michalprog Opublikowano 28 Września 2018 Zgłoś Udostępnij Opublikowano 28 Września 2018 Dzień dobry. Piszę w imieniu koleżanki. Na jej komputerze internet działa wolno. Widać to zarówno, po szybkości ładowania stron internetowych, jak i podczas przeglądania plików na dysku. Uruchamianie programów też jest problematyczne. Dodatkowo system Windows jest po litewsku-angielsku. Proszę o analizę logów i o pomoc. Pozdrawiam. Michał Addition.txt FRST.txt Shortcut.txt Odnośnik do komentarza
jessica Opublikowano 28 Września 2018 Zgłoś Udostępnij Opublikowano 28 Września 2018 1) Są dwa czynne antywirusy - pozbądź się jednego z nich: Do usuwania AVG służy AVG Remover - https://www.avg.com/pl-pl/utilities Do usuwania Avast służy Avast Uninstall Utility - http://www.avast.com/uninstall-utility 2) Spróbuj odinstalować te program Plus-HD-9.6 (HKLM-x32\...\Plus-HD-9.6) (Version: 1.34.5.12 - Plus HD) <==== ATTENTION sweet-page uninstaller (HKLM-x32\...\sweet-page uninstaller) (Version: - sweet-page) <==== ATTENTION MySearch App (HKLM-x32\...\{41444150-2D43-3300-76A7-A758B70C2D01}) (Version: 12.45.1.4248 - APN, LLC) 3) Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y. Otworzy się Notatnik - wklej do niego: Spoiler RemoveDirectory: C:\Program Files (x86)\dress4u RemoveDirectory: C:\Program Files (x86)\Plus-HD-9.6 RemoveDirectory: C:\Program Files (x86)\globalUpdate C:\Users\Agata\AppData\Roaming\NEToMyx0kg1YfuIGF7Hgxflu.exe Task: {0D3E4617-4031-47CD-925A-C7FCB04ED60E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {0D3E602D-90EF-4FFD-95A8-E4B3172CA8DF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {0FBC1D74-FBED-4BC9-A02D-D8ABE1511DB4} - System32\Tasks\dress4u_notification_service => C:\Program Files (x86)\dress4u\dress4u_notification_service.exe <==== ATTENTION Task: {11A77B2F-F6ED-45E1-960B-20211C810AEE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {42BD02B7-9BB0-4BB8-99D1-C69092932E8C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {59746F91-AFCB-4341-ADE3-809BA8539E4D} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-5 => C:\Program Files (x86)\Plus-HD-9.6\a3bb1f37-ca48-4005-9c57-de3ec606553c-5.exe <==== ATTENTION Task: {5E9C1209-F1F7-4BEA-A104-69104B252892} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-28988410-767054531-3856019114-1001 -> No File <==== ATTENTION Task: {6063B86A-8447-4C67-862A-8253A811047F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {60C08B58-6D3C-444F-9427-3FEAB92A13BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {63C1D158-4553-4379-8721-C46917D02185} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-4 => C:\Program Files (x86)\Plus-HD-9.6\a3bb1f37-ca48-4005-9c57-de3ec606553c-4.exe <==== ATTENTION Task: {659F820E-842F-40A4-AEA6-203D2B427F44} - System32\Tasks\dress4u_updating_service => C:\Program Files (x86)\dress4u\dress4u_updating_service.exe <==== ATTENTION Task: {679D0B9E-4048-49AC-B32E-F58ADC615FDF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {82ECE8DC-E040-4F89-BF1F-93A150795696} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-2 => C:\Program Files (x86)\Plus-HD-9.6\a3bb1f37-ca48-4005-9c57-de3ec606553c-2.exe <==== ATTENTION Task: {878F2AA0-5B53-4EE1-8291-ED689CCFAD4A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {8FFBC5A2-D176-44CF-8971-C081E74F5250} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-1 => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-codedownloader.exe <==== ATTENTION Task: {A59238E4-7792-48AA-8E18-0DA784FBA046} - System32\Tasks\NEToMyx0kg1YfuIGF7Hgxflu => C:\Users\Agata\AppData\Roaming\NEToMyx0kg1YfuIGF7Hgxflu.exe <==== ATTENTION Task: {A7075B9E-4B9D-4373-82E6-03CD7C501B44} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-7 => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-nova.exe <==== ATTENTION Task: {AC511A6B-67CD-43D1-943E-0C1569C724B4} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: {B2C3F329-08E6-4CFE-9969-AB2FE8E1DC68} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {B515C5A8-45CE-49DF-8F3D-01802EBACBB7} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-6 => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-novainstaller.exe <==== ATTENTION Task: {B5B35F83-2B11-4A8F-BDD9-974EC1DE0FC0} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-3 => C:\Program Files (x86)\Plus-HD-9.6\a3bb1f37-ca48-4005-9c57-de3ec606553c-3.exe <==== ATTENTION Task: {C20AA499-408C-45CC-AF86-92EDC324FA37} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: {C5576A15-AE7B-497F-9406-0F802AB77B1A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {C76AC3B6-D168-46BB-B777-2256F713D78F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {DD2C90EE-8630-411B-85AE-0DEA06D6A449} - \WPD\SqmUpload_S-1-5-21-28988410-767054531-3856019114-1001 -> No File <==== ATTENTION Task: {E7F8A9EE-72C5-4503-9EE0-59E0C12C327D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION ShortcutWithArgument: C:\Users\Agata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=sc&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509 ShortcutWithArgument: C:\Users\Agata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.sweet-page.com/?type=sc&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509 ShortcutWithArgument: C:\Users\Agata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=sc&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=sc&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509&q={searchTerms} SearchScopes: HKU\S-1-5-21-28988410-767054531-3856019114-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509&q={searchTerms} SearchScopes: HKU\S-1-5-21-28988410-767054531-3856019114-1001 -> {AF26673D-50DF-4B07-A7B8-38F69978E197} URL = hxxp://www.search-results.com/web?tpid=ADAP-C3&o=APN11416&pf=V7&p2=%5EBBO%5Eaaa329%5ECM%5EPL&gct=&itbv=12.36.1.2797&apn_uid=09A74240-E042-425F-8B27-8332207981B4&apn_ptnrs=^BBO&apn_dtid=%5Eaaa329%5ECM%5EPL&apn_dbr=microsoftedge.exe_6_20.10240.16384.0&doi=2015-11-11&trgb=IE&q={searchTerms}&psv=&pt=tb BHO: No Name -> {11111111-1111-1111-1111-110511731104} -> No File BHO: No Name -> {41444150-2D43-3300-76A7-7A786E7484D7} -> No File BHO-x32: No Name -> {11111111-1111-1111-1111-110511731104} -> No File Toolbar: HKU\S-1-5-21-28988410-767054531-3856019114-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File] FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File] CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509","hxxps://mysearch.avg.com?cid={9817EB78-0DE5-4AD8-BB44-0EC4C37BD679}&mid=6b4392828c0247d29d3ca5996d25b26f-f90455a7890cb15dbd53e8604eb62147c651cb13&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-30 08:58:21&v=18.1.9.786&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={9817EB78-0DE5-4AD8-BB44-0EC4C37BD679}&mid=6b4392828c0247d29d3ca5996d25b26f-f90455a7890cb15dbd53e8604eb62147c651cb13&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-30 08:58:21&v=18.1.9.799&pid=safeguard&sg=&sap=hp" CHR NewTab: Default -> Active:"chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html" CHR DefaultSearchURL: Default -> hxxp://www.sweet-page.com/web/?type=ds&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509&q={searchTerms} CHR DefaultSearchKeyword: Default -> sweet-page CHR Extension: (dress4u) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmhacemfmaapnkiehojbhmclmdnhjhfn [2015-04-02] S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X] 2015-03-31 10:14 - 2015-03-31 10:14 - 000005655 _____ () C:\Users\Agata\AppData\Roaming\NEToMyx0kg1YfuIGF7Hgxf 2015-03-31 10:14 - 2015-03-31 10:14 - 000005655 _____ () C:\Users\Agata\AppData\Roaming\NEToMyx0kg1YfuIGF7Hgxflu C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software\Opera.lnk HOSTS: Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). 4) Użyj Adw-Cleaner https://www.fixitpc.pl/topic/8-dezynfekcja-zbiór-narzędzi-usuwających/?tab=comments#comment-172741 najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk OCZYŚĆ (CLEANING), to kliknij na niego. Pokaż raport z niego "C" 5) Zrób nowe logi FRST. jessi Odnośnik do komentarza
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się