Skocz do zawartości

jessica

Użytkownicy
  • Postów

    4 099
  • Dołączył

  • Ostatnia wizyta

Odpowiedzi opublikowane przez jessica

  1. Otwórz Notatnik i wklej w nim:

     

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack\Uninstall.lnk
    Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1438076957&from=mych123&uid=hitachixhts547550a9e384_j2160051clnb3dclnb3dx&z=2f3c2c2782d95ff35edd241g8z8c6b9e3mcqat6q5e
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1438076957&from=mych123&uid=hitachixhts547550a9e384_j2160051clnb3dclnb3dx&z=2f3c2c2782d95ff35edd241g8z8c6b9e3mcqat6q5e
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1438076957&from=mych123&uid=hitachixhts547550a9e384_j2160051clnb3dclnb3dx&z=2f3c2c2782d95ff35edd241g8z8c6b9e3mcqat6q5e
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1438076957&from=mych123&uid=hitachixhts547550a9e384_j2160051clnb3dclnb3dx&z=2f3c2c2782d95ff35edd241g8z8c6b9e3mcqat6q5e
    HKU\S-1-5-21-1486898360-476355479-2976473103-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1438076957&from=mych123&uid=hitachixhts547550a9e384_j2160051clnb3dclnb3dx&z=2f3c2c2782d95ff35edd241g8z8c6b9e3mcqat6q5e
    HKU\S-1-5-21-1486898360-476355479-2976473103-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1438076957&from=mych123&uid=hitachixhts547550a9e384_j2160051clnb3dclnb3dx&z=2f3c2c2782d95ff35edd241g8z8c6b9e3mcqat6q5e
    SearchScopes: HKU\S-1-5-21-1486898360-476355479-2976473103-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1438076957&from=zzgbkk123&uid=hitachixhts547550a9e384_j2160051clnb3dclnb3dx&z=2f3c2c2782d95ff35edd241g8z8c6b9e3mcqat6q5e&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1486898360-476355479-2976473103-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1438076957&from=zzgbkk123&uid=hitachixhts547550a9e384_j2160051clnb3dclnb3dx&z=2f3c2c2782d95ff35edd241g8z8c6b9e3mcqat6q5e&q={searchTerms}
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson\Themes Creator\Developers Guidelines.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson\Themes Creator\License.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson\Themes Creator\Release Notes.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson\Themes Creator\Themes Creator.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson\Themes Creator\Uninstall Themes Creator.lnk
    Task: {0A171B73-F00D-4E3A-AEC1-0A0BDE1055A9} - System32\Tasks\{ED86320F-D09F-49D3-AD5F-1E39EC25332E} => pcalua.exe -a C:\Users\Wiktor\Documents\Downloads\11CT2776682_BrotherSoft_Extreme.exe -d C:\Users\Wiktor\Documents\Downloads
    Task: {0BD5E6D8-7DD2-42AC-BD5F-AA927C575869} - System32\Tasks\{44966230-F6A6-4FE9-BB36-3A7AF2F2165F} => pcalua.exe -a C:\Users\Wiktor\winlogon.exe -d C:\Windows\system32
    Task: {22F8771F-7885-4564-A176-161E8BAB8851} - System32\Tasks\{7B07745A-B478-48FC-8AFB-7CC2645A3049} => pcalua.exe -a "F:\PESEdit_2013_Patch_1.1 (Pespatchs.com)\Installer.exe" -d "F:\PESEdit_2013_Patch_1.1 (Pespatchs.com)"
    Task: {35B9A77C-CF3C-43D8-A45E-FAF9C8F2A737} - System32\Tasks\{CE35536D-B3F9-4824-A8C8-D3880D630574} => pcalua.exe -a C:\Users\Wiktor\Desktop\Nero-9.4.12.3_free.exe -d C:\Users\Wiktor\Desktop
    Task: {A919C4C2-ECB2-4845-9CE7-A489E726E3AD} - System32\Tasks\{FE502414-8EA7-4954-9588-0B0D47928667} => pcalua.exe -a D:\Autorun.exe -d D:\
    Task: {F053F6A0-D4FB-47C3-AAB2-52BEE8A8581A} - System32\Tasks\task8564579 => C:\Windows\Temp\_ex-08.exe <==== ATTENTION
    Task: {F1352F4D-22DB-4C33-9623-DD6B39B2003B} - System32\Tasks\systems => C:\Users\Wiktor\AppData\Roaming\giuo.exe
    C:\Users\Wiktor\AppData\Roaming\giuo.exe
    Task: {FA07CE1F-6F2C-4CD8-9BCD-C837BA705F99} - System32\Tasks\{E47A1EB0-47E5-46ED-9B75-B5386FAC8BC5} => pcalua.exe -a E:\Gry\NFS\setup.exe -d E:\Gry\NFS
    FF SelectedSearchEngine: delta-homes
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
    Uruchom FRST i kliknij przycisk Fix.
    Powstanie plik fixlog.txt.
    Daj ten log.

     

    Zrób nowe logi FRST - już bez Shortcut.

     

    jessi

  2. Otwórz Notatnik i wklej w nim:

     

    Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
    HKLM-x32\...\Run: [NPSStartup] => [X]
    Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Search" /f
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    C:\ProgramData\89c775be-12de-4e15-846c-6b3e6a8c39a2
    C:\ProgramData\SetStretch.VBS
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
    Uruchom FRST i kliknij przycisk Fix.

     

    Potem:

    Otwórz Notatnik i wklej w nim:

     

    DeleteQuarantine:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
    przez SHIFT+DEL usuń pozostały folder C:\FRST.

    W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

     

    jessi

  3. 1) Odinstaluj te programy:
     

    aartemis Browser Protecter (HKLM-x32\...\aartemis Browser Protecter) (Version:  - aartemis) <==== ATTENTION

    Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.17.3.0 - Ask.com) <==== ATTENTION

    AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.7.0.147 - AVG Technologies)

    DefaultTab Chrome (HKLM-x32\...\DefaultTab Chrome) (Version: 1.1.8 - Search Results, LLC) <==== ATTENTION
    Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
    Delta toolbar   (HKLM-x32\...\delta) (Version: 1.8.24.6 - Delta) <==== ATTENTION

    IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION

    Mipony Download Manager Packages (HKU\S-1-5-21-2961082090-3776339269-421426578-1002\...\Mipony Download Manager Packages) (Version:  - ) <==== ATTENTION
    Mobogenie (HKLM-x32\...\Mobogenie) (Version:  - Mobogenie.com) <==== ATTENTION

    Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION

    Przyspiesz Komputer (HKLM\...\PCSU-SL_is1) (Version: 3.2.6 - Speedchecker Limited) <==== ATTENTION

    SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION

    Update for Mipony Download Manager (HKU\S-1-5-21-2961082090-3776339269-421426578-1002\...\DSite) (Version:  - ) <==== ATTENTION

    Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC) <==== ATTENTION

     

    2) Użyj >Adw-cleaner
    najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
    Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

     

    3) Zrób nowe logi FRST.

     

    jessi

  4. W nowych logach nie widzę już niczego złego.

     

    Otwórz Notatnik i wklej w nim:

     

    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
    DeleteQuarantine:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
    Uruchom FRST i kliknij przycisk Fix.

     

    W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
     

     

    jessi

  5. Otwórz Notatnik i wklej w nim:

     

    Task: {5E537F20-43BD-4F71-9C46-93D93FD24EDE} - System32\Tasks\{0F60C72B-58AB-4C06-8D30-6A6888DCB1A1} => pcalua.exe -a J:\Dane\PROGRAMY\MUZYCZNE\APGuitarSetup.exe -d J:\Dane\PROGRAMY\MUZYCZNE
    Task: {632EB613-3079-44A5-864A-1F83D5A1387F} - System32\Tasks\{F61A924F-0FC7-458C-8194-708343B96724} => pcalua.exe -a "C:\Users\The Rockabilly Moose\Downloads\Enhancer.exe" -d "C:\Users\The Rockabilly Moose\Downloads"
    2015-07-28 08:31 - 2015-07-28 08:31 - 00161792 _____ () C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227\hnsa7A73.tmp
    2015-07-29 12:41 - 2015-07-29 12:41 - 00345600 _____ () C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227\knsu9B6F.tmp
    C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227
    HKLM-x32\...\Run: [EfficientStickyNotes] => [X]
    HKLM-x32\...\Run: [mbot_pl_014010043] => [X]
    Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
    HKU\S-1-5-21-1747537892-628935095-3018465868-1000\...\Run: [GoogleChromeAutoLaunch_F8A0231A41B14F94484E7E1578951AB8] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730&q={searchTerms}
    HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730&q={searchTerms}
    HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730
    HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730
    HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1747537892-628935095-3018465868-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730&ts=1438177238&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1747537892-628935095-3018465868-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730&ts=1438177238&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1747537892-628935095-3018465868-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730&ts=1438177238&type=default&q={searchTerms}
    BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll No File
    C:\Program Files (x86)\MiuiTab
    startMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730
    FF NewTab: chrome://quick_start/content/index.html
    FF DefaultSearchEngine: mystartsearch
    FF SelectedSearchEngine: mystartsearch
    FF Extension: Default SearchProtected  - C:\Users\The Rockabilly Moose\AppData\Roaming\Mozilla\Firefox\Profiles\jhfg7jud.default\Extensions\defsearchp@gmail.com [2015-07-29]
    FF Extension: Video DownloadHelper - C:\Users\The Rockabilly Moose\AppData\Roaming\Mozilla\Firefox\Profiles\jhfg7jud.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-07-28]
    FF Extension: DownThemAll! - C:\Users\The Rockabilly Moose\AppData\Roaming\Mozilla\Firefox\Profiles\jhfg7jud.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-07-28]
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\The Rockabilly Moose\AppData\Roaming\Mozilla\Firefox\Profiles\jhfg7jud.default\extensions\defsearchp@gmail.com
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730
    OPR Extension: (CinemaPlus-4.5vV27.07) - C:\Users\The Rockabilly Moose\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfaohpmjmhdgnjblojekjlnadhehiadj [2015-07-28]
    OPR Extension: (No Name) - C:\Users\The Rockabilly Moose\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-07-28]
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe http://www.mystartsearch.com/?type=sc&ts=1438177176&z=022c145103d2732ebe041deg2zacab8gdmamagbo7m&from=cmi&uid=WDCXWD3200BEVT-60ZCT0_WD-WXE608N5573055730
    R2 comyninu; C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227\hnsa7A73.tmp [161792 2015-07-28] () [File not signed]
    R2 nudohidu; C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227\knsu9B6F.tmp [345600 2015-07-29] () [File not signed]
    S2 Update Dynamo Combo; "C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe" [X]
    C:\Users\The Rockabilly Moose\AppData\Roaming\AnyProtectEx
    2015-07-29 15:41 - 2015-07-29 15:41 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
    2015-07-29 15:41 - 2015-07-29 15:40 - 00613255 _____ (CMI Limited) C:\Users\The Rockabilly Moose\AppData\Local\nsh33CE.tmp
    2015-07-29 15:40 - 2015-07-29 15:46 - 00000000 ____D C:\Program Files (x86)\MiuiTab
    2015-07-29 15:40 - 2015-07-29 15:40 - 00000000 ____D C:\Program Files (x86)\FriendlyError
    2015-07-28 10:30 - 2015-07-28 10:30 - 00613255 _____ (CMI Limited) C:\Users\The Rockabilly Moose\AppData\Local\nsdE0A3.tmp
    2015-07-28 09:08 - 2015-07-28 09:08 - 00613255 _____ (CMI Limited) C:\Users\The Rockabilly Moose\AppData\Local\nsuB7A6.tmp
    2015-07-28 08:57 - 2015-07-29 12:38 - 00000000 ____D C:\Users\The Rockabilly Moose\AppData\Local\7399
    2015-07-28 08:45 - 2015-07-28 08:45 - 00000000 ____D C:\Program Files (x86)\c3245dd2-5e29-4a85-a04d-d24e48769739
    2015-07-28 08:39 - 2015-07-28 08:40 - 00000000 ____D C:\Program Files (x86)\887c491c-b997-4e7e-ac62-99d8e86cf666
    2015-07-28 08:33 - 2015-07-28 08:41 - 00000000 ____D C:\Program Files (x86)\354462ee-269d-432d-9b92-6c9970c7e435
    2015-07-28 08:33 - 2015-07-28 08:39 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-07-28 08:33 - 2015-07-28 08:33 - 00000000 ____D C:\Program Files (x86)\1e93562c-0387-45ed-b3c5-6611b6eb80f1
    2015-07-28 08:31 - 2015-07-29 13:12 - 00000000 ____D C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227
     C:\Windows\Minidump\*.dmp
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
    Uruchom FRST i kliknij przycisk Fix.
    Powstanie plik fixlog.txt.
    Daj ten log.
     

     

    Zrób nowe logi FRST.

     

    jessi

  6. EmptyTemp:

     

    Opróżnia następujące katalogi:

    • Windows Temp
    • Foldery Temp użytkowników
    • Cache, HTML5 Local Storage, Cookies i Historia IE, FF, Chrome i Opera (wyjątek: Historia FF nie jest usuwana)
    • Cache ostatnio otwieranych plików
    • Cache Flash Player
    • Cache Java
    • Cache miniatur Windows Explorer i pliki sieciowe qmgr?.dat
    • Kosz

    https://www.fixitpc.pl/topic/23904-frst-tutorial-obsługi-farbar-recovery-scan-tool/

  7. 1) Odinstaluj WordSurfer 1.10.0.19

     

    2) Użyj >Adw-cleaner
    najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
    Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

     

    3) Masz tyle śmieci, że po użyciu Adw-Cleanera zrob nowe logi FRST - zobaczymy, co jeszcze zostanie do usunięcia.

     

    jessi

  8. Drobna kosmetyka:

    Otwórz Notatnik i wklej w nim:

     

    C:\Users\Public\Desktop\Google Chrome.lnk
    Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
    S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
    Uruchom FRST i kliknij przycisk Fix.

     

    Powinno już być OK.

     

    Otwórz Notatnik i wklej w nim:

     

    DeleteQuarantine:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
    przez SHIFT+DEL usuń pozostały folder C:\FRST.

    W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

     

    jessi

  9. I czy na pewno:

    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe

    (Microsoft Corporation) C:\Windows\System32\consent.exe

     

    to od Microsoftu?

    Tak.

     

    W logach nie widzę niczego z "Razor Web Ads".

     

    Drobna kosmetyka:

    Otwórz Notatnik i wklej w nim:

     

     

    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

    Uruchom FRST i kliknij przycisk Fix.

     

    Uruchom FRST.

    W polu SEARCH wklej:

     

     

    Razor Web*.*

    kliknij na przycisk "Search Files".

    Raport z tego będzie tam, gdzie jest FRST.

     

    Uruchom FRST.

    W polu SEARCH wklej:

     

    Razor Web

    kliknij na przycisk "Search Registry".

    Raport z tego będzie tam, gdzie jest FRST.

     

    jessi

  10. HKU\S-1-5-21-570381415-172665024-2664267942-1002\...\Run: [ViStart] => C:\Users\Agnieszka Śliwa\AppData\Roaming\ViStart\ViStart.exe

    Znasz to?

     

    Otwórz Notatnik i wklej w nim:

     

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1433840770&from=mych123&uid=hgstxhts541075a9e680_jd12001w11yl6a11yl6ax&z=1ff6e82b68466207b9e3c18g9z8cac9bazae2mdmfg

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1433840770&from=mych123&uid=hgstxhts541075a9e680_jd12001w11yl6a11yl6ax&z=1ff6e82b68466207b9e3c18g9z8cac9bazae2mdmfg

    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1421579734&from=cor&uid=HGSTXHTS541075A9E680_JD12001W11YL6A11YL6AX&q={searchTerms}

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1433840770&from=mych123&uid=hgstxhts541075a9e680_jd12001w11yl6a11yl6ax&z=1ff6e82b68466207b9e3c18g9z8cac9bazae2mdmfg

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1433840770&from=mych123&uid=hgstxhts541075a9e680_jd12001w11yl6a11yl6ax&z=1ff6e82b68466207b9e3c18g9z8cac9bazae2mdmfg

    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421579734&from=cor&uid=HGSTXHTS541075A9E680_JD12001W11YL6A11YL6AX&q={searchTerms}

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1433840770&from=mych123&uid=hgstxhts541075a9e680_jd12001w11yl6a11yl6ax&z=1ff6e82b68466207b9e3c18g9z8cac9bazae2mdmfg

    HKU\S-1-5-21-570381415-172665024-2664267942-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1433840770&from=mych123&uid=hgstxhts541075a9e680_jd12001w11yl6a11yl6ax&z=1ff6e82b68466207b9e3c18g9z8cac9bazae2mdmfg

    HKU\S-1-5-21-570381415-172665024-2664267942-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

    HKU\S-1-5-21-570381415-172665024-2664267942-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com/?fr=hp-avast&type=agc511

    HKU\S-1-5-21-570381415-172665024-2664267942-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/HPALL14/175

    HKU\S-1-5-21-570381415-172665024-2664267942-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1433840770&from=mych123&uid=hgstxhts541075a9e680_jd12001w11yl6a11yl6ax&z=1ff6e82b68466207b9e3c18g9z8cac9bazae2mdmfg

    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =

    SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1433840770&from=zzgbkk123&uid=hgstxhts541075a9e680_jd12001w11yl6a11yl6ax&z=1ff6e82b68466207b9e3c18g9z8cac9bazae2mdmfg&q={searchTerms}

    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1433840770&from=zzgbkk123&uid=hgstxhts541075a9e680_jd12001w11yl6a11yl6ax&z=1ff6e82b68466207b9e3c18g9z8cac9bazae2mdmfg&q={searchTerms}

    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

    SearchScopes: HKU\S-1-5-21-570381415-172665024-2664267942-1002 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1433840770&from=zzgbkk123&uid=hgstxhts541075a9e680_jd12001w11yl6a11yl6ax&z=1ff6e82b68466207b9e3c18g9z8cac9bazae2mdmfg&q={searchTerms}

    SearchScopes: HKU\S-1-5-21-570381415-172665024-2664267942-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541075A9E680_JD12001W11YL6A11YL6AX&ts=1421579782&type=default&q={searchTerms}

    SearchScopes: HKU\S-1-5-21-570381415-172665024-2664267942-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1432820694&z=e7d0d57de26ee4dc32196cagdz4c5o8b5ofe1q3t8z&from=wpm05283&uid=HGSTXHTS541075A9E680_JD12001W11YL6A11YL6AX&q={searchTerms}

    SearchScopes: HKU\S-1-5-21-570381415-172665024-2664267942-1002 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1433840770&from=zzgbkk123&uid=hgstxhts541075a9e680_jd12001w11yl6a11yl6ax&z=1ff6e82b68466207b9e3c18g9z8cac9bazae2mdmfg&q={searchTerms}

    SearchScopes: HKU\S-1-5-21-570381415-172665024-2664267942-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

    SearchScopes: HKU\S-1-5-21-570381415-172665024-2664267942-1002 -> {ABBBABFF-B355-4947-A73D-CB39C254F93F} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541075A9E680_JD12001W11YL6A11YL6AX&ts=1421579782&type=default&q={searchTerms}

    SearchScopes: HKU\S-1-5-21-570381415-172665024-2664267942-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541075A9E680_JD12001W11YL6A11YL6AX&ts=1421579782&type=default&q={searchTerms}

    FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1432820694&z=e7d0d57de26ee4dc32196cagdz4c5o8b5ofe1q3t8z&from=wpm05283&uid=HGSTXHTS541075A9E680_JD12001W11YL6A11YL6AX

    FF SelectedSearchEngine: delta-homes

    FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1432820694&z=e7d0d57de26ee4dc32196cagdz4c5o8b5ofe1q3t8z&from=wpm05283&uid=HGSTXHTS541075A9E680_JD12001W11YL6A11YL6AX

    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml [2015-05-28]

    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml [2015-01-18]

    CHR Extension: (No Name) - C:\Users\Agnieszka Śliwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanjbjffndkhfmfmajgjieopjpckpeho [2015-06-02]

    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

    S2 Update Solution Real; "C:\Program Files (x86)\Solution Real\updateSolutionReal.exe" [X]

    S2 Util Solution Real; "C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe" [X]

    Task: {23EE47A7-F2A9-477E-A28B-F71C1C584421} - System32\Tasks\{336DF296-4FDC-4D1D-BBA9-A7FFAEEDC3C1} => pcalua.exe -a "C:\Users\Agnieszka Śliwa\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=cor <==== ATTENTION

    C:\Users\Agnieszka Śliwa\AppData\Roaming\omiga-plus

    Task: {E2615DB5-50B3-4FE2-9A56-A9B1AA664FE2} - System32\Tasks\{9D20B877-CCB2-4F51-B467-EA87C7506EDB} => pcalua.exe -a F:\Uruchom.exe -d F:\

    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    CHR HKU\S-1-5-21-570381415-172665024-2664267942-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    HKU\S-1-5-21-570381415-172665024-2664267942-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

    Uruchom FRST i kliknij przycisk Fix.

    Powstanie plik fixlog.txt.

    Daj ten log.

     

    Jesli jeszcze będzie "coś nie tak", to użyjesz Adw-cleaner

    najpierw klikniesz na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to klikniesz na niego.

    Pokażesz raport z niego C:\AdwCleaner\AdwCleaner.txt

     

     

     

    CHR dev: Chrome dev build detected! <======= ATTENTION

    Odinstaluj tę dziurawą wersję Google Chrome.

    Zainstaluj stąd > http://www.google.com/chrome/

     

    Zrób nowe logi FRST

     

    jessi

  11. 1) Użyj >Adw-cleaner
    najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
    Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

     

    2) Otwórz Notatnik i wklej w nim:

     

    Task: {3A226C9A-E535-4827-B131-F8847F1AFF1C} - System32\Tasks\{2A91F260-FC85-4C8C-8B9B-F73F1967AE00} => pcalua.exe -a "C:\Program Files (x86)\Omiga Plus\eUninstall.exe" <==== ATTENTION
    C:\Program Files (x86)\Omiga Plus
    Task: {74DA4513-BCBC-44BE-9E1F-B83E6DB20166} - \AutoKMS No Task File <==== ATTENTION
    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKU\S-1-5-21-1890577046-1904970765-735041783-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    C:\Program Files (x86)\WinZipper
    C:\ProgramData\MailUpdate
    C:\Users\J\AppData\Roaming\MailUpdate
    C:\Program Files (x86)\STab
    Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
    ShortcutWithArgument: C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=1437061092&z=d2777619c898756ca0b9a52gez5c6m0ebqag6ectaw&from=wpm07163&uid=HitachiXHTS547550A9E384_J1120021CEPLRACEPLRAX
    ShortcutWithArgument: C:\Users\J\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=1437061092&z=d2777619c898756ca0b9a52gez5c6m0ebqag6ectaw&from=wpm07163&uid=HitachiXHTS547550A9E384_J1120021CEPLRACEPLRAX
    ShortcutWithArgument: C:\Users\J\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.delta-homes.com/?type=sc&ts=1437061092&z=d2777619c898756ca0b9a52gez5c6m0ebqag6ectaw&from=wpm07163&uid=HitachiXHTS547550A9E384_J1120021CEPLRACEPLRAX
    C:\ProgramData\MakeMarkerFile.exe
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
    Uruchom FRST i kliknij przycisk Fix.
    Powstanie plik fixlog.txt.
    Daj ten log.

     

    jessi

  12. W logach nie widzę niczego podejrzanego.

     

    Otwórz Notatnik i wklej w nim:

     

    Task: {CF07313A-909D-4388-9963-68634BD235E7} - \SpeechRuntimeTask No Task File <==== ATTENTION
    NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
    NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
    S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    S3 UnistoreSvc; No ImagePath
    R3 UnistoreSvc_Session2; No ImagePath
    S3 PimIndexMaintenanceSvc; No ImagePath
    R3 PimIndexMaintenanceSvc_Session2; No ImagePath
    S2 OneSyncSvc; No ImagePath
    R2 OneSyncSvc_Session2; No ImagePath
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
    Uruchom FRST i kliknij przycisk Fix.

     

    jessi

  13. Otwórz Notatnik i wklej w nim:

     

    Task: {D10EA073-929F-4705-8684-EC0C462B0FCB} - System32\Tasks\DIYGuide => c:\programdata\{0e9a21d3-bfa9-a621-0e9a-a21d3bfa874e}\insp 2014.11.15 audi a8  4.2 glowno.7z.exe <==== ATTENTION
    c:\programdata\{0e9a21d3-bfa9-a621-0e9a-a21d3bfa874e}
    GroupPolicyScripts: Group Policy detected <======= ATTENTION
    GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
    S3 ALSysIO; \??\C:\Users\Kamil\AppData\Local\Temp\ALSysIO64.sys [X]
    C:\Windows\System32\Tasks\DIYGuide
    Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
    Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
    Uruchom FRST i kliknij przycisk Fix.

     

    jessi

×
×
  • Dodaj nową pozycję...