sentek70 Opublikowano 2 Maja 2014 Zgłoś Udostępnij Opublikowano 2 Maja 2014 Witam, Trafił do mnie laptop HP Pavilion dv7 z Win7 64-bit. Nie wiem co robił z nim właściciel ale jak na taki komp to działa tragicznie wolno. Odpaliłem na nim CCleaner'a i zrobiłem defragmentację dysku. Prośba o sprawdzenie logów pod kątem wolnej pracy. Pozdrawiam. FRST.txt Addition.txt Shortcut.txt OTL.Txt Extras.Txt Odnośnik do komentarza
picasso Opublikowano 2 Maja 2014 Zgłoś Udostępnij Opublikowano 2 Maja 2014 Temat przenoszę do działu diagnostyki infekcji. Mamy tutaj ogromne śmietnisko adware oraz przestarzały Norton Internet Security. Akcje wstępne: 1. Otwórz Notatnik i wklej w nim: () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (Akamai Technologies, Inc.) C:\Users\Kamil\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Kamil\AppData\Local\Akamai\netsession_win.exe R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] () S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-12-12] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-12-12] (BonanzaDeals) S3 ALSysIO; \??\C:\Users\Kamil\AppData\Local\Temp\ALSysIO64.sys [X] S3 dump_wmimmc; \??\C:\AeriaGames\WolfTeam-PL\GameGuard\dump_wmimmc.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 X6va007; \??\C:\Users\Kamil\AppData\Local\Temp\0074C7A.tmp [X] S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X] HKU\S-1-5-21-4004612957-2434042554-4162887488-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Kamil\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-4004612957-2434042554-4162887488-1002\...\Run: [backgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Kamil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] () AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found AppInit_DLLs-x32: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll [3618304 2013-11-18] () HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3031607&CUI=UN36657972239928124 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66019 HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.crawler.com/homepage.aspx?tbid=66019 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=8205CC52AF0CA0F9&affID=123627&tsp=4977 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyC0FyDtCtDtB0FtDyCtN0D0Tzu0CtBtBzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1843585367 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchannel.info/?pid=356&r=2013/07/15&hid=4116392465&lg=EN&cc=PL&unqvl=24 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKLM-x32 - SFT_eng7 Toolbar - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - C:\Program Files (x86)\SFT_eng7\prxtbSFT1.dll (Conduit Ltd.) URLSearchHook: HKLM-x32 - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.) URLSearchHook: HKCU - (No Name) - {0b1be383-efa8-44d5-a7c2-9a39594575a1} - No File URLSearchHook: HKCU - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File URLSearchHook: HKCU - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File URLSearchHook: HKCU - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.) URLSearchHook: HKCU - SFT_eng7 Toolbar - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - C:\Program Files (x86)\SFT_eng7\prxtbSFT1.dll (Conduit Ltd.) URLSearchHook: HKCU - (No Name) - {8F3C1D75-D467-43C2-9A36-655366B76F5F} - No File URLSearchHook: HKCU - (No Name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyC0FyDtCtDtB0FtDyCtN0D0Tzu0CtBtBzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1843585367 SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyC0FyDtCtDtB0FtDyCtN0D0Tzu0CtBtBzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1843585367 SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {48146AB2-C20C-FAFF-6300-342C04894EFD} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={F783AE69-A1B9-41CD-A3F8-A4680576D4FA} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031818 SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchannel.info/?l=1&q={searchTerms}&pid=356&r=2013/07/15&hid=4116392465&lg=EN&cc=PL&unqvl=24 SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyC0FyDtCtDtB0FtDyCtN0D0Tzu0CtBtBzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1843585367 SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8205CC52AF0CA0F9&affID=123627&tsp=4977 SearchScopes: HKCU - Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8205CC52AF0CA0F9&affID=123627&tsp=4977 SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=66019 SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKCU - {48146AB2-C20C-FAFF-6300-342C04894EFD} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={F783AE69-A1B9-41CD-A3F8-A4680576D4FA} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchannel.info/?l=1&q={searchTerms}&pid=356&r=2013/07/15&hid=4116392465&lg=EN&cc=PL&unqvl=24 SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541439576545498 SearchScopes: HKCU - {DC5E4BA6-DF9A-4B50-8793-F2E1E86AE7ED} URL = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=8E&apn_dtid=YYYYYYM3PL&apn_uid=533CC4A5-0CC9-4545-ACBF-0D7BC30F7F90&apn_sauid=F737CFDB-CD73-4C38-B3E8-FA25E5BA22F2 SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyC0FyDtCtDtB0FtDyCtN0D0Tzu0CtBtBzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1843585367 BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: SFT_eng7 Toolbar - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - C:\Program Files (x86)\SFT_eng7\prxtbSFT1.dll (Conduit Ltd.) BHO-x32: SearchNewTab - {5D86AEED-4901-3F66-15F9-16DD3C0DC49A} - C:\ProgramData\SearchNewTab\51e3c57f0fbb2.dll () BHO-x32: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.) BHO-x32: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) BHO-x32: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) BHO-x32: saafE ssaVVe - {F55BBBC2-9184-D971-498B-6E35789043CC} - C:\ProgramData\saafE ssaVVe\51e3c5714ef0e.dll () BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) Toolbar: HKLM-x32 - SFT_eng7 Toolbar - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - C:\Program Files (x86)\SFT_eng7\prxtbSFT1.dll (Conduit Ltd.) Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) Toolbar: HKLM-x32 - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - No File Toolbar: HKCU - No Name - {8F3C1D75-D467-43C2-9A36-655366B76F5F} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File Toolbar: HKCU - No Name - {0B1BE383-EFA8-44D5-A7C2-9A39594575A1} - No File Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Kamil\AppData\Local\funmoods.crx [2012-08-15] CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Kamil\AppData\Local\funmoods-speeddial.crx [2012-08-15] CHR HKCU\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Kamil\AppData\Local\funmoods.crx [2012-08-15] CHR HKCU\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Kamil\AppData\Local\funmoods-speeddial.crx [2012-08-15] CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Kamil\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26] CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2011-08-14] CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Kamil\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17] CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Kamil\AppData\Local\funmoods.crx [2012-08-15] CHR HKLM-x32\...\Chrome\Extension: [bcbmkfppgaodmedidlnmaejnfbjgegfb] - C:\Users\Kamil\AppData\Local\Temp\ccex.crx [2012-08-15] CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\serach.crx [2012-08-15] CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Kamil\AppData\Local\funmoods-speeddial.crx [2012-08-15] CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx [2012-08-15] CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Kamil\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26] CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2011-08-14] CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-03-12] CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2012-07-17] CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2012-10-02] CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Kamil\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17] CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx [2012-04-17] Task: {05833640-FF70-42FC-9C99-0EB6FAEB4B75} - System32\Tasks\{23B33F0C-60D8-452A-9AC8-E1E20384E0DB} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {067D29A1-778E-40DB-9F1A-3E1827522049} - System32\Tasks\{893CD080-2C13-4652-8DE2-E0AAF2399D72} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {06B50A54-D0C8-4AD2-B4DA-DFA4F7CCA6A4} - System32\Tasks\{34495EE6-3246-417C-A960-43C2FE20C11F} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {08B7FCBF-5F16-4F12-A0D3-A1AE5D85739A} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-12-12] (BonanzaDeals) Task: {094E46B3-D425-489C-9F36-A52BB22000F1} - System32\Tasks\{FD9569EC-4A01-4B41-A18A-EEB2BA98C992} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {1764B151-2C49-4FC8-9D7E-ED32CA9DEFDD} - System32\Tasks\{483B261A-4C71-448F-9655-C3FC271278FC} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {20FF7F9E-2410-4E79-89B7-70DE64B0A018} - System32\Tasks\{0E249FEE-4810-45F5-A71F-034819F9B5CB} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {2A010D0B-CC84-4F7C-8913-075EE918EA9B} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-12-12] (BonanzaDeals) Task: {2F0DEA7C-6689-42DC-B483-ADA62F5B3C72} - System32\Tasks\{BA7E7207-476E-4DA1-8F8D-40253C9BEE45} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {317BA980-DC92-4B47-908C-3A7F26BB96BA} - System32\Tasks\{7A77044C-2528-47B6-9BBB-C6F42B4B7ACE} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {34DDFDCA-E14E-4A16-BD67-C40987B52CA0} - System32\Tasks\{67E14771-44F7-4163-A9C3-CE499FD2CEC6} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {34FF8A1E-A337-483A-BAE6-9477D2F27733} - System32\Tasks\{09B13C84-B051-4627-A1FA-20CC654A98E7} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {37EDC935-D218-47B8-98D1-2645EFB2F3F0} - System32\Tasks\{1FADEBBB-1F6E-4AF4-AD73-A62BE5AC8BE4} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {38B69EB7-1348-485D-8344-4570E89A457E} - System32\Tasks\{21067B93-6C19-4625-A9A8-8429CB9B0BE1} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {3DFEB094-E46F-4B4B-A832-A8ACF8D21420} - System32\Tasks\{509EC5B8-44BA-4B2C-A9E9-86B27D44DEDE} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {403FCDE9-E2FA-4FEF-AC55-E3A48ABCB33A} - System32\Tasks\{93F05A31-0661-4163-9B7C-2A4D38D3F9CA} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {45595F55-4754-435F-9D7C-D1406A73A1B4} - System32\Tasks\{ED0D62DF-F38F-4B61-A5F0-8004C4150978} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {51A3D366-8AC0-42D0-9DFB-57B963EF2DD3} - System32\Tasks\{F057FAA9-1DFF-4B1D-8C2A-61DD9027433C} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {574ED724-7CD3-4166-A3C6-3123576FE422} - System32\Tasks\{E396B9D5-4E92-4C51-87BA-936282F2933D} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {58184A59-6FB0-4CAA-BFCF-D91C6C0AA7EE} - System32\Tasks\{3982679F-2137-4D9E-8A5E-E7633BCF15BB} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {5A0B87FC-AAC6-4F8A-A363-33111DA42D87} - System32\Tasks\{45903F58-F9B2-43B4-A4D9-DEFE3461CF12} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {5AF03A46-D844-411D-AD60-6CF5E5EEFE4C} - System32\Tasks\{34E16D11-20F4-4BE1-93E2-F72937504A43} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {5FB956A0-38C0-4B88-88D5-AA303CEE355C} - System32\Tasks\{0E1511D2-7625-4F83-BBF4-76F7A02486BB} => C:\Users\Kamil\Desktop\League of Legends\lol.launcher.admin.exe Task: {62D7AE99-7654-4977-835D-3840AF463EB8} - System32\Tasks\{8C3CD98B-D1DE-4A32-BD4E-8A11571ACE08} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {63724774-AF37-42D0-9FD3-7339F3A5FF24} - System32\Tasks\{2E06BF70-5AEE-426A-A906-52CB14925D5E} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {6472557C-DA6B-4808-ABDF-D6D8E4535D36} - System32\Tasks\{A2B1DAF2-487F-497A-B431-21288B4539F6} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {65E8A5A2-35F3-4C8D-B085-7F8499A9B151} - System32\Tasks\{31F2631B-C0D1-4C58-B059-BB4C48F6CD0A} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {677F9ED2-C878-4C90-AE53-5E59DD05C47B} - System32\Tasks\{EA125673-E5EF-4563-9B18-59D4E161D027} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {70F48D1A-A2F1-41D7-93CB-9F7EC95E9B84} - System32\Tasks\DealPly => C:\Users\Kamil\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-02-11] () Task: {77063089-B1F6-42FC-888F-B795F8B7743D} - System32\Tasks\{D0696ACB-B926-4933-BC11-4D95FA476A50} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {77C428F0-54A8-4AAE-9BF8-FFCF0AFF209B} - System32\Tasks\{96F125C8-EF75-422E-B591-24A96C78E326} => Firefox.exe http://ui.skype.com/ui/0/4.2.0.155.161/pl/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {79EA8F65-2B4C-414E-B9BE-66924A964DCF} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Kamil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun Task: {7AA488DD-2950-4175-A82D-E004E20A9045} - System32\Tasks\BonanzaDealsUpdate => C:\Program Task: {8017D989-21DC-4FAD-A5FC-9EB19DA84D30} - System32\Tasks\{073D24C4-65D6-4E31-8AB4-B02A53443D38} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {870FD5A0-16E7-4362-A118-E7F18B681B16} - System32\Tasks\{3797D4F9-3482-41CD-9759-6F2F0C3E91FA} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {8A817A0F-CCFE-4A67-865E-45F9FD9F2729} - System32\Tasks\{C3A4A0A7-49AE-4ADF-B9A3-F410BB72769D} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {A3ACA301-E8BF-4F6C-98D1-3C41A6A49D08} - System32\Tasks\{300DF856-FFE9-4E29-BF99-235F64F4469B} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {A549191C-2430-4BE4-B13E-56534C086A6A} - System32\Tasks\{0F3F8CAD-6583-4950-ABD4-7D47C57FE727} => C:\Users\Kamil\Desktop\League of Legends\lol.launcher.admin.exe Task: {AA0C6FAF-0A3B-4D0E-ACFA-AAAD071CDB72} - System32\Tasks\{CE8223AC-A30F-44B7-9CE5-ECC359FEFD78} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {AA60BE16-F3A0-406E-807E-E6727C839E7F} - System32\Tasks\BitGuard => Sc.exe start BitGuard Task: {B40A8724-90E2-4949-88CA-81E19BBFA4F9} - System32\Tasks\bProtector => Sc.exe start bProtector Task: {B5D94426-C417-4F6B-866D-B28BF5FBBF48} - System32\Tasks\{909190A1-9E8E-4D1F-96C6-8C12D0167C21} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {B8924651-9AA4-4887-8E31-AD55EE2FE725} - System32\Tasks\{FC4FFC05-DEEB-4BEC-83F1-C2E4E4EA018E} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {C4239F52-6B70-4EE3-A2C6-56B4EBC31F91} - System32\Tasks\{84B8A8BA-9BB6-4C4C-AA05-E15CEE93291E} => C:\Users\Kamil\Downloads\pandoraMT2 yanghack.exe Task: {D0B81601-5A6B-4134-8F61-D10FEF739E80} - System32\Tasks\{3FE9712A-0375-48B7-B1D2-FBD5715648F0} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {D9BF7FFE-33A6-43CB-9E95-3EB1FC6B9332} - System32\Tasks\{F2A13E7D-933F-4A18-A1C8-5EB5379ADFC4} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {E12FD004-D023-4F61-9ECA-BE9C13C6B9E3} - System32\Tasks\{ABBCD216-4A29-4E0B-BB94-D85CEEEEAD91} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: {EE613397-FF68-437E-A420-DEEEDF3A5E31} - System32\Tasks\{E02F5F7E-7C65-41D1-9E32-0E044D63E876} => Firefox.exe http://ui.skype.com/ui/0/4.2.0.155.161/pl/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {EED9FD7D-663A-4B29-8E93-BC56146F6A3C} - System32\Tasks\{06EC7120-88B2-42CF-8CD7-F24B6ED62038} => C:\Users\Kamil\Desktop\Minecraft.exe [2013-07-16] () Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 C:\Program Files (x86)\mozilla firefox C:\Users\Kamil\AppData\Local\CRE C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\External Extensions C:\Users\Kamil\AppData\Local\Mozilla C:\Users\Kamil\AppData\Roaming\Babylon C:\Users\Kamil\AppData\Roaming\eType C:\Users\Kamil\AppData\Roaming\File Scout C:\Users\Kamil\AppData\Roaming\Mozilla C:\Users\Kamil\AppData\Roaming\OpenCandy C:\Users\Kamil\AppData\Roaming\PerformerSoft C:\Users\Kamil\AppData\Roaming\_MDLogs Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f CMD: netsh advfirewall reset Reboot: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. System zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 2. Napraw specjalny skrót Internet Explorer (utrata specjalnego atrybutu): Shortcut: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) W pasku adresów eksploratora wklej ścieżkę C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools i ENTER. Prawoklik na zlokalizowany tam skrót Internet explorer (bez dodatków) > Właściwości > w polu Element docelowy po ścieżce "C:\Program Files (x86)\Internet Explorer\iexplore.exe" dopisz dwie spacje i -extoff 3. Przez Panel sterowania odinstaluj: - Adware: BitGuard, Bonanza Deals, DealPly, DefaultTab Chrome, FoxTab FLV Player, Funmoods Web Search, Qtrax Player, saafE ssaVVe, SafeSaver 1.74, Search Assistant WebSearch 1.74, SearchNewTab, SFT_eng7 Toolbar, Update_DealPly, Updater Service, XfireXO Toolbar, Yontoo 1.10.02. - Stare aplikacje i zbędniki: Adobe Flash Player 10 ActiveX, Adobe Flash Player 10 Plugin, Adobe Reader 9.3, Adobe Shockwave Player 11.5, Adobe Shockwave Player 12.0, Akamai NetSession Interface, Java 7 Update 5, Norton Internet Security 4. Wyczyść Google Chrome: Ustawienia > karta Rozszerzenia > odinstaluj wszystkie widoczne rozszerzenia z wyjątkiem Battlefield, Skype, Website Logon Ustawienia > karta Ustawienia > Po uruchomieniu > usuń adres delta-search.com, przestaw na "Otwórz stronę nowej karty" Ustawienia > karta Ustawienia > Wygląd i zaznacz "Pokaż przycisk strony startowej" > klik w Zmień i usuń adres delta-search.com Ustawienia > karta Ustawienia > sekcja Wyszukiwanie > klik w Zarządzanie wyszukiwarkami > skasuj z listy niedomyślne śmieci (o ile będą). Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Zresetuj ustawienia przeglądarki. Zakładki i hasła nie zostaną naruszone. Ustawienia > karta Historia > wyczyść Zresetuj cache wtyczek. W pasku adresów wpisz chrome://plugins i ENTER. Na liście wtyczek wybierz dowolną i kliknij Wyłącz. Następnie wtyczkę ponownie Włącz. 5. Uruchom AdwCleaner. Zastosuj Szukaj, a po tym Usuń. Powstanie folder C:\AdwCleaner z raportem z usuwania. 6. Zrób nowy log FRST z opcji Scan, zaznacz ponownie pole Addition, by powstały dwa raporty. Dołącz też plik fixlog.txt i log z AdwCleaner. Wypowiedz się czy są jakieś wyraźne zmiany. . Odnośnik do komentarza
sentek70 Opublikowano 2 Maja 2014 Autor Zgłoś Udostępnij Opublikowano 2 Maja 2014 Dziękuję za zainteresowanie tematem. Ad 1. Fixlog.txt Ad 2. Wykonane Ad 3. Nie udało się odnistalować przez panel sterowania: SFT_eng7 Toolbar, XfireXO Toolbar, Yontoo 1.10.02. Ad 4. Wykonane Ad 5. AdwCleaner[R0].txt AdwCleaner[s0].txt Ad 6. FRST.txt Addition.txt Shortcut.txt Tak, wydaje się, że jest lepiej. Odnośnik do komentarza
picasso Opublikowano 5 Maja 2014 Zgłoś Udostępnij Opublikowano 5 Maja 2014 Tak, wydaje się, że jest lepiej. Jaka jest skala poprawy: znacznie / nieznacznie? Nie udało się odnistalować przez panel sterowania: SFT_eng7 Toolbar, XfireXO Toolbar, Yontoo 1.10.02. Rozprawił się z nimi AdwCleaner. Ogólnie całościowe czyszczenie pomyślnie wykonane, idziemy dalej: 1. Drobna poprawka. Otwórz Notatnik i wklej w nim: HKU\S-1-5-21-4004612957-2434042554-4162887488-1002\...\Run: [sPMTray] => C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe C:\ProgramData\SearchNewTab C:\ProgramData\saafE ssaVVe CMD: rd /s /q C:\AdwCleaner CMD: del /q C:\Windows\SysWOW64\sqlite3.dll Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Przedstaw wynikowy fixlog.txt. 2. Zaleciłam deinstalację Akamai NetSession Interface i Java™ 7 Update 5. Te pozycje są nadal na liście zainstalowanych. Czy jest jakiś problem z ich widocznością? Proponuję też pozbyć się starego PC Tools Registry Mechanic i Magic Desktop (mniej uruchamianych procesów w starcie). ==================== Installed Programs ====================== Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Java 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools) 3. Uruchom TFC - Temp Cleaner. . Odnośnik do komentarza
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się