Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o skrypt fixlist do FRST

Rickos220 25 Sie 2015 13:15 510 5
  • Pomocny post
    #2 25 Sie 2015 14:55
    Kolobos
    Spec od komputerów

    Odinstaluj:
    CinemaPlus-3.2cV18.08 (HKLM-x32\...\CinemaPlus-3.2cV18.08) (Version: 1.36.01.22 - Cinema PlusV18.08) <==== UWAGA
    CinemaPlus-3.2cV19.08 (HKLM-x32\...\CinemaPlus-3.2cV19.08) (Version: 1.36.01.22 - Cinema PlusV19.08) <==== UWAGA
    CPU Miner (HKLM\...\cpuminer) (Version: 1.2 - Open Source) <- jezeli sam zainstalowales to zostaw.
    Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.6.2171.95 - The Crossbrowse Authors) <==== UWAGA
    Friendly Error (HKLM-x32\...\FriendlyError) (Version: - )
    GamesDesktop 008.005010064 (HKLM-x32\...\gmsd_pl_005010064_is1) (Version: - GAMESDESKTOP) <==== UWAGA
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== UWAGA
    mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== UWAGA
    PhraseProfessor 1.10.0.21 (HKLM-x32\...\PhraseProfessor_1.10.0.21) (Version: 1.10.0.21 - PhraseProfessor) <==== UWAGA
    SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== UWAGA
    Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== UWAGA

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu daj nowe logi z FRST.

    0
  • Pomocny post
    #4 25 Sie 2015 16:43
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== UWAGA
    Task: {082054EA-7B79-4E98-818B-94825C599870} - System32\Tasks\HfZqLPz7GGj5LM => C:\Users\Kamil\AppData\Roaming\HfZqLPz7GGj5LM.exe <==== UWAGA
    Task: {08D75AC2-6C47-4D83-81DB-6F357A21A3FD} - System32\Tasks\WindowsUpdater => C:\Users\Kamil\AppData\Roaming\WindowsUpdater\Updater.exe [2015-08-18] ()
    Task: {09D37FBF-88C6-46BD-A6D4-79100E96B7AD} - System32\Tasks\ELUPrJwAqDKp3 => C:\Users\Kamil\AppData\Roaming\ELUPrJwAqDKp3.exe <==== UWAGA
    Task: {1FC80106-CCE4-4810-9BDD-0E062D99407E} - System32\Tasks\wOiVp3hOE2xyNvpSx8iQjeL => C:\Users\Kamil\AppData\Roaming\wOiVp3hOE2xyNvpSx8iQjeL.exe <==== UWAGA
    Task: {303BBCA1-A6AF-46C1-BEEB-36EDEE8253B2} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== UWAGA
    Task: {3F7D8177-BF92-42CC-8BDB-E8C1AEE36E72} - System32\Tasks\tbF9w4CW8R2R4izu => C:\Users\Kamil\AppData\Roaming\tbF9w4CW8R2R4izu.exe [2015-04-20] () <==== UWAGA
    Task: {53D1E03E-8E90-4A91-8AB1-032E8CC0114B} - System32\Tasks\9gHOM9ex => C:\Users\Kamil\AppData\Roaming\9gHOM9ex.exe <==== UWAGA
    Task: {55A9FC5A-E201-4E49-BA70-3FBDCF13B25C} - System32\Tasks\fS9PVsAlHUsFG7Hz9yhp1ADnD => C:\Users\Kamil\AppData\Roaming\fS9PVsAlHUsFG7Hz9yhp1ADnD.exe <==== UWAGA
    Task: {7D8445E4-E0F2-49AA-A4B1-18B911A67215} - System32\Tasks\UWijqZNUkffTbJ => C:\Users\Kamil\AppData\Roaming\UWijqZNUkffTbJ.exe <==== UWAGA
    Task: {AF151F15-1799-43A0-9CCD-DE3137AD1F3A} - System32\Tasks\rorFnkc1gyNKxfXMatjFha2MII => C:\Users\Kamil\AppData\Roaming\rorFnkc1gyNKxfXMatjFha2MII.exe <==== UWAGA
    Task: {D221C9C8-D30E-453E-B492-B1BF08035370} - System32\Tasks\wN0EDqYFCAq => C:\Users\Kamil\AppData\Roaming\wN0EDqYFCAq.exe <==== UWAGA
    Task: {D3FCEFF7-DEAB-4902-8C3E-7C440A2FBBE1} - System32\Tasks\lrG3WPPvbiR5p2GifrVwoK06zh => C:\Users\Kamil\AppData\Roaming\lrG3WPPvbiR5p2GifrVwoK06zh.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\9gHOM9ex.job => C:\Users\Kamil\AppData\Roaming\9gHOM9ex.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\ELUPrJwAqDKp3.job => C:\Users\Kamil\AppData\Roaming\ELUPrJwAqDKp3.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\fS9PVsAlHUsFG7Hz9yhp1ADnD.job => C:\Users\Kamil\AppData\Roaming\fS9PVsAlHUsFG7Hz9yhp1ADnD.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\HfZqLPz7GGj5LM.job => C:\Users\Kamil\AppData\Roaming\HfZqLPz7GGj5LM.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\lrG3WPPvbiR5p2GifrVwoK06zh.job => C:\Users\Kamil\AppData\Roaming\lrG3WPPvbiR5p2GifrVwoK06zh.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\rorFnkc1gyNKxfXMatjFha2MII.job => C:\Users\Kamil\AppData\Roaming\rorFnkc1gyNKxfXMatjFha2MII.exe <==== UWAGA




    Task: C:\WINDOWS\Tasks\tbF9w4CW8R2R4izu.job => C:\Users\Kamil\AppData\Roaming\tbF9w4CW8R2R4izu.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\UWijqZNUkffTbJ.job => C:\Users\Kamil\AppData\Roaming\UWijqZNUkffTbJ.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\wN0EDqYFCAq.job => C:\Users\Kamil\AppData\Roaming\wN0EDqYFCAq.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\wOiVp3hOE2xyNvpSx8iQjeL.job => C:\Users\Kamil\AppData\Roaming\wOiVp3hOE2xyNvpSx8iQjeL.exe <==== UWAGA
    Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-25]
    ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Brak pliku)
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA
    HKU\S-1-5-21-1997593485-580226111-402908437-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA
    SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
    SearchScopes: HKU\S-1-5-21-1997593485-580226111-402908437-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    FF Extension: jid0RwTySlpoKU14fw7yw2AflOAihhAjetpack - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\am14j1qw.default\Extensions\jid0-RwTySlpoKU14fw7yw2AflOAihhA@jetpack [2015-08-25]
    FF Extension: privateTabinfocatcher - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\am14j1qw.default\Extensions\privateTab@infocatcher [2015-08-25]
    FF Extension: EE223D7AF30F11DD8F0AD2AD55D89593 - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\am14j1qw.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593} [2015-08-25]
    FF Extension: One Click Proxy - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\am14j1qw.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-08-06]
    FF Extension: Brak nazwy - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\am14j1qw.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [nie znaleziono]
    R2 comyninu; C:\Program Files (x86)\03000200-1439899992-0500-0006-000700080009\hnsz21B6.tmp [161792 2015-08-18] () [Brak podpisu cyfrowego]
    R2 hyverumu; C:\Program Files (x86)\03000200-1439899992-0500-0006-000700080009\jnszE102.tmp [209920 2015-08-18] () [Brak podpisu cyfrowego]
    R2 xinovudi; C:\Program Files (x86)\03000200-1439899992-0500-0006-000700080009\knsvEF7C.tmp [489472 2015-08-25] () [Brak podpisu cyfrowego]
    2015-08-25 16:06 - 2015-08-25 16:08 - 00001072 _____ C:\WINDOWS\Tasks\Crossbrowse.job
    2015-08-25 16:06 - 2015-08-25 16:06 - 00004070 _____ C:\WINDOWS\System32\Tasks\Crossbrowse
    2015-08-25 16:06 - 2015-08-25 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
    2015-08-25 15:51 - 2015-08-25 16:08 - 00001020 _____ C:\WINDOWS\Tasks\tbF9w4CW8R2R4izu.job
    2015-08-25 15:51 - 2015-08-25 15:51 - 00004026 _____ C:\WINDOWS\System32\Tasks\tbF9w4CW8R2R4izu
    2015-08-18 16:27 - 2015-08-25 16:06 - 00000000 ____D C:\AdwCleaner
    2015-08-18 14:17 - 2015-08-18 14:17 - 00003156 _____ C:\WINDOWS\System32\Tasks\{486ED4EC-689F-4433-9FBF-5C611D961A6E}
    2015-08-18 14:13 - 2015-08-25 14:43 - 00000000 ____D C:\Program Files (x86)\03000200-1439899992-0500-0006-000700080009
    2015-08-18 14:11 - 2015-08-18 14:11 - 00003632 _____ C:\WINDOWS\System32\Tasks\WindowsUpdater
    2015-08-18 14:11 - 2015-08-18 14:11 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\WindowsUpdater
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kamil\AppData\Roaming\9gHOM9ex
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kamil\AppData\Roaming\ELUPrJwAqDKp3
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kamil\AppData\Roaming\fS9PVsAlHUsFG7Hz9yhp1ADnD
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kamil\AppData\Roaming\HfZqLPz7GGj5LM
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kamil\AppData\Roaming\lrG3WPPvbiR5p2GifrVwoK06zh
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kamil\AppData\Roaming\rorFnkc1gyNKxfXMatjFha2MII
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kamil\AppData\Roaming\tbF9w4CW8R2R4izu
    2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Kamil\AppData\Roaming\tbF9w4CW8R2R4izu.exe
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kamil\AppData\Roaming\UWijqZNUkffTbJ
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kamil\AppData\Roaming\wN0EDqYFCAq
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kamil\AppData\Roaming\wOiVp3hOE2xyNvpSx8iQjeL
    2015-08-18 17:09 - 2015-08-18 17:08 - 0613255 _____ (CMI Limited) C:\Users\Kamil\AppData\Local\nsn797.tmp
    2015-08-18 15:39 - 2015-08-18 15:39 - 0613255 _____ (CMI Limited) C:\Users\Kamil\AppData\Local\nsz9615.tmp
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Odinstaluj globalupdate Helper.

    1
  • #5 26 Sie 2015 12:21
    Rickos220
    Poziom 5  

    Komputer wrócił do świetnej formy, dzięki waszym radą i teraz praca na nim, to sama przyjemność.

    0