Usunięcie zbędnych pasków

leszczu123 · 19 Grudzień 2014 14:15

Witam,

instalując program Izarc, zainstalowało mi się pełno śmieci, których nie potrafię usunąć. W związku z tym proszę o pomoc.

Log FRST: http://wklej.to/UyRhY

Log Addition: http://wklej.org/id/1562543/

Z góry dziękuję,

pozdrawiam

Acorus · 19 Grudzień 2014 15:08

Odinstaluj SensePlus,SEO SpyGlass,Shopper-Pro,SourceApp,Word Proser 1.10.0.4,YouTube Accelerator.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.

leszczu123 · 19 Grudzień 2014 17:54

Usunąłem wszystko, co miałem usunąć.

Wklejam logi i proszę o sprawdzenie:

FRST: http://wklej.org/id/1562706/

Addition: http://wklej.org/id/1562707/

Dziękuję

Acorus · 19 Grudzień 2014 18:36

Otwórz Notatnik i wklej:

Task: {2BFA9E3A-A7E8-4A3E-B42F-4128A3BF6BA6} - System32\Tasks\GXQVPGQ = C:\Users\user\AppData\Roaming\GXQVPGQ.exe [2014-12-19] (Object Browser) ==== ATTENTION
Task: {9180B3EA-274E-4AFF-BAE8-B4EC1996E362} - System32\Tasks\OFKVGFVR = C:\Users\user\AppData\Roaming\OFKVGFVR.exe [2014-12-19] (Object Browser) ==== ATTENTION
Task: C:\Windows\Tasks\GXQVPGQ.job = C:\Users\user\AppData\Roaming\GXQVPGQ.exe ==== ATTENTION
Task: C:\Windows\Tasks\OFKVGFVR.job = C:\Users\user\AppData\Roaming\OFKVGFVR.exe ==== ATTENTION
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2012-06-27] (Realtek Semiconductor)
HKLM\...\Run: [jafdeqiphm] = wscript.exe //B "C:\Users\user\AppData\Local\Temp\jafdeqiphm..vbs" ===== ATTENTION
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3294748572-2696964098-1573072663-1000\...\Run: [jafdeqiphm] = wscript.exe //B "C:\Users\user\AppData\Local\Temp\jafdeqiphm..vbs" ===== ATTENTION
HKU\S-1-5-21-3294748572-2696964098-1573072663-1000\...\RunOnce: [Adobe Speed Launcher] = 1419009180
HKU\S-1-5-21-3294748572-2696964098-1573072663-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-3294748572-2696964098-1573072663-1000\...\MountPoints2: {b12f9052-012a-11e4-ab7a-406186b5471f} - F:\AutoRun.exe
HKU\S-1-5-21-3294748572-2696964098-1573072663-1000\...\MountPoints2: {b12f9061-012a-11e4-ab7a-406186b5471f} - F:\AutoRun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jafdeqiphm..vbs ()
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: FT DeepDark - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fd1iaof3.default-1408619923336\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-12-19]
CHR StartupUrls: Default - "hxxp://www.mystartsearch.com/?type=hpts=1418996886from=smtuid=HitachiXHTS543232A7A384_E2P3121L1GYDLP1GYDLPX"
CHR Extension: (SourceApp) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggfmmoglagpoianpdkdhlcfchlenlkp [2014-12-19]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
2014-12-19 18:08 - 2014-12-19 18:11 - 00000000 ____ D () C:\AdwCleaner
2014-12-19 15:00 - 2014-12-19 18:12 - 00001336 _____ () C:\Windows\Tasks\GXQVPGQ.job
2014-12-19 15:00 - 2014-12-19 15:00 - 01474528 _____ (Object Browser) C:\Users\user\AppData\Roaming\GXQVPGQ.exe
2014-12-19 15:00 - 2014-12-19 15:00 - 00004350 _____ () C:\Windows\System32\Tasks\GXQVPGQ
2014-12-19 14:59 - 2014-12-19 18:12 - 00001682 _____ () C:\Windows\Tasks\OFKVGFVR.job
2014-12-19 14:59 - 2014-12-19 14:59 - 01800160 _____ (Object Browser) C:\Users\user\AppData\Roaming\OFKVGFVR.exe
2014-12-19 14:59 - 2014-12-19 14:59 - 00004696 _____ () C:\Windows\System32\Tasks\OFKVGFVR
2014-12-19 14:48 - 2014-12-19 17:38 - 00000000 ____ D () C:\Users\Public\Documents\GOOBZO
2014-12-19 14:48 - 2014-12-19 14:49 - 00001150 _____ () C:\Users\HomeGroupUser$\Desktop\YouTube Accelerator.lnk
2014-12-19 14:48 - 2014-12-19 14:48 - 00000000 ____ D () C:\Users\Public\Documents\YTAHelper
2014-12-19 14:48 - 2014-12-19 14:48 - 00000000 ____ D () C:\Users\Public\Documents\ShopperPro
2014-12-19 14:47 - 2014-12-19 17:52 - 00000000 ____ D () C:\Program Files (x86)\SourceApp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.