Skocz do zawartości
WAŻNE - Użytkownicy uprawnieni do pomocy
WAŻNE - Zakładanie tematu: obowiązkowe logi
Nadchodzące zmiany w logowaniu

Problem z binkiland

cineq22

Przez cineq22
w Dział pomocy doraźnej

Rekomendowane odpowiedzi

Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.
picasso

picasso

Opublikowano
Opublikowano

Prócz wspominanego śmiecia są i inne problemy widoczne. Wykonaj:

 

1. Przez Panel sterowania odinstaluj:

 

- Adware/PUP: Ace Stream Media 2.1.10.2, AVG Nation toolbar, Dealio Toolbar v10.0, File Type Advisor 1.4, WSE_Binkiland. Tak, Ace Stream Media to instalacja o cechach adware: KLIK.

- Stare wersje i zbędniki: Adobe Flash Player 14 ActiveX, Adobe Flash Player 14 Plugin, Adobe Reader X (10.1.10) - Polish, Logitech Desktop Messenger, Macromedia Flash Player 8, Macromedia Flash Player 8 Plugin, MyFreeCodec.

 

2. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
R2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] ()
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-22] (StdLib)
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\DRIVERS\massfilter.sys [X]
S3 NUMARK_OMNICONTROL; System32\Drivers\nkc2_usb.sys [X]
S3 NUMARK_OMNICONTROL_MIDI; system32\drivers\nkc2midi.sys [X]
S3 NUMARK_OMNICONTROL_WDM; system32\drivers\nkc2_wdm.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
Task: {15A18217-198C-4CC9-9C16-4B1F6B0047D9} - System32\Tasks\{D24F617A-77F2-4066-9A35-6EA73973CEA8} => E:\Setup.exe
Task: {18952A63-579B-4AAF-AD62-0E541611DD72} - System32\Tasks\{0C6E060E-2ED4-45CF-B20E-DF2486577280} => C:\Users\Marcin\Desktop\POBIERANIE\Virtual DJ Pro 7 & Serial\Virtual DJ Pro 7 & Serial\Virtual DJ Pro 7.exe
Task: {216F590D-3DC3-4899-862D-7043417EB176} - System32\Tasks\{E8494EE5-254B-4E3C-B0B4-9FAD5661ED22} => pcalua.exe -a "C:\Program Files (x86)\Emergency 3\ModInstaller.exe" -d "C:\Program Files (x86)\Emergency 3"
Task: {265359E6-A98D-48AD-A538-1D5D328DC313} - System32\Tasks\{50186A91-80DF-400B-B8D8-65C110FBD04A} => C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
Task: {297CA3A8-0C38-4AB5-AE7A-D21617BF2E2A} - System32\Tasks\{9920BCAE-1505-44A3-BAAA-D93FD1416D3E} => C:\Program Files (x86)\Emergency 3\Em3.exe
Task: {378B5784-561C-4624-917C-C51A862FBF35} - System32\Tasks\{D23324FB-EADB-438E-896C-EDBF078F2F1A} => C:\Users\Marcin\Desktop\STARY LAPTOP\Faraon - Pharaoh PL\SIERRA\SETUP.EXE
Task: {4223CE68-8547-4BAA-892E-941C88C0E305} - System32\Tasks\{29383770-B5CD-4D86-95AC-6A2EA56556A2} => C:\Users\Marcin\Desktop\STARY LAPTOP\Faraon - Pharaoh PL\SIERRA\SETUP.EXE
Task: {427E28D4-19A3-4D3E-BA34-9266BECFC380} - System32\Tasks\{F2E71516-7AD8-4CA4-BDDD-9781FE38C903} => C:\Users\Marcin\Desktop\STARY LAPTOP\Faraon - Pharaoh PL\SIERRA\SETUP.EXE
Task: {44E12810-B534-4A81-8CE6-A167DF27BDA3} - System32\Tasks\{E76E5447-6E44-44F4-9804-A1807BA2DA6A} => E:\Setup.exe
Task: {5139A7B2-CE08-41C3-8A3E-E97F89E9C382} - System32\Tasks\{BAA464EE-75C5-43CD-8356-D19C34967262} => C:\Users\Marcin\Desktop\POBIERANIE\Virtual DJ Pro 7 & Serial\Virtual DJ Pro 7 & Serial\Virtual DJ Pro 7.exe
Task: {52D8900F-4448-46DA-82D9-F8C46008D62D} - System32\Tasks\{7EEE4116-8EDF-4521-B911-158E4DF3EDF5} => C:\Program Files (x86)\VirtualDJ\virtualdj_pro.exe [2010-10-12] (Atomix Productions)
Task: {571E0506-00D4-442F-BBE1-12CD777F6A8F} - System32\Tasks\{B58D1BB3-3505-4986-AF29-B0861F625D54} => C:\Program Files (x86)\Enlight Software\Hotel Giant\hotel.exe
Task: {5AD8AB6B-30C7-45D0-8C45-FF439B37CC47} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe 
Task: {6023F391-BE36-4C47-A679-A56CF07E551C} - \Program aktualizacji online firmy Logitech. No Task File 
Task: {61FEFDF5-612A-4D55-BE49-42DC50E39CBB} - System32\Tasks\{F266AD1B-7FC4-48FA-B4FA-181866D9433D} => pcalua.exe -a C:\Users\Marcin\Desktop\VSX3_Pro_TBYB.exe -d C:\Users\Marcin\Desktop
Task: {61FFAC96-A131-40A2-8DC4-CB4D836275BD} - System32\Tasks\{C937CA49-6C4C-4136-8286-58C026B113A0} => pcalua.exe -a "C:\Users\Marcin\Desktop\Magic Mouse Driver\Apple-MagicMouse-Driver_64bit.exe" -d "C:\Users\Marcin\Desktop\Magic Mouse Driver"
Task: {6F97F297-95FF-4E72-B211-F5818D6C84EC} - System32\Tasks\{0125155C-D145-4C1B-9113-1D006DB0807E} => C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\Videodeluxe.exe
Task: {74873DF5-CE52-4A30-BA78-FE0F52C50A6F} - System32\Tasks\{FE5F14C9-0DD7-429D-B24F-51DEC5CDC802} => C:\Program Files (x86)\Emergency 3\Em3.exe
Task: {749555C4-E731-4F47-80BF-6CC26ABE74FA} - System32\Tasks\{D3A18EC7-D968-4402-8F34-606DF733588B} => E:\Setup.exe
Task: {76C744E4-5281-4EE3-9DDB-51F22F231858} - System32\Tasks\{68ACCDBC-29B3-4650-B34B-9330376D875F} => pcalua.exe -a C:\PROGRA~2\VIRTUA~1\UNWISE.EXE -c C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
Task: {818B49CC-7218-4BAC-80C2-738D6CDC508D} - System32\Tasks\{5F33BCFB-702A-4CB2-8D21-33961E5A2408} => C:\Program Files (x86)\Enlight Software\Hotel Giant\hotel.exe
Task: {824A98BC-C56C-456C-A54C-128040BDD38C} - System32\Tasks\{ECF0CE26-5B9C-47A8-B36E-CA040427DFB0} => C:\Users\Marcin\Desktop\STARY LAPTOP\Faraon - Pharaoh PL\SIERRA\SETUP.EXE
Task: {8C0AE68A-2216-4181-B839-04CD48744CD2} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-09-04] (filetypeadvisor.com )
Task: {9C9491DC-D5EE-44F7-938B-1831C106DECC} - System32\Tasks\{02006280-0368-4B7C-BF1F-1C3685153417} => C:\Users\Marcin\Desktop\STARY LAPTOP\Faraon - Pharaoh PL\SIERRA\Faraon\Pharaoh.exe
Task: {9D6797C6-F86F-4C7C-8DC6-0F6D009756D5} - System32\Tasks\{9419727D-83C4-4CC9-AB62-9CF788B9A2B8} => C:\Program Files (x86)\Emergency 3\Em3.exe
Task: {A3F6B407-0E9E-4A83-B498-0CF16232A544} - System32\Tasks\Binkiland redi => C:\ProgramData\{465BAE98-16D9-7F1E-A75F-0F9C77DDDC12}\1.9.3.1\f 
Task: {B2679A5F-0C7E-4793-B5CF-B94B73AC3EDD} - System32\Tasks\{01344179-7362-4317-8FBA-122079797C1F} => F:\Aplikacje\Pelne\DETEKTYW.exe
Task: {B72713A7-D62D-4063-97B1-03EDDB5A888F} - System32\Tasks\{07AB32F2-1F69-4422-A30E-AD925F77EE7E} => F:\Aplikacje\Pelne\DETEKTYW.exe
Task: {BAE95791-EC8E-4E14-8D9A-E651756CA014} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-09-04] (File Type Advisor)
Task: {BC976ACE-AA1B-419E-8A75-83A2C0E9412A} - System32\Tasks\{4D832EE1-91BC-48B8-BD20-BD360101F8C5} => C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
Task: {BCB724E4-6E9B-4AB8-A4E7-358226834B90} - System32\Tasks\{7324BEB5-0C70-4D40-B1B1-9FEA064782ED} => C:\Users\Marcin\Desktop\STARY LAPTOP\Faraon - Pharaoh PL\SIERRA\SETUP.EXE
Task: {BF88BA6F-0783-4D0D-996E-32A7012146DE} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe 
Task: {C0A0FD59-BC6C-4742-9878-885F10B86F9B} - System32\Tasks\{63E10826-C2E8-4912-97D8-EB143EDBC727} => C:\Users\Marcin\Desktop\STARY LAPTOP\Faraon - Pharaoh PL\SIERRA\SETUP.EXE
Task: {C36882B5-D8EA-4939-95FB-64B0B56420B0} - System32\Tasks\{84986CB7-7428-48DF-A35C-AE4670F77FFF} => C:\Users\Marcin\Desktop\karafun nuty\KaraFun Studio 1.10a Portable - odtwarzacz i edytor\KaraFun Studio 1.10a (Portable)\KaraFun.exe
Task: {C5605991-14C3-4A40-84E1-CCB08425935F} - System32\Tasks\{E09B9669-5E47-415B-8E20-11141295D11A} => E:\Setup.exe
Task: {C9987224-08E6-4552-87E0-DA13F486CDE6} - System32\Tasks\{DE39FF16-A3DF-4FC3-81F3-7545C43B9816} => C:\Users\Marcin\Downloads\ChomikBox\Collin McRae 04 RIP\Collin McRae 04 RIP\CollinMcRae04\cmr4.exe
Task: {CB17DD0D-9278-4DD4-995C-6018EB7B7EB9} - System32\Tasks\{1508DE4F-B90F-49D5-AFF7-D1BC749CD9AE} => C:\Program Files (x86)\Emergency 3\Em3.exe
Task: {CE4645E9-D139-4D60-9EF0-BDE451AC021F} - System32\Tasks\{E82259CA-13C5-4C83-9F73-ED2DAB4B5C8D} => pcalua.exe -a "C:\Users\Marcin\Desktop\sety\milk\ulead video studio11pl\ulead video studio11pl\UVS11_Pack_Pol-szablony.exe" -d "C:\Users\Marcin\Desktop\sety\milk\ulead video studio11pl\ulead video studio11pl"
Task: {D7D26FF7-FC28-4D44-B96E-56DD58045A9E} - System32\Tasks\{04E1A439-DC22-47E0-B6FB-E56F87154541} => G:\FOLDERY Z PULPITU\na laptopa\install_virtualdj_v5.0.exe
Task: {E651230C-A392-4C6D-9E7D-0BD74F70D8CB} - System32\Tasks\{4C41E416-59B2-4712-A032-84C43E8AD9DC} => E:\Setup.exe
Task: {EB8B3E74-941A-41AA-BC31-A316CC4978BC} - System32\Tasks\{A05CDBAA-A8BF-4AF1-9529-C141AFAE8D84} => C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
Task: {EE705217-6BBB-465E-9651-66E7047C1149} - System32\Tasks\Wse_binkiland => C:\Users\Marcin\AppData\Roaming\Wse_binkiland\UpdateProc\UpdateTask.exe [2015-03-11] () 
Task: {EFBE5A1D-C108-4977-894C-A7509FD61104} - System32\Tasks\{84A32FF4-6188-4421-B0AD-5582A67C0ECC} => pcalua.exe -a "F:\USB Driver for Windows OS\setup.exe" -d "F:\USB Driver for Windows OS"
Task: {FA6810CF-BC29-490E-BB72-2AD7867ACF19} - System32\Tasks\{668BD109-6D84-49ED-ABEB-0882432C247F} => C:\Users\Marcin\Desktop\STARY LAPTOP\Faraon - Pharaoh PL\SIERRA\SETUP.EXE
Task: C:\windows\Tasks\Wse_binkiland.job => C:\Users\Marcin\AppData\Roaming\WSE_BI~1\UPDATE~1\UPDATE~1.EXE 
AppInit_DLLs-x32: C:/PROGRA~3/{465BA~1/193~1.1/redi.dll => C:\ProgramData\{465BAE98-16D9-7F1E-A75F-0F9C77DDDC12}\1.9.3.1\redi.dll [1010688 2015-03-11] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [searchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKLM\...\Policies\Explorer: [NoControlPanel] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_11&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyB0AyEzy0FzztCtCyDyDtN0D0Tzu0StCtCyCyDtN1L2XzutAtFzztFtAtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyB0AyB0AtAyBtCtGtD0CyEtBtGtDyCtAtAtGyCtAtB0AtGyC0FyBtA0B0E0DyBtB0C0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzz0C0AyDtC0BtCtGtCtDzyyCtGyEyDzzyBtG0AtCyEtDtG0FtD0EtA0AyB0CzzyCtDtDtC2QtN1B2Z1V1T1S1NzuyDzztD&cr=360148023&ir=
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_11&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyB0AyEzy0FzztCtCyDyDtN0D0Tzu0StCtCyCyDtN1L2XzutAtFzztFtAtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyB0AyB0AtAyBtCtGtD0CyEtBtGtDyCtAtAtGyCtAtB0AtGyC0FyBtA0B0E0DyBtB0C0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzz0C0AyDtC0BtCtGtCtDzyyCtGyEyDzzyBtG0AtCyEtDtG0FtD0EtA0AyB0CzzyCtDtDtC2QtN1B2Z1V1T1S1NzuyDzztD&cr=360148023&ir="
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=sc&from=wpc&uid=ST9500325AS_S2WBAGX5XXXXS2WBAGX5&ts=1379357098
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=sc&from=wpc&uid=ST9500325AS_S2WBAGX5XXXXS2WBAGX5&ts=1379357098
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=sc&from=wpc&uid=ST9500325AS_S2WBAGX5XXXXS2WBAGX5&ts=1379357098
HKU\S-1-5-21-3726203623-1480336290-1624226094-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=hp&from=wpc&uid=ST9500325AS_S2WBAGX5XXXXS2WBAGX5&ts=1379357098
HKU\S-1-5-21-3726203623-1480336290-1624226094-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://binkiland.com/?f=1&a=bnk_ir_15_11&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyB0AyEzy0FzztCtCyDyDtN0D0Tzu0StCtCyCyDtN1L2XzutAtFzztFtAtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyB0AyB0AtAyBtCtGtD0CyEtBtGtDyCtAtAtGyCtAtB0AtGyC0FyBtA0B0E0DyBtB0C0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzz0C0AyDtC0BtCtGtCtDzyyCtGyEyDzzyBtG0AtCyEtDtG0FtD0EtA0AyB0CzzyCtDtDtC2QtN1B2Z1V1T1S1NzuyDzztD&cr=360148023&ir=
HKU\S-1-5-21-3726203623-1480336290-1624226094-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3726203623-1480336290-1624226094-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKLM-x32 - (No Name) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=ds&from=wpc&uid=ST9500325AS_S2WBAGX5XXXXS2WBAGX5&ts=1379357098&type=default&q={searchTerms}
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=ds&from=wpc&uid=ST9500325AS_S2WBAGX5XXXXS2WBAGX5&ts=1379357098&type=default&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=ds&from=wpc&uid=ST9500325AS_S2WBAGX5XXXXS2WBAGX5&ts=1379357098&type=default&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=ds&from=wpc&uid=ST9500325AS_S2WBAGX5XXXXS2WBAGX5&ts=1379357098&type=default&q={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2086743
SearchScopes: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> DefaultScope {1FEBBADB-6598-4F3A-AD0D-9853FC5F7F9D} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_11&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyB0AyEzy0FzztCtCyDyDtN0D0Tzu0StCtCyCyDtN1L2XzutAtFzztFtAtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyB0AyB0AtAyBtCtGtD0CyEtBtGtDyCtAtAtGyCtAtB0AtGyC0FyBtA0B0E0DyBtB0C0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzz0C0AyDtC0BtCtGtCtDzyyCtGyEyDzzyBtG0AtCyEtDtG0FtD0EtA0AyB0CzzyCtDtDtC2QtN1B2Z1V1T1S1NzuyDzztD&cr=360148023&ir=
SearchScopes: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> 01541664AF5149FF9B4D94F43912017D URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=616163&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=616163&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> {1C28216C-7919-4B10-A179-75FB0726B269} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=D24CE55F-883C-4AE5-8182-D84E11877E8E&apn_sauid=927F4496-103D-4301-9108-20F985683160
SearchScopes: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> {1FEBBADB-6598-4F3A-AD0D-9853FC5F7F9D} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_11&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyB0AyEzy0FzztCtCyDyDtN0D0Tzu0StCtCyCyDtN1L2XzutAtFzztFtAtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyB0AyB0AtAyBtCtGtD0CyEtBtGtDyCtAtAtGyCtAtB0AtGyC0FyBtA0B0E0DyBtB0C0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzz0C0AyDtC0BtCtGtCtDzyyCtGyEyDzzyBtG0AtCyEtDtG0FtD0EtA0AyB0CzzyCtDtDtC2QtN1B2Z1V1T1S1NzuyDzztD&cr=360148023&ir=
SearchScopes: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=ST9500325AS_S2WBAGX5XXXXS2WBAGX5&ts=1380327043&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2086743
SearchScopes: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> {B224AA02-F7C8-3A2B-859F-560B80767E4A} URL = http://kl.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=876&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.5.0&install_country=PL&install_date=20130215&user_guid=2606DD330AB34104B30E522DE6924709&machine_id=f63707c914f863bac8be7c90d9c224e3&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> {C9D00D2D-A4FC-4B2E-93AE-F4567EDAB646} URL = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=
BHO-x32: Dealio Toolbar -> {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> C:\Program Files (x86)\Dealio Toolbar\IE\10.0\dealioToolbarIE.dll [2014-10-21] (Spigot, Inc.)
Toolbar: HKLM - Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\10.0\dealioToolbarIE64.dll [2014-10-21] (Spigot, Inc.)
Toolbar: HKLM-x32 - No Name - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\10.0\dealioToolbarIE.dll [2014-10-21] (Spigot, Inc.)
Toolbar: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3726203623-1480336290-1624226094-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
StartMenuInternet: Google Chrome - chrome.exe
C:\Program Files (x86)\Dealio Toolbar
C:\Program Files (x86)\File Type Advisor
C:\Program Files (x86)\StartNow Toolbar
C:\Program Files (x86)\WSE_Binkiland
C:\ProgramData\{465BAE98-16D9-7F1E-A75F-0F9C77DDDC12}
C:\ProgramData\Microsoft\Windows\Start Menu\LG PC Suite.Lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NUMARK
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUGames
C:\ProgramData\Temp
C:\ProgramData\TuneUp Software
C:\Users\Groszek\Desktop\SWAT 4.lnk
C:\Users\Marcin\AppData\Local\dt.dat
C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
C:\Users\Marcin\AppData\Roaming\LiveSupport.exe_log.txt
C:\Users\Marcin\AppData\Roaming\regsvr32.exe_log.txt
C:\Users\Marcin\AppData\Roaming\ACEStream
C:\Users\Marcin\AppData\Roaming\FileAdvisor
C:\Users\Marcin\AppData\Roaming\Opera Software
C:\Users\Marcin\AppData\Roaming\SkypEmoticons
C:\Users\Marcin\AppData\Roaming\Wse_binkiland
C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
C:\Users\Marcin\Desktop\pulpit\pisma\iTunes.lnk
C:\Windows\msdownld.tmp
C:\Windows\System32\drivers\wStLib64.sys
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete HKCU\Software\Google\Chrome\Extensions /f
Reg: reg delete HKCU\Software\Mozilla /f
Reg: reg delete HKCU\Software\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Google\Chrome\Extensions /f
Reg: reg delete HKLM\SOFTWARE\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. W Google Chrome:

  • Ustawienia > karta Rozszerzenia > odinstaluj AVG Nation Toolbar, AS Magic Player, Magic Player (o ile nadal będą widoczne po w/w deinstalacjach).
  • Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Zresetuj ustawienia przeglądarki. Zakładki i hasła nie zostaną naruszone, ale używane rozszerzenia zostaną wyłączone (aktywuj ponownie).
  • Ustawienia > karta Ustawienia > sekcja Wyszukiwanie > klik w Zarządzanie wyszukiwarkami > skasuj z listy niedomyślne śmieci (o ile będą).
  • Zresetuj cache wtyczek. W pasku adresów wpisz chrome://plugins i ENTER. Na liście wtyczek wybierz dowolną i kliknij Wyłącz. Następnie wtyczkę ponownie Włącz.
4. W systemie są dwa konta, z każdego wymagane raporty:

 

==================== Accounts: =============================
 

Groszek (S-1-5-21-3726203623-1480336290-1624226094-1003 - Limited - Enabled) => C:\Users\Groszek

Marcin (S-1-5-21-3726203623-1480336290-1624226094-1000 - Administrator - Enabled) => C:\Users\Marcin

 

Po kolei zaloguj się na każde poprzez pełny restart systemu, a nie opcje Wyloguj czy Przełącz użytkownika. Na każdym zrób nowy log FRST z opcji Scan, zaznacz pole Addition, by powstały dwa raporty. na koncie limitowanym Groszek uruchom FRST poprzez dwuklik a nie "Uruchom jako Administrator" (zmieni kontekst konta na Marcina).

 

 

Dołącz też plik fixlog.txt.

Odnośnik do komentarza
  • 3 tygodnie później...

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się
Tematy

  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...