Zamulona Vista, niechciane programy


(Ben Rnz) #1

Witam. Tym razem chcialbym sobie oczyscic laptopa z systemem Vista. Juz na pierwszy rzut okna w panel sterowania nie pasuje mi "Torch", ktory nie da sie oczywiscie normalnie odinstalowac. Kolejna rzecza jest "sweet-page" w przegladarce. Podejrzewam ze jest na tym komputerze rowniez wiele innych śmieci.

 

FRST: http://wklej.org/id/1634210/

Addition: http://wklej.org/id/1634213/

 

 

Pomożecie?:slight_smile:


(Acorus) #2

Odinstaluj YoutubeAdblocker.Otwórz notatnik systemowy i wklej:

Task: {0DAC5654-DEA9-4767-B415-B5305C45197D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2002611865-3148025066-2303373402-1000Core = C:\Users\Kasperski\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-11] (Facebook Inc.)
Task: {4442F22C-06FE-43E1-8C3B-A4A4C589F3D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2002611865-3148025066-2303373402-1000UA = C:\Users\Kasperski\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-11] (Facebook Inc.)
Task: {83D0C393-1E06-44D0-959E-E96554563735} - System32\Tasks\OptimizerPro1UpdaterTask{E5E80ED6-63D4-410B-ABAE-637D23DBADF7} = C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe ==== ATTENTION
Task: {F4D3B202-EF67-4B37-B871-AA64D24F7256} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv = C:\Windows\TEMP\{4C12CCE7-9336-41A7-BB05-7CA9BD5CF721}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job = C:\Windows\TEMP\{4C12CCE7-9336-41A7-BB05-7CA9BD5CF721}.exe ==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job = C:\Windows\TEMP\{C31C4EDC-4C6A-4FB1-A2AF-DE0C4A3758E9}.exe ==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2002611865-3148025066-2303373402-1000Core.job = C:\Users\Kasperski\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2002611865-3148025066-2303373402-1000UA.job = C:\Users\Kasperski\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{E5E80ED6-63D4-410B-ABAE-637D23DBADF7}.job = C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe ==== ATTENTION
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-2002611865-3148025066-2303373402-1000\...\Run: [Facebook Update] = C:\Users\Kasperski\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-11] (Facebook Inc.)
HKU\S-1-5-21-2002611865-3148025066-2303373402-1000\...\Run: [iLivid] = "C:\Users\Kasperski\AppData\Local\iLivid\iLivid.exe" -autorun
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hpts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8X
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hpts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8X
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8Xq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8Xq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hpts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8X
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hpts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8X
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8Xq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8Xq={searchTerms}
HKU\S-1-5-21-2002611865-3148025066-2303373402-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8Xq={searchTerms}
HKU\S-1-5-21-2002611865-3148025066-2303373402-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8Xq={searchTerms}
HKU\S-1-5-21-2002611865-3148025066-2303373402-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hpts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8X
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8Xq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8Xq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT2475029
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchisbestmy.info/?l=1q={searchTerms}pid=34r=2013/11/17hid=15041159379961657848lg=ENcc=PLunqvl=41
SearchScopes: HKU\S-1-5-21-2002611865-3148025066-2303373402-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2002611865-3148025066-2303373402-1000 - 128E5113E95A4E2E9BB5E65FF8EC5A2C URL = http://klit.startnow.com/s/?q={searchTerms}src=defsearchprovider=provider_name=yahooprovider_code=partner_id=693product_id=741affiliate_id=channel=toolbar_id=200toolbar_version=2.4.0install_country=PLinstall_date=20121219user_guid=ACB019F6D56F4982B8DC0BA94AF17B7Bmachine_id=20307a1a8f7d342f81f15351db24a841browser=IEos=winos_version=6.0-x64-SP2iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-2002611865-3148025066-2303373402-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2002611865-3148025066-2303373402-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1391814096from=wpcuid=FUJITSUXMHY2160BH_K41JT862CUT8T862CUT8Xq={searchTerms}
SearchScopes: HKU\S-1-5-21-2002611865-3148025066-2303373402-1000 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT2475029
SearchScopes: HKU\S-1-5-21-2002611865-3148025066-2303373402-1000 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchisbestmy.info/?l=1q={searchTerms}pid=34r=2013/11/17hid=15041159379961657848lg=ENcc=PLunqvl=41
BHO: YoutubeAdblocker - {6B015290-F8E3-1D1D-34B4-28083C313B33} - C:\Program Files (x86)\YoutubeAdblocker\IFgMsV71VI.x64.dll ()
BHO-x32: YoutubeAdblocker - {6B015290-F8E3-1D1D-34B4-28083C313B33} - C:\Program Files (x86)\YoutubeAdblocker\IFgMsV71VI.dll ()
Toolbar: HKU\S-1-5-21-2002611865-3148025066-2303373402-1000 - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
FF DefaultSearchUrl: hxxp://websearch.searchisbestmy.info/?pid=34r=2013/11/17hid=15041159379961657848lg=ENcc=PLunqvl=41l=1q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: sweet-page
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: hxxp://websearch.searchisbestmy.info/?pid=34r=2013/11/17hid=15041159379961657848lg=ENcc=PLunqvl=41l=1q=
FF Plugin-x32: TorchVLC - C:\Users\Kasperski\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Kasperski\AppData\Roaming\Mozilla\Firefox\Profiles\gle4qfsm.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Users\Kasperski\AppData\Roaming\Mozilla\Firefox\Profiles\gle4qfsm.default\searchplugins\yahoo-zugo.xml
FF Extension: webSave - C:\Users\Kasperski\AppData\Roaming\Mozilla\Firefox\Profiles\gle4qfsm.default\Extensions\69hlhar@ep.co.uk [2014-02-08]
FF Extension: AllLChaeapPrrice - C:\Users\Kasperski\AppData\Roaming\Mozilla\Firefox\Profiles\gle4qfsm.default\Extensions\hdsd8_gkb@kfppjjzhciya.edu [2014-01-09]
FF Extension: YoutubeAdblocker - C:\Users\Kasperski\AppData\Roaming\Mozilla\Firefox\Profiles\gle4qfsm.default\Extensions\oict5lfx@uogqloobieeo.org [2014-02-08]
FF Extension: UTAdRemoveAlAAppp - C:\Users\Kasperski\AppData\Roaming\Mozilla\Firefox\Profiles\gle4qfsm.default\Extensions\uey8sn@osmsaxeoi.co.uk [2014-02-07]
FF Extension: DealExpresS - C:\Users\Kasperski\AppData\Roaming\Mozilla\Firefox\Profiles\gle4qfsm.default\Extensions\z-lbo13@vayea-.edu [2014-01-09]
CHR HKLM-x32\...\Chrome\Extension: [ndeaobbnandcaldnpjohjkijmfbapmoa] - C:\ProgramData\Download and Sa\ndeaobbnandcaldnpjohjkijmfbapmoa.crx [Not Found]
R2 TorchCrashHandler; C:\Users\Kasperski\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) ==== ATTENTION
2015-02-13 13:44 - 2013-11-18 20:32 - 00000000 ____ D () C:\ProgramData\TorchCrashHandler
2015-02-13 13:43 - 2013-06-08 18:47 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-02-13 13:43 - 2013-06-02 22:44 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-02-13 13:43 - 2012-10-06 11:26 - 00000420 ____ H () C:\Windows\Tasks\OptimizerPro1UpdaterTask{E5E80ED6-63D4-410B-ABAE-637D23DBADF7}.job
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Ben Rnz) #3

Fixlog: http://wklej.org/id/1634274/

AdwCleaner: http://wklej.org/id/1634269/

 

Torch i sweet-page usunięte, dziękuję bardzo! :slight_smile:

 

Raporty w porządku?


(Acorus) #4

Skasuj folder C:\FRST