Problem z wyskakującymi oknami reklamowymi, mozilla- zmiana języka, zmieniająca się strona startowa i wyszukiwarki, bardzo spowolniona praca komputera

green8 · 25 Marzec 2017 20:43

Witam,

Bardzo proszę o pomoc.
Żadko używam tego komputera, a jak już się to zdaża jest to istny koszmar i marnowanie czasu.
Komputer strasznie zwolnił, samo uruchomienie trwa wieki, dodatkowo w przeglądarce, której używam, Mozilli zmienił się ( albo zrobiłam to omyłkowo ale nie przypominam sobie) język z polskiego na angielski, jakby tego było mało zmieniła się również wyszukiwarka i strona startowa.Mimo zmian wraca, wysyłam link

http://www.startpageing123.com/?type=sc&ts=1488466479&z=2d77dff7bb2187249b93541gbz7b7b0z5q2qdzdmdt&from=ggg0221&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX

jeszcze był problem z istra… ale narazie jest spokój.

Przesyłam wygenerowane logi:

http://www.wklej.org/id/3070633/
http://www.wklej.org/id/3070635/
http://www.wklej.org/id/3070636/

Bardzo proszę o pomoc.

Acorus · 26 Marzec 2017 07:51

Odinstaluj amuleC,WinSnare,WinZip,YAC(Yet Another Cleaner!).Otwórz notatnik systemowy i wklej:

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-528588527-2304337030-1946500591-1000_Classes\CLSID{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\Users\paulina\Downloads\BESTplayer.exe => Brak pliku
CustomCLSID: HKU\S-1-5-21-528588527-2304337030-1946500591-1000_Classes\CLSID{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\Users\paulina\Downloads\BESTplayer.exe => Brak pliku
Task: {A60605AD-2D5F-4BD6-B579-467648115501} - System32\Tasks\paulinaFluorenesInsertedV2 => Rundll32.exe EruptStaged.dll,main 7 1 <==== UWAGA
Task: C:\Windows\Tasks{3EB26AA8-A37D-452A-05CA-65D5F9AD26BF}.job => C:\Users\paulina\AppData\Roaming{3EB26~1\PRODUC~1.EXE <==== UWAGA
Shortcut: C:\Users\paulina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Cansuck\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\paulina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files\Cansuck\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Cansuck\Application\chrome.exe (Google Inc.)
ShortcutWithArgument: C:\Users\paulina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1475966863&z=140154072304311aeb800f9gbz4mfw6tfq9qcb8q6c&from=wzp1008&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
ShortcutWithArgument: C:\Users\paulina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1475966863&z=140154072304311aeb800f9gbz4mfw6tfq9qcb8q6c&from=wzp1008&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
ShortcutWithArgument: C:\Users\paulina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1475966863&z=140154072304311aeb800f9gbz4mfw6tfq9qcb8q6c&from=wzp1008&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
ShortcutWithArgument: C:\Users\paulina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1475966863&z=140154072304311aeb800f9gbz4mfw6tfq9qcb8q6c&from=wzp1008&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
ShortcutWithArgument: C:\Users\paulina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1488466479&z=2d77dff7bb2187249b93541gbz7b7b0z5q2qdzdmdt&from=ggg0221&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
ShortcutWithArgument: C:\Users\paulina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1475966863&z=140154072304311aeb800f9gbz4mfw6tfq9qcb8q6c&from=wzp1008&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
ShortcutWithArgument: C:\Users\paulina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1488466479&z=2d77dff7bb2187249b93541gbz7b7b0z5q2qdzdmdt&from=ggg0221&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1488466479&z=2d77dff7bb2187249b93541gbz7b7b0z5q2qdzdmdt&from=ggg0221&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\Run: [dc2k5] => C:\Windows\SVIQ.EXE [57344 2010-07-24] ()
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\Run: [Fun] => C:\Windows\system\Fun.exe
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\Run: [dc] => C:\Windows\dc.exe [57344 2010-07-24] ()
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\CurrentVersion\Windows: [Load] C:\Windows\inf\Other.exe <===== UWAGA
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\CurrentVersion\Windows: [Run] C:\Windows\system32\config\Win.exe <===== UWAGA
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\MountPoints2: {5cb32a6e-d7cb-11e4-89a7-1c7508276ac9} - D:\AutoRun.exe
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\MountPoints2: {5cb32a7c-d7cb-11e4-89a7-1c7508276ac9} - D:\AutoRun.exe
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\MountPoints2: {8ab5ee2f-305b-11e5-aeba-1c7508276ac9} - D:\AutoRun.exe
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\MountPoints2: {8ab5ee34-305b-11e5-aeba-1c7508276ac9} - D:\AutoRun.exe
IFEO\MRT.exe: [Debugger] C:\Windows\TEMP\nsi894B.tmp\Gubed.exe -Yrrehs
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX&q={searchTerms}
HKU\S-1-5-21-528588527-2304337030-1946500591-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
HKU\S-1-5-21-528588527-2304337030-1946500591-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
HKU\S-1-5-21-528588527-2304337030-1946500591-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449585344&z=2387a828133f9ac2fc3cd0agbz6z2t3w9b8w8c5zbc&from=ient07021&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX&q={searchTerms}
HKU\S-1-5-21-528588527-2304337030-1946500591-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449585344&z=2387a828133f9ac2fc3cd0agbz6z2t3w9b8w8c5zbc&from=ient07021&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489258399&z=206afccdfddbac3098db388g8zbbft1ocw8b0c2tdt&from=ggg0302&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489258399&z=206afccdfddbac3098db388g8zbbft1ocw8b0c2tdt&from=ggg0302&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-528588527-2304337030-1946500591-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-528588527-2304337030-1946500591-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX&ts=1437920302&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-528588527-2304337030-1946500591-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX&ts=1437920302&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-528588527-2304337030-1946500591-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-528588527-2304337030-1946500591-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX&ts=1437920302&type=default&q={searchTerms}
BHO: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files\MiuiTab\SupTab.dll [2015-07-23] (Thinkgood Co. Limited)
FF NewTab: Mozilla\Firefox\Profiles\51ty5cnb.default -> hxxp://www.yoursites123.com/newtab/?type=nt&ts=1458578662&z=e0e16e0e23f112378522ae3gdz7wfbaw8m3beq2w5t&from=wpm0314&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\51ty5cnb.default -> istartsurf
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\51ty5cnb.default -> istartsurf
FF Homepage: Mozilla\Firefox\Profiles\51ty5cnb.default -> hxxp://www.istartsurf.com/?type=hppp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
FF SearchPlugin: C:\Users\paulina\AppData\Roaming\Mozilla\Firefox\Profiles\51ty5cnb.default\searchplugins\luck.xml [2017-03-11]
FF SearchPlugin: C:\Users\paulina\AppData\Roaming\Mozilla\Firefox\Profiles\51ty5cnb.default\searchplugins\startpageing123.xml [2017-03-11]
FF NewTab: Firefox\Firefox\Profiles\51ty5cnb.default -> hxxp://www.yoursites123.com/newtab/?type=nt&ts=1458578662&z=e0e16e0e23f112378522ae3gdz7wfbaw8m3beq2w5t&from=wpm0314&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
FF DefaultSearchEngine: Firefox\Firefox\Profiles\51ty5cnb.default -> istartsurf
FF SelectedSearchEngine: Firefox\Firefox\Profiles\51ty5cnb.default -> istartsurf
FF SearchPlugin: C:\Users\paulina\AppData\Roaming\Firefox\Firefox\Profiles\51ty5cnb.default\searchplugins\mylucky123.xml [2016-10-08]
FF SearchPlugin: C:\Users\paulina\AppData\Roaming\Firefox\Firefox\Profiles\51ty5cnb.default\searchplugins\searchinme.xml [2016-12-09]
R2 SSFK; C:\Program Files\SFK\SSFK.exe [183488 2016-01-12] (TODO: <公司名>)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [211456 2016-12-08] () [Brak podpisu cyfrowego]
R2 WinSnare; C:\Users\paulina\AppData\Roaming\WinSnare\WinSnare.dll [647168 2017-03-10] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [1206864 2016-06-26] (Winziper Pvt Ltd.) [Brak podpisu cyfrowego] <==== UWAGA
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [59152 2016-05-19] (Elex do Brasil Participações Ltda)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S1 qsafd_vt_1_10_0_20; system32\drivers\qsafd_vt_1_10_0_20.sys [X]
S1 wafd_vt_1_10_0_20; system32\drivers\wafd_vt_1_10_0_20.sys [X]
2017-03-11 18:56 - 2017-03-11 18:56 - 00000000 ____D C:\Users\paulina\AppData\Roaming\Elex-tech
2017-03-11 18:56 - 2017-03-11 18:56 - 00000000 ____D C:\Program Files\Explorer
2017-03-11 18:56 - 2017-03-11 18:56 - 00000000 ____D C:\Program Files\Elex-tech
2017-03-11 18:56 - 2016-05-19 07:42 - 00059152 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2017-03-11 18:55 - 2017-03-11 19:53 - 00000000 ____D C:\Program Files\WinSnare(4.2.8)
2017-03-02 15:55 - 2017-03-02 15:55 - 00000000 ____D C:\Users\paulina\AppData\Roaming\Kyubey
2017-03-02 15:54 - 2017-03-11 18:55 - 00000000 ____D C:\Users\paulina\AppData\Roaming\WinSnare
2017-03-25 20:24 - 2016-04-27 19:24 - 00000282 _____ C:\Windows\Tasks{3EB26AA8-A37D-452A-05CA-65D5F9AD26BF}.job
2015-12-25 15:04 - 2015-12-25 15:04 - 2770376 _____ (iBank) C:\Program Files\SSFK.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\paulina\AppData\Roaming\IUKBUKHL
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\paulina\AppData\Roaming\NE
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\paulina\AppData\Roaming\REBKIG
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\paulina\AppData\Roaming\UBMCFE
C:\ProgramData{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Windows\Tasks{3EB26AA8-A37D-452A-05CA-65D5F9AD26BF}.job
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Uruchom jako administrator FRST i kliknij w Fix/Napraw.
Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan(Skanuj) i później Cleaning(Oczyść).

green8 · 26 Marzec 2017 14:04

Witam,

Dziękuję za tak szybką pomoc, ale niestety nie mogę wykonać naprawy, tzn. trwa ona i trwa minęło już ponad 20 min i nic…czy tak powinno być?

Acorus · 26 Marzec 2017 14:08

Użyj AdwCleanera i wykonaj skrypt w trybie awaryjnym.Pokaż nowy raport z FRST bez Addition i Shortcut.

green8 · 26 Marzec 2017 14:37

Mam nadzieje że dobrze zrobiłam.
Pierwszy link to raport z AdwCleanera:

http://www.wklej.org/id/3071094/
Kolejny to raport z FRST:
http://www.wklej.org/id/3071107/

Acorus · 26 Marzec 2017 14:41

Nie wykonałaś usuwania skryptem FRST.

green8 · 26 Marzec 2017 14:43

czyli?

Przepraszam ale mało się orientuje w tym wszystkim

green8 · 26 Marzec 2017 15:03

Przy próbie oczyszczania AdwCleanera (bo wykryto 140 zagrożeń)
cały czas pojawia się informacja " brak odpowiedzi"

Acorus · 26 Marzec 2017 15:07

Wykonaj w trybie awaryjnym.

green8 · 26 Marzec 2017 15:08

Wiem że nieco trudna ze mną współpraca, ale jak mam to zrobić?

green8 · 26 Marzec 2017 17:20

Usunęłam parę programów z komputera wraz z mozillą.
Udało mi sie przeprowadzić do samego końca oczyszczanie programem
AdwCleaner, a następnie wykonałam ponownie raporty z FRST może teraz będzie lepiej…
Przesyłam linki

http://www.wklej.org/id/3071234/
http://www.wklej.org/id/3071236/
http://www.wklej.org/id/3071237/

Proszę o pomoc.

Acorus · 26 Marzec 2017 17:42

Odinstaluj Adobe Reader 9.1 MUI,Update for PriceFountain.Otwórz notatnik systemowy i wklej:

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-528588527-2304337030-1946500591-1000_Classes\CLSID{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\Users\paulina\Downloads\BESTplayer.exe => Brak pliku
Task: {53D0346F-075C-4AA2-98E0-73E3A4975B30} - System32\Tasks{729AE32E-8FF4-4C82-BA06-3D5493B9B88D} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.370&LastError=404
Task: {646F909B-0AC6-49CC-A665-974A563066FF} - System32\Tasks{3EB26AA8-A37D-452A-05CA-65D5F9AD26BF} => C:\Users\paulina\AppData\Roaming{3EB26~1\PRODUC~1.EXE [2013-04-12] () <==== UWAGA
Task: C:\Windows\Tasks{3EB26AA8-A37D-452A-05CA-65D5F9AD26BF}.job => C:\Users\paulina\AppData\Roaming{3EB26~1\PRODUC~1.EXE <==== UWAGA
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\Run: [dc2k5] => C:\Windows\SVIQ.EXE [57344 2010-07-24] ()
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\Run: [Fun] => C:\Windows\system\Fun.exe
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\Run: [dc] => C:\Windows\dc.exe [57344 2010-07-24] ()
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\CurrentVersion\Windows: [Load] C:\Windows\inf\Other.exe <===== UWAGA
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\CurrentVersion\Windows: [Run] C:\Windows\system32\config\Win.exe <===== UWAGA
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\MountPoints2: {5cb32a6e-d7cb-11e4-89a7-1c7508276ac9} - D:\AutoRun.exe
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\MountPoints2: {5cb32a7c-d7cb-11e4-89a7-1c7508276ac9} - D:\AutoRun.exe
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\MountPoints2: {8ab5ee2f-305b-11e5-aeba-1c7508276ac9} - D:\AutoRun.exe
HKU\S-1-5-21-528588527-2304337030-1946500591-1000…\MountPoints2: {8ab5ee34-305b-11e5-aeba-1c7508276ac9} - D:\AutoRun.exe
IFEO\MRT.exe: [Debugger] C:\Windows\TEMP\nsi894B.tmp\Gubed.exe -Yrrehs
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-528588527-2304337030-1946500591-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
HKU\S-1-5-21-528588527-2304337030-1946500591-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437746302&z=a71f5bb6963792e5b191f17gbzec8m8m7zfq2o4w9b&from=cor&uid=HitachiXHTS545016B9A300_100922PBPB03ECJMX2TFX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-528588527-2304337030-1946500591-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR HKLM…\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 L1C; system32\DRIVERS\L1C62x86.sys [X]
U2 WinSnare; Brak ImagePath
2017-03-26 16:17 - 2017-03-26 18:32 - 00000000 ____D C:\AdwCleaner
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\paulina\AppData\Roaming\IUKBUKHL
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\paulina\AppData\Roaming\NE
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\paulina\AppData\Roaming\REBKIG
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\paulina\AppData\Roaming\UBMCFE
2015-03-09 17:14 - 2015-03-09 17:14 - 0613255 _____ (CMI Limited) C:\Users\paulina\AppData\Local\nss5191.tmp
C:\Windows\Tasks{3EB26AA8-A37D-452A-05CA-65D5F9AD26BF}.job
EmpyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Uruchom jako administrator FRST i kliknij w Fix/Napraw.
Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

green8 · 26 Marzec 2017 18:53

odinstalowałam programy i przeprowadzam naprawę, która niestety trwa już 48 minut…tak powinno być?

green8 · 26 Marzec 2017 20:53

dalej to trwa:(

Acorus · 27 Marzec 2017 15:37

Wykonaj usuwanie w trybie awaryjnym.http://support.eset.pl/kb2268/?viewlocale=pl_PL

green8 · 27 Marzec 2017 18:26

usuwanie?
tzn. “naprawę” programem FRST po uruchomieniu komputera w trybie awaryjnym?

jeżeli tak to robię to kolejny raz i już trwa prawie 20 min.

green8 · 27 Marzec 2017 18:47

Pamiętam że jak kiedyś miałam problem z komputerem, to przeprowadzana była naprawa poprzez program OTL…może nim się uda?