bednar Opublikowano 10 Stycznia 2015 Zgłoś Udostępnij Opublikowano 10 Stycznia 2015 Witam Proszęo pomoc. Wczoraj komputere żony a dzisiaj dziecka tu dopiero będzie syfu. Addition.txt Extras.Txt FRST.txt OTL.Txt Shortcut.txt Odnośnik do komentarza
picasso Opublikowano 10 Stycznia 2015 Zgłoś Udostępnij Opublikowano 10 Stycznia 2015 Jest tu ogromna ilość adware zainstalowana. Działania wstępne (usuwam też puste skróty poprawnych aplikacji - wpisy typu "No file" z Shortcut): 1. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: R1 {01531192-f7ef-415f-a549-cfdb11836731}w64; C:\Windows\System32\drivers\{01531192-f7ef-415f-a549-cfdb11836731}w64.sys [61120 2014-04-24] (StdLib) R1 {03d08387-c95c-46e0-b2f8-4cd0ed929279}w64; C:\Windows\System32\drivers\{03d08387-c95c-46e0-b2f8-4cd0ed929279}w64.sys [48784 2015-01-03] (StdLib) R2 stdmfpam; C:\Program Files (x86)\HomeTab\stdmfpam.dll [67968 2015-01-04] () R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-13] (StdLib) R2 CboxUpdater; C:\Program Files (x86)\Cbox\CboxUpdater.exe [686592 2012-08-10] () [File not signed] S4 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [574464 2013-12-20] () [File not signed] S4 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-26] (globalUpdate) [File not signed] S4 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-26] (globalUpdate) [File not signed] R2 MaintainerSvc2.68.0219210; C:\ProgramData\f7d523a7-723b-4679-8c70-0e90e3053cba\maintainer.exe [123632 2015-01-05] () S2 mglupdate; C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe [131480 2014-12-03] (Maxiget Ltd.) S3 mglupdatem; C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe [131480 2014-12-03] (Maxiget Ltd.) R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV) R2 Update Surftastic; C:\Program Files (x86)\Surftastic\updateSurftastic.exe [529136 2015-01-10] () R2 Util Surftastic; C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe [529136 2015-01-10] () R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425104 2014-02-26] (Taiwan Shui Mu Chih Ching Technology Limited.) S4 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-02-26] (Cherished Technololgy LIMITED) HKLM-x32\...\Run: [tuto4pc_pl_21] => [X] HKU\S-1-5-21-1514046922-4189713046-1342366355-1002\...\Run: [Cbox] => C:\Program Files (x86)\Cbox\Cbox HKU\S-1-5-21-1514046922-4189713046-1342366355-1002\...\Run: [softonic for Windows] => C:\Users\Igor Maj\AppData\Local\Softonic\Softonic.exe [4170224 2014-04-29] (Softonic) HKU\S-1-5-21-1514046922-4189713046-1342366355-1002\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-21-1514046922-4189713046-1342366355-1002\...\Run: [GOOBZOYouTubeAccelerator] => C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe [2227048 2014-12-28] (GOOBZO) Task: {0541F8B1-3CC2-4377-8B2F-473EF9B0C5FB} - System32\Tasks\{BFA8A38A-180C-49EB-B2D3-7CFF7BFA6889} => pcalua.exe -a "C:\Program Files (x86)\Harpo\AfaSystem\Drivers\Mdac_typ (1).exe" -d "C:\Program Files (x86)\Harpo\AfaSystem\Drivers" Task: {0AEDD9B4-0F6D-4DB4-8F8A-C6AB09E50581} - System32\Tasks\FTdownloader V4.0-codedownloader => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exe [2013-07-16] (installdaddy) Task: {180B68EA-F493-4395-A2D9-6C842F138983} - System32\Tasks\BitGuard => Sc.exe start BitGuard Task: {1A73ACEF-4425-4747-BA80-1D63CC15C6FE} - System32\Tasks\3c672e99-b08d-4aa0-919b-18c7efbbe197-11 => C:\Program Files (x86)\SavePass 1.1\3c672e99-b08d-4aa0-919b-18c7efbbe197-11.exe [2014-11-26] (OB) Task: {1AC78DD3-32C0-46FE-8AE2-B6790624FEB3} - System32\Tasks\{528A6D14-F3A4-4F38-9784-34EB5F83F608} => pcalua.exe -a "D:\Harpo\AfaSystem\Drivers\Mdac_typ (2).exe" -d D:\Harpo\AfaSystem\Drivers Task: {1BC62C38-26BD-471F-AA57-3351B8A8682E} - System32\Tasks\{4C197CFF-5788-4E5E-B699-9C9491311472} => pcalua.exe -a G:\Bin\demo32.exe -d G:\Bin Task: {24BCF00A-94F1-44AE-B482-FA4AC5C6D949} - System32\Tasks\AmiUpdXp => C:\Users\Igor Maj\AppData\Local\29971\a22291.exe [2014-11-25] () Task: {2CE57A19-0867-4C26-9277-43E655966B42} - System32\Tasks\{1334D7C4-5C9C-4028-B7B4-D0EF1EA708D9} => pcalua.exe -a G:\DirectX\dxsetup.exe -d G:\DirectX Task: {2DB6FB72-0B90-4EC3-8756-05041552D90F} - System32\Tasks\Installer_delay => C:\Users\Igor Maj\AppData\Local\Installer\Installdelay_5404\DCytaiesmt.exe [2014-12-28] () Task: {3164EB38-19EE-451D-9987-DA1CF17CB2F2} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-26] (globalUpdate) Task: {39DA8CC7-1D98-4AEB-88A1-C5312CE3A673} - System32\Tasks\FTdownloader V4.0-updater => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-updater.exe [2013-07-16] (installdaddy) Task: {41196206-A842-43D6-A967-A2B30297FB1B} - System32\Tasks\Digital Sites => C:\Users\IGORMA~1\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE Task: {5155326F-79E2-4B78-8F93-91364F347E8D} - System32\Tasks\846ba161-fe4b-48c4-9009-58d16debec9b => C:\Program Files (x86)\SavePass 1.1\846ba161-fe4b-48c4-9009-58d16debec9b.exe [2014-11-26] (OB) Task: {5AF43C55-C69D-4C8E-B7AE-693645B197CF} - System32\Tasks\3c672e99-b08d-4aa0-919b-18c7efbbe197-5 => C:\Program Files (x86)\SavePass 1.1\3c672e99-b08d-4aa0-919b-18c7efbbe197-5.exe [2014-11-26] (OB) Task: {5D90B0BE-9AB1-45E7-8990-FE5CD9FB1B1D} - System32\Tasks\MaxigetUpdaterTaskMachineCore => C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe [2014-12-03] (Maxiget Ltd.) Task: {65116FF2-731F-451F-AD85-DE4C7D2AD71D} - System32\Tasks\{92DAFDEB-8EAE-49AA-A3CF-F11911F7471B} => pcalua.exe -a "D:\Harpo\AfaSystem\Drivers\Mdac_typ (1).exe" -d D:\Harpo\AfaSystem\Drivers Task: {7C0481AE-927E-46AC-98E9-0627F7212F0C} - System32\Tasks\3c672e99-b08d-4aa0-919b-18c7efbbe197-2 => C:\Program Files (x86)\SavePass 1.1\3c672e99-b08d-4aa0-919b-18c7efbbe197-2.exe [2014-11-26] (OB) Task: {7EB1FC43-70A2-46A8-9E53-DBC491676B51} - System32\Tasks\EPUpdater => C:\Users\IGORMA~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe Task: {848F2B8A-73C2-4A96-BD7C-477B0C648281} - System32\Tasks\{C61242D6-C018-4765-8ACC-95B3BF6D4B14} => pcalua.exe -a "C:\Users\Igor Maj\Desktop\plik\Pliki\Ivona_Demo-1.0\TesterSAPI.exe" Task: {96DA626F-D5BF-4B19-9CE9-5181DB31D10E} - System32\Tasks\MaxigetUpdaterTaskMachineUA => C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe [2014-12-03] (Maxiget Ltd.) Task: {9DC8EA01-4940-4B59-94FC-DA924FA00E53} - System32\Tasks\{F2C66048-8CBC-495E-8910-4C21266BBDD2} => pcalua.exe -a "C:\Program Files (x86)\Harpo\AfaSystem\Drivers\Mdac_typ (2).exe" -d "C:\Program Files (x86)\Harpo\AfaSystem\Drivers" Task: {A0BCB194-6864-4215-B2E0-D271E6588A5E} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-26] (globalUpdate) Task: {A1489EB8-B78C-46B5-9703-87C896A71E96} - System32\Tasks\{1343DAAB-32A8-4010-937F-F3E536EF1539} => pcalua.exe -a "C:\Users\Igor Maj\Desktop\plik\MinecraftZyczu.exe" -d "C:\Users\Igor Maj\Desktop\plik" Task: {A819C322-F2CB-4B48-B152-C166F379E653} - System32\Tasks\3c672e99-b08d-4aa0-919b-18c7efbbe197-5_user => C:\Program Files (x86)\SavePass 1.1\3c672e99-b08d-4aa0-919b-18c7efbbe197-5.exe [2014-11-26] (OB) Task: {D153BD6A-9A0B-4F32-A989-47D42FD7C29D} - System32\Tasks\bf56365b-b7b9-4857-8ebd-09c149107a4e => C:\Program Files (x86)\SavePass 1.1\bf56365b-b7b9-4857-8ebd-09c149107a4e.exe [2014-11-26] () Task: {D2D8A61F-15C8-4547-894A-BED62BF5D77B} - System32\Tasks\{4E9E8BF8-AE85-4EF7-9960-2955D3217A0F} => pcalua.exe -a "C:\Users\Igor Maj\Desktop\chromeinstall-7u55.vtsafe.exe" -d "C:\Users\Igor Maj\Desktop" Task: {D31580C5-F551-48D9-A525-5F372F4CFDA8} - System32\Tasks\{F8AE2302-E796-418E-88C2-BC85CBB371F5} => pcalua.exe -a "C:\Users\Igor Maj\Desktop\plik\Ivona_Demo-1.0\TesterSAPI.exe" -d "C:\Users\Igor Maj\Desktop\plik\Ivona_Demo-1.0" Task: {E786D88B-C977-4526-B79D-8C933C945F5B} - System32\Tasks\{3E5875AD-EBA3-4C5F-B034-E94600B8F092} => pcalua.exe -a E:\Uruchom.exe -d E:\ Task: {EBA9C3A1-2169-42AB-8F1B-648E348CE821} - System32\Tasks\3c672e99-b08d-4aa0-919b-18c7efbbe197-1 => C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-codedownloader.exe [2014-11-26] (OB) Task: {F15D6004-05C4-4D8D-9F55-FDB18A2E36DF} - System32\Tasks\FTdownloader V4.0-enabler => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-enabler.exe [2013-07-16] (installdaddy) Task: C:\WINDOWS\Tasks\3c672e99-b08d-4aa0-919b-18c7efbbe197-1.job => C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-codedownloader.exe Task: C:\WINDOWS\Tasks\3c672e99-b08d-4aa0-919b-18c7efbbe197-11.job => C:\Program Files (x86)\SavePass 1.1\3c672e99-b08d-4aa0-919b-18c7efbbe197-11.exe Task: C:\WINDOWS\Tasks\3c672e99-b08d-4aa0-919b-18c7efbbe197-2.job => C:\Program Files (x86)\SavePass 1.1\3c672e99-b08d-4aa0-919b-18c7efbbe197-2.exe Task: C:\WINDOWS\Tasks\3c672e99-b08d-4aa0-919b-18c7efbbe197-5.job => C:\Program Files (x86)\SavePass 1.1\3c672e99-b08d-4aa0-919b-18c7efbbe197-5.exe Task: C:\WINDOWS\Tasks\3c672e99-b08d-4aa0-919b-18c7efbbe197-5_user.job => C:\Program Files (x86)\SavePass 1.1\3c672e99-b08d-4aa0-919b-18c7efbbe197-5.exe Task: C:\WINDOWS\Tasks\846ba161-fe4b-48c4-9009-58d16debec9b.job => C:\Program Files (x86)\SavePass 1.1\846ba161-fe4b-48c4-9009-58d16debec9b.exe Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\Igor Maj\AppData\Local\29971\a22291.exe Task: C:\WINDOWS\Tasks\bf56365b-b7b9-4857-8ebd-09c149107a4e.job => C:\Program Files (x86)\SavePass 1.1\bf56365b-b7b9-4857-8ebd-09c149107a4e.exe Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\IGORMA~1\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE Task: C:\WINDOWS\Tasks\FTdownloader V4.0-codedownloader.job => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exe Task: C:\WINDOWS\Tasks\FTdownloader V4.0-enabler.job => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-enabler.exe Task: C:\WINDOWS\Tasks\FTdownloader V4.0-updater.job => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-updater.exe Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\MaxigetUpdaterTaskMachineCore.job => C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe Task: C:\WINDOWS\Tasks\MaxigetUpdaterTaskMachineUA.job => C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe Startup: C:\Users\Igor Maj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk GroupPolicy: Group Policy on Chrome detected GroupPolicyUsers\S-1-5-21-1514046922-4189713046-1342366355-1003\User: Group Policy restriction detected GroupPolicyUsers\S-1-5-21-1514046922-4189713046-1342366355-1002\User: Group Policy restriction detected CHR HKLM\SOFTWARE\Policies\Google: Policy restriction HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=WDCXWD7500BPVT-80HXZT3_WD-WX21A92N7536N7536&ts=1393411455 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1393331520&from=cor&uid=WDCXWD7500BPVT-80HXZT3_WD-WX21A92N7536N7536&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=46366&tid=6221&ver=7.0&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&st=chrome&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=WDCXWD7500BPVT-80HXZT3_WD-WX21A92N7536N7536&ts=1393411455 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1393331520&from=cor&uid=WDCXWD7500BPVT-80HXZT3_WD-WX21A92N7536N7536&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=46366&tid=6221&ver=7.0&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&st=chrome&q= HKU\S-1-5-21-1514046922-4189713046-1342366355-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=46366&tid=6221&ver=7.0&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&st=chrome&q= HKU\S-1-5-21-1514046922-4189713046-1342366355-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=WDCXWD7500BPVT-80HXZT3_WD-WX21A92N7536N7536&ts=1393411455 HKU\S-1-5-21-1514046922-4189713046-1342366355-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=46366&tid=6221&ver=7.0&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&st=chrome&q= HKU\S-1-5-21-1514046922-4189713046-1342366355-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=46366&tid=6221&ver=7.0&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&st=chrome&q= HKU\S-1-5-21-1514046922-4189713046-1342366355-1002\Software\Microsoft\Internet Explorer\Main,Search Page Before = http://search.certified-toolbar.com?si=46366&tid=6221&ver=4.0&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&st=chrome&q= HKU\S-1-5-21-1514046922-4189713046-1342366355-1002\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?babsrc=HP_ss&mntrId=4241DC85DE5D0660&affID=125266&tsp=5029 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1393331520&from=cor&uid=WDCXWD7500BPVT-80HXZT3_WD-WX21A92N7536N7536&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1393331520&from=cor&uid=WDCXWD7500BPVT-80HXZT3_WD-WX21A92N7536N7536&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = String@!@http://search.certified-toolbar.com?si=46366&st=bs&tid=6221&ver=4.0&ts=1373477512431&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD7500BPVT-80HXZT3_WD-WX21A92N7536N7536&ts=1393411455&type=default&q={searchTerms} SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = String@!@http://search.certified-toolbar.com?si=46366&st=bs&tid=6221&ver=4.8&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&q={searchTerms} SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD7500BPVT-80HXZT3_WD-WX21A92N7536N7536&ts=1393411455&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = String@!@http://search.certified-toolbar.com?si=46366&st=bs&tid=6221&ver=4.8&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&q={searchTerms} SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4241DC85DE5D0660&affID=125266&tsp=5029 SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD7500BPVT-80HXZT3_WD-WX21A92N7536N7536&ts=1393411455&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002 -> {D757399F-02A6-4C04-9AF3-3376D1176145} URL = http://www.search.ask.com/web?tpid=ORJ-V7-SAT&o=APN11461&pf=V7&p2=^BE7^OSJ000^YY^PL&gct=&itbv=12.10.6.53&apn_uid=F4AF5AA4-31F4-4EF5-9911-57725F0E8128&apn_ptnrs=BE7&apn_dtid=^OSJ000^YY^PL&apn_dbr=Maxthon.exe_0_4.4.0.3000&doi=2014-08-22&trgb=IE&q={searchTerms}&psv= BHO: SavePass 1.1 -> {11111111-1111-1111-1111-110611341129} -> C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-bho64.dll (OB) BHO: No Name -> {4F524A2D-5637-2D53-4154-7A786E7484D7} -> No File BHO: No Name -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> No File BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File BHO-x32: No Name -> {11111111-1111-1111-1111-110311551174} -> No File BHO-x32: SavePass 1.1 -> {11111111-1111-1111-1111-110611341129} -> C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-bho.dll (OB) BHO-x32: HomeTab -> {19a395c9-823b-4700-b817-396fc84ffb16} -> C:\Users\Igor Maj\AppData\Roaming\HomeTab\HomeTab.dll No File BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: No Name -> {4F524A2D-5637-2D53-4154-7A786E7484D7} -> No File BHO-x32: No Name -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> No File BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: No Name -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> No File BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File BHO-x32: No Name -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> No File BHO-x32: Surftastic 1.0.0.6 -> {c6673938-a52b-4dc6-af05-783e7e2c8b65} -> C:\Program Files (x86)\Surftastic\SurftasticBHO.dll (Surftastic) BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No File Toolbar: HKLM - No Name - {4F524A2D-5637-2D53-4154-7A786E7484D7} - No File Toolbar: HKLM-x32 - HomeTab - {19a395c9-823b-4700-b817-396fc84ffb16} - C:\Users\Igor Maj\AppData\Roaming\HomeTab\HomeTab.dll No File Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File Toolbar: HKLM-x32 - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No File Toolbar: HKLM-x32 - No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No File Toolbar: HKLM-x32 - No Name - {4F524A2D-5637-2D53-4154-7A786E7484D7} - No File Toolbar: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Igor Maj\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-02-12] CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [2013-06-26] CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-03-26] FF Plugin-x32: @omaha.maxiget.com/Maxiget Updater;version=3 -> C:\Program Files (x86)\Maxiget\Updater\70.3.29.7018\npMaxigetUpdater3.dll (Maxiget Ltd.) FF Plugin-x32: @omaha.maxiget.com/Maxiget Updater;version=9 -> C:\Program Files (x86)\Maxiget\Updater\70.3.29.7018\npMaxigetUpdater3.dll (Maxiget Ltd.) FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Igor Maj\AppData\Roaming\Mozilla\Firefox\Profiles\yllgnxvt.default\extensions\quick_start@gmail.com FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK CustomCLSID: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File CustomCLSID: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Igor Maj\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Igor Maj\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File CustomCLSID: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File CustomCLSID: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll No File CustomCLSID: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Igor Maj\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll No File CustomCLSID: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File CustomCLSID: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Igor Maj\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File C:\AVScanner.ini C:\Program Files (x86)\SN_x64.Booster C:\Program Files (x86)\SN.Booster C:\Program Files (x86)\FTDownloader.com C:\Program Files (x86)\globalUpdate C:\Program Files (x86)\HomeTab C:\Program Files (x86)\Mobogenie C:\Program Files (x86)\YouTube Accelerator C:\ProgramData\f7d523a7-723b-4679-8c70-0e90e3053cba C:\ProgramData\IePluginService C:\ProgramData\save net C:\ProgramData\Temp C:\ProgramData\WPM C:\ProgramData\YTAHelper C:\ProgramData\YoutubeAdblocker C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alex Gordon C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cbox C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Feelers C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaxiGet C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaxiGet Software Manager C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper C:\Users\Gość\AppData\Roaming\Maxthon3 C:\Users\Igor Maj\AppData\Local\DM C:\Users\Igor Maj\AppData\Local\globalUpdate C:\Users\Igor Maj\AppData\Local\Mobogenie C:\Users\Igor Maj\AppData\Local\OpenFM C:\Users\Igor Maj\AppData\Roaming\my_intel.sys C:\Users\Igor Maj\AppData\Roaming\sp_data.sys C:\Users\Igor Maj\AppData\Roaming\(3C-C2-43-71-C2-42) C:\Users\Igor Maj\AppData\Roaming\(A0-E4-53-CE-90-74) C:\Users\Igor Maj\AppData\Roaming\(BC-B1-F3-95-8C-49) C:\Users\Igor Maj\AppData\Roaming\0F1F1C2Y1H1P1C0I0T C:\Users\Igor Maj\AppData\Roaming\B1Toolbar C:\Users\Igor Maj\AppData\Roaming\DefaultTab C:\Users\Igor Maj\AppData\Roaming\DigitalSite C:\Users\Igor Maj\AppData\Roaming\DigitalSites C:\Users\Igor Maj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk C:\Users\Igor Maj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk C:\Users\Igor Maj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker C:\Users\Igor Maj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com C:\Users\Igor Maj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie C:\Users\Igor Maj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softonic C:\Users\Igor Maj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLink Kai C:\Users\Igor Maj\AppData\Roaming\OpenFM C:\Users\Igor Maj\AppData\Roaming\systweak C:\Users\Igor Maj\AppData\Roaming\Thinstall C:\Users\Igor Maj\Desktop\plik\Apps (2).lnk C:\Users\Igor Maj\Desktop\plik\BitTorrent.lnk C:\Users\Igor Maj\Desktop\plik\Camtasia Studio 8.lnk C:\Users\Igor Maj\Desktop\plik\Cbox.lnk C:\Users\Igor Maj\Desktop\plik\Configure VO Package.lnk C:\Users\Igor Maj\Desktop\plik\Continue *.lnk C:\Users\Igor Maj\Desktop\plik\DAEMON Tools Lite.lnk C:\Users\Igor Maj\Desktop\plik\DownLite*.lnk C:\Users\Igor Maj\Desktop\plik\EA Sports FIFA World.lnk C:\Users\Igor Maj\Desktop\plik\EZDownloader.lnk C:\Users\Igor Maj\Desktop\plik\FaceRig.exe.lnk C:\Users\Igor Maj\Desktop\plik\FTDownloader.lnk C:\Users\Igor Maj\Desktop\plik\iLivid.lnk C:\Users\Igor Maj\Desktop\plik\Kontynuuj instalację Minecraft Skin Viewer.lnk C:\Users\Igor Maj\Desktop\plik\Maxthon Cloud Browser.lnk C:\Users\Igor Maj\Desktop\plik\MinecraftZyczu (3).lnk C:\Users\Igor Maj\Desktop\plik\Mobogenie.lnk C:\Users\Igor Maj\Desktop\plik\Nr 1 Klątwa Gryziwąsa.lnk C:\Users\Igor Maj\Desktop\plik\Odkurzacz.lnk C:\Users\Igor Maj\Desktop\plik\Pou*.lnk C:\Users\Igor Maj\Desktop\plik\Rockstar Games Social Club.lnk C:\Users\Igor Maj\Desktop\plik\save2pc Light.lnk C:\Users\Igor Maj\Desktop\plik\Softonic*.lnk C:\Users\Igor Maj\Desktop\plik\Source Dedicated Server.lnk C:\Users\Igor Maj\Desktop\plik\The Sims™ 2 Dla początkujących.lnk C:\Users\Igor Maj\Desktop\plik\The Sims™ 3.lnk C:\Users\Igor Maj\Desktop\plik\www.softonic.url C:\Users\Igor Maj\Desktop\plik\INTERNET\Maxthon Cloud Browser.lnk C:\Users\Igor Maj\Desktop\plik\Nowy folder\Camtasia Studio 8.lnk C:\Users\Igor Maj\Desktop\plik\Nowy folder\char — skrót.lnk C:\Users\Igor Maj\Desktop\plik\Nowy folder\McAfee Security Scan Plus.lnk C:\Users\Igor Maj\Desktop\plik\Nowy folder\Nero 2014.lnk C:\Users\Igor Maj\Desktop\plik\Nowy folder\Softonic.lnk C:\Users\Igor Maj\Desktop\plik\Nowy folder\śmieszne zdjęcia\2013-12-02_18.49.30 — skrót.lnk C:\Users\Igor Maj\Desktop\plik\minecraft do kopiowania\MinecraftZyczu — skrót.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\Apps.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\Continue *.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\McAfee Security Scan Plus.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\MiPony.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\Softonic*.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\Start BlueStacks.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\do pendrive\the sims 3\The Sims 3 + Patch 1.15.34 + Crack — skrót.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\do pendrive\postacie do minecraft\char (2) — skrót.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\do pendrive\postacie do minecraft\char — skrót.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\do pendrive\postacie do minecraft\PolandCreeper — skrót.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\do pendrive\postacie do minecraft\zombie (2) — skrót.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\do pendrive\postacie do minecraft\zombie — skrót.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\gry\Angry Birds.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\gry\Garrys Mod.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\gry\Kurczaki Piraci.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\gry\Matematyka dla dzieci.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\gry\UEFA EURO 2012.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\thumbs\Alex Gordon.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\thumbs\Euro Truck Simulator 2.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\thumbs\Feelers.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\thumbs\Goat Simulator.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\thumbs\Szkoła podstawowa klasa 4 - Tajemnice przyrody.lnk C:\Users\Igor Maj\Desktop\plik\tapeta\Apps.lnk C:\Users\Igor Maj\Desktop\plik\tapeta\Start BlueStacks.lnk C:\Users\Igor Maj\Desktop\plik\thumbs\Multimedia Fusion Developer 2 C:\Users\Igor Maj\Desktop\Zabezpieczony Plik\Private\Evrsoft First Page 2006.lnk C:\Users\Igor Maj\Desktop\Zabezpieczony Plik\Private\Google Earth.lnk C:\Users\Igor Maj\Desktop\Zabezpieczony Plik\Private\OpenFM.lnk C:\Users\Igor Maj\Desktop\Zabezpieczony Plik\Private\Nowy folder (2)\Maxthon Cloud Browser.lnk C:\Users\Igor Maj\Desktop\Zabezpieczony Plik\Private\AfaSystem (1)\AfaSystem *.lnk C:\Users\Igor Maj\Documents\Fax\Euro Truck Simulator 2\music\Baauer - harlem Snake — skrót.lnk C:\Users\Igor Maj\Documents\Euro Truck Simulator 2\music\Baauer - harlem Snake — skrót.lnk C:\Users\Public\Documents\GOOBZO C:\Users\Public\Documents\YTAHelper C:\Users\Rodzice\Desktop\Nowy folder\Matematyka dla dzieci.lnk C:\Users\Rodzice\Desktop\Nowy folder\Tajemnicza Wyspa.lnk C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avant Browser.lnk C:\Users\UpdatusUser\Desktop\*.lnk C:\Windows\System32\drivers\{01531192-f7ef-415f-a549-cfdb11836731}w64.sys C:\Windows\System32\drivers\{03d08387-c95c-46e0-b2f8-4cd0ed929279}w64.sys C:\Windows\System32\drivers\wStLibG64.sys Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v "McAfee Security Scan Plus.lnk" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "BlueStacks Agent" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v TornTvDownloader.lnk /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Cbox /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Softonic for Windows" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SpeedUpMyComputer /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "TornTv Downloader" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v WinnerDM /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v GOOBZOYouTubeAccelerator /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 2. Przez Panel sterowania odinstaluj: - Adware: Ask Shopping Toolbar, Ask Toolbar, BitGuard, Bundled software uninstaller, Cbox, Delta Chrome Toolbar, DownLite, EZDownloader, FilesFrog Update Checker, iLivid, KMP Service, Lollipop, MaxiGet Software Manager, Minecraft Packages, SavePass 1.1, SN.Sustainer 1.80, Softonic for Windows, Software Version Updater, SupTab, Surftastic, sweet-page uninstaller, VO Package, WinZipper. - Stare wersje i zbędniki firmowe: Adobe Reader X (10.1.10) MUI, ASUS WebStorage Sync Agent, Bing Bar, Java 7 Update 67, Java 8 Update 5, Java 7 Update 3. Jeśli coś nie będzie widoczne lub nie będzie się chciało odinstalować, po prostu kontynuuj do dalszych obiektów. Uruchom narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście wpis Shared C Run-time for x64 (odpadek po McAfee) > Dalej 3. Wyczyść Firefox: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox. Zakładki i hasła nie zostaną naruszone. 4. W Google Chrome: Ustawienia > Osoby > skasuj nieużywany profil zaprawiony adware. 4. Zrób nowy log FRST z opcji Scan, zaznacz ponownie pola Addition i Shortcut. Dołącz też plik fixlog.txt. Odnośnik do komentarza
bednar Opublikowano 10 Stycznia 2015 Autor Zgłoś Udostępnij Opublikowano 10 Stycznia 2015 Młody jest zdolny. Nie mogłem odinstalować: Lollipop, SN.Sustainer 1.80/ Narzędzie Microsoftu też nie chce się uruchomić problem. Przeglądarki zresetowane a pliki dołączone. Addition.txt Fixlog.txt FRST.txt Shortcut.txt Odnośnik do komentarza
picasso Opublikowano 14 Stycznia 2015 Zgłoś Udostępnij Opublikowano 14 Stycznia 2015 Lollipop i SN.Sustainer 1.80 dokończę ręcznie. Jaki jest problem z narzędziem Microsoftu? Poprawki: 1. Zadałam operację: W Google Chrome: Ustawienia > Osoby > skasuj nieużywany profil zaprawiony adware. Chodziło o profil o nazwie "Domyślny": Chrome: ======= CHR Profile: C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (savve net) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default\Extensions\gankhfboiaaibmeonaimkaghepaolbml [2014-08-24] CHR Extension: (YoutubeAdblocker) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhelllenlhpkgmjmffnlliinikejnmdl [2014-08-24] CHR Extension: (Surftastic) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkbhmdcccmdakmgaaejjjgllahmljpge [2014-11-26] CHR Extension: (Cut and Paste) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2014-08-24] CHR Extension: (Widget context) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-04-18] CHR Profile: C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Profile 4 CHR Extension: (Angry Birds) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-21] CHR Extension: (Google Wallet) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09] Natomiast Ty skasowałeś profil powiązany z katalogiem "Profile 4" i obecnie jest "Profile 7": Chrome: ======= CHR Profile: C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (savve net) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default\Extensions\gankhfboiaaibmeonaimkaghepaolbml [2014-08-24] CHR Extension: (YoutubeAdblocker) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhelllenlhpkgmjmffnlliinikejnmdl [2014-08-24] CHR Extension: (Surftastic) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkbhmdcccmdakmgaaejjjgllahmljpge [2014-11-26] CHR Extension: (Cut and Paste) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2014-08-24] CHR Extension: (Widget context) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-04-18] CHR Profile: C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Profile 7 CHR Extension: (Docs) - C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-10] Sprawdź ponownie czy jesteś w stanie usunąć ten pierwszy profil z poziomu opcji Google. Jeśli nie, i tak go wykończy mój skrypt poniżej. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: S2 stdmfpam; \??\C:\Program Files (x86)\HomeTab\stdmfpam.dll [X] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\Program Files (x86)\DefaultTab C:\Program Files (x86)\Java C:\Program Files (x86)\SupTab C:\Program Files (x86)\Surftastic C:\Program Files (x86)\WinZipper C:\ProgramData\InstallMate C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grupa IMAGE\Skrzyżowania\Deinstalacja programu Skrzyżowania.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grupa IMAGE\Skrzyżowania\Skrzyżowania.lnk C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data\Default C:\Users\Igor Maj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Garrys Mod.lnk C:\Users\Igor Maj\AppData\Roaming\sweet-page C:\Users\Igor Maj\Desktop\plik\Adobe Reader X*.lnk C:\Users\Igor Maj\Desktop\plik\Registry Washer.lnk C:\Users\Igor Maj\Desktop\plik\Pliki\gry\Play League of Legends.lnk C:\Users\Igor Maj\Desktop\plik\ulubione\WebStorage Sync Agent.lnk C:\Users\Igor Maj\Desktop\plik\ASUS\Business tool\Adobe Reader X.lnk C:\WINDOWS\SysWOW64\AI_RecycleBin Reg: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "C:\Windows\system32\nvinitx.dll" /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0} /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_04192045 /f Reg: reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s Folder: C:\Users\Igor Maj\AppData\Roaming\Opera Software\Opera Stable\Extensions CMD: type "C:\Users\Igor Maj\AppData\Roaming\Opera Software\Opera Stable\Preferences" CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a C:\ProgramData CMD: dir /a "C:\Users\Igor Maj\AppData\Local" CMD: dir /a "C:\Users\Igor Maj\AppData\Local\Google\Chrome\User Data" CMD: dir /a "C:\Users\Igor Maj\AppData\LocalLow" CMD: dir /a "C:\Users\Igor Maj\AppData\Roaming" EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart. Powstanie kolejny plik fixlog.txt. 3. Zrób nowe logi: - FRST z opcji Scan (bez Addition i Shortcut). - Uruchom Zoek > More Options > jako jedyną opcję zaznacz Installer List > Run Script. Dołącz też plik fixlog.txt. Odnośnik do komentarza
bednar Opublikowano 14 Stycznia 2015 Autor Zgłoś Udostępnij Opublikowano 14 Stycznia 2015 Przyznaję się bez bicia, że mając trochę czasu wolnego ręcznie i monotonnie usuwałem programy przez dodaj/usuń które wydawały mi się albo nieużywane albo niepotrzebne. Dlatego Chrome wywaliłem bo poco dziecku 5 przeglądarek. Wykonałem skrypty i skany w załączeniu. W związku z problem dodania pliku zoek-results.log zmieniłem nazwę na zoek-results.txt. Fixlog.txt FRST.txt zoek-results.txt Odnośnik do komentarza
picasso Opublikowano 14 Stycznia 2015 Zgłoś Udostępnij Opublikowano 14 Stycznia 2015 1. Uruchom AdwCleaner. Klik w Szukaj (nie stosuj jeszcze Usuń) i dostarcz raport z C:\AdwCleaner. 2. Uruchom Zoek i w oknie wklej: Google Update Helper;u Shared C Run-time for x64;u Klik w Run Script i dostarcz wynikowy log. 3. Otwórz Notatnik i wklej w nim: Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File RemoveDirectory: C:\FRST\Quarantine RemoveDirectory: C:\Windows.old Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Dostarcz fixlog.txt. Odnośnik do komentarza
bednar Opublikowano 14 Stycznia 2015 Autor Zgłoś Udostępnij Opublikowano 14 Stycznia 2015 Wykonałem logi w załączeniu. AdwCleanerR0.txt Fixlog.txt zoek-results.txt Odnośnik do komentarza
picasso Opublikowano 15 Stycznia 2015 Zgłoś Udostępnij Opublikowano 15 Stycznia 2015 Zoek wykonał roboty deinstalacyjne, więc Fix-it Microsoftu już nie jest potrzebny. AdwCleaner wykrył ogromną ilość obiektów, wykazuje też ślady adware na profilu Rodzice. 1. Uruchom AdwCleaner ponownie, tym razem dobierz opcje Szukaj + Usuń. 2. Zaloguj się na konto Rodzice poprzez pełny restart systemu (a nie "Wyloguj" lub "Przełącz użytkownika") i zrób nowy log FRST z opcji Scan (zaznacz Addition, ale Shortcut nie jest już potrzebny). Odnośnik do komentarza
bednar Opublikowano 15 Stycznia 2015 Autor Zgłoś Udostępnij Opublikowano 15 Stycznia 2015 Wykonałem logi w załączeniu. Addition.txt AdwCleanerR1.txt AdwCleanerS0.txt FRST.txt Odnośnik do komentarza
picasso Opublikowano 24 Stycznia 2015 Zgłoś Udostępnij Opublikowano 24 Stycznia 2015 Konto Rodzice też zaśmiecone. Operacje z poziomu tego konta: 1. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-1514046922-4189713046-1342366355-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=46366&tid=6221&ver=4.1&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&st=chrome&q= HKU\S-1-5-21-1514046922-4189713046-1342366355-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=46366&tid=6221&ver=4.1&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&st=chrome&q= HKU\S-1-5-21-1514046922-4189713046-1342366355-1003\Software\Microsoft\Internet Explorer\Main,Search Page Before = http://search.certified-toolbar.com?si=46366&tid=6221&ver=4.0&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&st=chrome&q= SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.certified-toolbar.com?si=46366&st=bs&tid=6221&ver=4.1&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&q={searchTerms} SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.certified-toolbar.com?si=46366&st=bs&tid=6221&ver=4.1&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&q={searchTerms} SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4241DC85DE5D0660&affID=123627&tsp=4947 SearchScopes: HKU\S-1-5-21-1514046922-4189713046-1342366355-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=46366&st=bs&tid=6221&ver=4.1&ts=1373477512431.000004&tguid=46366-6221-1373477512431-626453479234D4E083BE3AE77468B670&q={searchTerms} Toolbar: HKU\S-1-5-21-1514046922-4189713046-1342366355-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rodzice\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\SkyDriveShell.dll No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rodzice\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\SkyDriveShell.dll No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rodzice\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\SkyDriveShell.dll No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rodzice\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rodzice\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rodzice\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [Adobe Photo Downloader] => "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" HKU\S-1-5-21-1514046922-4189713046-1342366355-1003\...\Run: [Cbox] => C:\Program Files (x86)\Cbox\Cbox HKU\S-1-5-21-1514046922-4189713046-1342366355-1003\...\Run: [MxDock] => C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe HKU\S-1-5-21-1514046922-4189713046-1342366355-1003\...\Run: [steam] => "C:\Program Files (x86)\Steam\Steam.exe" -silent HKU\S-1-5-21-1514046922-4189713046-1342366355-1003\...\Run: [softonic for Windows] => "C:\Users\Igor Maj\AppData\Local\Softonic\Softonic.exe" -minimize HKU\S-1-5-21-1514046922-4189713046-1342366355-1003\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent C:\Users\Igor Maj\AppData\Local\Google\Chrome C:\Users\Rodzice\AppData\Local\Google\Chrome Reg: reg delete HKCU\Software\Google\Chrome /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v HotKeysCmds /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v IgfxTray /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Logitech Download Assistant" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Adobe Photo Downloader" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v Everything /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Cbox /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Odkurzacz Packages" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic for Windows" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: dir /a "C:\Users\Rodzice\AppData\Local" CMD: dir /a "C:\Users\Rodzice\AppData\LocalLow" CMD: dir /a "C:\Users\Rodzice\AppData\Roaming" EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nastąpi restart. Powstanie koleny fixlog.txt. 2. Wyczyść Firefox: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox. 3. Uruchom ponownie AdwCleaner. Klik w Szukaj (bez Usuń). 4. Zrób nowy log FRST z opcji Scan (bez Addition i Shortcut). Dołącz też plik fixlog.txt oraz plik C:\AdwCleaner\AdwCleanerR2.txt. Odnośnik do komentarza
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się