrfanView] -- " C:\Program Files (x86)\IrfanView\i_view32.exe " " %1 /thumbs " (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd " %V " (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE " %L "
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
" cval " = 1
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
" VistaSp1 " = 28 4D B2 76 41 04 CA 01 [binary data]
" AntiVirusOverride " = 0
" AntiSpywareOverride " = 0
" FirewallOverride " = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
" AntiVirusDisableNotify " = 0
" AntiVirusOverride " = 0
" FirewallDisableNotify " = 0
" FirewallOverride " = 0
" UacDisableNotify " = 0
" UpdatesDisableNotify " = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
" DisableNotifications " = 0
" EnableFirewall " = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
" DisableNotifications " = 0
" EnableFirewall " = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
" DisableNotifications " = 0
" EnableFirewall " = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
" {0204AA86-44F4-4B4A-9566-4E24B6E3EC6F} " = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
" {03DDA336-9B1B-4389-8A3B-88D754642C01} " = lport=138 | protocol=17 | dir=in | app=system |
" {056143CA-81C7-4901-8465-D7B5A7C45BCC} " = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
" {20639689-FDDA-4ED7-9F99-946612AEB2D4} " = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
" {2AE9036B-6DE1-4FE0-88CC-29B425DFC385} " = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
" {2D4664CB-BD8D-4455-9C73-ACDF245C9FD5} " = lport=137 | protocol=17 | dir=in | app=system |
" {41C65671-3910-4170-8B2E-05F49639C7C5} " = lport=139 | protocol=6 | dir=in | app=system |
" {4985D054-3F74-4D0E-A754-14BE1F2DB22F} " = rport=138 | protocol=17 | dir=out | app=system |
" {75EB4E15-F26E-44AC-8801-6BB62F089921} " = lport=445 | protocol=6 | dir=in | app=system |
" {9129C277-74C6-494C-8B98-76E67DCA83FA} " = rport=139 | protocol=6 | dir=out | app=system |
" {95F7C9B2-9FE7-4417-8867-6CFBB5E06928} " = rport=137 | protocol=17 | dir=out | app=system |
" {9AA66201-1CE3-4A5A-A33D-9DDCDE574172} " = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
" {FA9BB66E-5402-4097-B92C-D447B083FDB0} " = rport=445 | protocol=6 | dir=out | app=system |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
" {17F9122C-B16F-4574-BC39-16E9D4F9FE7D} " = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
" {4024A991-1D66-4EFB-9547-F2040B1FD243} " = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
" {552B8910-4848-4ADA-AE99-9803EFC6E9B6} " = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
" {5B4E6C2B-4A74-4DD4-A2AF-B65B4DB4B8A8} " = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
" {5F968EA5-E799-4AC3-955A-F4B905CEF697} " = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
" {8ACB9BF4-3BD0-4D67-A4FD-F217E42F1BDB} " = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
" {9D245EEA-1528-40A4-BFB1-FA450C342327} " = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
" {B5D86315-2C93-438A-9A20-CBBBDEAD736A} " = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
" {D680714A-CB8B-4A5B-AB36-1212820B5E4D} " = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" {4710662C-8204-4334-A977-B1AC9E547819} " = Broadcom Card Reader Driver Installer
" {90120000-002A-0000-1000-0000000FF1CE} " = Microsoft Office Office 64-bit Components 2007
" {90120000-002A-0415-1000-0000000FF1CE} " = Microsoft Office Shared 64-bit MUI (Polish) 2007
" WinRAR archiver " = WinRAR 5.20 (64-bitowy)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" {13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} " = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
" {3E29EE6C-963A-4aae-86C1-DC237C4A49FC} " = Intel(R) Rapid Storage Technology
" {4fcf070a-daac-45e9-a8b0-6850941f7ed8} " = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
" {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} " = Google Update Helper
" {7B3F0113-E63C-4D6D-AF19-111A3165CCA2} " = Text-To-Speech-Runtime
" {90120000-0015-0415-0000-0000000FF1CE} " = Microsoft Office Access MUI (Polish) 2007
" {90120000-0016-0415-0000-0000000FF1CE} " = Microsoft Office Excel MUI (Polish) 2007
" {90120000-0018-0415-0000-0000000FF1CE} " = Microsoft Office PowerPoint MUI (Polish) 2007
" {90120000-0019-0415-0000-0000000FF1CE} " = Microsoft Office Publisher MUI (Polish) 2007
" {90120000-001A-0415-0000-0000000FF1CE} " = Microsoft Office Outlook MUI (Polish) 2007
" {90120000-001B-0415-0000-0000000FF1CE} " = Microsoft Office Word MUI (Polish) 2007
" {90120000-001F-0407-0000-0000000FF1CE} " = Microsoft Office Proof (German) 2007
" {90120000-001F-0409-0000-0000000FF1CE} " = Microsoft Office Proof (English) 2007
" {90120000-001F-0415-0000-0000000FF1CE} " = Microsoft Office Proof (Polish) 2007
" {90120000-002C-0415-0000-0000000FF1CE} " = Microsoft Office Proofing (Polish) 2007
" {90120000-0030-0000-0000-0000000FF1CE} " = Microsoft Office Enterprise 2007
" {90120000-0044-0415-0000-0000000FF1CE} " = Microsoft Office InfoPath MUI (Polish) 2007
" {90120000-006E-0415-0000-0000000FF1CE} " = Microsoft Office Shared MUI (Polish) 2007
" {90120000-00A1-0415-0000-0000000FF1CE} " = Microsoft Office OneNote MUI (Polish) 2007
" {90120000-00BA-0415-0000-0000000FF1CE} " = Microsoft Office Groove MUI (Polish) 2007
" {9A25302D-30C0-39D9-BD6F-21E6EC160475} " = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
" {9BE518E6-ECC6-35A9-88E4-87755C07200F} " = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
" {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} " = Google Update Helper
" {AC76BA86-7AD7-1045-7B44-AC0F074E4100} " = Adobe Acrobat Reader DC - Polish
" {D0046F17-A170-4E07-A349-F1BCB3A8A8EB} " = Ad-Aware
" {F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} " = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
" Adobe Flash Player ActiveX " = Adobe Flash Player 18 ActiveX
" Adobe Flash Player NPAPI " = Adobe Flash Player 18 NPAPI
" ENTERPRISE " = Microsoft Office Enterprise 2007
" IrfanView " = IrfanView (remove only)
" KLiteCodecPack_is1 " = K-Lite Codec Pack 10.4.0 Standard
" Malwarebytes Anti-Malware_is1 " = Malwarebytes Anti-Malware wersja 2.1.6.1022
" Mozilla Firefox 38.0.6 (x86 pl) " = Mozilla Firefox 38.0.6 (x86 pl)
" PLAY ONLINE " = PLAY ONLINE
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2015-06-16 15:50:22 | Computer Name = tereskadom | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to
back up image of binary aswSP. System Error: Nie można odnaleźć określonego pliku.
.
Error - 2015-06-16 15:50:22 | Computer Name = tereskadom | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to
back up image of binary aswStm. System Error: Nie można odnaleźć określonego pliku.
.
Error - 2015-06-16 15:50:22 | Computer Name = tereskadom | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to
back up image of binary avast! VM Monitor. System Error: Nie można odnaleźć określonego
pliku. .
Error - 2015-06-16 15:50:58 | Computer Name = tereskadom | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to
back up image of binary aswMonFlt. System Error: Nie można odnaleźć określonego pliku.
.
Error - 2015-06-16 15:50:58 | Computer Name = tereskadom | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to
back up image of binary aswRdr. System Error: Nie można odnaleźć określonego pliku.
.
Error - 2015-06-16 15:50:58 | Computer Name = tereskadom | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to
back up image of binary avast! Revert. System Error: Nie można odnaleźć określonego
pliku. .
Error - 2015-06-16 15:50:58 | Computer Name = tereskadom | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to
back up image of binary aswSnx. System Error: Nie można odnaleźć określonego pliku.
.
Error - 2015-06-16 15:50:58 | Computer Name = tereskadom | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to
back up image of binary aswSP. System Error: Nie można odnaleźć określonego pliku.
.
Error - 2015-06-16 15:50:58 | Computer Name = tereskadom | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to
back up image of binary aswStm. System Error: Nie można odnaleźć określonego pliku.
.
Error - 2015-06-16 15:50:58 | Computer Name = tereskadom | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez
Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to
back up image of binary avast! VM Monitor. System Error: Nie można odnaleźć określonego
pliku. .
[ System Events ]
Error - 2015-06-17 06:12:36 | Computer Name = tereskadom | Source = Service Control Manager | ID = 7034
Description = Usługa Infigo Operator niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.
Error - 2015-06-17 06:12:36 | Computer Name = tereskadom | Source = Service Control Manager | ID = 7031
Description = Usługa ServiceEverything niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.
Error - 2015-06-17 06:12:36 | Computer Name = tereskadom | Source = Service Control Manager | ID = 7034
Description = Usługa MaintainerSvc2.49.6826863 niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.
Error - 2015-06-17 06:12:36 | Computer Name = tereskadom | Source = Service Control Manager | ID = 7034
Description = Usługa Intel(R) Rapid Storage Technology niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.
Error - 2015-06-17 06:12:36 | Computer Name = tereskadom | Source = Service Control Manager | ID = 7031
Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.
Error - 2015-06-17 06:13:29 | Computer Name = tereskadom | Source = Service Control Manager | ID = 7031
Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło
to razy: 2. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.
Error - 2015-06-17 06:16:50 | Computer Name = tereskadom | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą PLAY ONLINE. OUC.
Error - 2015-06-17 06:16:50 | Computer Name = tereskadom | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi PLAY ONLINE. OUC z powodu następującego
błędu: %%1053
Error - 2015-06-17 07:35:50 | Computer Name = tereskadom | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą PLAY ONLINE. OUC.
Error - 2015-06-17 07:35:50 | Computer Name = tereskadom | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi PLAY ONLINE. OUC z powodu następującego
błędu: %%1053
& lt; End of report & gt;