Frst plik fixlist

**Posty:** 3 · przez **Karmann** 25 Gru 2014, 19:00

Witam, zauważyłem, że pliki nie ściągają się do końca (przy 99% prędkość spada do zera) oraz niektóre filmy na youtube się nie ładują. Szukając w forach, znalazłem, że przyczyną może być Sality, lecz program do usuwania wirusa, np.SalityKiller, nic nie pomógł. Ostatnio znalazłem program FRST, lecz uważam, iż nie mam wystarczającej wiedzy na samodzielne zrobienie pliku fixlist. Byłbym bardzo wdzięczny osobie, która pomogłaby mi z tym problemem. Z góry dziękuję.

**Posty:** 4765 · przez **ordynat** 25 Gru 2014, 19:38

Nie widzę tui żadnej infekcji.

1) Odinstaluj te programy:
BrowseMark (HKLM\...\BrowseMark) (Version: 2014.03.11.182504 - BrowseMark) <==== ATTENTION!
Akamai NetSession Interface
Sweet Page (HKLM-x32\...\sweet-page uninstaller) (Version: - sweet-page) <==== ATTENTION

2) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport C:\AdwCleaner\AdwCleaner[S].txt.

3) Otwórz Notatnik i wklej w nim:

C:\Users\Michał\AppData\Local\Akamai\netsession_win.exe
HKU\S-1-5-21-2642549809-1869780194-165678537-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\MichaB\AppData\Local\Akamai\netsession_win.exe"
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
Startup: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_08276169.lnk
ShortcutTarget: _uninst_08276169.lnk -> C:\Users\Michał\AppData\Local\Temp\_uninst_08276169.bat (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1397053220&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1397053220&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1397053220&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX&q={searchTerms}
HKU\S-1-5-21-2642549809-1869780194-165678537-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1397053220&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1397053220&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1397053220&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1397053220&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1397053220&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2642549809-1869780194-165678537-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1397053220&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2642549809-1869780194-165678537-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1397053220&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX&q={searchTerms}
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hppp&ts=1409309362&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hppp&ts=1409309362&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX"
CHR DefaultSearchKeyword: Default -> sweet-page
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
C:\Program Files (x86)\SupTab
C:\ProgramData\IePluginService
C:\Program Files (x86)\BrowseMark
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

**Posty:** 3 · przez **Karmann** 25 Gru 2014, 20:45

Adw-Cleaner:
# AdwCleaner v4.106 - Log utworzony 25/12/2014 o 19:18:46
# Aktualizacja 21/12/2014 przez Xplode
# Database : 2014-12-21.4 [Live]
# System operacyjny : Windows 8.1 (64 bits)
# Użytkownik : Michał - MICHAL
# Ścieżka : C:\Users\Michał\Desktop\AdwCleaner.exe
# Opcja : Usuń

***** [ Usługi ] *****

***** [ Pliki / Foldery ] *****

Folder Usunięto : C:\ProgramData\IePluginService
Folder Usunięto : C:\Program Files (x86)\SupTab
Folder Usunięto : C:\Users\Michał\AppData\Local\CrashRpt
Folder Usunięto : C:\Users\Michał\AppData\Roaming\OpenCandy
Folder Usunięto : C:\Users\Michał\AppData\Roaming\SupTab
Folder Usunięto : C:\Users\Michał\AppData\Roaming\sweet-page
Folder Usunięto : C:\Users\Michał\AppData\Roaming\RHEng

***** [ Zadania ] *****

***** [ Skróty ] *****

***** [ Rejestr ] *****

Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Klucz Usunięto : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFF3225C-247B-41B3-8EC7-0724C8618E03}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFF3225C-247B-41B3-8EC7-0724C8618E03}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKCU\Software\UpdateStar
Klucz Usunięto : HKLM\SOFTWARE\IePlugin
Klucz Usunięto : HKLM\SOFTWARE\SupTab
Klucz Usunięto : HKLM\SOFTWARE\sweet-pageSoftware
Klucz Usunięto : HKLM\SOFTWARE\Wpm
Dane Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL,C:\Windows\system32\nvinitx.dll,C:\WINDOWS\system32\nvinitx.dll

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v11.0.9600.17416

Ustawienie Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Ustawienie Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v39.0.2171.95

[C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://www.softonic.pl/s/{searchTerms}

-\\ Opera v0.0.0.0

[C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://www.softonic.pl/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [3920 octets] - [25/12/2014 19:12:50]
AdwCleaner[S0].txt - [3374 octets] - [25/12/2014 19:18:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3434 octets] ##########

FRST:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2014 01
Ran by Michał at 2014-12-25 19:28:21 Run:2
Running from C:\Users\Michał\Desktop
Loaded Profile: Michał (Available profiles: Michał)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Michał\AppData\Local\Akamai\netsession_win.exe
HKU\S-1-5-21-2642549809-1869780194-165678537-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\MichaB\AppData\Local\Akamai\netsession_win.exe"
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
Startup: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_08276169.lnk
ShortcutTarget: _uninst_08276169.lnk -> C:\Users\Michał\AppData\Local\Temp\_uninst_08276169.bat (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds& ... 0G20ZJX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1 ... 0ZJ0G20ZJX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds& ... 0G20ZJX&q={searchTerms}
HKU\S-1-5-21-2642549809-1869780194-165678537-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1 ... 0ZJ0G20ZJX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds& ... 0G20ZJX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds& ... 0G20ZJX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds& ... 0G20ZJX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds& ... 0G20ZJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2642549809-1869780194-165678537-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds& ... 0G20ZJX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2642549809-1869780194-165678537-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds& ... 0G20ZJX&q={searchTerms}
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hppp&ts ... 0ZJ0G20ZJX
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hppp&ts=1409309362&from=cor&uid=HitachiXHTS545050A7E380_TE85313R0G20ZJ0G20ZJX"
CHR DefaultSearchKeyword: Default -> sweet-page
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
C:\Program Files (x86)\SupTab
C:\ProgramData\IePluginService
C:\Program Files (x86)\BrowseMark
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
EmptyTemp:
*****************

"C:\Users\Michał\AppData\Local\Akamai\netsession_win.exe" => File/Directory not found.
HKU\S-1-5-21-2642549809-1869780194-165678537-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully.
"C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Value Data not found.
C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_08276169.lnk => Moved successfully.
C:\Users\Michał\AppData\Local\Temp\_uninst_08276169.bat not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-2642549809-1869780194-165678537-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKU\S-1-5-21-2642549809-1869780194-165678537-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2642549809-1869780194-165678537-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll not found.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll not found.
"C:\Program Files (x86)\SupTab" => File/Directory not found.
"C:\ProgramData\IePluginService" => File/Directory not found.
"C:\Program Files (x86)\BrowseMark" => File/Directory not found.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.VBS => Moved successfully.
EmptyTemp: => Removed 1.3 GB temporary data.

The system needed a reboot.

==== End of Fixlog 19:29:51 ====

Pomogło. Dziękuję za pomoc.

**Posty:** 4765 · przez **ordynat** 25 Gru 2014, 21:06

Póki co, brak poprawy.

ale przynajmniej teraz wiesz, że masz czysto.
Na złe łącze internetowe nic Ci nie poradzę.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST

**Posty:** 3 · przez **Karmann** 26 Gru 2014, 14:18

Dzięki za pomoc, już działa.