Witam
Prosiłbym o sprawdzenie loga,poniewaz mój komputer zawiesza się przy skanowaniu antywirusem.
http://www.wklej.org/hash/4011fe2cac4/
Pozdrawiam i dziękuje.
Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
niestety ale program FRST też się zawiesił przy skanowaniu pliku getting office sessions
Wykonaj w trybie awaryjnym.
Otwórz notatnik systemowy i wklej:
HKLM\...\Run: [GrooveMonitor] = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll = c:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll [1235856 2011-06-01] (Bandoo Media, inc)
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll = c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-31] (Google)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-850912352-1073725632-2232682389-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
ProxyServer: [S-1-5-21-850912352-1073725632-2232682389-1000] = socks=127.0.0.1:9050
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pur-esult.info/?pid=724r=2014/01/18hid=5918639908860586995lg=ENcc=PL
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-850912352-1073725632-2232682389-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pur-esult.info/?pid=724r=2014/01/18hid=5918639908860586995lg=ENcc=PL
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} URL = http://dts.search-results.com/sr?src=iebappid=73systemid=101sr=0q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} URL = http://dts.search-results.com/sr?src=iebappid=73systemid=101sr=0q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=iebappid=101systemid=406q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT2206084
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pur-esult.info/?l=1q={searchTerms}pid=724r=2014/01/18hid=5918639908860586995lg=ENcc=PL
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685query={searchTerms}invocationType=tb50winampie7
SearchScopes: HKU\.DEFAULT - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pur-esult.info/?l=1q={searchTerms}pid=724r=2014/01/18hid=5918639908860586995lg=ENcc=PL
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=irontos={searchTerms}f=4
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}AF=100482babsrc=SP_ssmntrId=4cb5a600000000000000001f3c9a66b8
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/searchs=wqrE44x_AzX2hsXqCe5NL3vJ-cY?q={searchTerms}
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} URL = http://dts.search-results.com/sr?src=iebappid=73systemid=101sr=0q={searchTerms}
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=iebappid=101systemid=406q={searchTerms}
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/webResults.html?src=iebq={searchTerms}
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pur-esult.info/?l=1q={searchTerms}pid=724r=2014/01/18hid=5918639908860586995lg=ENcc=PL
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://websearch.ask.com/redirect?client=ietb=FFo=14594src=kwq={searchTerms}locale=en_USapn_ptnrs=FVapn_dtid=YYYYYYYYPLapn_uid=98ca6f38-952c-488c-970a-be5c6d26545capn_sauid=7787E54B-9D0B-435E-B2E2-D05F6A6E9016
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com/mb59/?search={searchTerms}loc=search_boxu=92822966415503431
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {DD5ACD4F-0ED6-4666-BECC-9F590C9EAD38} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT3220468
SearchScopes: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL =
Toolbar: HKLM - BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
Toolbar: HKU\.DEFAULT - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Toolbar: HKU\.DEFAULT - No Name - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - No File
Toolbar: HKU\.DEFAULT - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
Toolbar: HKU\S-1-5-21-850912352-1073725632-2232682389-1000 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
FF Plugin HKU\S-1-5-21-850912352-1073725632-2232682389-1000: @tools.google.com/Google Update;version=3 - C:\Users\szyba\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-850912352-1073725632-2232682389-1000: @tools.google.com/Google Update;version=9 - C:\Users\szyba\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Extension: 12b6fdcd4423427682a373fdbff5f7e4 - C:\Users\szyba\AppData\Roaming\Mozilla\Firefox\Profiles\6jvcn5pr.default\Extensions\{12b6fdcd-4423-4276-82a3-73fdbff5f7e4} [2015-02-20]
FF Extension: AA052FD6366A4771A5910D8DC551585D - C:\Users\szyba\AppData\Roaming\Mozilla\Firefox\Profiles\6jvcn5pr.default\Extensions\{AA052FD6-366A-4771-A591-0D8DC551585D} [2015-02-20]
CHR HKLM\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Users\szyba\AppData\Local\Google\Chrome\User Data\Default\Extensions\serach.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Users\szyba\AppData\Local\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\szyba\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
U1 eabfiltr; No ImagePath
S3 netr73; system32\DRIVERS\netr73.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
2015-02-17 20:26 - 2015-02-20 22:31 - 00000000 ____ D () C:\AdwCleaner
2015-02-17 18:14 - 2015-02-17 18:14 - 00613057 _____ (CMI Limited) C:\Users\szyba\AppData\Local\nsf4E98.tmp
2015-02-20 23:13 - 2012-09-05 11:59 - 00000000 ____ D () C:\Program Files\Conduit
2015-02-20 23:13 - 2012-01-25 12:56 - 00000000 ___HD () C:\Users\szyba\AppData\Local\Babylon
2015-02-20 23:13 - 2011-12-11 13:39 - 00000000 ____ D () C:\Program Files\Windows Searchqu Toolbar
2015-02-20 23:13 - 2011-06-28 16:56 - 00000000 ____ D () C:\Program Files\iLivid
2015-02-20 23:13 - 2011-06-28 16:55 - 00000000 ____ D () C:\Program Files\Windows iLivid Toolbar
2015-02-20 23:13 - 2011-05-08 08:33 - 00000000 ___HD () C:\Users\szyba\AppData\Roaming\OpenCandy
2015-02-20 23:13 - 2009-01-11 19:24 - 00000000 __SHD () C:\found.000
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Otwórz notatnik systemowy i wklej:
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (No Name) - C:\Users\szyba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15]
2015-03-15 18:44 - 2015-03-15 18:52 - 00000000 ____ D () C:\AdwCleaner
2009-05-05 11:40 - 2011-06-03 19:13 - 0001032 ____ H () C:\Users\szyba\AppData\Roaming\wklnhst.dat
C:\Users\szyba\adwcleaner_4.112.exe
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
W Chrome usuń adres hxxp://www.key-find.com/. Otwórz konkretną stronę lub zestaw stron https://support.google.com/chrome/answer/95421?hl=pl
Tego nie wykonałeś:
W Chrome usuń adres hxxp://www.key-find.com/. Otwórz konkretną stronę lub zestaw stron https://support.goog…wer/95421?hl=pl
Zrobione,folder C:/FRST zaraz skasuje.
FRST:http://wklej.org/id/1664114/
Addition:http://wklej.org/id/1664117/
To wszystko.
Dziękuje i pozdrawiam.