majka98 Opublikowano 27 Września 2015 Zgłoś Udostępnij Opublikowano 27 Września 2015 Witam, Dobry wieczór Z jakiś przyczyn pojawil sie wirus QQPCTray. Próba odinstalowanie nie przynosi oczekiwanych skutkow, AdwCleaner, Emisoft anti-malware nie pomogl. Wciaz jest widoczny. Kluczy nie da sie usunac, iwidoczny jest w autostarcie takze nie mozna usunac. Nie moge sie tego pozbyć w żaden znany mi sposób.Prosiłabym o pomoc Shortcut.txt FRST.txt Addition.txt gmer.txt Odnośnik do komentarza
picasso Opublikowano 29 Września 2015 Zgłoś Udostępnij Opublikowano 29 Września 2015 QQPCTray to nie jest wirus, lecz niechciany program zainstalowany przez nieuwagę podczas pobierania programów (metoda typu "downloader" portalowy lub podobne zjawisko). Na początek proszę: 1. Uruchom plik C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\Uninst.exe, by sprawdzić czy to usunie większą partię Tencent. W przypadku braku skutków, zajmę się siłowym usunięciem Tencent z systemu. 2. Przez Dodaj/Usuń programy odinstaluj: - Adware: CinemaP-1.9cV26.09, CinemaPlus-3.2cV26.09, GoHD - Stare wersje: J2SE Development Kit 5.0 Update 12, J2SE Runtime Environment 5.0 Update 12, Java 7 Update 55 Jeśli podczas deinstalacji któregoś wejścia wystąpi błąd, kontynuuj z kolejną pozycją. 3. Zrób nowy log FRST z opcji Skanuj (Scan) - zaznacz ponownie pole Addition, by powstały dwa raporty. Odnośnik do komentarza
majka98 Opublikowano 29 Października 2015 Autor Zgłoś Udostępnij Opublikowano 29 Października 2015 Dziekuje za odpowiedz, nadal mam z tym problem Bez powodzenia 1, 2 Adware: CinemaP-1.9cV26.09, CinemaPlus-3.2cV26.09, GoHD Nie udaje sie odinstalowac, 3 Załaczam Dziękuje Addition.txt FRST.txt Odnośnik do komentarza
picasso Opublikowano 29 Października 2015 Zgłoś Udostępnij Opublikowano 29 Października 2015 W związku z tym należy się zabrać za usuwanie ręczne wszystkiego. Przeprowadź następujące operacje: 1. W międzyczasie doinstalował się kolejny śmieć Xmas i to spróbuj odinstalować, niezależnie czy będzie błąd kontynuuj akcje. Poza tym, nadal do deinstalacji stara wersja Java 7 Update 55. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: R2 aroductpeo; C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Planetjob.exe [46592 2015-10-29] () [File not signed] R2 Concom; C:\Program Files\Concom\Concom.exe [379904 2015-10-25] () [File not signed] S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-10-29] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-10-29] (globalUpdate) [File not signed] R1 QMIEProtect; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMIEProtect.sys [49976 2015-08-18] () R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe [301728 2015-09-15] (Tencent) R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQSysMon.sys [108472 2015-09-26] (电脑管家) R2 SSFK; C:\Program Files\SFK\SSFK.exe [458400 2015-09-26] (TODO: ) S3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator.sys [114520 2000-12-31] (Tencent) S3 TAOFrame; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe [293856 2015-09-26] (Tencent) R1 TAOKernelDriver; C:\WINDOWS\System32\Drivers\TAOKernelXP.sys [139064 2015-09-26] (Tencent Technology(Shenzhen) Company Limited) R3 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFlt.sys [150072 2015-09-26] (电脑管家) R1 TSCPM; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\tscpm.sys [43448 2015-09-26] (电脑管家) R1 TSDefenseBt; C:\WINDOWS\System32\DRIVERS\TSDefenseBt.sys [14008 2015-09-26] (Tencent) R0 TsFltMgr; C:\WINDOWS\System32\drivers\TsFltMgr.sys [124792 2015-09-26] (电脑管家) R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSKsp.sys [204920 2015-09-26] (电脑管家) S3 TSSK; C:\WINDOWS\System32\tssk.sys [67896 2015-09-26] (电脑管家) R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSSysKit.sys [101560 2015-09-26] (电脑管家) R2 WdsManPro; C:\Documents and Settings\All Users\Application Data\2WdsManPro2\WdsManPro.exe [442504 2015-09-26] (DTools LIMITED) S1 ppfd_vt_1_10_0_24; system32\drivers\ppfd_vt_1_10_0_24.sys [X] S1 wwfd_vt_1_10_0_24; system32\drivers\wwfd_vt_1_10_0_24.sys [X] Task: C:\WINDOWS\Tasks\469fcbcc-315d-4dd5-9804-212abb2e3cb9-1-6.job => C:\Program Files\GoHD\469fcbcc-315d-4dd5-9804-212abb2e3cb9-1-6.exe Task: C:\WINDOWS\Tasks\50278e6d-151b-4cf5-9e8d-31ed23fbc614-1-6.job => C:\Program Files\CinemaPlus-3.2cV26.09\50278e6d-151b-4cf5-9e8d-31ed23fbc614-1-6.exe Task: C:\WINDOWS\Tasks\50278e6d-151b-4cf5-9e8d-31ed23fbc614-10_user.job => C:\Program Files\CinemaPlus-3.2cV26.09\50278e6d-151b-4cf5-9e8d-31ed23fbc614-10.exe Task: C:\WINDOWS\Tasks\50278e6d-151b-4cf5-9e8d-31ed23fbc614-3.job => C:\Program Files\CinemaPlus-3.2cV26.09\50278e6d-151b-4cf5-9e8d-31ed23fbc614-3.exe Task: C:\WINDOWS\Tasks\50278e6d-151b-4cf5-9e8d-31ed23fbc614-5.job => C:\Program Files\CinemaPlus-3.2cV26.09\50278e6d-151b-4cf5-9e8d-31ed23fbc614-5.exe Task: C:\WINDOWS\Tasks\50278e6d-151b-4cf5-9e8d-31ed23fbc614-6.job => C:\Program Files\CinemaPlus-3.2cV26.09\50278e6d-151b-4cf5-9e8d-31ed23fbc614-6.exe Task: C:\WINDOWS\Tasks\50278e6d-151b-4cf5-9e8d-31ed23fbc614-7.job => C:\Program Files\CinemaPlus-3.2cV26.09\50278e6d-151b-4cf5-9e8d-31ed23fbc614-7.exe Task: C:\WINDOWS\Tasks\6d0ac05c-4429-4e4d-bcea-abd79f29b20e-1-6.job => C:\Program Files\CinemaP-1.9cV26.09\6d0ac05c-4429-4e4d-bcea-abd79f29b20e-1-6.exe Task: C:\WINDOWS\Tasks\7ac4ca75-d021-44c5-ba78-4c00550bafe6-1-6.job => C:\Program Files\Object Browser\7ac4ca75-d021-44c5-ba78-4c00550bafe6-1-6.exe Task: C:\WINDOWS\Tasks\7ac4ca75-d021-44c5-ba78-4c00550bafe6-1-7.job => C:\Program Files\Object Browser\7ac4ca75-d021-44c5-ba78-4c00550bafe6-1-7.exe Task: C:\WINDOWS\Tasks\7ac4ca75-d021-44c5-ba78-4c00550bafe6-4.job => C:\Program Files\Object Browser\7ac4ca75-d021-44c5-ba78-4c00550bafe6-4.exe Task: C:\WINDOWS\Tasks\7ac4ca75-d021-44c5-ba78-4c00550bafe6-5.job => C:\Program Files\Object Browser\7ac4ca75-d021-44c5-ba78-4c00550bafe6-5.exe Task: C:\WINDOWS\Tasks\7ac4ca75-d021-44c5-ba78-4c00550bafe6-6.job => C:\Program Files\Object Browser\7ac4ca75-d021-44c5-ba78-4c00550bafe6-6.exe Task: C:\WINDOWS\Tasks\7ac4ca75-d021-44c5-ba78-4c00550bafe6-7.job => C:\Program Files\Object Browser\7ac4ca75-d021-44c5-ba78-4c00550bafe6-7.exe Task: C:\WINDOWS\Tasks\a4573ab7-8417-4109-8219-08f1d1efe114-1-6.job => C:\Program Files\SavePass 1.1\a4573ab7-8417-4109-8219-08f1d1efe114-1-6.exe Task: C:\WINDOWS\Tasks\a4573ab7-8417-4109-8219-08f1d1efe114-1-7.job => C:\Program Files\SavePass 1.1\a4573ab7-8417-4109-8219-08f1d1efe114-1-7.exe Task: C:\WINDOWS\Tasks\a4573ab7-8417-4109-8219-08f1d1efe114-4.job => C:\Program Files\SavePass 1.1\a4573ab7-8417-4109-8219-08f1d1efe114-4.exe Task: C:\WINDOWS\Tasks\a4573ab7-8417-4109-8219-08f1d1efe114-5.job => C:\Program Files\SavePass 1.1\a4573ab7-8417-4109-8219-08f1d1efe114-5.exe Task: C:\WINDOWS\Tasks\Advanced System~Protector.job => C:\Program Files\ASP\AspManager.exe Task: C:\WINDOWS\Tasks\Cukoqje4zpacXzv1vzrLABj8CQG.job => C:\Documents and Settings\Krzysztof\Application Data\Cukoqje4zpacXzv1vzrLABj8CQG.exe Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\globalupdate.exe Task: C:\WINDOWS\Tasks\IaKVQlxEQ3T35j.job => C:\Documents and Settings\Krzysztof\Application Data\IaKVQlxEQ3T35j.exe Task: C:\WINDOWS\Tasks\PKFkn4RDDh2SIS8ZZ.job => C:\Documents and Settings\Krzysztof\Application Data\PKFkn4RDDh2SIS8ZZ.exe Task: C:\WINDOWS\Tasks\SimpleFiles Update Service.job => C:\Program Files\SimpleFilesUpdater\SimpleFilesUpdater.exehxxp:/simple-files.com Task: C:\WINDOWS\Tasks\temp_50278e6d-151b-4cf5-9e8d-31ed23fbc614-10_user.job => C:\Program Files\CinemaPlus-3.2cV26.09\50278e6d-151b-4cf5-9e8d-31ed23fbc614-10.exe Task: C:\WINDOWS\Tasks\Xmas.job => C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Xmas\xBin\Xmas.dll HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" HKLM\...\Run: [] => [X] HKLM\...\Run: [ QQPCTray] => "C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe" /regrun HKLM\...\Run: [gmsd_pl_005010096] => [X] HKLM\...\Run: [mbot_pl_014010096] => [X] HKLM\...\Run: [mbot_pl_014010102] => [X] HKLM\...\Run: [upmbot_pl_014010102.exe] => C:\Documents and Settings\Krzysztof\Local Settings\Application Data\mbot_pl_014010102\upmbot_pl_014010102.exe -runhelper HKLM\...\Run: [sunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe" HKLM\...\Winlogon: [shell] explorer.exe, [x ] () HKU\S-1-5-21-1960408961-682003330-839522115-1004\...\Run: [bingSvc] => C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt.dll [2015-09-26] (Tencent) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CustomCLSID: HKU\S-1-5-21-1960408961-682003330-839522115-1004_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1960408961-682003330-839522115-1004_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1960408961-682003330-839522115-1004_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CustomCLSID: HKU\S-1-5-21-1960408961-682003330-839522115-1004_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Documents and Settings\Krzysztof\Application Data\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95751091_hao_pg HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1443293666&z=a872e2bb7050c3b9111ef6agaz0zdc8o0t3c0q0q2q&from=amt&uid=hitachixhts545025b9sa02_100719pbl200csh200zvx HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1960408961-682003330-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSyDMFv8NAOf72g_52TO1Q8T9E1z2NFGDHko4e8BbYNV6e-AVbiqCN2a0fQhKzKTNQTY9Tmtm8gq3gdyIIACRX4xZCnmDTMzrVdBCl1wGaSuGqFTt2SOrkLvi9FyG4ABhng,,&q={searchTerms} HKU\S-1-5-21-1960408961-682003330-839522115-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hao123.com/?tn=95751091_hao_pg hxxp://www.gazeta.pl/0,0.html?p=156 HKU\S-1-5-21-1960408961-682003330-839522115-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1443293666&z=a872e2bb7050c3b9111ef6agaz0zdc8o0t3c0q0q2q&from=amt&uid=hitachixhts545025b9sa02_100719pbl200csh200zvx HKU\S-1-5-21-1960408961-682003330-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSyDMFv8NAOf72g_52TO1Q8T9E1z2NFGDHko4e8BbYNV6e-AVbiqCN2a0fQhKzKTNQTY9Tmtm8gq3gdyIIACRX4xZCnmDTMzrVdBCl1wGaSuGqFTt2SOrkLvi9FyG4ABhng,,&q={searchTerms} HKU\S-1-5-21-1960408961-682003330-839522115-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSyDMFv8NAOf72g_52TO1Q8T9E1z2NFGDHko4e8BbYNV6e-AVbiqCN2a0fQhKzKTNQTY9Tmtm8gq3gdyIIACRX4xZCnmDTMzrVdBCl1wGaSuGqFTt2SOrkLvi9FyG4ABhng,,&q={searchTerms} HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.only-search.com/?babsrc=NT_kms&affID=132174" SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSyDMFv8NAOf72g_52TO1Q8T9E1z2NFGDHko4e8BbYNV6e-AVbiqCN2a0fQhKzKTNQTY9Tmtm8gq3gdyIIACRX4xZCnmDTMzrVdBCl1wGaSuGqFTt2SOrkLvi9FyG4ABhng,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-1960408961-682003330-839522115-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1960408961-682003330-839522115-1004 -> {36D00200-6447-4870-A80F-C551B17BDE8F} URL = hxxp://www.only-search.com/?babsrc=SP_kms&affID=132174&q={searchTerms}&r=965 SearchScopes: HKU\S-1-5-21-1960408961-682003330-839522115-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSyDMFv8NAOf72g_52TO1Q8T9E1z2NFGDHko4e8BbYNV6e-AVbiqCN2a0fQhKzKTNQTY9Tmtm8gq3gdyIIACRX4xZCnmDTMzrVdBCl1wGaSuGqFTt2SOrkLvi9FyG4ABhng,,&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-10-29] (globalUpdate) FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-10-29] (globalUpdate) GroupPolicy: Restriction - Chrome CHR HKLM\SOFTWARE\Policies\Google: Restriction StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.istartsurf.com/?type=sc&ts=1443295299&z=796cc5cf51a969ca0186f3egczdz4c1odt6w6gde8t&from=face&uid=HitachiXHTS545025B9SA02_100719PBL200CSH200ZVX Facebook Update Helper (Version: 1.2.205.0 - Google Inc.) Hidden AV: 电脑管家系统防护 (Enabled - Up to date) {9AAC524A-BF34-49b0-91D2-71838CBB8110} DeleteKey: HKCU\Software\Google\Chrome\Extensions DeleteKey: HKLM\SOFTWARE\Google\Chrome\Extensions DeleteKey: HKLM\SOFTWARE\Mozilla\Firefox\Extensions DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Krzysztof^Start Menu^Programs^Startup^IMVU.lnk DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Krzysztof^Start Menu^Programs^Startup^Logitech . Rejestracja produktu.lnk DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Krzysztof^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Krzysztof^Start Menu^Programs^Startup^OptimumLink.lnk DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Krzysztof^Start Menu^Programs^Startup^OptimumPCtoTV.lnk DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Krzysztof^Start Menu^Programs^Startup^ybcrlnsnniggidoderh.lnk DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EvtMgr6 DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GG DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Jing DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ORAHSSSessionManager DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TP-Link USB Printer Controller DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaP-1.9cV26.09 DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV26.09 DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoHD DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavePass 1.1 DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes CMD: for %i in ("C:\Program Files\globalUpdate\Update\1.3.25.0\*.dll") do regsvr32 /u /s %i CMD: for %i in ("C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\*.dll") do regsvr32 /u /s %i C:\Documents and Settings\All Users\Application Data\2WdsManPro2 C:\Documents and Settings\All Users\Application Data\TEMP C:\Documents and Settings\All Users\Start Menu\电脑管家.lnk C:\Documents and Settings\All Users\Start Menu\强力卸载电脑上的软件 .lnk C:\Documents and Settings\Gość\Favorites\Links\*.url C:\Documents and Settings\Gość\Start Menu\7Burn.lnk C:\Documents and Settings\Gość\Start Menu\Programs\FileZilla FTP Client C:\Documents and Settings\Krzysztof\sqlite3.dll C:\Documents and Settings\Krzysztof\Application Data\cTEckRNVP8 C:\Documents and Settings\Krzysztof\Application Data\Cukoqje4zpacXzv1vzrLABj8CQG C:\Documents and Settings\Krzysztof\Application Data\IaKVQlxEQ3T35j C:\Documents and Settings\Krzysztof\Application Data\NevoSoft Gameslog.txt C:\Documents and Settings\Krzysztof\Application Data\PKFkn4RDDh2SIS8ZZ C:\Documents and Settings\Krzysztof\Application Data\GG C:\Documents and Settings\Krzysztof\Desktop\Continue kED installation.lnk C:\Documents and Settings\Krzysztof\Favorites\Bing.url C:\Documents and Settings\Krzysztof\Favorites\Discover Bing.url C:\Documents and Settings\Krzysztof\Favorites\MSN Websites\MSN*.url C:\Documents and Settings\Krzysztof\Favorites\Microsoft Websites\Microsoft Showcase.url C:\Documents and Settings\Krzysztof\Favorites\Microsoft Websites\Microsoft.com.url C:\Documents and Settings\Krzysztof\Favorites\Links\go.microsoft.com-fwlink-LinkId=121315.url C:\Documents and Settings\Krzysztof\Favorites\Links\ieonline.microsoft.com-#ieslice.url C:\Documents and Settings\Krzysztof\Favorites\Links\Suggested Sites*.url C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Planetjob.exe C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Planetjob.exe.config C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Facebook C:\Documents and Settings\Krzysztof\Local Settings\Application Data\globalUpdate C:\Documents and Settings\Krzysztof\Local Settings\Application Data\mbot_pl_014010102 C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Microsoft\BingSvc C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Xmas C:\Documents and Settings\Krzysztof\Start Menu\Programs\腾讯软件 C:\Program Files\path5.ini C:\Program Files\5C8CAC0A-1443294427-5799-9460-C2325843CB2C C:\Program Files\ASP C:\Program Files\CinemaP-1.9cV26.09 C:\Program Files\CinemaPlus-3.2cV26.09 C:\Program Files\Concom C:\Program Files\globalUpdate C:\Program Files\GoHD C:\Program Files\Mozilla Firefox\browser\searchplugins C:\Program Files\Mozilla Firefox\plugins C:\Program Files\Object Browser C:\Program Files\RayDld C:\Program Files\SavePass 1.1 C:\Program Files\SFK C:\Program Files\SimpleFilesUpdater C:\Program Files\Tencent C:\Program Files\Common Files\Tencent C:\WINDOWS\DUMP*.tmp C:\WINDOWS\QMNetworkMgr.ini C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup C:\WINDOWS\pss\IMVU.lnkStartup C:\WINDOWS\pss\Logitech . Rejestracja produktu.lnkStartup C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup C:\WINDOWS\pss\OptimumLink.lnkStartup C:\WINDOWS\pss\OptimumPCtoTV.lnkStartup C:\WINDOWS\pss\ybcrlnsnniggidoderh.lnkStartup C:\WINDOWS\System32\tssk.sys C:\WINDOWS\system32\Drivers\TAOAccelerator.sys C:\WINDOWS\System32\Drivers\TAOKernelXP.sys C:\WINDOWS\System32\Drivers\TFsFlt.sys C:\WINDOWS\System32\Drivers\TsFltMgr.sys C:\WINDOWS\System32\Drivers\TSDefenseBt.sys Folder: C:\extensions CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files\Common Files" CMD: dir /a "C:\Documents and Settings\All Users\Application Data" CMD: dir /a "C:\Documents and Settings\Krzysztof\Application Data" CMD: dir /a "C:\Documents and Settings\Krzysztof\Local Settings\Application Data" Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Z menu Notatnika > Plik > Zapisz jako > wprowadź nazwę fixlist.txt > Kodowanie zmień na UTF-8 Plik fixlist.txt i umieść obok narzędzia FRST. Przejdź w Tryb awaryjny Windows - na ekranie logowania wybierz własne konto Krzysztof a nie Administrator. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart, opuść Tryb awaryjny. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Wyczyść przeglądarki z adware: Firefox: Odłącz synchronizację (o ile włączona): KLIK. Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone. Menu Historia > Wyczyść historię przeglądania Google Chrome: Zresetuj synchronizację (o ile włączona): KLIK. Ustawienia > karta Ustawienia > Osoby > załóż nowy profil i się na niego zaloguj, a stary całkowicie skasuj. 4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z zaznaczonym polem Addition. Dołącz też plik fixlog.txt. Pytanie: czy można usunąć folder C:\Documents and Settings\Krzysztof\GG dysk? GG zostało odinstalowane, ale w tym folderze mogą być jakieś potrzebne pliki osobiste. Odnośnik do komentarza
majka98 Opublikowano 30 Października 2015 Autor Zgłoś Udostępnij Opublikowano 30 Października 2015 1.Usuniete 2.Wykonane- zalaczam Fix-log.txt 3.Zrobione 4.Załaczam Usunełam GG Dysk Fixlog.txt FRST.txt Addition.txt Odnośnik do komentarza
picasso Opublikowano 30 Października 2015 Zgłoś Udostępnij Opublikowano 30 Października 2015 Prawie wszystko zrobione, z wyjątkiem trzech kluczy, których FRST nie umiał zaadresować. Teraz poprawki, w tym usuwanie folderów po różnych odinstalowanych aplikacjach. Kolejna porcja zadań: 1. Otwórz Notatnik i wklej w nim: ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Application Data\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Application Data\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Application Data\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Application Data\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media ) FF Plugin HKU\S-1-5-21-1960408961-682003330-839522115-1004: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File] DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab Reg: reg add HKLM\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command /ve /t REG_SZ /d "\"C:\Program Files\Google\Chrome\Application\chrome.exe"" /f Reg: reg delete "HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D40F6104-6988-47C0-93F2-A66D5DA120A2} /s CMD: regsvr32 /u /s "C:\Documents and Settings\All Users\Application Data\GG\ggdrive\ggdrive-overlay.dll" C:\Documents and Settings\All Users\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Documents and Settings\All Users\Application Data\Ament.ini C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} C:\Documents and Settings\All Users\Application Data\aliasworlds C:\Documents and Settings\All Users\Application Data\Ashampoo C:\Documents and Settings\All Users\Application Data\Autodesk C:\Documents and Settings\All Users\Application Data\AVAST Software C:\Documents and Settings\All Users\Application Data\Big Fish C:\Documents and Settings\All Users\Application Data\Big Fish Games C:\Documents and Settings\All Users\Application Data\BigFishCache C:\Documents and Settings\All Users\Application Data\BigFishGamesCache C:\Documents and Settings\All Users\Application Data\casualArts C:\Documents and Settings\All Users\Application Data\Corel C:\Documents and Settings\All Users\Application Data\CorelDRAW Graphics Suite X5 C:\Documents and Settings\All Users\Application Data\CorelDRAW Graphics Suite X6 C:\Documents and Settings\All Users\Application Data\DailyMagic C:\Documents and Settings\All Users\Application Data\Devart C:\Documents and Settings\All Users\Application Data\DWdsManProD C:\Documents and Settings\All Users\Application Data\Elephant Games C:\Documents and Settings\All Users\Application Data\FarmFrenzy3 C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Vikings C:\Documents and Settings\All Users\Application Data\firebird C:\Documents and Settings\All Users\Application Data\FreeHideIP C:\Documents and Settings\All Users\Application Data\Fugazo C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10 C:\Documents and Settings\All Users\Application Data\GG C:\Documents and Settings\All Users\Application Data\GoBit Games C:\Documents and Settings\All Users\Application Data\Gogii C:\Documents and Settings\All Users\Application Data\Komputerowa Gratka C:\Documents and Settings\All Users\Application Data\Malwarebytes C:\Documents and Settings\All Users\Application Data\Maximize Games C:\Documents and Settings\All Users\Application Data\McAfee C:\Documents and Settings\All Users\Application Data\MediaArt C:\Documents and Settings\All Users\Application Data\MumboJumbo C:\Documents and Settings\All Users\Application Data\NCH Software C:\Documents and Settings\All Users\Application Data\Norton C:\Documents and Settings\All Users\Application Data\NortonInstaller C:\Documents and Settings\All Users\Application Data\OpenFM C:\Documents and Settings\All Users\Application Data\Oberon Media C:\Documents and Settings\All Users\Application Data\Odian C:\Documents and Settings\All Users\Application Data\Orchid Games C:\Documents and Settings\All Users\Application Data\PITy C:\Documents and Settings\All Users\Application Data\PlayFirst C:\Documents and Settings\All Users\Application Data\PlayPond C:\Documents and Settings\All Users\Application Data\Playrix Entertainment C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe C:\Documents and Settings\All Users\Application Data\rionix C:\Documents and Settings\All Users\Application Data\ScreenVCR C:\Documents and Settings\All Users\Application Data\ShopperPro C:\Documents and Settings\All Users\Application Data\Skype Extras C:\Documents and Settings\All Users\Application Data\SpecialBit C:\Documents and Settings\All Users\Application Data\SulusGames C:\Documents and Settings\All Users\Application Data\Sun C:\Documents and Settings\All Users\Application Data\Tencent C:\Documents and Settings\All Users\Application Data\TaxMachine C:\Documents and Settings\All Users\Application Data\Top Evidence C:\Documents and Settings\Krzysztof\Application Data\Adobe GIF Format CS5 Prefs C:\Documents and Settings\Krzysztof\Application Data\Adobe PNG Format CS5 Prefs C:\Documents and Settings\Krzysztof\Application Data\Sys2662.Config.Repository.bin C:\Documents and Settings\Krzysztof\Application Data\.mono C:\Documents and Settings\Krzysztof\Application Data\11732 C:\Documents and Settings\Krzysztof\Application Data\2monkeys C:\Documents and Settings\Krzysztof\Application Data\A2 Entertainment C:\Documents and Settings\Krzysztof\Application Data\Alawar Entertainment C:\Documents and Settings\Krzysztof\Application Data\AlawarEntertainment C:\Documents and Settings\Krzysztof\Application Data\aliasworlds C:\Documents and Settings\Krzysztof\Application Data\ArcSoft C:\Documents and Settings\Krzysztof\Application Data\Artifex Mundi C:\Documents and Settings\Krzysztof\Application Data\Artogon C:\Documents and Settings\Krzysztof\Application Data\Ashampoo C:\Documents and Settings\Krzysztof\Application Data\Autodesk C:\Documents and Settings\Krzysztof\Application Data\Awem C:\Documents and Settings\Krzysztof\Application Data\BlamGames C:\Documents and Settings\Krzysztof\Application Data\BlueLabsSoftware C:\Documents and Settings\Krzysztof\Application Data\CallingID C:\Documents and Settings\Krzysztof\Application Data\casualArts C:\Documents and Settings\Krzysztof\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant C:\Documents and Settings\Krzysztof\Application Data\Corel C:\Documents and Settings\Krzysztof\Application Data\DailyMagic C:\Documents and Settings\Krzysztof\Application Data\Dark Blue Games C:\Documents and Settings\Krzysztof\Application Data\DarkManor C:\Documents and Settings\Krzysztof\Application Data\Desktop Apps C:\Documents and Settings\Krzysztof\Application Data\Devart C:\Documents and Settings\Krzysztof\Application Data\DominiGames C:\Documents and Settings\Krzysztof\Application Data\DonationCoder C:\Documents and Settings\Krzysztof\Application Data\e-Deklaracje C:\Documents and Settings\Krzysztof\Application Data\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 C:\Documents and Settings\Krzysztof\Application Data\Eipix C:\Documents and Settings\Krzysztof\Application Data\Elephant Games C:\Documents and Settings\Krzysztof\Application Data\Enlightenus2SE_BFG C:\Documents and Settings\Krzysztof\Application Data\EntwinedSoD C:\Documents and Settings\Krzysztof\Application Data\ERS Game Studios C:\Documents and Settings\Krzysztof\Application Data\FabrykaGier C:\Documents and Settings\Krzysztof\Application Data\FabrykaGierNew C:\Documents and Settings\Krzysztof\Application Data\FarmerJane C:\Documents and Settings\Krzysztof\Application Data\FlowerOfImmortality C:\Documents and Settings\Krzysztof\Application Data\FlyWheelGames C:\Documents and Settings\Krzysztof\Application Data\FreeHideIP C:\Documents and Settings\Krzysztof\Application Data\Freeze Tag C:\Documents and Settings\Krzysztof\Application Data\Friday's games C:\Documents and Settings\Krzysztof\Application Data\Funswitch C:\Documents and Settings\Krzysztof\Application Data\Fuzzy Bug Interactive C:\Documents and Settings\Krzysztof\Application Data\GameInvest C:\Documents and Settings\Krzysztof\Application Data\GameMill Entertainment C:\Documents and Settings\Krzysztof\Application Data\GHISLER C:\Documents and Settings\Krzysztof\Application Data\Ghost Ship Studios C:\Documents and Settings\Krzysztof\Application Data\GlarySoft C:\Documents and Settings\Krzysztof\Application Data\gtk-2.0 C:\Documents and Settings\Krzysztof\Application Data\Happy Chef C:\Documents and Settings\Krzysztof\Application Data\HdO Adventure C:\Documents and Settings\Krzysztof\Application Data\Hidden Objects Romance C:\Documents and Settings\Krzysztof\Application Data\HitPoint Studios C:\Documents and Settings\Krzysztof\Application Data\Kestrel C:\Documents and Settings\Krzysztof\Application Data\Lazy Turtle Games C:\Documents and Settings\Krzysztof\Application Data\Leadertech C:\Documents and Settings\Krzysztof\Application Data\Legacy Games C:\Documents and Settings\Krzysztof\Application Data\LegacyInteractive C:\Documents and Settings\Krzysztof\Application Data\LittleGamesCompany C:\Documents and Settings\Krzysztof\Application Data\Loop Terminarz C:\Documents and Settings\Krzysztof\Application Data\MagicIndie C:\Documents and Settings\Krzysztof\Application Data\Malwarebytes C:\Documents and Settings\Krzysztof\Application Data\Mariaglorum C:\Documents and Settings\Krzysztof\Application Data\Maximize Games C:\Documents and Settings\Krzysztof\Application Data\MediaArt C:\Documents and Settings\Krzysztof\Application Data\ModelViews C:\Documents and Settings\Krzysztof\Application Data\Monkey Barrel Games C:\Documents and Settings\Krzysztof\Application Data\MumboJumbo C:\Documents and Settings\Krzysztof\Application Data\MySQL-Front C:\Documents and Settings\Krzysztof\Application Data\MysteriousCaseOfJekyllAndHyde C:\Documents and Settings\Krzysztof\Application Data\Namco C:\Documents and Settings\Krzysztof\Application Data\NCH Software C:\Documents and Settings\Krzysztof\Application Data\New Version Available C:\Documents and Settings\Krzysztof\Application Data\npm C:\Documents and Settings\Krzysztof\Application Data\npm-cache C:\Documents and Settings\Krzysztof\Application Data\Oberon Media C:\Documents and Settings\Krzysztof\Application Data\Odian Games C:\Documents and Settings\Krzysztof\Application Data\OpenCube Inc C:\Documents and Settings\Krzysztof\Application Data\OpenFM C:\Documents and Settings\Krzysztof\Application Data\Opera C:\Documents and Settings\Krzysztof\Application Data\Opera Software C:\Documents and Settings\Krzysztof\Application Data\Oracle C:\Documents and Settings\Krzysztof\Application Data\Orneon C:\Documents and Settings\Krzysztof\Application Data\Phantasmat_bf_se1 C:\Documents and Settings\Krzysztof\Application Data\PlataGames C:\Documents and Settings\Krzysztof\Application Data\PlayFavoriteGames C:\Documents and Settings\Krzysztof\Application Data\PlayFirst C:\Documents and Settings\Krzysztof\Application Data\PlayPond C:\Documents and Settings\Krzysztof\Application Data\Playrix Entertainment C:\Documents and Settings\Krzysztof\Application Data\PSpad C:\Documents and Settings\Krzysztof\Application Data\PuzzleLab C:\Documents and Settings\Krzysztof\Application Data\Realore C:\Documents and Settings\Krzysztof\Application Data\RealWorld C:\Documents and Settings\Krzysztof\Application Data\ShamanGS C:\Documents and Settings\Krzysztof\Application Data\Silverback Productions C:\Documents and Settings\Krzysztof\Application Data\SmartDraw C:\Documents and Settings\Krzysztof\Application Data\SMIGames C:\Documents and Settings\Krzysztof\Application Data\Specialbit C:\Documents and Settings\Krzysztof\Application Data\Star-Tools C:\Documents and Settings\Krzysztof\Application Data\Subversion C:\Documents and Settings\Krzysztof\Application Data\SulusGames C:\Documents and Settings\Krzysztof\Application Data\Sun C:\Documents and Settings\Krzysztof\Application Data\SunRay Games C:\Documents and Settings\Krzysztof\Application Data\SunwardGames C:\Documents and Settings\Krzysztof\Application Data\sweet-page C:\Documents and Settings\Krzysztof\Application Data\tabagames C:\Documents and Settings\Krzysztof\Application Data\Talkback C:\Documents and Settings\Krzysztof\Application Data\TeamViewer C:\Documents and Settings\Krzysztof\Application Data\Tencent C:\Documents and Settings\Krzysztof\Application Data\Teyon C:\Documents and Settings\Krzysztof\Application Data\TikisLab C:\Documents and Settings\Krzysztof\Application Data\Top Evidence C:\Documents and Settings\Krzysztof\Application Data\TortoiseSVN C:\Documents and Settings\Krzysztof\Application Data\Unity C:\Documents and Settings\Krzysztof\Application Data\Vast Studios C:\Documents and Settings\Krzysztof\Application Data\Vogat Interactive C:\Documents and Settings\Krzysztof\Application Data\WinRAR C:\Documents and Settings\Krzysztof\Application Data\World-LooM C:\Documents and Settings\Krzysztof\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat C:\Documents and Settings\Krzysztof\Local Settings\Application Data\{32A3A4F2-B792-11D6-A78A-00B0D0150120} C:\Documents and Settings\Krzysztof\Local Settings\Application Data\5C8CAC0A-1443301797-5799-9460-C2325843CB2C C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Amazon C:\Documents and Settings\Krzysztof\Local Settings\Application Data\ArcSoft C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Autodesk C:\Documents and Settings\Krzysztof\Local Settings\Application Data\avgchrome C:\Documents and Settings\Krzysztof\Local Settings\Application Data\cache C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Color-Brush C:\Documents and Settings\Krzysztof\Local Settings\Application Data\CrashRpt C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Farmington Tales C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Game Mill Files C:\Documents and Settings\Krzysztof\Local Settings\Application Data\gmsd_pl_005010096 C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Google\Chrome\User Data\Default C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Installer C:\Documents and Settings\Krzysztof\Local Settings\Application Data\KaDonk C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Kookos C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Namco C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Oberon Games C:\Documents and Settings\Krzysztof\Local Settings\Application Data\OpenCube Inc C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Opera C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Opera Software C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Qurb4 C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Sun C:\Documents and Settings\Krzysztof\Local Settings\Application Data\TechSmith C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Temp C:\Documents and Settings\Krzysztof\Local Settings\Application Data\TortoiseSVN C:\Documents and Settings\Krzysztof\Local Settings\Application Data\TSVNCache C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Unity C:\Documents and Settings\Krzysztof\Local Settings\Application Data\webkit C:\Documents and Settings\Krzysztof\Local Settings\Application Data\WMTools Downloaded Files C:\Documents and Settings\Krzysztof\Local Settings\Application Data\Xenocode C:\extensions C:\Program Files\20717d47-27d3-4fd5-849d-70bab7fdb68a C:\Program Files\aeafcc87-810f-4dcb-a286-bd94d8f90ac3 C:\Program Files\Atlassian C:\Program Files\Autodesk C:\Program Files\c620fa05-8fd3-422d-8b48-6fb2e023fb34 C:\Program Files\c6fdae68-5b2b-49d1-904d-708dc40b305a C:\Program Files\CasualGameBox C:\Program Files\de2a3e96-eab7-4ac0-815d-d28e00b7f723 C:\Program Files\f9138745-f797-4a7e-98f2-acd48c761d2f C:\Program Files\Feed Notifier C:\Program Files\gmsd_pl_005010096 C:\Program Files\ICTV C:\Program Files\Java C:\Program Files\jv16 PowerTools 2011 C:\Program Files\mbot_pl_014010096 C:\Program Files\Mioplanet C:\Program Files\Motorola C:\Program Files\NCH Software C:\Program Files\Norton Security Scan C:\Program Files\NortonInstaller C:\Program Files\NotePage C:\Program Files\Opera C:\Program Files\PDFCreator C:\Program Files\PITy C:\Program Files\PFConfig C:\Program Files\predm C:\Program Files\QuickTime C:\Program Files\RealArcade C:\Program Files\Common Files\Adobe-BackupByPhotoshopPortable C:\Program Files\Common Files\AVSMedia C:\Program Files\Common Files\McAfee C:\Program Files\Common Files\Oberon Media C:\Program Files\Common Files\SWiSHzone.com Hosts: Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Tym razem nie będzie restartu. Powstanie kolejny fixlog.txt. Przedstaw go. 2. Uruchom FRST, w polu Szukaj (Search) wklej co poniżej i klik w Szukaj w rejestrze (Search Registry). Przedstaw wynikowy log. Tencent;QQPCMgr 3. Uruchom AdwCleaner. Wybierz opcję Skanuj (na razie nic nie usuwaj) i dostarcz wynikowy log z folderu C:\AdwCleaner. Odnośnik do komentarza
majka98 Opublikowano 30 Października 2015 Autor Zgłoś Udostępnij Opublikowano 30 Października 2015 Dziekuje. Załaczam pliki Fixlog.txt Search.txt AdwCleanerS2.txt Odnośnik do komentarza
picasso Opublikowano 30 Października 2015 Zgłoś Udostępnij Opublikowano 30 Października 2015 Kolejna porcja usuwania. Otwórz Notatnik i wklej w nim: DeleteKey: HKCU\Software\_CrossriderRegNamePlaceHolder_ DeleteKey: HKCU\Software\Crossrider DeleteKey: HKCU\Software\DAILYPCCLEAN DeleteKey: HKCU\Software\GlobalUpdate DeleteKey: HKCU\Software\GoHD DeleteKey: HKCU\Software\InstalledBrowserExtensions DeleteKey: HKCU\Software\Mozilla\Extends DeleteKey: HKCU\Software\OB DeleteKey: HKCU\Software\PRODUCTSETUP DeleteKey: HKCU\Software\Reg\Clean DeleteKey: HKCU\Software\Tencent DeleteKey: HKCU\Software\Tutorials DeleteKey: HKCU\Software\TutoTag DeleteKey: HKCU\Software\Yahoo\Companion DeleteKey: HKCU\Software\Yahoo\YFriendsBar DeleteKey: HKLM\SOFTWARE\76b8b9df-7995-40ea-95a1-f80de3274052 DeleteKey: HKLM\SOFTWARE\c66e83ef-420b-4913-9bf6-d3e0763c09b8 DeleteKey: HKLM\SOFTWARE\ebf2cd08-ec58-499d-be2a-c13dcc616e42 DeleteKey: HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} DeleteKey: HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} DeleteKey: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1} DeleteKey: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE DeleteKey: HKLM\SOFTWARE\Classes\AppID\globalupdate.exe DeleteKey: HKLM\SOFTWARE\Classes\Applications\QMDeskTopGC.exe DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7} DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066} DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11} DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808} DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81} DeleteKey: HKLM\SOFTWARE\Classes\.qbox DeleteKey: HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine DeleteKey: HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc DeleteKey: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 DeleteKey: HKLM\SOFTWARE\Classes\METNSD DeleteKey: HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions DeleteKey: HKLM\SOFTWARE\Classes\qmbfile DeleteKey: HKLM\SOFTWARE\Classes\qmgcfiles DeleteKey: HKLM\SOFTWARE\Classes\QQPCMgr.qbox DeleteKey: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 DeleteKey: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar DeleteKey: HKLM\SOFTWARE\Microsoft\Esent\Process\crossbrowse DeleteKey: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975} DeleteKey: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} DeleteKey: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} DeleteKey: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} DeleteKey: HKLM\SOFTWARE\_CrossriderRegNamePlaceHolder_ DeleteKey: HKLM\SOFTWARE\downchecker DeleteKey: HKLM\SOFTWARE\Crossrider DeleteKey: HKLM\SOFTWARE\FFPluginHp DeleteKey: HKLM\SOFTWARE\GlobalUpdate DeleteKey: HKLM\SOFTWARE\GoHD DeleteKey: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.qq.qmchext DeleteKey: HKLM\SOFTWARE\InstalledBrowserExtensions DeleteKey: HKLM\SOFTWARE\ihpmserver DeleteKey: HKLM\SOFTWARE\RayDld DeleteKey: HKLM\SOFTWARE\Reg\Clean DeleteKey: HKLM\SOFTWARE\SavePass 1.1 DeleteKey: HKLM\SOFTWARE\sweet-pageSoftware DeleteKey: HKLM\SOFTWARE\Tencent DeleteKey: HKLM\SOFTWARE\Tutorials DeleteKey: HKLM\SOFTWARE\Yahoo\Companion DeleteKey: HKLM\SOFTWARE\WdsManPro DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SavePass 1.1 DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\GoHD DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QMIEPROTECT DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QQPCRTP DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TAOACCELERATOR DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TSFLTMGR DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro DeleteKey: HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_QMUDISK DeleteKey: HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_QQPCRTP DeleteKey: HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAOACCELERATOR DeleteKey: HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TSFLTMGR DeleteKey: HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_QMUDISK DeleteKey: HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_QQPCRTP DeleteKey: HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_TAOACCELERATOR DeleteKey: HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_TSFLTMGR DeleteKey: HKLM\SYSTEM\WifiSafeCfg DeleteKey: HKU\S-1-5-18\Software\Tencent DeleteKey: HKU\S-1-5-18\Software\Yahoo\Companion RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\Documents and Settings\All Users\Documents\ShopperPro RemoveDirectory: C:\Documents and Settings\Administrator\Application Data\Mozilla RemoveDirectory: C:\Documents and Settings\Gość\Application Data\Mozilla RemoveDirectory: C:\Documents and Settings\Krzysztof\Application Data\Mozilla\Firefox\Profiles\12h1ceb6.default-1404211074967 RemoveDirectory: C:\FRST\Quarantine Reg: reg add HKLM\SOFTWARE\Classes\Unknown\shell\openas\command /ve /t REG_EXPAND_SZ /d "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls" /v Tab /f Reg: reg delete HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache /v "C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\\QMDeskTopGC.exe" /f Reg: reg delete HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache /v "C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\Uninst.exe" /f CMD: del /q "C:\Documents and Settings\Krzysztof\Desktop\Mozilla Firefox.lnk" CMD: del /q C:\WINDOWS\system32\roboot.exe EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Nastąpi restart. Powstanie kolejny fixlog.txt. Przedstaw go. Odnośnik do komentarza
majka98 Opublikowano 30 Października 2015 Autor Zgłoś Udostępnij Opublikowano 30 Października 2015 Załączam Fixlog.txt Odnośnik do komentarza
picasso Opublikowano 30 Października 2015 Zgłoś Udostępnij Opublikowano 30 Października 2015 Fix FRST jest jednorazowego użytku i nie wolno go powtarzać, nie przetworzy ponownie po raz drugi tego samego. Zadany został uruchomiony dwa razy i to co tu widzę to już drugie bezużyteczne podejście, log na dodatek urwany zaraz na początku. Poproszę o log z poprzedniego podejścia. Wejdź do katalogu C:\FRST\Logs, ułóż logi wg nazwy, wyszukaj pliki o modelu nazwy Fixlog_data_czas. Otwórz w Notatniku pliki i szukaj tego który ma w nagłówku:Ran by Krzysztof (2015-10-30 19:44:44) Run:3Ten plik jest tym o który mi chodzi. Odnośnik do komentarza
majka98 Opublikowano 30 Października 2015 Autor Zgłoś Udostępnij Opublikowano 30 Października 2015 Przeszukałam tego logu nie ma o którym piszesz. Podczas pierwszego uruchomienia wystapil jakis blad i komputer sie przywisił i wyłączył. Wykonał drugi raz podejscie i to pewnie dlatego.Mozna to obejść? Odnośnik do komentarza
picasso Opublikowano 30 Października 2015 Zgłoś Udostępnij Opublikowano 30 Października 2015 Na przyszłość: nie uruchamiaj FRST Fix dwa razy, niezależnie od tego czy był błąd. Podwójne uruchomienie popsuło szyki, nie ma raportu, więc nie wiadomo ile zostało usunięte. No cóż, poproszę ponownie o to: 2. Uruchom FRST, w polu Szukaj (Search) wklej co poniżej i klik w Szukaj w rejestrze (Search Registry). Przedstaw wynikowy log. Tencent;QQPCMgr 3. Uruchom AdwCleaner. Wybierz opcję Skanuj (na razie nic nie usuwaj) i dostarcz wynikowy log z folderu C:\AdwCleaner. Odnośnik do komentarza
majka98 Opublikowano 31 Października 2015 Autor Zgłoś Udostępnij Opublikowano 31 Października 2015 Rozumiem, nie byłam świadoma. Załączam Search.txt AdwCleanerS3.txt Odnośnik do komentarza
picasso Opublikowano 31 Października 2015 Zgłoś Udostępnij Opublikowano 31 Października 2015 (edytowane) 1. Tak, Fix zdołał zrobić tylko część zadania. Podejście poprawkowe. Otwórz Notatnik i wklej w nim: DeleteKey: HKLM\SOFTWARE\Classes\qpakfile DeleteKey: HKLM\SOFTWARE\_CrossriderRegNamePlaceHolder_ DeleteKey: HKLM\SOFTWARE\downchecker DeleteKey: HKLM\SOFTWARE\Crossrider DeleteKey: HKLM\SOFTWARE\FFPluginHp DeleteKey: HKLM\SOFTWARE\GlobalUpdate DeleteKey: HKLM\SOFTWARE\GoHD DeleteKey: HKLM\SOFTWARE\InstalledBrowserExtensions DeleteKey: HKLM\SOFTWARE\ihpmserver DeleteKey: HKLM\SOFTWARE\RayDld DeleteKey: HKLM\SOFTWARE\Reg\Clean DeleteKey: HKLM\SOFTWARE\SavePass 1.1 DeleteKey: HKLM\SOFTWARE\sweet-pageSoftware DeleteKey: HKLM\SOFTWARE\Tencent DeleteKey: HKLM\SOFTWARE\Tutorials DeleteKey: HKLM\SOFTWARE\Yahoo\Companion DeleteKey: HKLM\SOFTWARE\WdsManPro DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SavePass 1.1 DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\GoHD DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QMIEPROTECT DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QQPCRTP DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TAOACCELERATOR DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TSFLTMGR DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro DeleteKey: HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_QMUDISK DeleteKey: HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_QQPCRTP DeleteKey: HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAOACCELERATOR DeleteKey: HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TSFLTMGR DeleteKey: HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_QMUDISK DeleteKey: HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_QQPCRTP DeleteKey: HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_TAOACCELERATOR DeleteKey: HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_TSFLTMGR DeleteKey: HKLM\SYSTEM\WifiSafeCfg DeleteKey: HKU\S-1-5-18\Software\Tencent DeleteKey: HKU\S-1-5-18\Software\Yahoo\Companion RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\Documents and Settings\All Users\Documents\ShopperPro RemoveDirectory: C:\Documents and Settings\Administrator\Application Data\Mozilla RemoveDirectory: C:\Documents and Settings\Gość\Application Data\Mozilla RemoveDirectory: C:\Documents and Settings\Krzysztof\Application Data\Mozilla\Firefox\Profiles\12h1ceb6.default-1404211074967 RemoveDirectory: C:\FRST\Quarantine CMD: del /q "C:\Documents and Settings\Krzysztof\Desktop\Mozilla Firefox.lnk" CMD: del /q C:\WINDOWS\system32\roboot.exe EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Nastąpi restart. Powstanie kolejny fixlog.txt. Przedstaw go. 2. Uruchom narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście odpadkowy wpis Facebook Update Helper > Dalej. Edytowane 2 Czerwca 2016 przez picasso Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi