Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

PC Pentium 4 - Proszę o sprawdzenie logów. Reklamy i powolne działanie. cureit.C

krzysiozak 25 Wrz 2015 10:17 534 8
  • #1 25 Wrz 2015 10:17
    krzysiozak
    Poziom 35  

    Proszę o sprawdzenie logów. Reklamy i powolne działanie. Program Cureit.
    Proszę się nie denerwować jeśli zrobiłem coś źle, uwagi przyjmę z pokorą.

    0 8
  • Pomocny post
    #5 25 Wrz 2015 10:56
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj Math Problem Solver, Media View, OffersWizard Network System Driver i Search App by Ask.

    Cytat:

    Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\At5.job => C:\DOCUME~1\KRZYSZ~1\DANEAP~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: C:\WINDOWS\Tasks\bench-sys.job => C:\Program Files\Bench\Updater\Updater.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\bench-Updater removing.job => /verysilent SYSTEM This will uninstall Updater <==== UWAGA
    Task: C:\WINDOWS\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Documents and Settings\Krzysztof Żak\Ustawienia lokalne\Temp\DE3.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\KRZYSZ~1\DANEAP~1\BABSOL~1\Shared\BabMaint.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RCP\RegCleanPro.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RCP\RegCleanPro.exe <==== UWAGA
    HKLM\...\Run: [hpqSRMon] => [X]
    HKLM\...\Run: [fst_pl_6] => [X]
    HKLM\...\Run: [fst_pl_19] => [X]
    HKLM\...\Run: [] => [X]
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== UWAGA
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    CHR HKU\S-1-5-21-1004336348-436374069-839522115-1004\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1004336348-436374069-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-1004336348-436374069-839522115-1004 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
    Toolbar: HKLM - Brak nazwy - {ae07101b-46d4-4a98-af68-0333ea26e113} - Brak pliku
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL Brak pliku
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL Brak pliku
    FF Extension: Brak nazwy - C:\Program Files\BetterSurf\BetterSurfPlus\ff [nie znaleziono]
    CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp




    CHR StartupUrls: Default -> "hxxp://www.wp.pl/","hxxps://www.loteriada.pl/","hxxp://www.sweet-page.com/?type=hp&ts=1439993105&z=bb0611f8903e9e66a524e5bgcz0c8tetatecee5t5g&from=cor&uid=WDCXWD1600AAJB-00J3A0_WD-WCAV2U37345373453"
    CHR HKLM\...\Chrome\Extension: [aaaaadgepjkdffhjbkfjgnnffnfcffbg] - C:\Documents and Settings\All Users\Dane aplikacji\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx [2015-08-19]
    CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\Documents and Settings\All Users\Dane aplikacji\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-08-28]
    CHR HKLM\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Documents and Settings\Krzysztof Żak\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files\BetterSurf\ch\Chrome.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [emhjefbkadapepbepjlidmbjomadhbpb] - C:\Program Files\MediaViewV1\MediaViewV1alpha4789\ch\MediaViewV1alpha4789.crx [2014-02-27]
    CHR HKLM\...\Chrome\Extension: [faligagondkkiebbokdpibpjpkdcchlf] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode1439\ch\MediaBuzzV1mode1439.crx [2014-04-23]
    CHR HKLM\...\Chrome\Extension: [ijogeilhhandekngbfbbolgfdhgdbdip] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta393\ch\VideoPlayerV3beta393.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [ildkaaieaognmkmhclcidnokoocadchi] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha828\ch\WebexpEnhancedV1alpha828.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files\Better-Surf\ch\Chrome.crx <nie znaleziono>
    OPR StartupUrls: "hxxp://www.sweet-page.com/?type=hp&ts=1439993105&z=bb0611f8903e9e66a524e5bgcz0c8tetatecee5t5g&from=cor&uid=WDCXWD1600AAJB-00J3A0_WD-WCAV2U37345373453"
    S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
    S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
    S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
    S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
    S4 IntelIde; Brak ImagePath
    U4 RemoteRegistry; Brak ImagePath
    S3 VComm; system32\DRIVERS\VComm.sys [X]
    S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
    U1 WS2IFSL; Brak ImagePath
    2015-09-11 10:13 - 2015-09-11 10:13 - 00000382 _____ C:\WINDOWS\Tasks\Chrome Cleanup Tool logs upload retry.job
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    C:\Windows\Tasks\At5.job
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe, odpal go i kliknij Fix/Napraw.

    Przeskanuj ponadto komputer programem ADWCleaner i MBAM i usuń wszystko co znalazły.

    0
  • Pomocny post
    #6 25 Wrz 2015 11:07
    Acorus 20
    Spec od komputerów

    Odinstaluj Search App by Ask. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\At5.job => C:\DOCUME~1\KRZYSZ~1\DANEAP~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: C:\WINDOWS\Tasks\bench-sys.job => C:\Program Files\Bench\Updater\Updater.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\bench-Updater removing.job => /verysilent SYSTEM This will uninstall Updater <==== UWAGA
    Task: C:\WINDOWS\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Documents and Settings\Krzysztof Żak\Ustawienia lokalne\Temp\DE3.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\KRZYSZ~1\DANEAP~1\BABSOL~1\Shared\BabMaint.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RCP\RegCleanPro.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RCP\RegCleanPro.exe <==== UWAGA
    HKLM\...\Run: [hpqSRMon] => [X]
    HKLM\...\Run: [fst_pl_6] => [X]
    HKLM\...\Run: [fst_pl_19] => [X]
    HKLM\...\Run: [] => [X]
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== UWAGA
    CHR HKU\S-1-5-21-1004336348-436374069-839522115-1004\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1004336348-436374069-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-1004336348-436374069-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
    HKU\S-1-5-21-1004336348-436374069-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    URLSearchHook: HKU\S-1-5-21-1004336348-436374069-839522115-1004 - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
    FF HKLM\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files\BetterSurf\ff
    FF HKLM\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files\Better-Surf\ff
    FF HKLM\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files\BetterSurf\BetterSurfPlus\ff
    FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha828.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha828\ff
    FF Extension: Webexp Enhanced - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha828\ff [2013-12-20]
    FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta393.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta393\ff
    FF Extension: Video Player - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta393\ff [2014-01-10]
    FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha903.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha903\ff
    FF Extension: Media Player - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha903\ff [2014-01-30]
    FF HKLM\...\Firefox\Extensions: [ext@MediaViewerV1alpha1126.net] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1126\ff
    FF Extension: Media Viewer - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1126\ff [2014-02-24]
    FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha1442.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha1442\ff
    FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha1442\ff [2014-03-01]
    FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha4789.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha4789\ff
    FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha4789\ff [2014-03-16]
    FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home840.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home840\ff
    FF Extension: Media Watch - C:\Program Files\MediaWatchV1\MediaWatchV1home840\ff [2014-03-23]
    FF HKLM\...\Firefox\Extensions: [ext@MediaBuzzV1mode1439.net] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode1439\ff
    FF Extension: Media Buzz - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode1439\ff [2014-04-27]
    FF HKLM\...\Firefox\Extensions: [ext@RichMediaViewV1release6948.net] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release6948\ff
    FF Extension: Rich Media View - C:\Program Files\RichMediaViewV1\RichMediaViewV1release6948\ff [2014-05-15]
    CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
    CHR StartupUrls: Default -> "hxxp://www.wp.pl/","hxxps://www.loteriada.pl/","hxxp://www.sweet-page.com/?type=hp&ts=1439993105&z=bb0611f8903e9e66a524e5bgcz0c8tetatecee5t5g&from=cor&uid=WDCXWD1600AAJB-00J3A0_WD-WCAV2U37345373453"
    CHR HKLM\...\Chrome\Extension: [aaaaadgepjkdffhjbkfjgnnffnfcffbg] - C:\Documents and Settings\All Users\Dane aplikacji\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx [2015-08-19]
    CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\Documents and Settings\All Users\Dane aplikacji\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-08-28]
    CHR HKLM\...\Chrome\Extension: [bdhfgaibopjelgfepahepeemddalkejm] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release6948\ch\RichMediaViewV1release6948.crx [2014-05-14]
    CHR HKLM\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Documents and Settings\Krzysztof Żak\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files\BetterSurf\ch\Chrome.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [emhjefbkadapepbepjlidmbjomadhbpb] - C:\Program Files\MediaViewV1\MediaViewV1alpha4789\ch\MediaViewV1alpha4789.crx [2014-02-27]
    CHR HKLM\...\Chrome\Extension: [faligagondkkiebbokdpibpjpkdcchlf] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode1439\ch\MediaBuzzV1mode1439.crx [2014-04-23]
    CHR HKLM\...\Chrome\Extension: [ijogeilhhandekngbfbbolgfdhgdbdip] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta393\ch\VideoPlayerV3beta393.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [ildkaaieaognmkmhclcidnokoocadchi] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha828\ch\WebexpEnhancedV1alpha828.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx [2012-10-16]
    CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files\Better-Surf\ch\Chrome.crx <nie znaleziono>
    CHR HKU\S-1-5-21-1004336348-436374069-839522115-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
    OPR StartupUrls: "hxxp://www.sweet-page.com/?type=hp&ts=1439993105&z=bb0611f8903e9e66a524e5bgcz0c8tetatecee5t5g&from=cor&uid=WDCXWD1600AAJB-00J3A0_WD-WCAV2U37345373453"
    S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
    S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
    S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
    S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
    S4 IntelIde; Brak ImagePath
    U4 RemoteRegistry; Brak ImagePath
    S3 VComm; system32\DRIVERS\VComm.sys [X]
    S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
    U1 WS2IFSL; Brak ImagePath
    2015-09-24 18:31 - 2015-09-24 21:05 - 00000000 ____D C:\Documents and Settings\Krzysztof Żak\Doctor Web
    2015-04-14 18:14 - 2015-04-14 18:13 - 0613255 _____ (CMI Limited) C:\Documents and Settings\Krzysztof Żak\Ustawienia lokalne\Dane aplikacji\nsd97.tmp
    2015-04-14 17:38 - 2015-04-14 17:37 - 0613255 _____ (CMI Limited) C:\Documents and Settings\Krzysztof Żak\Ustawienia lokalne\Dane aplikacji\nsg3003.tmp
    2015-04-14 17:33 - 2015-04-14 17:33 - 0260876 _____ (VuuPC Limited) C:\Documents and Settings\Krzysztof Żak\Ustawienia lokalne\Dane aplikacji\nsi2F8D.tmp
    2015-04-14 17:35 - 2015-04-14 17:35 - 0260876 _____ (VuuPC Limited) C:\Documents and Settings\Krzysztof Żak\Ustawienia lokalne\Dane aplikacji\nsn2FD0.tmp
    2015-04-14 18:36 - 2015-04-14 18:36 - 0613255 _____ (CMI Limited) C:\Documents and Settings\Krzysztof Żak\Ustawienia lokalne\Dane aplikacji\nsw1A0.tmp
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    C:\Windows\Tasks\At5.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • Pomocny post
    #8 25 Wrz 2015 15:50
    Domino_2
    Pomocny dla użytkowników

    Jeśli wszystko jest OK, to skasuj folder C:\FRST i to na tyle.

    0