Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

WIN7 - Zawiruszony komp - logi FRST i OTL

angelside 30 Sty 2016 15:42 513 2
  • #2 30 Sty 2016 15:56
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Adobe Reader 9.1.2 - Polish, zmien na najnowsza wersje AR lub na Foxit: http://ninite.com/foxit/
    Java(TM) 6 Update 21 (64-bit)
    MagniPic
    McAfee Security Scan Plus

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {019B5A4C-B16A-4FFE-86A2-37D7356D2D0E} - System32\Tasks\{B25BCCDE-D3D0-4B2F-8EA1-9818937175B2} => C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
    Task: {2930C917-B699-494E-BD73-B4F412D2F736} - System32\Tasks\{AEABB8D4-2EA6-422B-8C63-D49B626A90DC} => C:\Program Files (x86)\Projektowanie Okien\projektowanieokien (1).exe
    Task: {42F1019E-74D9-464D-84AB-AB6F0AA80BC0} - System32\Tasks\{A3D766D0-79D3-4D9E-B940-B79214A05D0A} => pcalua.exe -a "C:\Users\Natalia\Downloads\MTP2009 (No CD Key Needed)\Autorun.exe" -d "C:\Users\Natalia\Downloads\MTP2009 (No CD Key Needed)"
    Task: {A377BDE5-243C-42B0-868E-4577D1547348} - System32\Tasks\{A84D6F96-54A0-446E-9258-84516F97D729} => pcalua.exe -a C:\Users\Natalia\Desktop\zad3\1stCLASS.exe -d C:\Users\Natalia\Desktop\zad3
    Task: {B4F8DA7A-4F03-4555-BD85-31BFB4FBDD5C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2283315585-1857347334-457796784-1000Core => C:\Users\Natalia\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {DE51D054-9BBA-4AB1-9624-97B7A5FB7C03} - System32\Tasks\{B1A3D0B5-DF64-497F-BE7F-A9EEBF807DD6} => C:\Program Files\AVAST Software\Avast\AvastUI.exe
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
    AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => Brak pliku
    AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    BHO: FunDeeAils -> {BE88F826-413B-C054-CB94-BCB81ECAAFA2} -> C:\ProgramData\FunDeeAils\JuqZXxsL.x64.dll => Brak pliku
    BHO: TuubEItAdBloOcckAp -> {E1FF2D94-CBCE-1902-B1D3-5B13A6F134CC} -> C:\ProgramData\TuubEItAdBloOcckAp\jgTXRhHI11.x64.dll => Brak pliku
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [2013-02-05] (McAfee, Inc.)
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-04-10] <==== UWAGA




    CHR Extension: (Brak nazwy) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpiipgplihmeplccafajanaggfcponnb [2014-07-10]
    CHR Extension: (Brak nazwy) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\incgkkhpbhmglagdlpicdnlfffpfbimp [2014-07-10]
    CHR Extension: (Brak nazwy) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgmljlnipaeoahokpfkmlllcgaocmbfb [2014-07-10]
    CHR Extension: (Google Wallet) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-20] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Hangman) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ceojgheibbfajlkmpfocmdclggokfdij [2014-06-12] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Thor Lego Adventures) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chomoaoihbpongmkmnldppkllcfhggda [2014-06-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Brak nazwy) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-03-04]
    CHR Extension: (DiGiSiaveR) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hpiipgplihmeplccafajanaggfcponnb [2014-05-28]
    CHR Extension: (FunDeeAils) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\incgkkhpbhmglagdlpicdnlfffpfbimp [2014-02-27]
    CHR Extension: (EExxstraCoupOn) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lgmljlnipaeoahokpfkmlllcgaocmbfb [2014-01-01]
    CHR Extension: (Grooveshark Enhancement Suite) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nbglmejghppifhhbdhbaijiagbaedeec [2014-07-03] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Hangman) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ceojgheibbfajlkmpfocmdclggokfdij [2014-06-12] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Thor Lego Adventures) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\chomoaoihbpongmkmnldppkllcfhggda [2014-06-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Brak nazwy) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-03-04]
    CHR Extension: (DiGiSiaveR) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hpiipgplihmeplccafajanaggfcponnb [2014-05-28]
    CHR Extension: (FunDeeAils) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\incgkkhpbhmglagdlpicdnlfffpfbimp [2014-02-27]
    CHR Extension: (EExxstraCoupOn) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lgmljlnipaeoahokpfkmlllcgaocmbfb [2014-01-01]
    CHR Extension: (Grooveshark Enhancement Suite) - C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nbglmejghppifhhbdhbaijiagbaedeec [2014-07-03] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-24] ()
    U3 airpuqzh; C:\Windows\System32\Drivers\airpuqzh.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    2016-01-30 14:20 - 2016-01-30 14:20 - 00602112 _____ (OldTimer Tools) C:\Users\Natalia\Downloads\OTL_[www.programosy.pl].exe
    2016-01-24 21:48 - 2016-01-24 21:48 - 00000000 _____ C:\autoexec.bat
    2016-01-24 21:46 - 2016-01-24 21:46 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-01-24 21:44 - 2016-01-24 21:44 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Natalia\Downloads\SpyHunter-Installer.exe
    2016-01-24 21:37 - 2016-01-24 21:37 - 07486008 _____ (McAfee, Inc.) C:\Users\Natalia\Downloads\MCPR.exe
    2016-01-24 20:44 - 2014-07-10 19:11 - 00000000 ____D C:\AdwCleanercs
    2016-01-24 19:19 - 2013-01-19 15:33 - 00000000 ____D C:\ProgramData\TuneUp Software
    2016-01-24 19:06 - 2014-04-04 09:14 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-01-24 19:02 - 2015-05-31 18:10 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • #3 30 Sty 2016 16:04
    Acorus 20
    Spec od komputerów

    Odinstaluj Adobe Download Assistant, Adobe Reader 9.1.2 - Polish, MagniPic, McAfee Security Scan Plus, Microsoft Security Essentials. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {336E34C8-47C8-4125-8A37-45D6C34CDF8D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
    Task: {B4F8DA7A-4F03-4555-BD85-31BFB4FBDD5C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2283315585-1857347334-457796784-1000Core => C:\Users\Natalia\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {DE51D054-9BBA-4AB1-9624-97B7A5FB7C03} - System32\Tasks\{B1A3D0B5-DF64-497F-BE7F-A9EEBF807DD6} => C:\Program Files\AVAST Software\Avast\AvastUI.exe
    Task: {F766E3A7-F24E-4A42-B468-52F1332E8FF1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    HKLM\...\Run: [] => [X]
    AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => Brak pliku
    AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2283315585-1857347334-457796784-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {077F7D68-2AFF-4C8E-8F4E-C77448848E05} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> {8AC1F392-C0B2-47BC-BE4B-7E0B9FF7CAD9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2283315585-1857347334-457796784-1000 -> {8AC1F392-C0B2-47BC-BE4B-7E0B9FF7CAD9} URL =
    SearchScopes: HKU\S-1-5-21-2283315585-1857347334-457796784-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8AC1F392-C0B2-47BC-BE4B-7E0B9FF7CAD9} URL =
    BHO: FunDeeAils -> {BE88F826-413B-C054-CB94-BCB81ECAAFA2} -> C:\ProgramData\FunDeeAils\JuqZXxsL.x64.dll => Brak pliku
    BHO: TuubEItAdBloOcckAp -> {E1FF2D94-CBCE-1902-B1D3-5B13A6F134CC} -> C:\ProgramData\TuubEItAdBloOcckAp\jgTXRhHI11.x64.dll => Brak pliku
    FF SearchEngineOrder.3: Bing
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-04-10] <==== UWAGA
    S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
    S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-24] ()
    U3 airpuqzh; C:\Windows\System32\Drivers\airpuqzh.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    2016-01-24 20:44 - 2014-07-10 19:11 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Odinstaluj Chrome zaznaczając usunięcie danych przeglądania za pomocą Geek Uninstaller Free: http://www.geekuninstaller.com/geek.zip
    Najpierw możesz wyeksportować zakładki: https://support.google.com/chrome/answer/96816?hl=pl
    Później zainstaluj: https://www.google.pl/chrome/browser/desktop/

    0