Prośba o pomoc, wolne działanie laptopa, Coin-miner w procesach

Uruchom "OTL" i wklej do niego w pole "Własne opcje skanowania/Skrypt:

Cytat::OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct...archTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\..\URLSearchHook: {1fd54ab6-705a-47aa-a59d-6cb0d18320d8} - C:\Program Files (x86)\NicePlayer\prxtbNic0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {dbeb2e1f-d1e4-4009-a15f-81446a454cb3} - SOFTWARE\Classes\CLSID\{dbeb2e1f-d1e4-4009-a15f-81446a454cb3}\InprocServer32 File not found
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct...archTerms}
IE - HKLM\..\SearchScopes\{acdfb480-40cb-472a-a096-91f4253f1762}: "URL" = http://search.tb.ask.com/search/GGmain.j...archTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.simplespeedy.info/?l=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src...A8FE9EB76}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com/?channel=sfgb203fbdgy22
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKCU\..\URLSearchHook: {4c8f515e-a420-40bf-a10e-84d7d85c464d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\8.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {dbeb2e1f-d1e4-4009-a15f-81446a454cb3} - SOFTWARE\Classes\CLSID\{dbeb2e1f-d1e4-4009-a15f-81446a454cb3}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=W3i...archTerms}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?c...rms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm...ORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerm...DE2B88AAE0
IE - HKCU\..\SearchScopes\{5118A223-D9F5-4B64-9EBE-DC7F56A204DA}: "URL" = http://search.conduit.com/ResultsExt.asp...29931&UM=1
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://search.fbdownloader.com/search.ph...archTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct...archTerms}
IE - HKCU\..\SearchScopes\{9D27DE01-C5B3-47A2-A856-EA8B7622AAFE}: "URL" = http://www.mysearchresults.com/search?&c...archTerms}
IE - HKCU\..\SearchScopes\{acdfb480-40cb-472a-a096-91f4253f1762}: "URL" = http://search.tb.ask.com/search/GGmain.j...archTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{EE715384-8380-40BA-BEA7-58A3517300B0}: "URL" = http://search.zonealarm.com/search?src=s...er=&&r=912
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.fbdownloader.com/search.php?channel=sfgb203fbdgy22&q="
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..keyword.URL: "http://search.fbdownloader.com/search.php?channel=sfgb203fbdgy22&q="
[2014.02.02 09:01:32 | 000,002,664 | ---- | M] () -- C:\Users\Ugne\AppData\Roaming\mozilla\firefox\profiles\f7jmn1v6.default\searchplugins\Ask.xml
[2013.05.19 18:53:49 | 000,006,517 | ---- | M] () -- C:\Users\Ugne\AppData\Roaming\mozilla\firefox\profiles\f7jmn1v6.default\searchplugins\BrowserProtect​.xml
[2014.02.03 18:24:20 | 000,002,438 | ---- | M] () -- C:\Users\Ugne\AppData\Roaming\mozilla\firefox\profiles\f7jmn1v6.default\searchplugins\fbdownloader_s​earch.xml
[2014.03.24 21:54:46 | 000,000,932 | ---- | M] () -- C:\Users\Ugne\AppData\Roaming\mozilla\firefox\profiles\f7jmn1v6.default\searchplugins\search.xml
[2012.11.13 21:41:11 | 000,002,687 | ---- | M] () -- C:\Users\Ugne\AppData\Roaming\mozilla\firefox\profiles\f7jmn1v6.default\searchplugins\Search_Results​.xml
[2012.09.20 14:08:06 | 000,004,002 | ---- | M] () -- C:\Users\Ugne\AppData\Roaming\mozilla\firefox\profiles\f7jmn1v6.default\searchplugins\sweetim.xml
[2014.02.03 18:03:36 | 000,001,502 | ---- | M] () -- C:\Users\Ugne\AppData\Roaming\mozilla\firefox\profiles\f7jmn1v6.default\searchplugins\zonealarm.xml
[2014.02.02 09:01:32 | 000,002,664 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml
[2012.11.09 18:22:01 | 000,003,574 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.05.26 20:55:31 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012.11.13 21:41:11 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2 - BHO: (NicePlayer Toolbar) - {1fd54ab6-705a-47aa-a59d-6cb0d18320d8} - C:\Program Files (x86)\NicePlayer\prxtbNic0.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentControl_v12 Toolbar) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (SearchExpress EN B Toolbar) - {dbeb2e1f-d1e4-4009-a15f-81446a454cb3} - C:\Program Files (x86)\SearchExpress_EN_B\prxtbSear.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (NicePlayer Toolbar) - {1fd54ab6-705a-47aa-a59d-6cb0d18320d8} - C:\Program Files (x86)\NicePlayer\prxtbNic0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitTorrentControl_v12 Toolbar) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SearchExpress EN B Toolbar) - {dbeb2e1f-d1e4-4009-a15f-81446a454cb3} - C:\Program Files (x86)\SearchExpress_EN_B\prxtbSear.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (NicePlayer Toolbar) - {1FD54AB6-705A-47AA-A59D-6CB0D18320D8} - C:\Program Files (x86)\NicePlayer\prxtbNic0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - Startup: C:\Users\Ugne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = File not found
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/sh...wflash.cab (Reg Error: Key error.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~3\wincert\win32c~1.dll) - File not found
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll) - File not found
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll) - File not found
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

:Files
C:\Program Files (x86)\PenWes\Penwes.exe
C:\Program Files (x86)\PenWes\PenWesService.exe
C:\ProgramData\jahzinthqpzuotk

:Commands
[emptytemp]

Wykonaj skrypt,po restarcie komputera pokaż raport z usuwania.Następnie,pobierz program "ADWCleaner" i wykonaj czyszczenie jak masz opisane w tym poradniku.Po restarcie pokaż raport z czyszczenia także.Pobierz jeszcze ten program i wykonaj nim skan,pokaż raport,nic sam jeszcze nie usuwaj.