Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Dysk zewnetrzny - skrót zamiast folderu - snkb0pt

karolwin 17 Lut 2015 17:51 1374 10
  • #1 17 Lut 2015 17:51
    karolwin
    Poziom 9  

    Witam, mam problem, otóż:
    Gdy podłączam mój dysk zewnętrzny nie mogę otworzyć folderów się tam znajdujących, zamiast nich są ich skróty, wyskakuje okienko z treścią: ,,System Windows nie może odnaleźć pliku H:\snkb0pt\snkb0pt.exe Upewnij się że wpisana nazwa jest wpisana poprawnie i spróbuj ponownie. Mógłbym liczyć na pomoc? Z góry dziękuję

    0 10
  • CControls
  • CControls
  • #3 17 Lut 2015 17:59
    887440
    Użytkownik usunął konto  
  • #4 17 Lut 2015 18:28
    karolwin
    Poziom 9  

    Zaraz wrzucę z frst.

    Edit:

    Reszta logów. Co dalej?

    Moderowany przez swiercm:

    Posty scaliłem. Proszę, byś w przypadku aktualizacji informacji używał opcji "Zmień".

    0
  • #5 17 Lut 2015 18:37
    887440
    Użytkownik usunął konto  
  • #6 17 Lut 2015 18:58
    Acorus 20
    Spec od komputerów

    Odinstaluj avast! Free Antivirus,FoxTab PDF Converter,McAfee Security Scan Plus.Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {30F22D5B-D1E4-49E7-B25C-D2597F5158D1} - System32\Tasks\{D52398C2-2C1F-42A6-89E7-B5E84837B2CD} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/pl/go/help.faq.installer?LastError=1638
    Task: {39E75449-9C24-4CFE-9F82-0C143BC650C8} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrokerHandler.exe <==== ATTENTION
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Freecorder FLV Service] => "D:\FLVSrvc.exe" /run
    HKLM-x32\...\Run: [Yxhfxhrkdhvcyvvs.exe] => "C:\Users\xxx\AppData\Roaming\Yxhfxhrkdhvcyvvs.exe"
    HKLM-x32\...\Run: [csrss.exe] => "C:\Users\xxx\AppData\Roaming\csrss.exe"
    HKLM-x32\...\Run: [fst_pl_90] => [X]
    HKU\S-1-5-21-2351112747-926030224-389029679-1000\...\Run: [Yxhfxhrkdhvcyvvs.exe] => "C:\Users\xxx\AppData\Roaming\Yxhfxhrkdhvcyvvs.exe"
    HKU\S-1-5-21-2351112747-926030224-389029679-1000\...\Run: [Tiny download manager] => "C:\Users\xxx\AppData\Local\DM\TinyDM.exe" /M
    HKU\S-1-5-21-2351112747-926030224-389029679-1000\...\Run: [csrss.exe] => "C:\Users\xxx\AppData\Roaming\csrss.exe"
    HKU\S-1-5-21-2351112747-926030224-389029679-1000\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3510704 2014-07-23] (ALLPlayer Group Ltd.)
    HKU\S-1-5-18\...\Run: [Network Settings] => "C:\ProgramData\Network Settings\khsuvtnsd.exe"
    AppInit_DLLs-x32:  => "" File Not Found
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2351112747-926030224-389029679-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    URLSearchHook: HKLM-x32 - (No Name) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File
    URLSearchHook: HKLM-x32 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
    URLSearchHook: HKU\S-1-5-21-2351112747-926030224-389029679-1000 - (No Name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No File
    SearchScopes: HKLM-x32 -> {1584B1F3-0DF2-3E17-F4D2-4D6EE1018E7E} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =




    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: No Name -> {1392b8d2-5c05-419f-a8f6-b9f15a596612} -> No File
    BHO-x32: No Name -> {d43723ae-1ae1-4a25-a6a4-bf0929273cab} -> No File
    Toolbar: HKLM - No Name - !{1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
    Toolbar: HKLM - No Name - !{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File
    Toolbar: HKLM - No Name - !{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
    Toolbar: HKLM - No Name - !{d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File
    Toolbar: HKLM-x32 - No Name - !{1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
    Toolbar: HKLM-x32 - No Name - !{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File
    Toolbar: HKLM-x32 - No Name - !{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
    Toolbar: HKLM-x32 - No Name - !{d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File
    Toolbar: HKU\S-1-5-21-2351112747-926030224-389029679-1000 -> No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    Toolbar: HKU\S-1-5-21-2351112747-926030224-389029679-1000 -> No Name - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - No File
    FF HKU\S-1-5-21-2351112747-926030224-389029679-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jinihaffgdhejchgkogpfkdmpldnmnji] - C:\Users\xxx\AppData\Local\Temp\tbch.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [naipdapbimiiikbbgjcpbgmfhnlbagpj] - C:\Users\xxx\AppData\Local\Temp\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\xxx\AppData\Local\Temp\tbch.crx [Not Found]
    S3 G Data Tuner Service; C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe [X]
    S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [X]
    S2 StarWindServiceAE; D:\Alcohol 52\StarWind\StarWindServiceAE.exe [X]
    U3 atrj2xq1; No ImagePath
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 HidNt; system32\DRIVERS\HIDNt.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    S3 Mac606; system32\DRIVERS\Mac606.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2015-02-17 18:11 - 2015-02-17 18:21 - 00000000 ____D () C:\AdwCleaner
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix.

    0
  • #7 17 Lut 2015 19:00
    karolwin
    Poziom 9  

    co to znaczy bm?

    0
  • #8 17 Lut 2015 19:07
    Kolobos
    Spec od komputerów

    @Mayjster tylko przeszkadzasz.

    @Acorus 20 TROCHĘ pominąłeś ;)

    Odinstaluj:
    FoxTab PDF Converter (HKU\S-1-5-21-2351112747-926030224-389029679-1000\...\FoxTab PDF Converter) (Version: - ) <==== ATTENTION
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

    Obok frst.exe utwórz plik fixlist.txt z zawartością:
    Task: {0FE26979-B812-4DB7-9F84-1877EC26F9DC} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
    Task: {25AAD672-95AC-4F78-889B-7A362ECFEBEE} - System32\Tasks\{F0CEAF13-E811-441E-810D-7187B6918BB6} => pcalua.exe -a "C:\Program Files (x86)\IncrediMail\Bin\ImSetup.exe" -c /uninstallProduct /addon:incredimail
    Task: {39E75449-9C24-4CFE-9F82-0C143BC650C8} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrokerHandler.exe <==== ATTENTION
    C:\user.js
    HKLM-x32\...\Run: [Yxhfxhrkdhvcyvvs.exe] => "C:\Users\xxx\AppData\Roaming\Yxhfxhrkdhvcyvvs.exe"
    HKLM-x32\...\Run: [csrss.exe] => "C:\Users\xxx\AppData\Roaming\csrss.exe"
    HKLM-x32\...\Run: [fst_pl_90] => [X]
    HKU\S-1-5-21-2351112747-926030224-389029679-1000\...\Run: [Network Settings] => "C:\ProgramData\Network Settings\khsuvtnsd.exe"
    HKU\S-1-5-21-2351112747-926030224-389029679-1000\...\Run: [Yxhfxhrkdhvcyvvs.exe] => "C:\Users\xxx\AppData\Roaming\Yxhfxhrkdhvcyvvs.exe"
    HKU\S-1-5-21-2351112747-926030224-389029679-1000\...\Run: [csrss.exe] => "C:\Users\xxx\AppData\Roaming\csrss.exe"
    HKU\S-1-5-18\...\Run: [Network Settings] => "C:\ProgramData\Network Settings\khsuvtnsd.exe"
    AppInit_DLLs-x32:  => "" File Not Found
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2351112747-926030224-389029679-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki
    URLSearchHook: HKLM-x32 - (No Name) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File
    URLSearchHook: HKLM-x32 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
    URLSearchHook: HKU\S-1-5-21-2351112747-926030224-389029679-1000 - (No Name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No File
    SearchScopes: HKLM-x32 -> {1584B1F3-0DF2-3E17-F4D2-4D6EE1018E7E} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: No Name -> {1392b8d2-5c05-419f-a8f6-b9f15a596612} -> No File
    BHO-x32: No Name -> {d43723ae-1ae1-4a25-a6a4-bf0929273cab} -> No File
    Toolbar: HKLM - No Name - !{1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
    Toolbar: HKLM - No Name - !{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File
    Toolbar: HKLM - No Name - !{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
    Toolbar: HKLM - No Name - !{d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File
    Toolbar: HKLM-x32 - No Name - !{1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
    Toolbar: HKLM-x32 - No Name - !{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File
    Toolbar: HKLM-x32 - No Name - !{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
    Toolbar: HKLM-x32 - No Name - !{d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File
    Toolbar: HKU\S-1-5-21-2351112747-926030224-389029679-1000 -> No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    Toolbar: HKU\S-1-5-21-2351112747-926030224-389029679-1000 -> No Name - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - No File
    FF Extension: Widget context - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-01-16]
    FF Extension: HomeTab - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dz7bfcgw.default\Extensions\{9c72a7f0-9ced-4876-80b8-2cebdc068f07} [2014-02-07]
    FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dz7bfcgw.default\extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com [Not Found]
    FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dz7bfcgw.default\extensions\quick_start@gmail.com [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\BlockAndSurf Corp\158.xpi [Not Found]
    FF Extension: No Name - D:\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    CHR Extension: (Lightning Newtab) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-09-18]
    CHR Extension: (Quick Start) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-09-18]
    CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jinihaffgdhejchgkogpfkdmpldnmnji] - C:\Users\xxx\AppData\Local\Temp\tbch.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [naipdapbimiiikbbgjcpbgmfhnlbagpj] - C:\Users\xxx\AppData\Local\Temp\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\xxx\AppData\Local\Temp\tbch.crx [Not Found]
    S3 G Data Tuner Service; C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe [X]
    S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [X]
    S2 StarWindServiceAE; D:\Alcohol 52\StarWind\StarWindServiceAE.exe [X]
    U3 atrj2xq1; No ImagePath
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 HidNt; system32\DRIVERS\HIDNt.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    S3 Mac606; system32\DRIVERS\Mac606.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2015-02-17 18:11 - 2015-02-17 18:21 - 00000000 ____D () C:\AdwCleaner
    2015-02-17 18:09 - 2015-02-17 18:09 - 02112512 _____ () C:\Users\xxx\Downloads\adwcleaner_4.110 (1).exe
    2015-02-17 17:42 - 2015-02-17 17:42 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.0.4.1028 (1).exe
    2015-01-25 21:09 - 2015-01-25 21:10 - 20252472 _____ (Gameforge ) C:\Users\xxx\Downloads\Metin2_GameforgeLiveSetup (1).exe
    2013-08-20 08:29 - 2013-08-20 08:29 - 4188160 _____ () C:\Program Files (x86)\GUTA544.tmp
    2014-04-08 18:19 - 2014-04-17 16:48 - 0117248 __RSH (b embitter) C:\Users\xxx\AppData\Roaming\adobereade.exe
    2014-01-15 21:08 - 2013-06-09 15:59 - 0192584 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Roaming\atl110.dll
    2014-04-17 18:02 - 2014-04-17 18:02 - 0108032 ___RH (pocket quitter) C:\Users\xxx\AppData\Roaming\Feqtouyngfifoftd.exe
    2014-01-15 21:08 - 2014-01-15 21:55 - 0002101 _____ () C:\Users\xxx\AppData\Roaming\FoundShares.log
    2014-09-06 11:14 - 2014-05-26 19:32 - 0114688 ___RH (ASUSTek Computer Inc.) C:\Users\xxx\AppData\Roaming\Fxtwobefqihmcwxg.exe
    2014-01-15 21:08 - 2014-01-15 19:26 - 0052224 _____ () C:\Users\xxx\AppData\Roaming\hd.exe
    2014-09-06 06:28 - 2014-05-26 19:32 - 0114688 ___RH (ASUSTek Computer Inc.) C:\Users\xxx\AppData\Roaming\Jnhksbzqleciztmv.exe
    2014-04-22 18:59 - 2014-04-22 18:59 - 0196608 ___RH () C:\Users\xxx\AppData\Roaming\lsm.exe
    2014-06-07 15:32 - 2014-05-26 19:32 - 0114688 ___RH (ASUSTek Computer Inc.) C:\Users\xxx\AppData\Roaming\Lykeduchcqawackr.exe
    2014-01-15 21:08 - 2014-01-03 16:34 - 0468480 _____ () C:\Users\xxx\AppData\Roaming\mpir.dll
    2014-01-15 21:08 - 2014-01-03 16:34 - 0522752 _____ () C:\Users\xxx\AppData\Roaming\msdtce.exe
    2014-06-14 09:50 - 2014-05-26 19:32 - 0114688 ___RH (ASUSTek Computer Inc.) C:\Users\xxx\AppData\Roaming\Pcipncidwcnmxxit.exe
    2014-11-11 14:02 - 2014-05-26 19:32 - 0114688 ___RH (ASUSTek Computer Inc.) C:\Users\xxx\AppData\Roaming\Uehchspzbanzzmbg.exe
    2014-01-15 21:08 - 2012-11-05 23:26 - 0354264 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Roaming\vccorlib110.dll
    2014-07-12 13:25 - 2014-05-26 19:32 - 0114688 ___RH (ASUSTek Computer Inc.) C:\Users\xxx\AppData\Roaming\Vdjjqxkwmfhkofzh.exe
    2013-09-11 16:18 - 2014-04-05 11:18 - 0000181 _____ () C:\Users\xxx\AppData\Roaming\WB.CFG
    2014-04-22 14:17 - 2014-04-22 08:51 - 0048128 _____ () C:\Users\xxx\AppData\Roaming\wrapper.exe
    2014-01-21 23:22 - 2014-01-21 23:22 - 0000000 __RSH () C:\Users\xxx\AppData\Roaming\wuzsd.tmp~
    2014-04-24 06:32 - 2014-04-17 18:02 - 0108032 ___RH (pocket quitter) C:\Users\xxx\AppData\Roaming\Zvdgqpjalwyhoplt.exe
    2012-01-20 20:04 - 2013-10-16 15:11 - 0007168 _____ () C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-04-15 14:58 - 2014-04-15 14:58 - 1097384 _____ (AnyProtect.com) C:\Users\xxx\AppData\Local\nsvEFD6.tmp
    2013-09-10 19:22 - 2013-09-10 19:21 - 0333348 _____ () C:\Users\xxx\AppData\Local\searchya-speeddial.crx
    2012-01-19 16:41 - 2012-01-19 16:41 - 2161160 _____ (DownVision ) C:\Users\xxx\AppData\Local\setup.exe
    EmptyTemp:

    W FRST wybierz Fix.

    Plik C:\Windows\SysWOW64\Loader.sys sprawdź na virustotal lub jotti i podaj czy skanery coś wykryły.

    Usuń katalog C:\FRST.

    Zrób pełny skan przy pomocy mbam i usuń to co wykryje.

    Zrób tez skan przy pomocy http://www.freedrweb.com/cureit/?lng=pl i tak samo usuń to co wykryje.

    0
  • #9 17 Lut 2015 19:45
    karolwin
    Poziom 9  

    na virustotal 3/52 jak w załaczniku, wczesniej byl taki okres chwile ze super dzialalo, bylo tak jak ma byc a teraz nawet dysku nie widzi Dysk zewnetrzny - skrót zamiast folderu - snkb0pt Dysk zewnetrzny - skrót zamiast folderu - snkb0pt
    Dodatkowo raport z malware:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Data skanu: 2015-02-17
    Czas skanu: 19:40:09
    Raport: rap.txt
    Administrator: Tak

    Wersja: 2.00.4.1028
    Baza danych malware: v2015.02.17.09
    Baza danych rootkitów: v2015.02.03.01
    Licencja: Trial
    Ochrona przeciw malware: Włączony
    Ochrona przeciw szkodliwymi stronami: Włączony
    Samoobrony: Wyłączony

    System operacyjny: Windows 7 Service Pack 1
    Procesor: x64
    System plików: NTFS
    Użytkownik: xxx

    Typ skanu: Skanowanie w poszukiwaniu zagrożeń
    Wynik: Zakończono
    Objekty zeskanowane: 342290
    Minęło: 18 min, 4 s

    Pamięć: Włączony
    Autostart: Włączony
    System plików: Włączony
    Archiwa: Włączony
    Rootkity: Wyłączony
    Heurystyka: Włączony
    PNP: Włączony
    PNM: Włączony

    Procesy: 0
    (Nie wykryto groźnych)

    Moduły: 0
    (Nie wykryto groźnych)

    Klucze rejestru: 7
    PUP.Optional.4SharedTB, HKU\S-1-5-21-2351112747-926030224-389029679-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}, Dodano do kwarantanny, [9bf228f7c1c9c4725691a3a22bd8b749],
    PUP.Optional.4SharedTB, HKU\S-1-5-21-2351112747-926030224-389029679-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}, Dodano do kwarantanny, [9bf228f7c1c9c4725691a3a22bd8b749],
    PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Dodano do kwarantanny, [dab3c15eddaded49414f66ac05009868],
    PUP.Optional.BonanzaDeals.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, Dodano do kwarantanny, [593446d9e7a3d363ae4502f65ea601ff],
    PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.1, Dodano do kwarantanny, [8d00859ae5a5181e4c4b5a7405fe7987],
    PUP.Optional.Ividi.A, HKU\S-1-5-21-2351112747-926030224-389029679-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI.org, Dodano do kwarantanny, [6825120df09a40f6254036a51ee56799],
    PUP.Optional.Qone8, HKU\S-1-5-21-2351112747-926030224-389029679-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dodano do kwarantanny, [bad35cc3abdf1422dca1609c798b30d0],

    Wartości rejestru: 3
    PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com?si=62606&...477905-2326D760CF673A1BC120E6E31981F9CC&q=%s,, Dodano do kwarantanny, [632a100fee9c3afc11fb36840cf7ee12]
    Spyware.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION|Start Page, fbdirecto.net/1/, Dodano do kwarantanny, [5a3327f8f7933df9c40ee8f5887c26da]
    PUP.Optional.BProtector, HKU\S-1-5-21-2351112747-926030224-389029679-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|BrowserMngr Start Page, http://www.google.com,, Dodano do kwarantanny, [6825ce51f09af83e42720af3d0346a96]

    Dane rejestru: 3
    PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Dobry: (www.google.com), Zły: (%appdata%\SimplyTech\home\home.htm),Zastąpiono,[4944c758e0aa65d14e72cbedbd488080]
    PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Dobry: (www.google.com), Zły: (%appdata%\SimplyTech\home\home.htm),Zastąpiono,[d1bc5fc045453402417f477134d1a858]
    PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-2351112747-926030224-389029679-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com?si=62606&...477905-2326D760CF673A1BC120E6E31981F9CC&q=%s,, Dobry: (www.google.com), Zły: (http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=5.6&ts=1378764000000.000008&tguid=62606-6533-1378837477905-2326D760CF673A1BC120E6E31981F9CC&q=%s),Zastąpiono,[a6e70b142f5b38fea26b40846e978c74]

    Foldery: 5
    PUP.Optional.MoviesToolBar.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dz7bfcgw.default\ilividmoviestoolbar181, Dodano do kwarantanny, [8d00a47b4c3e53e3bb746eeefb08da26],
    PUP.Optional.Datamngr.A, C:\Users\xxx\AppData\LocalLow\DataMngr, Dodano do kwarantanny, [4a4323fc503a2e08e3fe3c20f50e21df],
    PUP.Optional.FunMoods.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj, Dodano do kwarantanny, [513c50cfb6d4f5414a27d78fb54e649c],
    PUP.Optional.BrowserUpdater.A, C:\Windows\System32\Tasks\Browser Updater, Dodano do kwarantanny, [b0ddb46bf09a78be22a65b31d62d06fa],
    PUP.Optional.SystemSockets.A, C:\Windows\System32\Tasks\SystemSockets, Dodano do kwarantanny, [a1ecd34c7c0ee155b514088421e232ce],

    Pliki: 41
    Riskware.BitCoinMiner, C:\Users\xxx\AppData\Roaming\x64\msdtce.exe, Dodano do kwarantanny, [f8957ba4bdcd2313644fb25d9d65a25e],
    Trojan.BitCoinMiner, C:\Users\xxx\AppData\Roaming\x86\msdtce.exe, Dodano do kwarantanny, [a2eb1e0191f922140e4b97f3f80dae52],
    PUP.Optional.Conduit.A, C:\Program Files (x86)\Ashampoo_PO\Ashampoo_POToolbarHelper.exe, Dodano do kwarantanny, [0e7f3de2cbbf2511fab99a84ae5259a7],
    PUP.Optional.Conduit.A, C:\Program Files (x86)\Ashampoo_PO\Ashampoo_POToolbarHelper1.exe, Dodano do kwarantanny, [abe22cf377131521288b32eca8588d73],
    PUP.Optional.Conduit, C:\Program Files (x86)\Ashampoo_PO\hk64tbAsh0.dll, Dodano do kwarantanny, [e0adae715e2cf4420ceba18ecc348878],
    PUP.Optional.Conduit, C:\Program Files (x86)\Ashampoo_PO\hktbAsh0.dll, Dodano do kwarantanny, [0786b46bb9d1171f41b6c56ab64a57a9],
    PUP.Optional.Conduit, C:\Program Files (x86)\Ashampoo_PO\ldrtbAsh0.dll, Dodano do kwarantanny, [f994c25da6e4c472ce2931fe06fab34d],
    PUP.Optional.Conduit, C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll, Dodano do kwarantanny, [e4a987988ffb38fed91e270807f92ad6],
    PUP.Optional.Conduit, C:\Program Files (x86)\Ashampoo_PO\tbAsh0.dll, Dodano do kwarantanny, [c4c9de41b3d7d3638473a78830d01ae6],
    PUP.Optional.Conduit.A, C:\Program Files (x86)\Freecorder\FreecorderToolbarHelper.exe, Dodano do kwarantanny, [a1ec819e0b7f0a2cedc657c7758ba15f],
    PUP.Optional.Conduit.A, C:\Program Files (x86)\Freecorder\FreecorderToolbarHelper1.exe, Dodano do kwarantanny, [b0ddbf605d2d0a2c0ca730eedc241be5],
    PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\hk64tbFre0.dll, Dodano do kwarantanny, [484548d7b5d5dd5908efc26d43bdbd43],
    PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\hktbFre0.dll, Dodano do kwarantanny, [7a13958a4a40b77fd6215dd2857b1ee2],
    PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\ldrtbFre0.dll, Dodano do kwarantanny, [c5c862bd5f2bd660dd1a65ca46ba45bb],
    PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\prxtbFre0.dll, Dodano do kwarantanny, [f09de13e444650e6659279b6c13f01ff],
    PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\tbFre0.dll, Dodano do kwarantanny, [c1cc45daa4e62412bf38959a67997888],
    PUP.Optional.InstallCore, C:\Users\xxx\Downloads\Minecraft 1.8.exe, Dodano do kwarantanny, [7d10d6495238b97deb8906a00ff6be42],
    PUP.Optional.YourFileDownloader, C:\Users\xxx\Downloads\{REQUEST}_downloader.exe, Dodano do kwarantanny, [a0edc55a7614c373aae4cf4f12ee7888],
    PUP.Optional.Softonic, C:\Users\xxx\Downloads\SoftonicDownloader_dla_minecraft-by-zyczu.exe, Dodano do kwarantanny, [1e6f809f1b6fda5c259aef6b0ff16898],
    PUP.Optional.Softonic, C:\Users\xxx\Downloads\SoftonicDownloader_dla_minecraft.exe, Dodano do kwarantanny, [325b809feb9f1125c0ff1b3f24dcd42c],
    Trojan.InstallMonetizer, C:\Users\xxx\Downloads\ss moje.rar.exe, Dodano do kwarantanny, [93faf7283753be78c732adac50b10af6],
    PUP.Optional.Somoto.A, C:\Users\xxx\Downloads\FLVPlayerSetup-0Mlckkiv (1).exe, Dodano do kwarantanny, [f79652cdc0cadf57559f33f502035ea2],
    PUP.Optional.Somoto.A, C:\Users\xxx\Downloads\FLVPlayerSetup-0Mlckkiv.exe, Dodano do kwarantanny, [553809160684f6402acaa8801ce9629e],
    PUP.Optional.MoviesToolBar.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dz7bfcgw.default\ilividmoviestoolbar181\apnuserid.dat, Dodano do kwarantanny, [8d00a47b4c3e53e3bb746eeefb08da26],
    PUP.Optional.MoviesToolBar.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dz7bfcgw.default\ilividmoviestoolbar181\appid.dat, Dodano do kwarantanny, [8d00a47b4c3e53e3bb746eeefb08da26],
    PUP.Optional.MoviesToolBar.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dz7bfcgw.default\ilividmoviestoolbar181\geodata.xml, Dodano do kwarantanny, [8d00a47b4c3e53e3bb746eeefb08da26],
    PUP.Optional.MoviesToolBar.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dz7bfcgw.default\ilividmoviestoolbar181\setupCfg.xml, Dodano do kwarantanny, [8d00a47b4c3e53e3bb746eeefb08da26],
    PUP.Optional.MoviesToolBar.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dz7bfcgw.default\ilividmoviestoolbar181\sysid.dat, Dodano do kwarantanny, [8d00a47b4c3e53e3bb746eeefb08da26],
    PUP.Optional.MoviesToolBar.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dz7bfcgw.default\ilividmoviestoolbar181\trackid.dat, Dodano do kwarantanny, [8d00a47b4c3e53e3bb746eeefb08da26],
    PUP.Optional.Datamngr.A, C:\Users\xxx\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, Dodano do kwarantanny, [4a4323fc503a2e08e3fe3c20f50e21df],
    PUP.Optional.Datamngr.A, C:\Users\xxx\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64, Dodano do kwarantanny, [4a4323fc503a2e08e3fe3c20f50e21df],
    PUP.Optional.FunMoods.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\000405.ldb, Dodano do kwarantanny, [513c50cfb6d4f5414a27d78fb54e649c],
    PUP.Optional.FunMoods.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\000431.ldb, Dodano do kwarantanny, [513c50cfb6d4f5414a27d78fb54e649c],
    PUP.Optional.FunMoods.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\000434.ldb, Dodano do kwarantanny, [513c50cfb6d4f5414a27d78fb54e649c],
    PUP.Optional.FunMoods.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\000479.ldb, Dodano do kwarantanny, [513c50cfb6d4f5414a27d78fb54e649c],
    PUP.Optional.FunMoods.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\000486.log, Dodano do kwarantanny, [513c50cfb6d4f5414a27d78fb54e649c],
    PUP.Optional.FunMoods.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\CURRENT, Dodano do kwarantanny, [513c50cfb6d4f5414a27d78fb54e649c],
    PUP.Optional.FunMoods.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\LOCK, Dodano do kwarantanny, [513c50cfb6d4f5414a27d78fb54e649c],
    PUP.Optional.FunMoods.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\LOG, Dodano do kwarantanny, [513c50cfb6d4f5414a27d78fb54e649c],
    PUP.Optional.FunMoods.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\LOG.old, Dodano do kwarantanny, [513c50cfb6d4f5414a27d78fb54e649c],
    PUP.Optional.FunMoods.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\MANIFEST-000484, Dodano do kwarantanny, [513c50cfb6d4f5414a27d78fb54e649c],

    Sektory fizyczne: 0
    (Nie wykryto groźnych)


    (end)

    Nie mogę na razie pobrać tego dr web. Wszystko elegancko ściąga a to jakoś strasznie zamula. W raporcie pisze ze kwarantanna ale usunałem

    0
  • #10 17 Lut 2015 19:50
    Kolobos
    Spec od komputerów

    Masz sporo infekcji, wiec na razie wykonaj to co napisalem wczesniej.

    Do fixlist.txt dodaj jeszcze taka linijke:
    S3 Loader; C:\Windows\SysWOW64\Loader.sys [8704 2012-11-08] () [File not signed]

    0
  • #11 07 Sty 2017 13:58
    karolwin
    Poziom 9  

    Rozwiązano - zamykam temat.
    Dysk zewnetrzny - skrót zamiast folderu - snkb0pt

    0