Spowolniony system - logi

12 czerwca 2017

Witam i proszę o pomoc. Mam mały problem z laptopem tzn. ostatnio bardzo spowolnił i czasami wyskakują reklamy. Również strony otwierają się bardzo powoli często zawieszając na chwilę przeglądarkę. Zamieszczem logi i z góry dziękuję.

FRST.txt

Addition.txt

Shortcut.txt

12 czerwca 2017

1) Spróbuj odinstalować te programy:

amuleC (HKLM\...\{B2EFFD4E-D098-4845-9D56-DE75BEB35913}) (Version: 1.0.1 - amuleC) <==== UWAGA

FromDocToPDF Internet Explorer Toolbar (HKLM\...\FromDocToPDF_65bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== UWAGA

WinSnare (HKLM\...\{F173D6F1-284D-4B18-9F6E-57DDC05E34EA}) (Version: 4.2.8 - WinSnare) <==== UWAGA
WinZip (HKLM\...\WinZip) (Version: 2.2.45 - Winzipper Pvt Ltd.) <==== UWAGA

2) Użyj >Adw-cleaner
najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"

3)

Uruchom FRST. NA klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego:

HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\...\ChromeHTML: -> <==== UWAGA

CustomCLSID: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000_Classes\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}\InprocServer32 -> C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
Task: {0CDDF528-06F6-48FF-8FF9-019331974145} - System32\Tasks\psv_StatStrong => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Suntip.reg" & del "C:\ProgramData\Quotenamron\Suntip.reg" & SCHTASKS /Delete /TN "psv_StatStrong" /F <==== UWAGA
Task: {16D10B6A-DF0E-4A97-8E60-A0B2E52DA7ED} - System32\Tasks\psv_Quadron => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Silcore.reg" & del "C:\ProgramData\Quotenamron\Silcore.reg" & SCHTASKS /Delete /TN "psv_Quadron" /F <==== UWAGA
Task: {184AC06B-0664-4F2E-A93F-18F58719FEE0} - System32\Tasks\LuckyTab => C:\Program Files\LuckyTab\LuckyTab.exe <==== UWAGA
Task: {1C8C7399-24C6-4E2E-97ED-51AA54193368} - System32\Tasks\psv_Sontone => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Redin.reg" & del "C:\ProgramData\Quotenamron\Redin.reg" & SCHTASKS /Delete /TN "psv_Sontone" /F <==== UWAGA
Task: {1FF1AC96-4057-4586-9FD9-9A2EB958154F} - System32\Tasks\psv_Inlam => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\DomFix.reg" & del "C:\ProgramData\Quotenamron\DomFix.reg" & SCHTASKS /Delete /TN "psv_Inlam" /F <==== UWAGA
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> Brak pliku <==== UWAGA
Task: {2AE136AC-2E35-4908-BDB9-11A63CEB129F} - System32\Tasks\GuntonyCheckTask => C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe <==== UWAGA
Task: {2B709A8D-7928-438B-90FC-8F3C047B4E02} - System32\Tasks\psv_Indigo-Air => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Namsing.reg" & del "C:\ProgramData\Quotenamron\Namsing.reg" & SCHTASKS /Delete /TN "psv_Indigo-Air" /F <==== UWAGA
Task: {30846939-4717-4EC2-8EF6-51CA932733FD} - System32\Tasks\psv_True-String => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Funzap.reg" & del "C:\ProgramData\Quotenamron\Funzap.reg" & SCHTASKS /Delete /TN "psv_True-String" /F <==== UWAGA
Task: {4B91FF99-A1FF-48B2-A5AF-1105C2530466} - System32\Tasks\GuntonyBrowserUpdateUA => C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe <==== UWAGA
Task: {6A9F626E-58F8-44B3-B0BB-4B5DE7472BF1} - System32\Tasks\psv_Med-Dex => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Joboveex.reg" & del "C:\ProgramData\Quotenamron\Joboveex.reg" & SCHTASKS /Delete /TN "psv_Med-Dex" /F <==== UWAGA
Task: {7218F545-B56F-47FE-99B7-050AEC3E445B} - System32\Tasks\psv_Geofresh => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Geosolcof.reg" & del "C:\ProgramData\Quotenamron\Geosolcof.reg" & SCHTASKS /Delete /TN "psv_Geofresh" /F <==== UWAGA
Task: {72C7ECEA-DA11-4018-9E91-F8DD78823076} - System32\Tasks\psv_SunFax => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\AlphaRembam.reg" & del "C:\ProgramData\Quotenamron\AlphaRembam.reg" & SCHTASKS /Delete /TN "psv_SunFax" /F <==== UWAGA
Task: {75C546B7-2B88-47A9-8DDA-7686C4049F9E} - System32\Tasks\psv_Hotphase => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Scotfax.reg" & del "C:\ProgramData\Quotenamron\Scotfax.reg" & SCHTASKS /Delete /TN "psv_Hotphase" /F <==== UWAGA
Task: {88B702DF-0FB8-4F9C-A16B-CA8D7EDA8ABD} - System32\Tasks\psv_Goldfix => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Alphalamtouch.reg" & del "C:\ProgramData\Quotenamron\Alphalamtouch.reg" & SCHTASKS /Delete /TN "psv_Goldfix" /F <==== UWAGA
Task: {9274D6D2-AC1A-490B-BFD2-FBAC074085FD} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe [2016-12-28] () <==== UWAGA
Task: {97FFF5F3-9C45-45E2-B30D-1CE19F039137} - System32\Tasks\psv_Donlight => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Dripaptough.reg" & del "C:\ProgramData\Quotenamron\Dripaptough.reg" & SCHTASKS /Delete /TN "psv_Donlight" /F <==== UWAGA
Task: {9B310F93-51E8-4EF9-89FA-A4BD65BD7EB1} - System32\Tasks\psv_Fixeco => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Stringlex.reg" & del "C:\ProgramData\Quotenamron\Stringlex.reg" & SCHTASKS /Delete /TN "psv_Fixeco" /F <==== UWAGA
Task: {A2CFB6F3-B3AE-4971-8E29-C415BE22D2E5} - \Microsoft\Windows\Maintenance\WinSAT -> Brak pliku <==== UWAGA
Task: {B4279F99-C90B-4D89-94AC-3EA35EFAC791} - System32\Tasks\psv_Warm-Kix => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Tip-Lax.reg" & del "C:\ProgramData\Quotenamron\Tip-Lax.reg" & SCHTASKS /Delete /TN "psv_Warm-Kix" /F <==== UWAGA
Task: {B82D3EE7-EFC1-4605-8CF7-857992CDABF8} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe [2017-02-15] ()
Task: {BA05B39C-2EA4-425B-9D43-961C7309BDA3} - System32\Tasks\psv_ItTamjob => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\BlackIty.reg" & del "C:\ProgramData\Quotenamron\BlackIty.reg" & SCHTASKS /Delete /TN "psv_ItTamjob" /F <==== UWAGA
Task: {C1FD2F18-4D98-4E59-9D42-4BEA42DD66B6} - System32\Tasks\psv_Temptouch => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Inchzap.reg" & del "C:\ProgramData\Quotenamron\Inchzap.reg" & SCHTASKS /Delete /TN "psv_Temptouch" /F <==== UWAGA
Task: {C693BFCF-B2ED-4392-9E8D-D881B36F4CBE} - System32\Tasks\GuntonyBrowserUpdateCore => C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe <==== UWAGA
Task: {CB468C39-9627-47A3-A5CA-7D94482DA8E9} - System32\Tasks\psv_Donis => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\DomRanair.reg" & del "C:\ProgramData\Quotenamron\DomRanair.reg" & SCHTASKS /Delete /TN "psv_Donis" /F <==== UWAGA
Task: {D376098D-44D7-4162-90D7-04503D972F77} - System32\Tasks\psv_San-Zap => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Freshtip.reg" & del "C:\ProgramData\Quotenamron\Freshtip.reg" & SCHTASKS /Delete /TN "psv_San-Zap" /F <==== UWAGA
Task: {DC7A27CD-D56D-4B60-9A07-71DC78D47739} - System32\Tasks\psv_Dalt-Fresh => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Trancore.reg" & del "C:\ProgramData\Quotenamron\Trancore.reg" & SCHTASKS /Delete /TN "psv_Dalt-Fresh" /F <==== UWAGA
Task: {E153005F-C232-4298-A043-E2F85B615C37} - System32\Tasks\psv_Dingtannix => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\Hat-Tex.reg" & del "C:\ProgramData\Quotenamron\Hat-Tex.reg" & SCHTASKS /Delete /TN "psv_Dingtannix" /F <==== UWAGA
Task: {F48AA415-719F-4D5F-807D-029562C570DD} - System32\Tasks\psv_Yearstock => cmd.exe /c regedit.exe /s "C:\ProgramData\Quotenamron\RonFlex.reg" & del "C:\ProgramData\Quotenamron\RonFlex.reg" & SCHTASKS /Delete /TN "psv_Yearstock" /F <==== UWAGA
RemoveDirectory: C:\ProgramData\Quotenamron
RemoveDirectory: C:\Program Files\Guntony
RemoveDirectory: C:\ProgramData\wintools
RemoveDirectory: C:\Program Files\MIO
RemoveDirectory: C:\Program Files\LuckyTab
RemoveDirectory: C:\Program Files\Firefox
RemoveDirectory: C:\Program Files\WinZipper
RemoveDirectory: C:\Program Files\SFK
RemoveDirectory: C:\Program Files\WinSaber
RemoveDirectory: C:\ProgramData\Guntony
RemoveDirectory: C:\Program Files\Gunlamp
RemoveDirectory: C:\ProgramData\Logic Handler
C:\Program Files\MiuiTab
C:\Users\Samsung\AppData\Roaming\TSv
C:\Program Files\amuleCexx
C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
C:\Users\Public\Desktop\Mozilla Firefox.lnk
C:\Users\Samsung\jtper.exe
HKLM\...\regfile\shell\open\command: <===== UWAGA
FirewallRules: [{484EFB60-C314-4807-A35E-AC786BFE4565}] => (Allow) C:\Program Files\Firefox\Firefox.exe
FirewallRules: [{B99EC516-F1B6-46C4-98E5-4C38191E505A}] => (Allow) C:\Program Files\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{6CF6533A-3FFE-42C0-8F22-B6441F2479A7}] => (Allow) C:\Program Files\Firefox\bin\FirefoxCommand.exe
FirewallRules: [{55DC73B5-5FFB-47FC-BD16-3F74CCA1645E}] => (Allow) C:\Program Files\Firefox\Firefox.exe
FirewallRules: [{21149A71-5838-495B-B671-259FD5ED4442}] => (Allow) C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe
FirewallRules: [{69046DFC-6DF6-421F-8958-F53D80DA7D10}] => (Allow) C:\Program Files\Gunlamp\Application\chrome.exe
FirewallRules: [{9238CF27-2DE8-4FAF-A118-0E99F1BA095E}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe
AppInit_DLLs: C:\ProgramData\Quotenamron\Zenlab.dll => Brak pliku
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HOSTS:
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).

4) Zrób nowe logi FRST.

przed skanem zaznacz: Additional.txt Shortcut.txt,

Edytowane 12 czerwca 2017 przez Twój_Anioł_Stróż

12 czerwca 2017

Chyba wszystko wykonane. Sprawdzisz?

12 czerwca 2017

1) Uruchom FRST. NA klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego:

CustomCLSID: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000_Classes\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}\InprocServer32 -> C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll => Brak pliku

HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\...\Run: [jtper] => C:\Users\Samsung\jtper.exe
C:\Users\Samsung\jtper.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1448442545&z=9985649ce1d1f39828650a1g1z5zfb8z0z1odq6m7q&from=ient07021&uid=ST9250410AS_5VG95SQB&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dPatM67TwHB77c-fLNcyLe8IeKOPdrb-tQrZOjaNcNujy7gw_bAQaSjLttfbwoh0S_wRYENJcjLZmq6Ix7a8Qbw-bX10NhT5hTRoPvCrQgv4wBpnkLcofPNGxdzCr5DejJf1lYhSAf3Enr8Zo2XY-0MoxyX243u&q={searchTerms}
HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1420484106&from=smt&uid=ST9250410AS_5VG95SQB&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 - (Brak nazwy) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll Brak pliku
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1420484106&from=smt&uid=ST9250410AS_5VG95SQB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - Brak pliku
FF NewTab: Mozilla\Firefox\Profiles\yde60htx.default -> hxxp://www.nicesearches.com?type=hp&ts=1468854878&from=43110715&uid=st9250410as_5vg95sqb&z=5ea7af5c925a7b4ad6bcbe0g9zaq9b5b7w6w2ecq8g
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\yde60htx.default\searchplugins\yoursites123.xml [2016-03-21]
R1 {122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw; C:\Windows\System32\drivers\{122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw.sys [43152 2015-01-05] (StdLib)
R1 {95282a5e-d707-43c0-b998-d6a934a963a8}Gw; C:\Windows\System32\drivers\{95282a5e-d707-43c0-b998-d6a934a963a8}Gw.sys [43152 2015-01-09] (StdLib)
R1 {9cdb05d3-a225-439b-a302-3c928fc40412}Gw; C:\Windows\System32\drivers\{9cdb05d3-a225-439b-a302-3c928fc40412}Gw.sys [43152 2015-01-21] (StdLib)
R1 {fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw; C:\Windows\System32\drivers\{fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw.sys [43152 2015-01-06] (StdLib)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
U2 WinSnare; Brak ImagePath
C:\Windows\System32\drivers\{fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw.sys
c:\Windows\System32\drivers\{9cdb05d3-a225-439b-a302-3c928fc40412}Gw.sys
C:\Windows\System32\drivers\{95282a5e-d707-43c0-b998-d6a934a963a8}Gw.sys
C:\Windows\System32\drivers\{122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw.sys
2015-12-28 15:21 - 2016-05-17 22:05 - 1447378 _____ (Update) C:\Program Files\SSFK.exe
2016-07-09 13:40 - 2016-07-09 13:40 - 2279413 _____ () C:\Users\Samsung\AppData\Roaming\Roundlex.bin
2016-07-09 13:40 - 2016-07-09 13:39 - 0695296 _____ () C:\Users\Samsung\AppData\Roaming\Stocktough.exe
2016-07-09 13:40 - 2016-07-09 13:40 - 1760781 _____ () C:\Users\Samsung\AppData\Roaming\Stocktough.tst
2014-09-13 19:51 - 2014-09-13 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).

2) Zrób nowe logi FRST - już bez Shortcut.

.

13 czerwca 2017

Coś jest nie tam bo FRST niby naprawiał wczoraj ze 3 godziny i nie ruszył. Jest w takiej samej pozycji cały czas jak ma screenie. Co robić?

13 czerwca 2017

Przerwij, zrestartuj komputer i zrób nowe logi.

Edytowane 13 czerwca 2017 przez Twój_Anioł_Stróż

13 czerwca 2017

Nowe logi

FRST.txt

Shortcut.txt

Addition.txt

13 czerwca 2017

Nic się nie usunęło.

1)

Cytuj

CustomCLSID: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000_Classes\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}\InprocServer32 -> C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll => Brak pliku

HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\...\Run: [jtper] => C:\Users\Samsung\jtper.exe
C:\Users\Samsung\jtper.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1448442545&z=9985649ce1d1f39828650a1g1z5zfb8z0z1odq6m7q&from=ient07021&uid=ST9250410AS_5VG95SQB&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dPatM67TwHB77c-fLNcyLe8IeKOPdrb-tQrZOjaNcNujy7gw_bAQaSjLttfbwoh0S_wRYENJcjLZmq6Ix7a8Qbw-bX10NhT5hTRoPvCrQgv4wBpnkLcofPNGxdzCr5DejJf1lYhSAf3Enr8Zo2XY-0MoxyX243u&q={searchTerms}
HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444195587&from=mych123&uid=st9250410as_5vg95sqb&z=727c33ed3b0cfcfc2603201g3z1z2zag9t5w0m9e8g
HKU\S-1-5-21-2799823244-2762758200-1557452710-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1420484106&from=smt&uid=ST9250410AS_5VG95SQB&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 - (Brak nazwy) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll Brak pliku
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1420484106&from=smt&uid=ST9250410AS_5VG95SQB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2799823244-2762758200-1557452710-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - Brak pliku
FF NewTab: Mozilla\Firefox\Profiles\yde60htx.default -> hxxp://www.nicesearches.com?type=hp&ts=1468854878&from=43110715&uid=st9250410as_5vg95sqb&z=5ea7af5c925a7b4ad6bcbe0g9zaq9b5b7w6w2ecq8g
R1 {122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw; C:\Windows\System32\drivers\{122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw.sys [43152 2015-01-05] (StdLib)
R1 {95282a5e-d707-43c0-b998-d6a934a963a8}Gw; C:\Windows\System32\drivers\{95282a5e-d707-43c0-b998-d6a934a963a8}Gw.sys [43152 2015-01-09] (StdLib)
R1 {9cdb05d3-a225-439b-a302-3c928fc40412}Gw; C:\Windows\System32\drivers\{9cdb05d3-a225-439b-a302-3c928fc40412}Gw.sys [43152 2015-01-21] (StdLib)
R1 {fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw; C:\Windows\System32\drivers\{fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw.sys [43152 2015-01-06] (StdLib)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
U2 WinSnare; Brak ImagePath
2015-12-28 15:21 - 2016-05-17 22:05 - 1447378 _____ (Update) C:\Program Files\SSFK.exe
2016-07-09 13:40 - 2016-07-09 13:40 - 2279413 _____ () C:\Users\Samsung\AppData\Roaming\Roundlex.bin
2016-07-09 13:40 - 2016-07-09 13:39 - 0695296 _____ () C:\Users\Samsung\AppData\Roaming\Stocktough.exe
2016-07-09 13:40 - 2016-07-09 13:40 - 1760781 _____ () C:\Users\Samsung\AppData\Roaming\Stocktough.tst
2014-09-13 19:51 - 2014-09-13 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini

EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).

2) Adw-Cleaner: najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk OCZYŚĆ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"

3) Zrób nowe logi FRST.

Edytowane 13 czerwca 2017 przez Twój_Anioł_Stróż

Zaloguj się

Spowolniony system - logi

patrolvip2

Twój_Anioł_Stróż

patrolvip2

Twój_Anioł_Stróż

patrolvip2

Twój_Anioł_Stróż

patrolvip2

Twój_Anioł_Stróż

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Strona główna

Powiadomienie o plikach cookie