Deal Keeper

robson259 · 19 Wrzesień 2014 17:28

Prośba o pomoc.

FRST:

http://www.wklej.org/id/1467650/

ADDITION:

Acorus · 19 Wrzesień 2014 18:09

Odinstaluj Ad-aware 6 Personal,Adobe Download Assistant,Qtrax Player.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.

robson259 · 19 Wrzesień 2014 18:45

Gotowe.

FRST:

http://wklej.org/id/1468162/

ADDITION:

http://wklej.org/id/1468166/

Acorus · 20 Wrzesień 2014 08:18

Otwórz Notatnik i wklej:

Task: {C3D9BF3D-FF57-47DF-8BAE-F8AFED0BCD32} - \ASP No Task File ==== ATTENTION
Task: {C768A3FB-7F87-4C40-9AA7-7A9E7E105727} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv = C:\Windows\TEMP\{3ADFC162-08AB-4DEA-8BE7-FF14E5FAE589}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job = C:\Windows\TEMP\{3ADFC162-08AB-4DEA-8BE7-FF14E5FAE589}.exe
HKLM\...\Run: [] = [X]
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\Run: [Deyhsehaqa] = C:\Users\Robert\AppData\Roaming\Quvugi\ocek.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {12e4cb88-29a4-11e1-b4c5-001e101f7fb6} - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {50ed614d-e533-11de-91e5-001e33c986dc} - 6ruaqx.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {5ac32348-d54d-11df-abd8-0022faf3304c} - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {5ac32364-d54d-11df-abd8-0022faf3304c} - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {5ac32381-d54d-11df-abd8-001e33c986dc} - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {5ac323d1-d54d-11df-abd8-001e33c986dc} - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {5ac32419-d54d-11df-abd8-001e101fc33c} - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {6f0e2f4e-fddf-11de-a24c-001e33c986dc} - F:\i8ikdjwt.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {6f0e3057-fddf-11de-a24c-001e33c986dc} - E:\ReCYCleR\sEtup32.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {793b1e4d-a6ef-11df-a374-0022faf3304c} - F:\setup.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {bfda1d01-1722-11e0-a814-0022faf3304c} - G:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {bfda1d2a-1722-11e0-a814-0022faf3304c} - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {c5cc1ae2-8e86-11e3-98fd-001e33c986dc} - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {c5cc1aef-8e86-11e3-98fd-001e33c986dc} - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {cb500409-9fa4-11de-aeaf-001e33c986dc} - E:\ReCyClER\sEtUp.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {d55d619c-17ef-11e0-a6af-0022faf3304c} - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {d55d61ac-17ef-11e0-a6af-001e33c986dc} - E:\AutoRun.exe
HKU\S-1-5-21-1223166978-747054291-2799628747-1000\...\MountPoints2: {d8ef4d18-2328-11e0-a7bf-001e33c986dc} - G:\AutoRun.exe
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll = c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll File Not Found
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll = c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhome.vi-view.com/?type=hpts=1406279437from=tt4uuid=TOSHIBAXMK5055GSX_59PFC1BATXX59PFC1BAT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhome.vi-view.com/?type=hpts=1406279437from=tt4uuid=TOSHIBAXMK5055GSX_59PFC1BATXX59PFC1BAT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhome.vi-view.com/web/?type=dsts=1406279437from=tt4uuid=TOSHIBAXMK5055GSX_59PFC1BATXX59PFC1BATq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhome.vi-view.com/web/?type=dsts=1406279437from=tt4uuid=TOSHIBAXMK5055GSX_59PFC1BATXX59PFC1BATq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhome.vi-view.com/?type=hpts=1406279437from=tt4uuid=TOSHIBAXMK5055GSX_59PFC1BATXX59PFC1BAT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhome.vi-view.com/web/?type=dsts=1406279437from=tt4uuid=TOSHIBAXMK5055GSX_59PFC1BATXX59PFC1BATq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://myhome.vi-view.com/web/?type=dsts=1406279437from=tt4uuid=TOSHIBAXMK5055GSX_59PFC1BATXX59PFC1BATq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://startsear.ch/?aff=2src=spcf=e1d87e00-236b-11e1-b1a1-001e33c986dcq={searchTerms}
BHO-x32: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-09-13]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR Extension: (No Name) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-07-25]
CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx [2014-08-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt64; system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt64.sys [X]
2014-09-19 04:08 - 2014-09-18 13:09 - 00055056 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys
2014-09-19 00:12 - 2014-09-18 13:09 - 00060048 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t64.sys
2014-08-23 17:36 - 2014-08-23 17:36 - 00000000 ____ D () C:\Program Files (x86)\SiteLookup
2014-08-23 17:35 - 2014-08-23 17:35 - 00000000 ____ D () C:\Program Files\004
2014-09-19 00:32 - 2014-07-25 11:11 - 00000000 ____ D () C:\ProgramData\IePluginServices
C:\Users\Robert\DownloadSetup.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

robson259 · 20 Wrzesień 2014 12:17

Plik wkleiłem fixlist wkleiłem tak jak poniżej ale FRST krzyczy, że go nie widzi.

Acorus · 20 Wrzesień 2014 15:08

Masz go tam wkleić

Running from C:\Users\Robert\Desktop\Downloads czyli do folderu Downloads.

robson259 · 20 Wrzesień 2014 16:14

Wygląda na to, że pomogło, dziękuję bardzo!

Czy jeszcze jakieś działania będą potrzebne?

Acorus · 20 Wrzesień 2014 16:36

Skasuj folder C:\FRST