ilovemoon
2 Sierpień 2014 16:35
#1
Witam,
Korzystając z instrukcji podanych w temacie " Analiza i dezynfekcja - zestaw narzędzi nieingerencyjnych", zatrzymałam się na etapie skryptów, w których wykonaniu potrzebuje pomocy.
OTL: http://www.wklej.org/id/1431316/
Extras: http://www.wklej.org/id/1431315/
Lista głównych problemów:
1.Side-by-Side Configuration error - przy starcie przeglądarki lub gry pojawia się error side-by-side.
2.Bardzo wolno startuje system (Windows 7 Ultimate) - dodatkowo pojawia się “This copy of Windows is not genuine”.
3.Przeglądarka Google chrome bardzo wolno otwiera strony.
4.Czasami w trakcie oglądania lub grania wyłącza się dźwięk i nie można go włączyć ponownie. Dodatkowo przy oglądaniu na YouTube filmik się zatrzymuję. A w przypadku gier można kontynuować grę, ale bez dźwięku. Pomaga jedynie restart.
Atis
2 Sierpień 2014 17:02
#2
Do okna Własne opcje skanowania / skrypt wklej:
:OTL
DRV:64bit: - [2014-04-27 20:39:43 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014-04-24 12:21:34 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{ba099a85-e825-4802-83e7-d386a5b4a734}w64.sys -- ({ba099a85-e825-4802-83e7-d386a5b4a734}w64)
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_22_ch&cd=2XzuyEtN2Y1L1QzuyE0CyCtD0D0EyC0E0E0AtAyBtBtB0EzytN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDtAtDtCtGyByDyDtCtG0CtAtDyEtG0EyCzz0AtGtByCyEyDtByEtB0FtD0FtDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0AtA0B0EyDyDtGtAtDtD0DtGtC0ByD0AtGyDtBtDtDtGyBtB0A0D0B0CyEtA0AzytB0E2Q&cr=245372322&ir=
IE - HKU\S-1-5-21-2407777916-2665440864-794422511-1001\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_22_ch&cd=2XzuyEtN2Y1L1QzuyE0CyCtD0D0EyC0E0E0AtAyBtBtB0EzytN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDtAtDtCtGyByDyDtCtG0CtAtDyEtG0EyCzz0AtGtByCyEyDtByEtB0FtD0FtDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0AtA0B0EyDyDtGtAtDtD0DtGtC0ByD0AtGyDtBtDtDtGyBtB0A0D0B0CyEtA0AzytB0E2Q&cr=245372322&ir=
IE - HKU\S-1-5-21-2407777916-2665440864-794422511-1001\..\SearchScopes\398C2B66953F42589BEAC6361D04721D: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCvIAbTserZ_kVVvVprGY3B0gV4_qbzo__NdqEPcKWVTQRb0odatY2NzhCU98Dn24iN1sqlwVZ3LJSp_pyK7migrHR9TBnXRUu3WS-nBpw_95dOUxWLgLtIO3RjRsuk14q8iM0zhnsiJFNmhC7V9dKxPmnjCpyg,,&q={searchTerms}
IE - HKU\S-1-5-21-2407777916-2665440864-794422511-1004\..\SearchScopes\398C2B66953F42589BEAC6361D04721D: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCvIAbTserZ_kVVvVprGY3B0gV4_qbzo__NdqEPcKWVTQRb0odatY2NzhCU98Dn24iN1sqlwVZ3LJSp_pyK7migrHR9TBnXRUu3WS-nBpw_95dOUxWLgLtIO3RjRsuk14q8iM0zhnsiJFNmhC7V9dKxPmnjCpyg,,&q={searchTerms}
IE - HKU\S-1-5-21-2407777916-2665440864-794422511-1004\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCvIAbTserZ_kVVvVprGY3B0gV4_qbzo__NdqEPcKWVTQRb0odatY2NzhCU98Dn24iN1sqlwVZ3LJSp_pyK7migrHR9TBnXRUu3WS-nBpw_95dOUxWLgLtIO3RjRsuk14q8iM0zhnsiJFNmhC7V9dKxPmnjCpyg,,&q={searchTerms}
O4 - HKU\S-1-5-21-2407777916-2665440864-794422511-1004..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2407777916-2665440864-794422511-1004..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2407777916-2665440864-794422511-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
[2014-07-07 20:12:23 | 000,000,000 | ---D | C] -- C:\temp
[2014-05-30 18:59:06 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Roaming\secproc_isv
[2014-02-14 00:53:07 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Roaming\wyUpdate AU
:Commands
[emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart. Pokaż raport z usuwania.
http://forum.dobreprogramy.pl/nowy-log-obowiązkowy-farbar-recovery-scan-tool-t478727/
ilovemoon
2 Sierpień 2014 17:33
#3
ilovemoon
2 Sierpień 2014 19:29
#5
Atis
2 Sierpień 2014 19:59
#6
Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-2407777916-2665440864-794422511-1001\...\Run: [secproc_isv] => C:\Users\Owner\AppData\Roaming\secproc_isv\secproc_isv.exe
C:\Users\Owner\AppData\Roaming\secproc_isv
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope 398C2B66953F42589BEAC6361D04721D URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCvIAbTserZ_kVVvVprGY3B0gV4_qbzo__NdqEPcKWVTQRb0odatY2NzhCU98Dn24iN1sqlwVZ3LJSp_pyK7migrHR9TBnXRUu3WS-nBpw_95dOUxWLgLtIO3RjRsuk14q8iM0zhnsiJFNmhC7V9dKxPmnjCpyg,,&q={searchTerms}
SearchScopes: HKCU - 398C2B66953F42589BEAC6361D04721D URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCvIAbTserZ_kVVvVprGY3B0gV4_qbzo__NdqEPcKWVTQRb0odatY2NzhCU98Dn24iN1sqlwVZ3LJSp_pyK7migrHR9TBnXRUu3WS-nBpw_95dOUxWLgLtIO3RjRsuk14q8iM0zhnsiJFNmhC7V9dKxPmnjCpyg,,&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKCU\...\Firefox\Extensions: [{4D0D4511-93F9-0D85-FD20-F609900F019D}] - C:\Program Files (x86)\Show-Password\161.xpi
CHR HKLM-x32\...\Chrome\Extension: [alhdfamoaobjfaienoeikggjfdeajfjb] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha782\ch\MediaViewerV1alpha782.crx [2014-07-24]
CHR HKLM-x32\...\Chrome\Extension: [hmkddkfhkedofcbhdnakcfdojblokicj] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home244\ch\MediaWatchV1home244.crx [2014-07-24]
CHR HKLM-x32\...\Chrome\Extension: [kbaobeojfaakbhelmjmfbffbkkccffff] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6095\ch\MediaViewV1alpha6095.crx [2014-07-24]
CHR HKLM-x32\...\Chrome\Extension: [kbjlipmgfoamgjaogmbihaffnpkpjajp] - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\GCSurfMatch.crx [2014-07-24]
CHR HKLM-x32\...\Chrome\Extension: [kigmkdgkllpmdpnoeflakingpknhmnef] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha500\ch\MediaViewV1alpha500.crx [2014-07-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Program Files (x86)\MediaViewerV1
C:\Users\Owner\AppData\Local\Smartbar
C:\Users\Owner\AppData\Roaming\Search Protection
C:\Program Files (x86)\Nosibay
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {269AA324-2E50-4A06-9FEE-91806150352E} - \{CAE6BCE3-8AD8-4263-A07B-97149B0E6C0D} No Task File <==== ATTENTION
Task: {47CFE947-3C62-4526-A1C2-0A6C5A9307BB} - \{238E5324-50DE-4E2F-8E20-20E60ABADA75} No Task File <==== ATTENTION
Task: {492011DA-0019-4CD5-9F89-EAEF32689955} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {514882DF-0A4D-40FB-A10A-3BEEE8042BC7} - \{7D13821A-00A0-4125-BB4F-D4E02FC4568D} No Task File <==== ATTENTION
Task: {52D011AC-B3CB-489E-A5E5-8B4133BC7822} - \DP1815-updater No Task File <==== ATTENTION
Task: {5A876395-D104-459F-9889-402A8227447E} - \DP1815-firefoxinstaller No Task File <==== ATTENTION
Task: {60F3981C-6AE9-4429-9DFE-B7CE315E4591} - \FacebookUpdateTaskUserS-1-5-21-2407777916-2665440864-794422511-1001UA No Task File <==== ATTENTION
Task: {65FF4664-D5FD-4D12-9E28-6D527D71F089} - \{3FB389ED-5A3D-4CC1-9687-AF6E35C41E44} No Task File <==== ATTENTION
Task: {675BB143-BE97-4052-917D-86DF4E7F4967} - \{7D432EE7-1A64-4089-BE21-C21409E8FBAF} No Task File <==== ATTENTION
Task: {67BD7CB4-8961-4A81-BBC2-E1506B036E83} - \FF Watcher {262AEA6D-CFD7-4F0D-9EFE-60DEA92C1A1E} No Task File <==== ATTENTION
Task: {818CEB29-CD0A-4320-B847-39B8678E51ED} - \MySearchDial No Task File <==== ATTENTION
Task: {873CE83C-DF50-4634-9D8F-D8D8D8AAF8D5} - \{4041F126-890E-4608-A73D-ED792EF6F28D} No Task File <==== ATTENTION
Task: {908089FD-93B8-4960-847A-1EE51DF6A4C9} - \FacebookUpdateTaskUserS-1-5-21-2407777916-2665440864-794422511-1001Core No Task File <==== ATTENTION
Task: {968D323B-849C-448D-8077-FEC4D4D34E9D} - \DP1815-chromeinstaller No Task File <==== ATTENTION
Task: {A2CAFC61-4B21-46E4-B934-67BAA7551A2C} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {A9B20A46-7D55-420A-A43A-D795E5294B13} - \DP1815-codedownloader No Task File <==== ATTENTION
Task: {B391A0B2-5EBC-423F-A1F8-985C64B8A3E9} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {B52B4897-4F0C-4B2F-937D-D5ABEF95E0E9} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {B89377CD-8F75-4F08-A813-7890B5E67DC0} - \DP1815-enabler No Task File <==== ATTENTION
Task: {BF85F8BE-0C3D-471B-86B0-9B5CE44315B7} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C0BC4194-8DCF-457B-A0E8-48008DADA488} - \{37D0D2A9-ECD6-4149-BE00-3315DA543EA4} No Task File <==== ATTENTION
Task: {C39DB319-1312-4AFB-BBDD-A818519FF552} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {CF59E913-F54E-4EA5-AB65-2CBDDC218AFD} - \{8B9EA165-FFD7-49CE-9E9A-C06976C360FB} No Task File <==== ATTENTION
Task: {F261247F-0619-43D0-B003-FBD5D0B6EFD1} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {FAE76A74-388E-478F-AA95-9590190EDDF5} - \{AFDC5B9A-2E92-4F23-B2CE-D9702DE9A192} No Task File <==== ATTENTION
Task: {FE05083A-E36D-4451-A6C3-E47384FD73FF} - \SidebarExecute No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temp:nUOWmVj1lSoUfbtyIsQ4AVOzBEM9
AlternateDataStreams: C:\Users\Owner\AppData\Local\VTlpL7RPVIvl5d:u6BroahOAiSpTFVcT1u4v
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\khd64.exe" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\maxell.exe" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtection" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\secproc_isv" /f
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
ilovemoon
2 Sierpień 2014 20:55
#7
Atis
2 Sierpień 2014 22:11
#8
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKU\S-1-5-21-2407777916-2665440864-794422511-1001\...\Run: [secproc_isv] => C:\Users\Owner\AppData\Roaming\secproc_isv\secproc_isv.exe
HKU\S-1-5-21-2407777916-2665440864-794422511-1004\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_22_ch&cd=2XzuyEtN2Y1L1QzuyE0CyCtD0D0EyC0E0E0AtAyBtBtB0EzytN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDtAtDtCtGyByDyDtCtG0CtAtDyEtG0EyCzz0AtGtByCyEyDtByEtB0FtD0FtDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0AtA0B0EyDyDtGtAtDtD0DtGtC0ByD0AtGyDtBtDtDtGyBtB0A0D0B0CyEtA0AzytB0E2Q&cr=245372322&ir=
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_22_ch&cd=2XzuyEtN2Y1L1QzuyE0CyCtD0D0EyC0E0E0AtAyBtBtB0EzytN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDtAtDtCtGyByDyDtCtG0CtAtDyEtG0EyCzz0AtGtByCyEyDtByEtB0FtD0FtDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0AtA0B0EyDyDtGtAtDtD0DtGtC0ByD0AtGyDtBtDtDtGyBtB0A0D0B0CyEtA0AzytB0E2Q&cr=245372322&ir=
R1 {ba099a85-e825-4802-83e7-d386a5b4a734}w64; C:\Windows\System32\drivers\{ba099a85-e825-4802-83e7-d386a5b4a734}w64.sys [61120 2014-04-24] (StdLib)
C:\Windows\System32\drivers\{ba099a85-e825-4802-83e7-d386a5b4a734}w64.sys
C:\AdwCleaner
C:\Users\Owner\AppData\Roaming\secproc_isv
C:\Users\Owner\AppData\Local\Temp\*.dll
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v secproc_isv /f
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
ilovemoon
2 Sierpień 2014 22:45
#9
Atis
2 Sierpień 2014 23:02
#10
Wklej do OTL i kliknij Wykonaj skrypt:
:Files
C:\FRST
Uruchom OTL i kliknij Sprzątanie.
Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
http://wstaw.org/m/2014/03/25/2014-03-25_123039.png
Język PL > Settings > General Settings > Language > Polish
Odinstaluj:
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 51
Java 7 Update 55
Java SE Development Kit 8 Update 5
Java 8 Update 5
Zainstaluj:
Adobe Reader XI 11.0.7
Flash Player 14.0.0.145 Plugin-based browsers
Java 8 Update 11
