Wirus Reimage Repair, kompurekr wolno pracuje


(Mariusz Kr) #1

Witam,

 

Koputer przeskanowany ADWCleaner.

 

Logi:

FIRST: http://wklej.to/TROH4

Addition: http://www.wklej.org/id/1636428/

 

Proszę o pomoc,

Mariusz.


(Atis) #2

Odinstaluj Norton Security Scan i YAC(Yet Another Cleaner!).

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1420031565&from=wpm12233&uid=395049983_1052499_D05A753E
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1420031565&from=wpm12233&uid=395049983_1052499_D05A753E
HKU\S-1-5-21-930900549-669975247-4242071829-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1420031565&from=wpm12233&uid=395049983_1052499_D05A753E
HKU\S-1-5-21-930900549-669975247-4242071829-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1420031565&from=wpm12233&uid=395049983_1052499_D05A753E
URLSearchHook: HKU\S-1-5-21-930900549-669975247-4242071829-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=128&systemid=488&v=a13277-371&apn_uid=0070894059404615&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1420031565&from=wpm12233&uid=395049983_1052499_D05A753E&q={searchTerms}
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D05A54E6FC95D48C&affID=123627&tsp=4987
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1420031565&from=wpm12233&uid=395049983_1052499_D05A753E&q={searchTerms}
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 -> {4EABD3A2-BAB5-4878-8BFD-E435840AC5DD} URL = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 -> {7BA06655-0BF9-40b7-802C-CFF3C6343908} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=128&systemid=488&v=a13277-371&apn_uid=0070894059404615&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1420031565&from=wpm12233&uid=395049983_1052499_D05A753E
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: delta-homes
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=128&systemid=488&v=a13277-371&apn_dtid=TCH001&apn_ptnrs=AG1&apn_uid=0070894059404615&o=APN11459&q=
FF SearchPlugin: C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\1silmfrh.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\1silmfrh.default\searchplugins\Ask.xml
FF Extension: Ask Toolbar - C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\1silmfrh.default\Extensions\toolbar_SGT-V7@apn.ask.com.xpi [2014-04-01]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 sony_ssm.sys; \??\C:\Users\k\AppData\Local\Temp\sony_ssm.sys [X]
2015-02-15 19:16 - 2015-02-15 19:16 - 00000000 ____ D () C:\Users\k\AppData\Roaming\Elex-tech
2015-02-15 19:16 - 2015-01-03 09:56 - 00044712 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-02-15 18:31 - 2015-02-15 19:14 - 00000000 ____ D () C:\AdwCleaner
2015-02-15 17:48 - 2015-02-15 17:49 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-02-15 17:47 - 2015-02-15 17:53 - 00000000 ____ D () C:\rei
2015-02-15 17:43 - 2015-02-15 17:43 - 00772168 _____ (Reimage®) C:\Users\k\Downloads\ReimageRepair.exe
2015-02-15 15:23 - 2015-02-15 15:23 - 00728784 _____ (Web ) C:\Users\k\Downloads\CCleaner(13061)-dp.exe
2015-01-17 12:47 - 2015-01-17 12:47 - 00000000 ____ D () C:\Program Files\Elex-tech
Task: {525FA547-8927-4777-8C13-90C97F7ECEA6} - System32\Tasks\{DDA6360E-B294-4EDB-B2EF-42E9F7B1658E} => pcalua.exe -a C:\Users\k\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {52D7D280-BC37-4B65-870B-E328715889D0} - System32\Tasks\{E626C27B-B35D-44DF-AB9D-98FF72AD4239} => C:\Program Files\Atari\Asterix at the Olympic Games\AsterixJO.exe
Task: {5623F574-CFF1-4EAD-A33C-070EA7185D1B} - System32\Tasks\{526592C2-BDE5-4DF6-B820-9D6B35C0A616} => C:\Program Files\Disney Interactive\Toy Story 2\Toy2.exe
Task: {577B003A-865F-4BD2-BE19-1069A992C26E} - System32\Tasks\{AECE46D7-3D84-4204-9764-3234F054B4FE} => C:\Program Files\Atari\Asterix at the Olympic Games\AsterixJO.exe
Task: {58FB42FF-30B9-4750-BE15-5F925947046B} - System32\Tasks\{53818B98-C42B-4BCB-BA7E-5945389EC10B} => pcalua.exe -a C:\Users\k\Downloads\fifa13(1).exe -d C:\Users\k\Downloads
Task: {79022FE0-7F81-4DC0-8A43-76B10FEC417A} - System32\Tasks\{A711FE98-C037-466F-A920-84FFD866A0D9} => E:\Setup.exe
Task: {8B42CCF4-50C4-42E9-A78D-E2A911091173} - System32\Tasks\{938EAAD7-44BA-47F1-BC7B-378D5D2A8036} => E:\Setup.exe
Task: {9219C66F-8BD1-4738-919C-08BB1238B83C} - System32\Tasks\{C6B560A8-687D-4CFE-903A-FABC10B86928} => pcalua.exe -a C:\Users\k\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {D0CDFEF8-01C9-4B38-AF9B-920394E5AC71} - System32\Tasks\{74DC0A51-2CB8-485E-ADF5-985FFF218621} => C:\Program Files\Atari\Asterix at the Olympic Games\AsterixJO.exe
Task: {DC35EA40-1E69-40F2-9750-61ED81BA2730} - System32\Tasks\Norton Security Scan for k => C:\Program Files\Norton Security Scan\Engine\3.7.1.4\Nss.exe [2012-10-03] (Symantec Corporation)
Task: {DFA54C4C-4704-431C-8C3B-DE254A65AB54} - System32\Tasks\{C6313C1B-A9F7-4AEA-A1D0-C54B5DBFB9F2} => C:\Program Files\Disney Interactive\Toy Story 2\Toy2.exe
Task: {EC8943B6-DD4E-44F1-9A95-0F21B9B64475} - System32\Tasks\{CAAE821B-599C-41F5-83FF-973DC274173C} => E:\Setup.exe
Task: {FBA72133-801F-4386-A618-ED2428A79361} - System32\Tasks\{12C59D3E-0FD7-4771-9D39-CB644BD28F1D} => pcalua.exe -a E:\Audio\VIA\v7900a\SETUP.EXE -d E:\Audio\VIA\v7900a
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Acorus) #3

Odinstaluj Ask Toolbar,Browser Configuration Utility,YAC(Yet Another Cleaner!).Otwórz notatnik systemowy i wklej:

Task: {9219C66F-8BD1-4738-919C-08BB1238B83C} - System32\Tasks\{C6B560A8-687D-4CFE-903A-FABC10B86928} = pcalua.exe -a C:\Users\k\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: C:\Windows\Tasks\Norton Security Scan for k.job = C:\PROGRA~1\NORTON~2\Engine\371~1.4\Nss.exe
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9210400 2010-04-30] (Realtek Semiconductor)
HKLM\...\Run: [ISUSScheduler] = C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1420031565from=wpm12233uid=395049983_1052499_D05A753E
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1420031565from=wpm12233uid=395049983_1052499_D05A753E
HKU\S-1-5-21-930900549-669975247-4242071829-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1420031565from=wpm12233uid=395049983_1052499_D05A753E
HKU\S-1-5-21-930900549-669975247-4242071829-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1420031565from=wpm12233uid=395049983_1052499_D05A753E
URLSearchHook: HKU\S-1-5-21-930900549-669975247-4242071829-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=128systemid=488v=a13277-371apn_uid=0070894059404615apn_dtid=TCH001o=APN11459apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6crg=3.1010000st=10q={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1420031565from=wpm12233uid=395049983_1052499_D05A753Eq={searchTerms}
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}babsrc=SP_ssmntrId=D05A54E6FC95D48CaffID=123627tsp=4987
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1420031565from=wpm12233uid=395049983_1052499_D05A753Eq={searchTerms}
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 - {4EABD3A2-BAB5-4878-8BFD-E435840AC5DD} URL = http://websearch.ask.com/custom/java/redirect?client=ietb=ORJo=100000026src=kwq={searchTerms}locale=apn_ptnrs=U3apn_dtid=OSJ000
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 - {7BA06655-0BF9-40b7-802C-CFF3C6343908} URL = http://uk.search.yahoo.com/search?p={searchTerms}fr=chr-devicevmtype=IEBD
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=128systemid=488v=a13277-371apn_uid=0070894059404615apn_dtid=TCH001o=APN11459apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKU\S-1-5-21-930900549-669975247-4242071829-1000 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6crg=3.1010000st=10q={searchTerms}
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=ntts=1420031565from=wpm12233uid=395049983_1052499_D05A753E
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: delta-homes
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffbgct=dsappid=128systemid=488v=a13277-371apn_dtid=TCH001apn_ptnrs=AG1apn_uid=0070894059404615o=APN11459q=
FF SearchPlugin: C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\1silmfrh.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\1silmfrh.default\searchplugins\Ask.xml
FF Extension: Ask Toolbar - C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\1silmfrh.default\Extensions\toolbar_SGT-V7@apn.ask.com.xpi [2014-04-01]
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-01-03] (Elex do Brasil Participações Ltda)
S3 gdrv; \\C:\Windows\gdrv.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 sony_ssm.sys; \\C:\Users\k\AppData\Local\Temp\sony_ssm.sys [X]
2015-02-15 19:16 - 2015-02-15 19:16 - 00000000 ____ D () C:\Users\k\AppData\Roaming\Elex-tech
2015-02-15 19:16 - 2015-01-03 09:56 - 00044712 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-02-15 18:31 - 2015-02-15 19:14 - 00000000 ____ D () C:\AdwCleaner
2015-02-15 17:43 - 2015-02-15 17:43 - 00772168 _____ (Reimage®) C:\Users\k\Downloads\ReimageRepair.exe
2015-01-17 12:47 - 2015-01-17 12:47 - 00000000 ____ D () C:\Program Files\Elex-tech
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.4.1028.exe


(Mariusz Kr) #4

Usunięte w/w.

Do notatnika wklejone powyższe i zapsane jako fixlist.txt w notatniku i zapisane razem z FRST ( wykonanym na początku ). Zapisane w jednym folderze w moich dok.

Uruchomiłem FRST i kliknąłem Fix. Wyskoczył komunikat: "NO fixlist.txt found". Więc pradopodobnie zrobiłem coś źle. Proszę o ew. proste wskazówki.

 

Przeskanowałem Malwarebytesem. Znalazł 37 obiektów niepożądanych.

 

Plik Reimage Repair dalej znajduje się w programach.


(Atis) #5

Fixlist zapisz tam gdzie FRST: Running from C:\Users\k\Downloads


(Mariusz Kr) #6

Komputer - dysk C - FRST- wklejone fixlist/txt. O to chodziło?


(Atis) #7

FRST jest w folderze: C:\Users\k\Downloads

Po prostu skopiuj program FRST i Fixlist na pulpit.