Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Kaspersky pokazuje tmp.exe

kiproonex 09 Paź 2015 09:01 522 6
  • #1 09 Paź 2015 09:01
    kiproonex
    Poziom 9  

    Witam
    Od jakiegoś czasu kaspersky pokazuje mi że chce się włączyć aplikacja np.3rn42.tmp.exe nie mogę tego znaleźć i usunąć proszę o pomoc daję logi.
    dzieki

    0 6
  • CControls
  • CControls
  • #4 09 Paź 2015 10:24
    Acorus 20
    Spec od komputerów

    Brak loga Addition.txt

    0
  • #5 09 Paź 2015 10:26
    Kolobos
    Spec od komputerów

    Piszesz, ze "sa logi", a dajesz tylko jeden log...
    Uzyles FRST, ktory po przeskanowaniu wygenerowal wiecej niz JEDEN plik, wiec dlaczego dales tylko frst.txt? Jeszcze addition.txt.

    0
  • #6 09 Paź 2015 10:45
    kiproonex
    Poziom 9  

    już są dwa logi

    0
  • #7 09 Paź 2015 11:06
    Acorus 20
    Spec od komputerów

    Odinstaluj FreeSoundRecorder Toolbar, YAC App Store, Yet Another Cleaner!. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {C274EEDA-A59F-4AC1-80E2-8000AB2DB05D} - System32\Tasks\{4BEBC24D-712E-4585-8794-2F337CB07895} => pcalua.exe -a C:\Users\Agata\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
    ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => Brak pliku
    BootExecute: autocheck autochk * bsmain
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts...t2000dm001-1ch164_z1e6tmq6xxxxz1e6tmq6&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts...t2000dm001-1ch164_z1e6tmq6xxxxz1e6tmq6&q={searchTerms}
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1137720757-3332890643-2744402656-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    Toolbar: HKU\S-1-5-21-1137720757-3332890643-2744402656-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    FF Plugin HKU\S-1-5-21-1137720757-3332890643-2744402656-1000: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll Brak pliku
    FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\poi6i1jl.default-1410789199583\extensions\arthurj8283@gmail.com => nie znaleziono
    CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
    CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa




    CHR HKLM-x32\...\Chrome\Extension: [mibfbmhijjgpkmobcfdlelpccpeafoom] - <Brak Path/update_url>
    R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118048 2014-08-08] (Elex do Brasil Participações Ltda)
    R2 joniqomo; C:\Program Files (x86)\035D35A0-1443442383-11D5-8DD7-E03F4985B2C8\knsvEF38.tmpfs [X]
    R1 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [247488 2014-08-08] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2015-07-24] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-07-24] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2015-07-24] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-07-24] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [49320 2014-08-06] (Elex do Brasil Participações Ltda)
    R1 rsktdi; C:\Windows\system32\drivers\rsktdi.sys [23704 2015-08-20] (Beijing Rising Information Technology Co., Ltd.)
    R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [84672 2015-09-06] (Beijing Rising Information Technology Co., Ltd.)
    R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119168 2015-08-27] (Beijing Rising Information Technology Co., Ltd.)
    S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-09-28] (电脑管家)
    U3 a8pc2p5x; C:\Windows\System32\Drivers\a8pc2p5x.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 ALSysIO; \??\C:\Users\Agata\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMUdisk64.sys [X]
    2015-10-08 17:56 - 2015-10-09 07:17 - 00000000 ____D C:\Users\Agata\AppData\Roaming\Solvusoft
    2015-10-08 17:55 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
    2015-10-08 17:54 - 2015-10-08 17:54 - 03895432 _____ (solvusoft Corporation ) C:\Users\Agata\Downloads\Setup_WinThruster_2015.exe
    2015-09-28 20:46 - 2015-09-28 20:46 - 00001966 _____ C:\Users\Public\Desktop\YAC App Store.lnk
    2015-09-28 20:46 - 2015-09-28 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC App Store
    2015-09-28 16:19 - 2015-10-09 08:21 - 00000000 ____D C:\Program Files (x86)\iSafe
    2015-09-28 15:29 - 2015-09-28 15:29 - 00000000 ____D C:\ProgramData\TXQMPC
    2015-09-28 15:29 - 2015-09-28 15:29 - 00000000 ____D C:\ProgramData\Rising
    2015-09-28 15:02 - 2015-03-18 08:41 - 00071960 _____ (Beijing Rising Information Technology Co., Ltd.) C:\Nhpil.exe
    2015-09-28 15:02 - 2015-03-18 08:41 - 00017176 _____ (Beijing Rising Information Technology Co., Ltd.) C:\Ilrspsm.dll
    2015-09-28 15:01 - 2015-09-17 05:20 - 00232640 _____ (Beijing Rising Information Technology Co., Ltd.) C:\InstRse.dll
    2015-09-28 15:01 - 2015-08-10 09:20 - 00165568 _____ (Beijing Rising Information Technology Co., Ltd.) C:\NInstT.dll
    2015-09-28 14:52 - 2015-09-28 14:52 - 00000150 __RSH C:\rising.ini
    2015-09-28 14:52 - 2015-09-28 14:52 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
    2015-09-28 14:52 - 2015-09-28 14:52 - 00000000 ___RD C:\RavBin
    2015-09-28 14:52 - 2015-09-06 03:54 - 00084672 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
    2015-09-28 14:52 - 2015-08-27 03:17 - 00119168 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
    2015-09-28 14:52 - 2015-08-20 05:09 - 00023704 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsktdi.sys
    2015-09-28 14:52 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
    2015-09-28 14:52 - 2014-01-02 09:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll
    2015-09-28 14:52 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
    2015-09-28 14:52 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
    2015-09-28 14:52 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
    2015-09-28 14:51 - 2015-09-28 14:51 - 00000000 ____D C:\Users\Agata\AppData\Local\YYZB2
    2015-09-28 14:51 - 2015-09-28 14:51 - 00000000 ____D C:\Program Files (x86)\yyzb_201509281451
    2015-09-28 14:49 - 2015-09-28 14:49 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2015-09-28 14:49 - 2015-09-28 14:48 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2015-09-28 14:48 - 2015-09-28 15:35 - 00000000 ____D C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2015-09-28 14:48 - 2015-09-28 15:35 - 00000000 ____D C:\Program Files (x86)\Tencent
    2015-09-28 14:48 - 2015-09-28 15:09 - 00000000 ____D C:\ProgramData\Tencent
    2015-09-28 14:48 - 2015-09-28 14:52 - 00000000 ____D C:\Users\Agata\AppData\Roaming\Tencent
    2015-09-28 14:48 - 2015-09-28 14:48 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2015-09-28 14:17 - 2015-09-28 14:17 - 00443200 _____ (yishengpa) C:\ProgramData\aaabbbaaaaaa.dll
    2015-09-28 14:17 - 2015-09-28 14:17 - 00003514 _____ C:\Windows\System32\Tasks\Adobe Flash box Files Update Ver 2015928
    2015-09-28 14:17 - 2015-09-28 14:17 - 00000000 ____D C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7k7k游戏盒子(928)
    2015-09-28 14:17 - 2015-09-28 14:17 - 00000000 ____D C:\ProgramData\uiksdl201592812
    2015-09-28 14:17 - 2015-09-28 14:17 - 00000000 ____D C:\ProgramData\adb
    2015-09-28 14:17 - 2015-09-28 14:17 - 00000000 ____D C:\ProgramData\4997GameBox_Data
    2015-09-28 14:17 - 2015-09-28 14:17 - 00000000 _____ C:\ProgramData\inf.dat
    2015-09-28 14:16 - 2015-09-28 14:16 - 00000000 ____D C:\Users\Public\QiYi
    2015-09-28 14:15 - 2015-09-28 15:04 - 00000000 ____D C:\Program Files (x86)\baidu
    2015-09-28 14:13 - 2015-10-09 09:13 - 00000000 ____D C:\Program Files (x86)\035D35A0-1443442383-11D5-8DD7-E03F4985B2C8
    2015-09-27 23:06 - 2015-10-09 07:17 - 00000000 ____D C:\Users\Agata\AppData\Roaming\iSafe
    2015-09-10 15:01 - 2015-09-10 15:01 - 0000000 ____H () C:\Users\Agata\AppData\Local\BIT8F0C.tmp
    C:\ProgramData\aaabbbaaaaaa.dll
    C:\ProgramData\inf.dat
    C:\ProgramData\pclunst.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0