Delta homes, moze cos jeszcze?


(Tomi4m10) #1

prosze o pomoc w wyczyszczeniu komputera:

 

oto logi:

 

frst: http://wklej.to/vFggn

 

addition: http://wklej.to/ellNA

 

extras: http://wklej.to/wvlUi

 

OTL: http://wklej.to/WdghE


(krzych5610) #2

Pobierz na pulpit Adwclewner - https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Po uruchomieniu wykonaj polecenia szukaj i usuń. Po restarcie wygeneruj nowe raporty FRST i Addition.


(Acorus) #3

Odinstaluj Adobe Reader 9 - Polish,WindowsProtectManger20.0.0.401,WinZipper.Otwórz notatnik systemowy i wklej:

Task: {06666BD1-B651-4454-ADBA-231C0C2D7F09} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-407506801-561743677-2863201664-1000UA = C:\Users\tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-01] (Facebook Inc.)
Task: {4AE3748D-EFC8-4581-85BF-8E29321AEDED} - System32\Tasks\task3882506 = C:\Windows\Temp\kb543525.exe ==== ATTENTION
Task: {53C840CF-4DF2-45C0-9C3A-2DB6F47E9F7C} - System32\Tasks\task3843459 = C:\Windows\Temp\kb330905.exe ==== ATTENTION
Task: {6C88A23C-1281-4227-B4FD-FC8DF0A6CA98} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-407506801-561743677-2863201664-1000Core = C:\Users\tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-01] (Facebook Inc.)
Task: {7407A182-3E0F-4E1E-B6D7-0E7C8911E22C} - System32\Tasks\task22872242 = C:\Windows\Temp\kb962225.exe ==== ATTENTION
Task: {7F6DA017-5BAC-4C9B-B6FB-D47C4EB05E56} - System32\Tasks\task5127908 = C:\Windows\Temp\kb733626.exe ==== ATTENTION
Task: {BC22986A-FB0B-4DA6-A524-9169A9088A52} - System32\Tasks\task5678342 = C:\Windows\Temp\kb985320.exe ==== ATTENTION
Task: {D6659E1D-57C6-4BA7-897D-8FE2D346DE16} - System32\Tasks\task1978857 = C:\Windows\Temp\kb619404.exe ==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-407506801-561743677-2863201664-1000Core.job = C:\Users\tom\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-407506801-561743677-2863201664-1000UA.job = C:\Users\tom\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-407506801-561743677-2863201664-1000\...\Run: [Facebook Update] = C:\Users\tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-01] (Facebook Inc.)
HKU\S-1-5-21-407506801-561743677-2863201664-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2614784 2011-02-26] (Microsoft Corporation) ==== ATTENTION
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL = C:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1421305774from=wpm01142uid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668X
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1402741716from=coruid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668Xq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1421305774from=wpm01142uid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668X
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1402741716from=coruid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668Xq={searchTerms}
HKU\S-1-5-21-407506801-561743677-2863201664-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=dsts=1421305774from=wpm01142uid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668Xq={searchTerms}
HKU\S-1-5-21-407506801-561743677-2863201664-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1421305774from=wpm01142uid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668X
HKU\S-1-5-21-407506801-561743677-2863201664-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
HKU\S-1-5-21-407506801-561743677-2863201664-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1421305774from=wpm01142uid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668X
HKU\S-1-5-21-407506801-561743677-2863201664-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=dsts=1421305774from=wpm01142uid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668Xq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com/?type=scts=1421305774from=wpm01142uid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668X
SearchScopes: HKU\S-1-5-21-407506801-561743677-2863201664-1000 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1421305774from=wpm01142uid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668Xq={searchTerms}
SearchScopes: HKU\S-1-5-21-407506801-561743677-2863201664-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1421305774from=wpm01142uid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668Xq={searchTerms}
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=ntts=1421305774from=wpm01142uid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668X
FF Extension: Security Protection - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\0y3dykqj.default\Extensions\detgdp@gmail.com [2015-01-15]
FF HKLM\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\0y3dykqj.default\extensions\detgdp@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.delta-homes.com/?type=scts=1421305774from=wpm01142uid=SAMSUNGXHM060HI_S0BNJ10LA27668A27668X
CHR Extension: (Torntv) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf [2013-03-18]
CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn11.crx [2013-01-23]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [479232 2015-01-15] (SysTool PasSame LIMITED) [File not signed]
R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [424624 2015-01-12] (Taiwan Shui Mu Chih Ching Technology Limited.) ==== ATTENTION
S2 Update Greener Web; "C:\Program Files\Greener Web\updateGreenerWeb.exe" [X]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
2015-01-15 08:10 - 2015-01-15 08:10 - 00000000 ____ D () C:\Users\tom\AppData\Roaming\WinZipper
2015-01-15 08:10 - 2015-01-15 08:10 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
2015-01-15 08:10 - 2015-01-15 08:10 - 00000000 ____ D () C:\Program Files\WinZipper
2015-01-15 08:09 - 2015-01-15 08:09 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-01-15 08:09 - 2014-06-14 11:29 - 00000000 ____ D () C:\ProgramData\WindowsProtectManger
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Tomi4m10) #4

frst: http://wklej.to/jA9i6

 

 

addition: http://wklej.to/zTXjK


(Acorus) #5

Odinstaluj Adobe Reader 9 - Polish.Otwórz notatnik systemowy i wklej:

Task: {06666BD1-B651-4454-ADBA-231C0C2D7F09} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-407506801-561743677-2863201664-1000UA = C:\Users\tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-01] (Facebook Inc.)
Task: {4AE3748D-EFC8-4581-85BF-8E29321AEDED} - System32\Tasks\task3882506 = C:\Windows\Temp\kb543525.exe ==== ATTENTION
Task: {53C840CF-4DF2-45C0-9C3A-2DB6F47E9F7C} - System32\Tasks\task3843459 = C:\Windows\Temp\kb330905.exe ==== ATTENTION
Task: {6C88A23C-1281-4227-B4FD-FC8DF0A6CA98} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-407506801-561743677-2863201664-1000Core = C:\Users\tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-01] (Facebook Inc.)
Task: {7407A182-3E0F-4E1E-B6D7-0E7C8911E22C} - System32\Tasks\task22872242 = C:\Windows\Temp\kb962225.exe ==== ATTENTION
Task: {7F6DA017-5BAC-4C9B-B6FB-D47C4EB05E56} - System32\Tasks\task5127908 = C:\Windows\Temp\kb733626.exe ==== ATTENTION
Task: {BC22986A-FB0B-4DA6-A524-9169A9088A52} - System32\Tasks\task5678342 = C:\Windows\Temp\kb985320.exe ==== ATTENTION
Task: {D6659E1D-57C6-4BA7-897D-8FE2D346DE16} - System32\Tasks\task1978857 = C:\Windows\Temp\kb619404.exe ==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-407506801-561743677-2863201664-1000Core.job = C:\Users\tom\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-407506801-561743677-2863201664-1000UA.job = C:\Users\tom\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-407506801-561743677-2863201664-1000\...\Run: [Facebook Update] = C:\Users\tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-01] (Facebook Inc.)
HKU\S-1-5-21-407506801-561743677-2863201664-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-407506801-561743677-2863201664-1000\...\MountPoints2: {0b6faf30-6dcd-11e2-88de-0016d3f7611a} - E:\Startme.exe
HKU\S-1-5-21-407506801-561743677-2863201664-1000\...\MountPoints2: {82d23b7d-1831-11e2-86ff-001cbf2133d7} - E:\AutoRun.exe
HKU\S-1-5-21-407506801-561743677-2863201664-1000\...\MountPoints2: {82d23bbd-1831-11e2-86ff-0016d3f7611a} - E:\AutoRun.exe
HKU\S-1-5-21-407506801-561743677-2863201664-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2614784 2011-02-26] (Microsoft Corporation) ==== ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Security Protection - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\0y3dykqj.default\Extensions\detgdp@gmail.com [2015-01-15]
FF HKLM\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\0y3dykqj.default\extensions\detgdp@gmail.com
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll No File
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
2015-01-15 09:38 - 2015-01-15 09:41 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.