Generalne sprzątanie, wolna praca systemu, sporo reklam


(Tomiacki) #1

Cześc.

 

Potrzebuję zrobic porządek na laptopie ojca. System ma juz parę dobrych lat, na tym kompie nigdy nie było formata, raz do roku jakes czyszczenie odkurzaczem czy czymś podobnym. Objawy jakie sa denerwujące to sporo reklam i wolna praca systemu.

 

Logi:

OTL

 

OTL extras

 

GMER

 

FRST

 

Frst addition


(Atis) #2

W panelu sterowania odinstaluj:

AutocompletePro

BrowseMark

FlvPlayer

Linkey

Settings Manager

SweetIM for Messenger 3.3

SweetIM Toolbar for Internet Explorer 3.9

Yahoo! Search

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Tomiacki) #3

FRST


(Atis) #4

Nie instaluj szkodliwych programów: C:\Users\PIOTR\Downloads\yet_another_cleaner_gam.exe

Odinstaluj RegTask.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\...\Run: [RegTask] => C:\Program Files\RegTask\RegTask.exe [10577224 2010-11-18] (Time Pioneer Limited)
HKU\S-1-5-21-445041394-3677568960-217178356-1000\...\Run: [swg] => ő8őtZwyZwõw
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com
SearchScopes: HKCU - {64DE9CA9-3124-49E3-8C1F-83A26472CAE6} URL = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=3a7726b93cf742a592ff24f85cfa4387
SearchScopes: HKCU - {74D39443-DEFA-47C0-94A0-4D427C0416CD} URL = http://rts.dsrlte.com/?q={searchTerms}&r=333
CHR Extension: (No Name) - C:\Users\PIOTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk [2010-11-07]
CHR Extension: (No Name) - C:\Users\PIOTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2010-12-25]
CHR Extension: (BrowseMark) - C:\Users\PIOTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\goipcfdihomaoojgckmhigcogbnpncaf [2014-09-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]
C:\AdwCleaner
C:\Users\PIOTR\Downloads\yet_another_cleaner_gam.exe
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-445041394-3677568960-217178356-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\PIOTR\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
Task: {33C225B2-F80F-45B1-B795-6D06E61D258F} - System32\Tasks\{FB49ADF1-EF44-4764-B3B2-2EE495909319} => Chrome.exe http://ui.skype.com/ui/0/5.1.11.104/pl/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;ienotdefaultbrowser2
Task: {540995BA-86D5-4B9E-932C-F5A183D9AF99} - System32\Tasks\RunAsStdUser Task => C:\Users\PIOTR\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe
Task: {57E522C6-442B-4E81-AF93-7DD3285F5A83} - System32\Tasks\Yahoo! Search => C:\Users\PIOTR\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe [2014-07-12] (Pay By Ads LTD) <==== ATTENTION
Task: {89F342A2-5C7E-44A6-ABB1-6F32F312FD02} - System32\Tasks\RegTask => C:\Program Files\RegTask\RegTask.exe [2010-11-18] (Time Pioneer Limited)
Task: {D2FC399D-BA35-4ACB-97D6-734F2A581494} - System32\Tasks\{63B22E27-A2B5-42BB-9A40-D14659A98B17} => Chrome.exe http://ui.skype.com/ui/0/5.1.11.104/pl/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;ienotdefaultbrowser2
Task: C:\Windows\Tasks\RegTask.job => C:\Program Files\RegTask\RegTask.exe
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Tomiacki) #5

FIXLOG

FABAR

 

C:\Users\PIOTR\Downloads\yet_another_cleaner_gam.exe - usunięte.


(Atis) #6

Skasuj folder C:\FRST

Usuń stare punkty przywracania: KLIK

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Odinstaluj Adobe Reader X i zainstaluj Adobe Reader XI 11.0.9