patrolvip2 utworzono 12 czerwca 2017 utworzono 12 czerwca 2017 Witam i proszę o pomoc. Mam mały problem z laptopem tzn. ostatnio bardzo spowolnił i czasami wyskakują reklamy. Również strony otwierają się bardzo powoli często zawieszając na chwilę przeglądarkę. Zamieszczem logi i z góry dziękuję. FRST.txt Addition.txt Shortcut.txt
Twój_Anioł_Stróż komentarz 12 czerwca 2017 komentarz 12 czerwca 2017 (edytowane) 1) Spróbuj odinstalować te programy: amuleC (HKLM\...\{B2EFFD4E-D098-4845-9D56-DE75BEB35913}) (Version: 1.0.1 - amuleC) <==== UWAGA FromDocToPDF Internet Explorer Toolbar (HKLM\...\FromDocToPDF_65bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== UWAGA WinSnare (HKLM\...\{F173D6F1-284D-4B18-9F6E-57DDC05E34EA}) (Version: 4.2.8 - WinSnare) <==== UWAGAWinZip (HKLM\...\WinZip) (Version: 2.2.45 - Winzipper Pvt Ltd.) <==== UWAGA 2) Użyj >Adw-cleaner najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego. Pokaż raport z niego "C" 3) Uruchom FRST. NA klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\...\ChromeHTML: -> <==== UWAGA CustomCLSID: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000_Classes\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}\InprocServer32 -> C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark) Task: {0CDDF528-06F6-48FF-8FF9-019331974145} - System32\Tasks\psv_StatStrong => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Suntip.reg" & del "C:\ProgramData\Quotenamron\Suntip.reg" & SCHTASKS /Delete /TN "psv_StatStrong" /F <==== UWAGA Task: {16D10B6A-DF0E-4A97-8E60-A0B2E52DA7ED} - System32\Tasks\psv_Quadron => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Silcore.reg" & del "C:\ProgramData\Quotenamron\Silcore.reg" & SCHTASKS /Delete /TN "psv_Quadron" /F <==== UWAGA Task: {184AC06B-0664-4F2E-A93F-18F58719FEE0} - System32\Tasks\LuckyTab => C:\Program Files\LuckyTab\LuckyTab.exe <==== UWAGA Task: {1C8C7399-24C6-4E2E-97ED-51AA54193368} - System32\Tasks\psv_Sontone => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Redin.reg" & del "C:\ProgramData\Quotenamron\Redin.reg" & SCHTASKS /Delete /TN "psv_Sontone" /F <==== UWAGA Task: {1FF1AC96-4057-4586-9FD9-9A2EB958154F} - System32\Tasks\psv_Inlam => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\DomFix.reg" & del "C:\ProgramData\Quotenamron\DomFix.reg" & SCHTASKS /Delete /TN "psv_Inlam" /F <==== UWAGA Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> Brak pliku <==== UWAGA Task: {2AE136AC-2E35-4908-BDB9-11A63CEB129F} - System32\Tasks\GuntonyCheckTask => C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe <==== UWAGA Task: {2B709A8D-7928-438B-90FC-8F3C047B4E02} - System32\Tasks\psv_Indigo-Air => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Namsing.reg" & del "C:\ProgramData\Quotenamron\Namsing.reg" & SCHTASKS /Delete /TN "psv_Indigo-Air" /F <==== UWAGA Task: {30846939-4717-4EC2-8EF6-51CA932733FD} - System32\Tasks\psv_True-String => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Funzap.reg" & del "C:\ProgramData\Quotenamron\Funzap.reg" & SCHTASKS /Delete /TN "psv_True-String" /F <==== UWAGA Task: {4B91FF99-A1FF-48B2-A5AF-1105C2530466} - System32\Tasks\GuntonyBrowserUpdateUA => C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe <==== UWAGA Task: {6A9F626E-58F8-44B3-B0BB-4B5DE7472BF1} - System32\Tasks\psv_Med-Dex => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Joboveex.reg" & del "C:\ProgramData\Quotenamron\Joboveex.reg" & SCHTASKS /Delete /TN "psv_Med-Dex" /F <==== UWAGA Task: {7218F545-B56F-47FE-99B7-050AEC3E445B} - System32\Tasks\psv_Geofresh => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Geosolcof.reg" & del "C:\ProgramData\Quotenamron\Geosolcof.reg" & SCHTASKS /Delete /TN "psv_Geofresh" /F <==== UWAGA Task: {72C7ECEA-DA11-4018-9E91-F8DD78823076} - System32\Tasks\psv_SunFax => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\AlphaRembam.reg" & del "C:\ProgramData\Quotenamron\AlphaRembam.reg" & SCHTASKS /Delete /TN "psv_SunFax" /F <==== UWAGA Task: {75C546B7-2B88-47A9-8DDA-7686C4049F9E} - System32\Tasks\psv_Hotphase => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Scotfax.reg" & del "C:\ProgramData\Quotenamron\Scotfax.reg" & SCHTASKS /Delete /TN "psv_Hotphase" /F <==== UWAGA Task: {88B702DF-0FB8-4F9C-A16B-CA8D7EDA8ABD} - System32\Tasks\psv_Goldfix => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Alphalamtouch.reg" & del "C:\ProgramData\Quotenamron\Alphalamtouch.reg" & SCHTASKS /Delete /TN "psv_Goldfix" /F <==== UWAGA Task: {9274D6D2-AC1A-490B-BFD2-FBAC074085FD} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe [2016-12-28] () <==== UWAGA Task: {97FFF5F3-9C45-45E2-B30D-1CE19F039137} - System32\Tasks\psv_Donlight => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Dripaptough.reg" & del "C:\ProgramData\Quotenamron\Dripaptough.reg" & SCHTASKS /Delete /TN "psv_Donlight" /F <==== UWAGA Task: {9B310F93-51E8-4EF9-89FA-A4BD65BD7EB1} - System32\Tasks\psv_Fixeco => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Stringlex.reg" & del "C:\ProgramData\Quotenamron\Stringlex.reg" & SCHTASKS /Delete /TN "psv_Fixeco" /F <==== UWAGA Task: {A2CFB6F3-B3AE-4971-8E29-C415BE22D2E5} - \Microsoft\Windows\Maintenance\WinSAT -> Brak pliku <==== UWAGA Task: {B4279F99-C90B-4D89-94AC-3EA35EFAC791} - System32\Tasks\psv_Warm-Kix => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Tip-Lax.reg" & del "C:\ProgramData\Quotenamron\Tip-Lax.reg" & SCHTASKS /Delete /TN "psv_Warm-Kix" /F <==== UWAGA Task: {B82D3EE7-EFC1-4605-8CF7-857992CDABF8} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe [2017-02-15] () Task: {BA05B39C-2EA4-425B-9D43-961C7309BDA3} - System32\Tasks\psv_ItTamjob => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\BlackIty.reg" & del "C:\ProgramData\Quotenamron\BlackIty.reg" & SCHTASKS /Delete /TN "psv_ItTamjob" /F <==== UWAGA Task: {C1FD2F18-4D98-4E59-9D42-4BEA42DD66B6} - System32\Tasks\psv_Temptouch => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Inchzap.reg" & del "C:\ProgramData\Quotenamron\Inchzap.reg" & SCHTASKS /Delete /TN "psv_Temptouch" /F <==== UWAGA Task: {C693BFCF-B2ED-4392-9E8D-D881B36F4CBE} - System32\Tasks\GuntonyBrowserUpdateCore => C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe <==== UWAGA Task: {CB468C39-9627-47A3-A5CA-7D94482DA8E9} - System32\Tasks\psv_Donis => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\DomRanair.reg" & del "C:\ProgramData\Quotenamron\DomRanair.reg" & SCHTASKS /Delete /TN "psv_Donis" /F <==== UWAGA Task: {D376098D-44D7-4162-90D7-04503D972F77} - System32\Tasks\psv_San-Zap => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Freshtip.reg" & del "C:\ProgramData\Quotenamron\Freshtip.reg" & SCHTASKS /Delete /TN "psv_San-Zap" /F <==== UWAGA Task: {DC7A27CD-D56D-4B60-9A07-71DC78D47739} - System32\Tasks\psv_Dalt-Fresh => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Trancore.reg" & del "C:\ProgramData\Quotenamron\Trancore.reg" & SCHTASKS /Delete /TN "psv_Dalt-Fresh" /F <==== UWAGA Task: {E153005F-C232-4298-A043-E2F85B615C37} - System32\Tasks\psv_Dingtannix => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Hat-Tex.reg" & del "C:\ProgramData\Quotenamron\Hat-Tex.reg" & SCHTASKS /Delete /TN "psv_Dingtannix" /F <==== UWAGA Task: {F48AA415-719F-4D5F-807D-029562C570DD} - System32\Tasks\psv_Yearstock => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\RonFlex.reg" & del "C:\ProgramData\Quotenamron\RonFlex.reg" & SCHTASKS /Delete /TN "psv_Yearstock" /F <==== UWAGA RemoveDirectory: C:\ProgramData\Quotenamron RemoveDirectory: C:\Program Files\Guntony RemoveDirectory: C:\ProgramData\wintools RemoveDirectory: C:\Program Files\MIO RemoveDirectory: C:\Program Files\LuckyTab RemoveDirectory: C:\Program Files\Firefox RemoveDirectory: C:\Program Files\WinZipper RemoveDirectory: C:\Program Files\SFK RemoveDirectory: C:\Program Files\WinSaber RemoveDirectory: C:\ProgramData\Guntony RemoveDirectory: C:\Program Files\Gunlamp RemoveDirectory: C:\ProgramData\Logic Handler C:\Program Files\MiuiTab C:\Users\Samsung\AppData\Roaming\TSv C:\Program Files\amuleCexx C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\Users\Public\Desktop\Mozilla Firefox.lnk C:\Users\Samsung\jtper.exe HKLM\...\regfile\shell\open\command: <===== UWAGA FirewallRules: [{484EFB60-C314-4807-A35E-AC786BFE4565}] => (Allow) C:\Program Files\Firefox\Firefox.exe FirewallRules: [{B99EC516-F1B6-46C4-98E5-4C38191E505A}] => (Allow) C:\Program Files\Firefox\bin\FirefoxUpdate.exe FirewallRules: [{6CF6533A-3FFE-42C0-8F22-B6441F2479A7}] => (Allow) C:\Program Files\Firefox\bin\FirefoxCommand.exe FirewallRules: [{55DC73B5-5FFB-47FC-BD16-3F74CCA1645E}] => (Allow) C:\Program Files\Firefox\Firefox.exe FirewallRules: [{21149A71-5838-495B-B671-259FD5ED4442}] => (Allow) C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe FirewallRules: [{69046DFC-6DF6-421F-8958-F53D80DA7D10}] => (Allow) C:\Program Files\Gunlamp\Application\chrome.exe FirewallRules: [{9238CF27-2DE8-4FAF-A118-0E99F1BA095E}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe AppInit_DLLs: C:\ProgramData\Quotenamron\Zenlab.dll => Brak pliku GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA HOSTS: EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). 4) Zrób nowe logi FRST. przed skanem zaznacz: Additional.txt Shortcut.txt, Edytowane 12 czerwca 2017 przez Twój_Anioł_Stróż
patrolvip2 komentarz 12 czerwca 2017 Autor komentarz 12 czerwca 2017 Chyba wszystko wykonane. Sprawdzisz? AdwCleaner[C0].txt Fixlog.txt FRST.txt Addition.txt Shortcut.txt
Twój_Anioł_Stróż komentarz 12 czerwca 2017 komentarz 12 czerwca 2017 1) Uruchom FRST. NA klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego: CustomCLSID: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000_Classes\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}\InprocServer32 -> C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll => Brak pliku HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\...\Run: [jtper] => C:\Users\Samsung\jtper.exe C:\Users\Samsung\jtper.exe HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1448442545&z=9985649ce1d1f39828650a1g1z5zfb8z0z1odq6m7q&from=ient07021&uid=ST9250410AS_5VG95SQB&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dPatM67TwHB77c-fLNcyLe8IeKOPdrb-tQrZOjaNcNujy7gw_bAQaSjLttfbwoh0S_wRYENJcjLZmq6Ix7a8Qbw-bX10NhT5hTRoPvCrQgv4wBpnkLcofPNGxdzCr5DejJf1lYhSAf3Enr8Zo2XY-0MoxyX243u&q={searchTerms} HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1420484106&from=smt&uid=ST9250410AS_5VG95SQB&q={searchTerms} URLSearchHook: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 - (Brak nazwy) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll Brak pliku SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1420484106&from=smt&uid=ST9250410AS_5VG95SQB&q={searchTerms} SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - Brak pliku FF NewTab: Mozilla\Firefox\Profiles\yde60htx.default -> hxxp://www.nicesearches.com?type=hp&ts=1468854878&from=43110715&uid=st9250410as_5vg95sqb&z=5ea7af5c925a7b4ad6bcbe0g9zaq9b5b7w6w2ecq8g FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\yde60htx.default\searchplugins\yoursites123.xml [2016-03-21] R1 {122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw; C:\Windows\System32\drivers\{122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw.sys [43152 2015-01-05] (StdLib) R1 {95282a5e-d707-43c0-b998-d6a934a963a8}Gw; C:\Windows\System32\drivers\{95282a5e-d707-43c0-b998-d6a934a963a8}Gw.sys [43152 2015-01-09] (StdLib) R1 {9cdb05d3-a225-439b-a302-3c928fc40412}Gw; C:\Windows\System32\drivers\{9cdb05d3-a225-439b-a302-3c928fc40412}Gw.sys [43152 2015-01-21] (StdLib) R1 {fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw; C:\Windows\System32\drivers\{fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw.sys [43152 2015-01-06] (StdLib) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] U2 WinSnare; Brak ImagePath C:\Windows\System32\drivers\{fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw.sys c:\Windows\System32\drivers\{9cdb05d3-a225-439b-a302-3c928fc40412}Gw.sys C:\Windows\System32\drivers\{95282a5e-d707-43c0-b998-d6a934a963a8}Gw.sys C:\Windows\System32\drivers\{122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw.sys 2015-12-28 15:21 - 2016-05-17 22:05 - 1447378 _____ (Update) C:\Program Files\SSFK.exe 2016-07-09 13:40 - 2016-07-09 13:40 - 2279413 _____ () C:\Users\Samsung\AppData\Roaming\Roundlex.bin 2016-07-09 13:40 - 2016-07-09 13:39 - 0695296 _____ () C:\Users\Samsung\AppData\Roaming\Stocktough.exe 2016-07-09 13:40 - 2016-07-09 13:40 - 1760781 _____ () C:\Users\Samsung\AppData\Roaming\Stocktough.tst 2014-09-13 19:51 - 2014-09-13 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). 2) Zrób nowe logi FRST - już bez Shortcut. .
patrolvip2 komentarz 13 czerwca 2017 Autor komentarz 13 czerwca 2017 Coś jest nie tam bo FRST niby naprawiał wczoraj ze 3 godziny i nie ruszył. Jest w takiej samej pozycji cały czas jak ma screenie. Co robić?
Twój_Anioł_Stróż komentarz 13 czerwca 2017 komentarz 13 czerwca 2017 (edytowane) Przerwij, zrestartuj komputer i zrób nowe logi. Edytowane 13 czerwca 2017 przez Twój_Anioł_Stróż
patrolvip2 komentarz 13 czerwca 2017 Autor komentarz 13 czerwca 2017 Nowe logi FRST.txt Shortcut.txt Addition.txt
Twój_Anioł_Stróż komentarz 13 czerwca 2017 komentarz 13 czerwca 2017 (edytowane) Nic się nie usunęło. 1) Cytuj CustomCLSID: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000_Classes\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}\InprocServer32 -> C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll => Brak pliku HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\...\Run: [jtper] => C:\Users\Samsung\jtper.exe C:\Users\Samsung\jtper.exe HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1448442545&z=9985649ce1d1f39828650a1g1z5zfb8z0z1odq6m7q&from=ient07021&uid=ST9250410AS_5VG95SQB&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dPatM67TwHB77c-fLNcyLe8IeKOPdrb-tQrZOjaNcNujy7gw_bAQaSjLttfbwoh0S_wRYENJcjLZmq6Ix7a8Qbw-bX10NhT5hTRoPvCrQgv4wBpnkLcofPNGxdzCr5DejJf1lYhSAf3Enr8Zo2XY-0MoxyX243u&q={searchTerms} HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1420484106&from=smt&uid=ST9250410AS_5VG95SQB&q={searchTerms} URLSearchHook: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 - (Brak nazwy) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll Brak pliku SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1420484106&from=smt&uid=ST9250410AS_5VG95SQB&q={searchTerms} SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - Brak pliku FF NewTab: Mozilla\Firefox\Profiles\yde60htx.default -> hxxp://www.nicesearches.com?type=hp&ts=1468854878&from=43110715&uid=st9250410as_5vg95sqb&z=5ea7af5c925a7b4ad6bcbe0g9zaq9b5b7w6w2ecq8g R1 {122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw; C:\Windows\System32\drivers\{122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw.sys [43152 2015-01-05] (StdLib) R1 {95282a5e-d707-43c0-b998-d6a934a963a8}Gw; C:\Windows\System32\drivers\{95282a5e-d707-43c0-b998-d6a934a963a8}Gw.sys [43152 2015-01-09] (StdLib) R1 {9cdb05d3-a225-439b-a302-3c928fc40412}Gw; C:\Windows\System32\drivers\{9cdb05d3-a225-439b-a302-3c928fc40412}Gw.sys [43152 2015-01-21] (StdLib) R1 {fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw; C:\Windows\System32\drivers\{fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw.sys [43152 2015-01-06] (StdLib) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] U2 WinSnare; Brak ImagePath 2015-12-28 15:21 - 2016-05-17 22:05 - 1447378 _____ (Update) C:\Program Files\SSFK.exe 2016-07-09 13:40 - 2016-07-09 13:40 - 2279413 _____ () C:\Users\Samsung\AppData\Roaming\Roundlex.bin 2016-07-09 13:40 - 2016-07-09 13:39 - 0695296 _____ () C:\Users\Samsung\AppData\Roaming\Stocktough.exe 2016-07-09 13:40 - 2016-07-09 13:40 - 1760781 _____ () C:\Users\Samsung\AppData\Roaming\Stocktough.tst 2014-09-13 19:51 - 2014-09-13 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). 2) Adw-Cleaner: najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk OCZYŚĆ (CLEANING), to kliknij na niego. Pokaż raport z niego "C" 3) Zrób nowe logi FRST. Edytowane 13 czerwca 2017 przez Twój_Anioł_Stróż
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.