Reklamy w przeglądarce

[Raster]

Witajcie, mam problem i bardzo chciałbym Was prosić o pomoc. Od kilku dni do mojej przeglądarki przyczepił się jakiś syf, żadne ADWcleanery itd, nie pomagają, więc postanowiłem napisać na tym forum. Gdy wchodzę na jakąś stronę, to wczytywanie strony jest spowalniane, ponieważ pojawia się "oczekiwanie na mnh.winnered.info" i na kilka innych stron, dodatkowo nieraz pojawiają się jakieś reklamy. 

Zamieszczam logi z OTL, z góry bardzo Wam dziękuję za pomoc.

OTL.Txt

Extras.Txt

[picasso]

Raster, wchodząc na dane forum proszę czytać zasady: KLIK. Przestarzały OTL w ogóle nie jest tu brany pod uwagę. Obowiązujące tu raporty: FRST i GMER.

[Raster]

Przepraszam bardzo i dziękuję za pomoc. Na razie zamieszczam logi tylko z FRST. Skanowanie na GMER trochę potrwa, gdy się skończy, to mam kliknąć zapisz? 

 

FRST.txt

[picasso]

To nie jest kompletny zestaw FRST - mają powstać trzy logi, brakuje Addition i Shortcut.

[Raster]

Czekałem kilka godzin, a gdy GMER zakończył swoją pracę, to się zaciął i nie mogłem zapisać logów. No nic, jutro przeskanuję to jeszcze raz.

 

 

Logi z FRST:

Addition.txt

Shsortcut.txt

[picasso]

Google Chrome zostało przekonwertowane przez adware z wersji stabilnej do developerskiej i wymagana kompletna reinstalacja od zera. Ponadto, nadal ładuje się malware z przejętej klasy {56FDF344-FD6D-11d0-958A-006097C9A090}, produkując coraz to nowe "bełkotliwe" foldery w Roaming. Jest też dużo różnych innych śmieci (puste skróty aplikacji w Menu Start, śmieci w Harmonogramie). Stosowałeś wątpliwe skanery SpyHunter, STOPzilla i archaiczny SpywareTerminator.

 

 

Akcje do przeprowadzenia:

 

1. Działania związane z Google Chrome:

• Wyeksportuj tylko zakładki do pliku. Następnie zresetuj synchronizację (o ile włączona): KLIK.
• Odinstaluj przeglądarkę - przy deinstalacji zaznacz opcję Usuń także dane przeglądarki.

Na razie nie instaluj Google Chrome.

 

2. Przez Panel sterowania odinstaluj zbędniki: Carambis Driver Updater, HyperCam Toolbar, McAfee Security Scan Plus, SpyHunter 4, Qtrax Player, UsbFix By El Desaparecido. Jeśli coś będzie niewidoczne, lub nie będzie się dało odinstalować, kontynuuj dalej.

 

3. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
(Microsoft Corporation) C:\Windows\explorer.exe
CustomCLSID: HKU\S-1-5-21-2122632447-3009132497-1824439013-1000_Classes\CLSID\{0D083146-4631-4BDD-A2A3-FDC7B3D5354D}\InprocServer32 -> C:\Program Files (x86)\TNT2\Profiles\10809\passport64.dll No File
CustomCLSID: HKU\S-1-5-21-2122632447-3009132497-1824439013-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\User\AppData\Roaming\tricomfi\tivesen.dll No File 
Task: {0147D6A3-A951-45BB-8EEA-0EBF9CF2C4EE} - System32\Tasks\{11A92B39-82FD-40F0-9354-8A6101FCAD40} => Z:\Setup.exe
Task: {03AC3746-4F3A-44AA-A88A-F0C2B7402BF2} - System32\Tasks\{1F70D7DC-1657-4F22-ACB2-E282F24A905E} => pcalua.exe -a Z:\WM9\WM9Codecs.exe -d Z:\WM9
Task: {0A078CA5-356E-4253-82A7-202213480249} - \88f9d0a7-0d4d-4e1a-9e5c-3dba1727a592-11 No Task File 
Task: {0B28910B-7FA0-49CE-8547-299D8BBC2A15} - System32\Tasks\{BEB4D67E-10C1-4D0C-B3A4-8506258585F2} => Z:\Install\TwoWorlds_RADEON.exe
Task: {1042AE1E-728F-4F2D-8AAF-38278AAD47B4} - System32\Tasks\{608D9FB3-184E-428A-BBBB-2ED92333D944} => pcalua.exe -a H:\setup.exe -d H:\
Task: {11F39DDB-DA91-4204-A49F-552F56BFEC7D} - System32\Tasks\{64CCA3E8-03DE-4ADE-9368-ECF901C40BDF} => C:\Program Files (x86)\Diablo II + Diablo II - Lord of Destruction PL\Diablo II.exe
Task: {131F2298-AB3C-4FD7-B57F-F0950C8E36B4} - System32\Tasks\{A9569A72-CC59-4656-9EA2-0CA7D8D02BB3} => Z:\Setup.exe
Task: {13468A67-80A8-47A4-9719-54B1A51EE6D2} - System32\Tasks\{16CA8704-3DFE-467B-BCB6-48947C3B69E9} => C:\Program Files (x86)\Diablo II + Diablo II - Lord of Destruction PL\Diablo II.exe
Task: {15994D1C-BDF8-4F30-B7E4-768C10F7F875} - System32\Tasks\{B256A2A3-2DE3-4830-898D-0E7A1A2C5D04} => Z:\Setup.exe
Task: {244DE28B-C3A6-4154-A0FD-F7B7BC0877CF} - \3904021f-e269-4d64-88b3-1d7db1b5d60f-7 No Task File 
Task: {26325694-AB4D-4BC8-84FE-DD24018E416F} - System32\Tasks\{E7EC618B-C194-48D3-96FE-372A24FA059E} => Z:\Setup.exe
Task: {29043ACA-4D67-40A3-80BB-E53BC2F9F53E} - System32\Tasks\{8DDE688A-40A7-4BA0-B453-4261E1CF571B} => pcalua.exe -a C:\Users\User\AppData\Local\Temp\7zS110B.tmp\MicroInstallerNative.exe -d C:\Users\User\AppData\Local\Temp\7zS110B.tmp
Task: {2DAE7CCF-D7C1-40B8-8036-2825D1D3C08A} - \1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-2 No Task File 
Task: {33B86D01-84A4-485A-A81B-8632A327AFD8} - System32\Tasks\{1F8415AA-5FF6-4257-AFD4-8F94C94D5FBC} => Z:\Setup.exe
Task: {36FAEE96-CFA0-48D3-A7F0-3FE38B7940DF} - System32\Tasks\{611C4656-CB45-47E4-997D-92C6EC522871} => C:\Program Files (x86)\Diablo II + Diablo II - Lord of Destruction PL\Diablo II.exe
Task: {3750DAD9-FFF6-4E68-9CFD-60C6A0589899} - \3904021f-e269-4d64-88b3-1d7db1b5d60f-5 No Task File 
Task: {3AD8345F-59F8-46C8-8097-DA971F711132} - \3904021f-e269-4d64-88b3-1d7db1b5d60f-3 No Task File 
Task: {3F22BCB7-F77C-49CD-B641-A3EB5FEA7A5D} - System32\Tasks\{8AD84287-54C5-4015-841D-96635B2DF2A9} => pcalua.exe -a "C:\Program Files (x86)\Diablo 2\Setup.exe" -d "C:\Program Files (x86)\Diablo 2"
Task: {40B714A7-1792-4374-A602-786F9CD5AD43} - System32\Tasks\{F03CE0B1-C25E-4A8A-8B57-70CC506A32AE} => pcalua.exe -a C:\Users\User\AppData\Local\TNT2\2.0.0.1702\TNT2User.exe -c /UNINSTALL PARTNER=10809
Task: {483948AD-0CCD-4F44-880D-2C44A3AECF14} - \1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-7 No Task File 
Task: {4BCDFC77-D58F-43A6-BAD8-C58A22EAF558} - \1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-11 No Task File 
Task: {4DAEEC8D-F40C-4AA8-8620-DBDA9D781FDB} - \3904021f-e269-4d64-88b3-1d7db1b5d60f-6 No Task File 
Task: {53B04A56-6CF0-4B7D-B8B6-EDE68ED80AAE} - \1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-5_user No Task File 
Task: {53E60E56-D6C2-41F2-8EFF-E1EB93DCFE5D} - \88f9d0a7-0d4d-4e1a-9e5c-3dba1727a592-3 No Task File 
Task: {5BBDE433-3FAB-4393-B990-B552C27E0E2B} - \88f9d0a7-0d4d-4e1a-9e5c-3dba1727a592-5 No Task File 
Task: {5C000558-C2F7-4C41-ABE3-73E31FDA95AF} - System32\Tasks\{C685E596-885D-47E9-B1C2-6602FE095B6F} => Z:\Setup.exe
Task: {5E1534DA-9849-40FA-8390-C685212675DF} - \1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-5 No Task File 
Task: {5F79C8DA-DCF0-4200-A846-6693D0D660BE} - System32\Tasks\{91EDAF26-0E0C-4D4A-9BAE-DDF19A2574FA} => C:\Program Files (x86)\Diablo II + Diablo II - Lord of Destruction PL\Diablo II.exe
Task: {68F102F3-1C50-43EB-B1B6-71AA4B8AF6AB} - System32\Tasks\{7EDC5FF0-870C-4164-A859-BBC9EE8962AB} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {6A1309B6-ED26-4BE2-812D-2B555B76ED3F} - \88f9d0a7-0d4d-4e1a-9e5c-3dba1727a592-2 No Task File 
Task: {7107BE0D-FD61-46DC-80D5-6D15604E53CE} - \3904021f-e269-4d64-88b3-1d7db1b5d60f-2 No Task File 
Task: {71F7CB6A-61D5-4DB7-ADFD-F2314B7E9822} - System32\Tasks\{398B5C92-E1D6-44CC-BFC2-4E48AF8175F4} => Z:\Setup.exe
Task: {7345C1B2-39CD-44DD-8BE5-08048774F356} - \1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-6 No Task File 
Task: {74E7D659-24CE-43AD-925B-C8C9F588B119} - \3904021f-e269-4d64-88b3-1d7db1b5d60f-1 No Task File 
Task: {7B6B0442-3AB4-405F-9A26-D4BA8D677553} - System32\Tasks\{01BC9750-462E-4ABE-A7B8-54AD88532321} => Z:\Setup.exe
Task: {8286B5E4-95D5-40A7-A39E-AFB2F8ECDD58} - System32\Tasks\{E033DC38-7C64-4DF6-BACC-DA1525358C61} => Z:\Setup.exe
Task: {8417B0D2-9302-4BAB-80C4-56E383F51293} - System32\Tasks\{6E84CF2A-DB65-4A8B-AADF-CB062F6F91B2} => Z:\Setup.exe
Task: {85BB0B83-7927-45A5-BE3C-4254BB06F690} - \1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-1 No Task File 
Task: {8AD2F891-1F12-4910-B4DB-5957CB0CC105} - System32\Tasks\{2461F301-C778-4CBA-BC2E-BE04A7AF28F0} => Z:\Setup.exe
Task: {8C8D808E-5730-4BE2-A257-93163A4B7633} - \88f9d0a7-0d4d-4e1a-9e5c-3dba1727a592-7 No Task File 
Task: {931C84EA-843C-4622-97CA-98D594180EF9} - System32\Tasks\{FE9BB53E-0FB5-4B11-AD91-AA9C40198E2B} => Z:\Setup.exe
Task: {9FD315FF-990E-4177-ACE2-FA021D99A136} - System32\Tasks\{FC00D634-919C-4416-BEF7-A4E7A4CDA2EA} => Z:\Setup.exe
Task: {A1FD9D28-CE13-460A-A4E8-208D27697C60} - System32\Tasks\{84EF8A0E-9AB8-436D-A3CF-502318985BD9} => Z:\Setup.exe
Task: {A7642474-56F5-4EF4-8080-0A2EDFE2EBD9} - System32\Tasks\{16630745-80B5-4014-8869-4D49A6E79F84} => C:\Program Files (x86)\Diablo II + Diablo II - Lord of Destruction PL\Diablo II.exe
Task: {A9253568-E974-4CA0-A8CD-DF636B306F67} - \88f9d0a7-0d4d-4e1a-9e5c-3dba1727a592-1 No Task File 
Task: {AE932370-E6EB-4507-A4EB-D98128015542} - System32\Tasks\{BEF16A9D-AF9B-44B6-8259-565E2A09C365} => msiexec.exe /package "E:\AMD\AMD_Catalyst_11.12_Win_XP\Packages\Drivers\Display\XP_INF\CX129964.msi"
Task: {AEEFB688-246E-406A-A5BD-3E5F34FE6531} - System32\Tasks\{09D3AA2A-93C6-4CFC-9582-C645DEDB8F66} => pcalua.exe -a "E:\Documents and Settings\Admin\Moje dokumenty\Downloads\cstrike.exe" -d "E:\Documents and Settings\Admin\Moje dokumenty\Downloads"
Task: {BDB2421E-D82E-4F3B-9A69-9153B1E244C8} - System32\Tasks\{C7C81142-6648-4B34-88E5-104C7ACE5021} => Z:\Setup.exe
Task: {C0723157-AB02-4BF0-AF50-C90D4D523440} - \88f9d0a7-0d4d-4e1a-9e5c-3dba1727a592-5_user No Task File 
Task: {D1282B33-9AC3-49B0-B0BD-953610E59E4C} - \1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-4 No Task File 
Task: {D4B1FF41-72A1-4104-A741-4880E57C5FA2} - System32\Tasks\{9529DA08-7BEC-44DF-B4C7-7708EEB64C73} => C:\Program Files (x86)\Diablo II + Diablo II - Lord of Destruction PL\Diablo II.exe
Task: {D4D469D9-DF7F-4C43-9975-42BD57430B98} - System32\Tasks\{24E607FB-4B41-4C60-8DCB-D38AD9062A8C} => pcalua.exe -a C:\Users\User\Downloads\DQ20zip\setup.exe -d C:\Users\User\Downloads\DQ20zip
Task: {D532FEC3-5932-494C-9343-F02C7C4CAD00} - System32\Tasks\{83AB5873-966D-48DA-855B-0D7A897F8259} => Z:\Install\TwoWorlds_RADEON.exe
Task: {DA369AFE-340E-498E-9A58-E80690C533EF} - \88f9d0a7-0d4d-4e1a-9e5c-3dba1727a592-4 No Task File 
Task: {DDA20EDE-1BCB-4010-AC6F-62457267E4F5} - System32\Tasks\{6340F2B2-6CC1-4E35-9E64-B23E34E17C43} => Z:\Setup.exe
Task: {DDC682B5-F41D-4C37-BDCE-638A2D133833} - \88f9d0a7-0d4d-4e1a-9e5c-3dba1727a592-6 No Task File 
Task: {DECBA946-C6F3-47A3-B816-48B3480F4D8B} - System32\Tasks\{F0619166-E937-4437-822F-A8A36157DEC3} => pcalua.exe -a C:\Users\User\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
Task: {E055F2E3-858A-4134-A821-91EAD34CA4B6} - \3904021f-e269-4d64-88b3-1d7db1b5d60f-4 No Task File 
Task: {E2F70A87-6CED-4DBB-919D-8484D9FE0636} - System32\Tasks\{2A2A753B-3A1A-4AC0-8358-6AD03866F593} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {E8553DB5-3FDD-4EAA-93E3-9D144B003B73} - System32\Tasks\{77D8D460-7514-444D-AD26-C99C55CECB42} => pcalua.exe -a "D:\Rasy\Cliff Elf v1.exe" -d D:\Rasy
Task: {F16F4E60-184B-4657-8FE3-312216B27780} - System32\Tasks\{37C8921E-42DF-454B-8872-50FAFFC8D5D5} => Z:\Setup.exe
Task: {F762360D-F6AE-4D24-B200-4E56B55EB0B4} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {F77E2C3D-BA6E-4040-8A95-24583F64CE3B} - System32\Tasks\{A447FFE8-3E92-4422-BB72-0929BB7806F1} => Z:\Setup.exe
Task: {FBB59B77-E872-47F9-9548-AE40A53D8A63} - System32\Tasks\{AE73BD4F-562F-45CE-ABB9-4FAF74DF65B1} => Z:\Setup.exe
Task: {FFEA354A-001F-47BF-9484-5E0E7EA616F7} - System32\Tasks\{F68BC186-E986-4669-9C56-49BAD415067B} => Z:\Setup.exe
S2 863788fa; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\goopad\goopad.dll",serv
S3 ATICDSDr; \??\C:\Users\User\AppData\Local\Temp\ATICDSDr.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 gfiark; system32\drivers\gfiark.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
S3 vserial; System32\DRIVERS\vserial.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
HKU\S-1-5-21-2122632447-3009132497-1824439013-1000\Software\Classes\.exe: exefile => 
HKU\S-1-5-21-2122632447-3009132497-1824439013-1000\Software\Classes\exefile: 
HKU\S-1-5-21-2122632447-3009132497-1824439013-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2122632447-3009132497-1824439013-1000\...\Run: [Connectify-Installer] => C:\Users\User\AppData\Local\Temp\Connectify\Connectify2015Installer_cnet_.exe [10318768 2015-06-10] (Connectify) 
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\M.A-1.20.x.lnk [2015-03-12]
ShortcutTarget: M.A-1.20.x.lnk -> C:\ProgramData\{be1d3c5b-0d5f-cc50-be1d-d3c5b0d5f16c}\M.A-1.20.x.exe (No File)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM-x32\...\Chrome\Extension: [gbdabnfmdemcjjadpkpjibhhacggangd] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx [Not Found]
GroupPolicy: Group Policy on Chrome detected 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
CHR HKU\.DEFAULT\SOFTWARE\Policies\Google: Policy restriction 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-2122632447-3009132497-1824439013-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2122632447-3009132497-1824439013-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2122632447-3009132497-1824439013-1000\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Toolbar: HKU\S-1-5-21-2122632447-3009132497-1824439013-1000 -> FindWide Toolbar - {0D083146-4631-4BDD-A2A3-FDC7B3D5354D} - C:\Program Files (x86)\TNT2\Profiles\10809\passport64.dll No File
FF HKU\S-1-5-21-2122632447-3009132497-1824439013-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
Tcpip\..\Interfaces\{D2349193-633D-4ABF-982A-E6AD402640C9}: [NameServer]
Tcpip\..\Interfaces\{8A5A9908-3DEA-4BE1-9521-38C604FF680D}: [NameServer]
AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
C:\Program Files (x86)\Smart File Advisor
C:\ProgramData\mtbjfghn.xbe
C:\ProgramData\{be1d3c5b-0d5f-cc50-be1d-d3c5b0d5f16c}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaintTool SAI Ver.1.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Slideshow Producer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AphelionOnline
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ColdTurkey
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Lunch Design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA San Andreas 107  [AmGaD-SaLaH]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter 2 version 2.0a
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter vDragon Ball Z
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst\FIFA 13
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump\Two Worlds II
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Risen 3 - Titan Lords
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart File Advisor
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sXe Injected
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio 11
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
C:\ProgramData\STOPzilla!
C:\ProgramData\TEMP
C:\Users\User\AppData\Local\Microsoft\Windows\GameExplorer\{3B89EC98-3563-4AAF-A26E-D49F77E627CD}
C:\Users\User\AppData\Local\Microsoft\Windows\GameExplorer\{B79933BE-4C3D-4639-9C72-DFEB2690E8A8}
C:\Users\User\AppData\Local\70149b02515b3bb20dd492.47983420
C:\Users\User\AppData\Local\updater.log
C:\Users\User\AppData\Roaming\appdataFr25.bin
C:\Users\User\AppData\Roaming\id.txt
C:\Users\User\AppData\Roaming\aqhwflkn
C:\Users\User\AppData\Roaming\bixaiuzr
C:\Users\User\AppData\Roaming\erlycedq
C:\Users\User\AppData\Roaming\iqejovto
C:\Users\User\AppData\Roaming\hnojaegz
C:\Users\User\AppData\Roaming\kbbdbdzd
C:\Users\User\AppData\Roaming\ncppweev
C:\Users\User\AppData\Roaming\nufezamc
C:\Users\User\AppData\Roaming\ooojrkqq
C:\Users\User\AppData\Roaming\osqoelcp
C:\Users\User\AppData\Roaming\rljgmiob
C:\Users\User\AppData\Roaming\ssqffzfz
C:\Users\User\AppData\Roaming\ucasmuhc
C:\Users\User\AppData\Roaming\usartyxu
C:\Users\User\AppData\Roaming\zbczctrs
C:\Users\User\AppData\Roaming\zuaicjnl
C:\Users\User\AppData\Roaming\xyitlgco
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Diablo II + Diablo II - Lord of Destruction PL 1.12a.lnk
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC++
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mirillis
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Modiac MP3 to AVI Audio Converter
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Related Programs
C:\Users\User\AppData\Roaming\TuneUp Software
C:\Users\Public\Desktop\ GTA San Andreas 107  [AmGaD-SaLaH].lnk
C:\Users\Public\Desktop\Origin.lnk
C:\Users\User\Desktop\Cain.lnk
C:\Users\User\Documents\Icy Tower.lnk
C:\Users\User\Documents\PaintTool SAI Ver.1.lnk
C:\Users\User\Documents\My Games\Nowy folder.lnk
C:\Users\User\Downloads\*(*)-dp*.exe
C:\Users\User\Downloads\SpyHunter-Installer*.exe
C:\Users\User\Downloads\SpywareTerminatorSetup.exe
C:\Users\User\Downloads\STOPzillaASM_Setup.exe
C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
C:\Windows\system32\Drivers\kgpcpy.cfg
C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
DisableService: Mobile Partner. RunOuc
DisableService: PLAY ONLINE. RunOuc
CMD: netsh advfirewall reset
Reg: reg add HKCR\Unknown\shell\openas\command /ve /t REG_EXPAND_SZ /d "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" /f
Reg: reg add HKCR\Unknown\shell\opendlg\command /ve /t REG_EXPAND_SZ /d "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" /f
Reg: reg delete HKCR\Unknown\shell\openas\command /v sfa_backup /f
Reg: reg delete HKCR\Unknown\shell\opendlg\command /v sfa_backup /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\808638919.portal.qtrax.com /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{84178AE8-C22D-48CB-A6BA-D116FD3FE469} /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HyperCam Toolbar" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyPublicWiFi" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Smart File Advisor" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpywareTerminatorShield" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpywareTerminatorUpdater" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

4. Zrób nowy log FRST z opcji Scan - zaznacz ponownie pole Addition, by powstały dwa logi. Dołącz też plik fixlog.txt.

 

Pytanie dodatkowe - co tu było robione z Internet Explorer? Jest notowany brak jego plików:

 

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (No File)

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (No File)

Edytowane 2 Czerwca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso