BitGuard i inne świństwa spowalniające komputer

arturpl · 29 Lipiec 2014 16:40

Walczę ze świństwem o nazwie BitGuard i innymi nieznanymi mi ustroistwami które spowalniają komputer proszę o sprawdzenie loga co tam jeszcze zalega.

OTL - http://wklej.org/id/1428248/

Extras - http://wklej.org/id/1428245/

Acorus · 29 Lipiec 2014 17:10

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

arturpl · 29 Lipiec 2014 18:39

FRST http://wklej.org/id/1428351/

Addition. http://wklej.org/id/1428349/

Acorus · 30 Lipiec 2014 08:11

Otwórz Notatnik i wklej:

Task: {071C6A9E-3CEC-46EE-840D-E5DC8AB06F76} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-590894628-4071747058-2603616729-1000UA = C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {45612FC6-891A-442B-8392-EF46CB386E66} - \EPUpdater No Task File ==== ATTENTION
Task: {67A4B2E7-13F0-4C43-A3EE-60AA3E7FDE8D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-590894628-4071747058-2603616729-1000Core = C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {69BB2891-FF28-49EE-B7E6-D9F4B8FC98B0} - System32\Tasks\DSite = C:\Users\Krystian\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
Task: {DD5B9541-A63A-43AF-B774-BE1015B34EAB} - System32\Tasks\Scheduled Update for Ask Toolbar = C:\Program Files (x86)\Ask.com\UpdateTask.exe ==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job = C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe ==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job = C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe ==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job = C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe ==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-590894628-4071747058-2603616729-1000Core.job = C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-590894628-4071747058-2603616729-1000UA.job = C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro.job = C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll = c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll File Not Found
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll = c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
AppInit_DLLs-x32: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll = "c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=iebappid=0systemid=2sr=0q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=iebappid=0systemid=2sr=0q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=iebappid=0systemid=2sr=0q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6F5C32A1-FB1D-436A-962A-0DCCAD3F4085} URL = http://websearch.ask.com/redirect?client=ietb=AVR-3o=APN10401src=crmq={searchTerms}locale=en_PLapn_ptnrs=^ABZapn_dtid=^YYYYYY^YY^PLapn_uid=d4b4aedc-f07f-4886-8490-f677c9929c8fapn_sauid=02E2397C-9AA3-48A9-A861-E4FAF27E5BE6
SearchScopes: HKCU - {C6DFDC46-EED7-4464-B3AE-F3FDAC4AD452} URL = http://www.mysearchresults.com/search?c=3501t=07q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb203?a=search={searchTerms}i=26
SearchScopes: HKCU - ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48Đ¸patm6ęo^Mp`Ëő÷_iŁwľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)xURL =
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: BlockAndSurf - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\yfq2vogt.default\Extensions\174 [2014-06-28]
FF Extension: Wincore Mediabar - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\yfq2vogt.default\Extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} [2012-10-30]
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF HKCU\...\Firefox\Extensions: [{77980DFA-3F4F-003F-9C06-885C8F040D37}] - C:\Program Files (x86)\-BlockAndSurfS\174.xpi
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
R2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-19] ()
S2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
2014-07-29 05:24 - 2014-07-29 17:59 - 00000000 ____ D () C:\AdwCleaner
2014-07-23 18:35 - 2014-07-23 18:35 - 00000000 ____ D () C:\Program Files (x86)\predm
2014-07-10 19:20 - 2014-07-10 19:20 - 00780824 _____ (Elex do Brasil Participações Ltda) C:\Users\Krystian\Downloads\yet_another_cleaner_mma.exe
2014-07-03 21:28 - 2014-07-23 19:39 - 00000000 ____ D () C:\Program Files (x86)\Bench
2014-07-23 19:39 - 2013-03-05 10:52 - 00000000 ____ D () C:\Users\Krystian\AppData\Roaming\DSite
2014-07-17 11:24 - 2014-06-26 14:52 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-17 11:24 - 2014-06-26 14:52 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-17 11:24 - 2014-06-26 14:52 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
CMD: del /f /s /q %TEMP%\*.*

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

arturpl · 30 Lipiec 2014 15:35

po fixie:

FRST - http://wklej.org/id/1428930/

Addition: http://wklej.org/id/1428932/

Acorus · 30 Lipiec 2014 15:57

Otwórz Notatnik i wklej:

2014-07-30 16:56 - 2014-07-30 16:56 - 00000000 ____ D () C:\AdwCleaner
C:\Users\Krystian\AppData\Local\Temp\*.exe
C:\Users\Krystian\AppData\Local\Temp\*.dll

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

arturpl · 30 Lipiec 2014 19:31

FRST: http://wklej.org/id/1429004/

Addition: http://wklej.org/id/1429006/

Fixlog: http://wklej.org/id/1429010/

Acorus · 31 Lipiec 2014 07:38

Skasuj folder C:\FRST