Długie uruchamianie laptopa i problemy z przeglądarką


(szymon189) #1

Laptop długo się włącza i nie można otwierać niektórych stron np. z pocztą. Pojawiają się reklamy na stronach. Od czasu do czasu laptop sam się restartuje.

 

http://www.wklej.org/id/1415309/

http://www.wklej.org/id/1415310/


(Pawko86) #2

Zacznij od wywalenia toolbarów programem awdcleaner następnie przeskanuj  Malwarebytes Anti-Malware po tych czynnościach usuń zbędne programy ze autostartu


(S3BA_) #3

Po pierwsze skanowanie i usunięcie śmieci Adwcleanerem.

SeaPort

BitGuard

CtrlMusicNet

Yontoo

ezSharedSvcHost


(szymon189) #4

Usunięte. Co dalej?


(Acorus) #5

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.


(szymon189) #6

http://wklej.org/id/1415755/

 

http://wklej.org/id/1415756/


(Acorus) #7

Odinstaluj Contextual Tool Extrafind,VideoPerformer.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.2.1012.exe


(szymon189) #8

http://wklej.org/id/1415964/

 

http://wklej.org/id/1415968/

http://wklej.org/id/1415969/


(Acorus) #9

Otwórz Notatnik i wklej:

Task: {BC282704-6308-4337-B7EC-25940582E3AF} - System32\Tasks\4780 = Wscript.exe C:\Users\Andzia\AppData\Local\Temp\launchie.vbs //B ==== ATTENTION
Task: {C76F60CE-A3B9-460F-914C-F8F098003B56} - System32\Tasks\0 = Iexplore.exe ==== ATTENTION
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [nmctxth] = C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] = C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [Gadu-Gadu 10] = C:\Users\Andzia\Documents\gadu gadu 10,5\Gadu-Gadu 10\gg.exe [13374048 2011-07-04] (GG Network S.A.)
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [ALLUpdate] = C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [1379840 2011-08-16] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{28EED358-6A04-2CE8-9386-688EF82355F6}] = C:\Users\Andzia\AppData\Roaming\NVIDIA\mgrNVIDIA.exe [286208 2012-02-29] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{8911C14D-AC83-CD61-DFEA-E00407A3817C}] = C:\Users\Andzia\AppData\Roaming\MusicNet\CtrlMusicNet.exe [286208 2011-12-01] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{7D1AB9A7-EAAF-F43D-4649-149E0A689693}] = C:\Users\Andzia\AppData\Roaming\funkitron\Usefunkitron.exe [419328 2012-05-24] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{F35B2613-CC1F-4ED8-F753-E38A202E4160}] = C:\Users\Andzia\AppData\Roaming\Adobe\Adobemgr.exe [419328 2013-03-22] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{FE12D417-537B-895E-D496-B5D520504365}] = C:\Users\Andzia\AppData\Roaming\Real\ctrlReal.exe [418816 2013-02-04] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{56AFB53F-F880-2903-6294-F204660FF02B}] = C:\Users\Andzia\AppData\Roaming\Fighters\Fighterstray.exe [312832 2013-07-04] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{57571DD3-A494-1036-583A-9332BE48CE3C}] = C:\Users\Andzia\AppData\Roaming\Yontoo\Yontootray.exe
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{2C2CF3C8-78BB-07B4-C53C-EB40F8BCAC2D}] = C:\Users\Andzia\AppData\Roaming\Yontoo\CtrlYontoo.exe
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{AFB41AF7-D06D-32F7-6377-9BB0D3BBAB2A}] = C:\Users\Andzia\AppData\Roaming\Yontoo\Yontooxpers.exe
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{E21B9E72-D5C0-6F2E-7F19-9549CA58FCFD}] = C:\Users\Andzia\AppData\Roaming\BabSolution\MgrBabSolution.exe
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{32222B38-7B08-3B65-227D-27194EA38BE4}] = C:\Users\Andzia\AppData\Roaming\WildTangent\XpersWildTangent.exe [344299 2013-03-28] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{B8501AB8-DCF3-7E29-F9B9-3E8C1095B40F}] = C:\Users\Andzia\AppData\Roaming\Mozilla\Mozillause.exe [344299 2012-11-05] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{10CBB2A1-4B3C-7887-96DA-623B326BF3D5}] = C:\Users\Andzia\AppData\Roaming\PerformerSoft\syncPerformerSoft.exe [371200 2013-04-21] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{2D8F0FB4-9290-A02A-94FA-EC1AD84343E6}] = C:\Users\Andzia\AppData\Roaming\Yontoo\Yontoosync.exe
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{5CB16311-F5D2-30E7-ED30-F742C66F6C09}] = C:\Users\Andzia\AppData\Roaming\PhotoScape\XpersPhotoScape.exe [321489 2012-12-09] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{2C5C3218-193C-D297-CCDA-7BDD328B4E42}] = C:\Users\Andzia\AppData\Roaming\Delta\AgentDelta.exe
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{C49FE1D5-DBCF-B5C2-769E-A43745C2CF7A}] = C:\Users\Andzia\AppData\Roaming\Yontoo\CtrlYontoo.exe
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{EA5EC554-E200-F654-4322-DCA622994696}] = C:\Users\Andzia\AppData\Roaming\Delta\DeltaCtrl.exe
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{56541503-EE21-9F14-1C06-3A1792B78E3A}] = C:\Users\Andzia\AppData\Roaming\Yontoo\YontooUse.exe
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{F64CC067-CC40-360B-FAAE-6727B653D7EC}] = C:\Users\Andzia\AppData\Roaming\uTorrent\UTorrentxpers.exe [371200 2013-09-12] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{F73BA698-CDD5-364F-B04F-AC39FDD30928}] = C:\Users\Andzia\AppData\Roaming\PerformerSoft\syncPerformerSoft.exe [371200 2013-04-21] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{95DB5401-0B94-D435-C723-9010D95C1874}] = C:\Users\Andzia\AppData\Roaming\Yontoo\XpersYontoo.exe
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{C182DD22-85BE-4FF5-AF85-00F28DE5E4CE}] = C:\Users\Andzia\AppData\Roaming\PhotoScape\PhotoScapeTray.exe [371200 2013-10-03] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{FDDB1D31-5516-283B-8D6E-4FD7154A873B}] = [X]
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{D4E67BC2-E11E-72EF-22F6-170E32702DC0}] = C:\Users\Andzia\AppData\Roaming\PhotoScape\XpersPhotoScape.exe [321489 2012-12-09] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{23E474A3-A035-55CC-F9C3-A11A188C7CDF}] = C:\Users\Andzia\AppData\Roaming\MusicNet\MusicNetXpers.exe [321489 2012-12-01] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{A2F09C58-56D4-1F5B-483A-E4E743983274}] = [X]
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{577C9DC5-A7D1-A575-BEBC-2DDE05CE8DA6}] = C:\Users\Andzia\AppData\Roaming\SoftGrid Client\mgrSoftGridClient.exe [285555 2012-01-08] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{0A9A8A09-9C8D-F339-13FF-A189CB684257}] = C:\Users\Andzia\AppData\Roaming\Babylon\Babylonxpers.exe [285555 2013-02-06] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{9F232E9E-AF01-2DCF-D500-DC0C0046B3E6}] = C:\Users\Andzia\AppData\Roaming\hpqlog\hpqlogsync.exe [285043 2012-05-23] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{5F3A2385-2B5C-EA47-9E7E-D40D7FA5CAF8}] = C:\Users\Andzia\AppData\Roaming\Identities\MgrIdentities.exe [285043 2013-07-26] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{923B17C2-5811-3010-B099-98BE4A132D98}] = C:\Users\Andzia\AppData\Roaming\SoftGrid Client\SoftGridClientuse.exe [285043 2011-11-17] ()
HKU\S-1-5-21-4113137152-485136217-2457338500-1001\...\Run: [{F7980328-4F0F-55BC-56A4-2354BE4474EF}] = C:\Users\Andzia\AppData\Roaming\Synaptics\SynapticsXpers.exe [285043 2013-01-17] ()
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll = c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll File Not Found
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll = c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1cf=a4ac2333-ff6a-11e1-a568-984be1cae518
URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=iebappid=20systemid=2sr=0q={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=iebappid=20systemid=2sr=0q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKLM-x32 - {9C829B29-1D1F-415F-90C3-0342EB14F080} URL = http://dts.search-results.com/sr?src=iebappid=20systemid=2sr=0q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://startsear.ch/?aff=1src=spcf=a4ac2333-ff6a-11e1-a568-984be1cae518q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}babsrc=SP_ssmntrId=DEE0C0F8DAA824AFaffID=125032tsp=5024
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://startsear.ch/?aff=1src=spcf=a4ac2333-ff6a-11e1-a568-984be1cae518q={searchTerms}
SearchScopes: HKCU - {9C829B29-1D1F-415F-90C3-0342EB14F080} URL = http://dts.search-results.com/sr?src=iebappid=20systemid=2sr=0q={searchTerms}
Toolbar: HKLM - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
Toolbar: HKLM-x32 - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ssmntrId=DEE0C0F8DAA824AFaffID=125032tsp=5024
FF Extension: McAfee Security Scan Plus - C:\Users\Andzia\AppData\Roaming\Mozilla\Firefox\Profiles\m5xmwfpn.default\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8} [2014-05-29]
CHR Extension: (uTorrentBar) - C:\Users\Andzia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj [2014-02-09]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Andzia\AppData\Local\Temp\crx65F5.tmp [2011-11-20]
2014-07-12 17:12 - 2014-07-12 17:12 - 00003302 _____ () C:\Windows\System32\Tasks\4780
2014-07-12 17:12 - 2014-07-12 17:12 - 00003204 _____ () C:\Windows\System32\Tasks\0
2014-07-12 17:08 - 2014-07-12 17:09 - 00000000 ____ D () C:\AdwCleaner
2014-07-12 20:54 - 2013-03-01 21:31 - 00000000 ____ D () C:\Users\Andzia\AppData\Roaming\PerformerSoft
2014-07-12 20:34 - 2013-03-01 21:30 - 00000000 ____ D () C:\ProgramData\IBUpdaterService
2014-07-12 17:02 - 2011-11-20 19:51 - 00000000 ____ D () C:\Users\Andzia\AppData\Local\Conduit
C:\ProgramData\qjaxlkio.dss
C:\Users\Andzia\AppData\Local\Temp\*.exe
C:\Users\Andzia\AppData\Local\Temp\*.dll

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(szymon189) #10

http://wklej.org/id/1415990/

 

Co teraz?


(Acorus) #11

Skasuj folder C:\FRST