Wszystkie działania wykonuj po kolei.
Do notatnika wklej i zapisz jako
fixlist.txt
Kod:
CloseProcesses:
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "F:\Hamachi\hamachi-2-ui.exe" --auto-start
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [CheckRunv9_uninstaller] => "C:\Users\Marcin\AppData\Roaming\CheckRunv9.exe" -c=http://www.v9.com/?utm_source=b&utm_medium=utt&from=utt&uid=TOSHIBAXMK6459GSXP_7141F7KHSXX7141F7KHS&ts=1369998620
HKU\S-1-5-21-3265588371-229853305-2744828907-1001\...\Run: [Google Update] => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-21] (Google Inc.)
HKU\S-1-5-21-3265588371-229853305-2744828907-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Marcin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3265588371-229853305-2744828907-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2995712 2013-04-14] (ALLPlayer Group Ltd.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=143
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=utt&from=utt&uid=TOSHIBAXMK6459GSXP_7141F7KHSXX7141F7KHS&ts=1369998620
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=utt&from=utt&uid=TOSHIBAXMK6459GSXP_7141F7KHSXX7141F7KHS&ts=1369998620
BHO-x32: ALLYouTubeDownloader -> {61DB16C5-B733-43F4-872E-B20DC9E72740} -> C:\Program Files (x86)\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF Extension: Iplex to ALLPlayer - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\jjmee0ex.default\Extensions\[email protected] [2013-08-16]
FF Extension: BetterTTV - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\jjmee0ex.default\Extensions\[email protected] [2014-09-13]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\jjmee0ex.default\Extensions\[email protected] [2013-02-09]
FF Extension: Przelewy24 - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\jjmee0ex.default\Extensions\[email protected] [2013-12-06]
FF Extension: ALLYouTubeDownloader - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\jjmee0ex.default\Extensions\[email protected] [2013-08-16]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-04-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-04-23]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
CHR HKLM-x32\...\Chrome\Extension: [ijblflkdjdopkpdgllkmlbgcffjbnfda] - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-02-04]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-04-23]
S2 Hamachi2Svc; F:\Hamachi\hamachi-2.exe -s [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Marcin\AppData\Local\Akamai
C:\ProgramData\Nexon
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
C:\ProgramData\NexonEU
C:\ProgramData\Nexon
C:\$Windows.~BT
C:\Windows\SysWow64\AI_RecycleBin
C:\MSOCache
C:\Users\Marcin\AppData\Roaming\Bitcoin
C:\Users\Marcin\AppData\Roaming\OpenCandy
C:\Users\Marcin\AppData\Roaming\TuneUp Software
C:\Users\Marcin\AppData\Roaming\wyUpdate AU
CustomCLSID: HKU\S-1-5-21-3265588371-229853305-2744828907-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3265588371-229853305-2744828907-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3265588371-229853305-2744828907-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3265588371-229853305-2744828907-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3265588371-229853305-2744828907-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Marcin\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll No File
CustomCLSID: HKU\S-1-5-21-3265588371-229853305-2744828907-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3265588371-229853305-2744828907-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Marcin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0FBFFD10-533A-4D41-B052-7379C3C59BD6} - System32\Tasks\AdobeAAMUpdater-1.0-Marcin-Acer-Marcin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {159CD38A-AC74-4CAC-A93B-18AA1F280EE9} - System32\Tasks\RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {320A532B-4BFD-4B9C-A750-622E76488C4C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3265588371-229853305-2744828907-1001UA1cff06bd466a59b => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {66B6C186-AAD0-4E65-8444-3ECB019638AC} - System32\Tasks\{9C01E72F-A454-42E4-885A-9D80C94BF73B} => Firefox.exe http://ui.skype.com/ui/0/6.11.0.102/pl/abandoninstall?page=tsProgressBar
Task: {713EDC85-31AB-4175-AE94-A8DA18FAB068} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3265588371-229853305-2744828907-1001UA1d00044e5b3296e => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {822CB5C2-FC38-4817-89DD-356A945B3716} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3265588371-229853305-2744828907-1001Core => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {9CDF6189-C688-4F38-8813-DB2AAC6D3292} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3265588371-229853305-2744828907-1001UA => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {C20F4E34-3FCB-4652-AEC7-1CCD456094EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3265588371-229853305-2744828907-1001UA1cf8a1121fd8d83 => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {DC2DCB04-C67A-4B6D-9355-738B7ECD7113} - System32\Tasks\GPU Temp\Startup => C:\Program Files (x86)\GPU Temp\GPUTemp.exe [2011-10-01] (gputemp.com)
Task: {FC724320-0F1F-41F2-9F85-4BDE890B63C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3265588371-229853305-2744828907-1001Core.job => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3265588371-229853305-2744828907-1001UA1cf8a1121fd8d83.job => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3265588371-229853305-2744828907-1001UA1cff06bd466a59b.job => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3265588371-229853305-2744828907-1001UA1d00044e5b3296e.job => C:\Users\Marcin\AppData\Local\Google\Update\GoogleUpdate.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
CMD: netsh advfirewall reset
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
Zapisany skrypt umieść obok ściągniętego programu
FRST
Następnie w programie kliknij
Fix,po wykonaniu pokaż raport z tego działania.
Czekaj cierpliwie aż skrypt się wykona. Po wykonaniu system zostanie uruchomiony ponownie.
Odinstaluj:
CheckRunv9_uninstalle
YTD Video Downloader 3.9.6
LogMeIn Hamachi (Jak będzie potrzebny to zainstalujesz jeszcze raz)
Java 7 Update 21 zainstaluj nową wersję 7u72 z tej strony:
[Aby zobaczyć linki, zarejestruj się tutaj]
Jeśli nie używasz nie instaluj.
W przeglądarce
Firefox
Otwórz menu w górnym rogu po prawej stronie > otwórz menu pomoc oznaczone czerwoną ramką.
[Aby zobaczyć linki, zarejestruj się tutaj]
Informacje dla pomocy technicznej > Zresetuj program Firefox. Reset nie naruszy zakładek i haseł.
Ściągnij program
[Aby zobaczyć linki, zarejestruj się tutaj]
kliknij
Szukaj i następnie
Usuń
Pokaż raport z niego.
Ściągnij program
[Aby zobaczyć linki, zarejestruj się tutaj]
uruchom kliknij w Change paramters,zaznacz wszystko klik ok i następnie Start Scan
Po wszystkim przedstaw raport po skanowaniu,ale nie przenoś niczego do kwarantanny i nie usuwaj.
Zrób nowe logi i przedstaw z FRST.txt > Addition.txt,Shortcut.txt + OTL ale bez extras.