Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirusy - runDDL windows 8 uciążliwy problem - Legend|PL

Legend|PL 11 Lut 2016 15:29 534 5
  • #2 11 Lut 2016 15:50
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {CCA89C26-5256-4CD0-AC49-C1B5B677E5F8} - System32\Tasks\Fufrecfu => C:\Program
    Task: {F1148914-91DD-41AE-ABC6-8F6A964185CE} - System32\Tasks\ineupdwte => C:\Windows\system32\config\systemprofile\AppData\Local\Angoflex [2016-01-30] () <==== UWAGA
    Task: {F4BA0EFC-45BD-4A20-A1CA-7688D2F5BC40} - System32\Tasks\snf => C:\ProgramData\Airtostrong\Airtostrong.exe <==== UWAGA
    Hosts:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1038560750-1300459021-1207601150-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ZezehADS1W7oT8Y89I0OOSRnd9whOseBFRqkzn&q={searchTerms}
    HKU\S-1-5-21-1038560750-1300459021-1207601150-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1038560750-1300459021-1207601150-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ZezehADS1W7oT8Y89I0OOSRnd9whOseBFRqkzn&q={searchTerms}
    HKU\S-1-5-21-1038560750-1300459021-1207601150-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ZezehADS1W7oT8Y89I0OOSRnd9whOseBFRqkzn&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =




    SearchScopes: HKU\S-1-5-21-1038560750-1300459021-1207601150-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ZezehADS1W7oT8Y89I0OOSRnd9whOseBFRqkzn&q={searchTerms}
    CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
    S2 BitTorrent; "C:\Program Files\BitTorrent\BitTorrent.exe" /s iid=4513121 did=APSnapdoAMRev sid=3 ref=8694d4b1-7c5d-0210-926f-aff2a76df90c-PolicyMac id=2bbb9c4435f37ff5c208c945b8fac49a78f21379d7d5f7d2a6b2c33662e9edb5 [X]
    S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
    S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
    S2 pucufecozbt; C:\Program Files (x86)\F9BB45F0-1454141920-81E4-3DA6-F0795917B7FE\knsyB390.tmpfs [X]
    S2 REACHit; "C:\Program Files\REACHit\REACHit.exe" /s iid=10099665 did=Missing sid= ref= id=2bbb9c4435f37ff5c208c945b8fac49a78f21379d7d5f7d2a6b2c33662e9edb5 [X]
    S2 wucotusy; C:\Program Files (x86)\F9BB45F0-1454141920-81E4-3DA6-F0795917B7FE\hnsiE18A.tmp [X]
    S2 zutuzuni; C:\Program Files (x86)\F9BB45F0-1454141920-81E4-3DA6-F0795917B7FE\jnsyCB5A.tmp [X]
    2016-01-31 10:41 - 2016-01-31 10:41 - 00000000 ____D C:\Users\Legend\AppData\Roaming\eCyber
    2016-01-31 10:40 - 2016-02-04 01:47 - 00000000 ____D C:\Users\Legend\AppData\Roaming\iSafe
    2016-01-31 10:01 - 2016-01-31 10:01 - 00000000 ____D C:\Users\Legend\AppData\Roaming\Elex-tech
    2016-01-30 11:30 - 2016-01-31 10:16 - 00000000 ____D C:\ProgramData\Airtostrong
    2016-01-30 11:30 - 2016-01-30 11:30 - 03262565 _____ () C:\Program Files\Common Files\scjxyaz3.exe
    2016-01-30 11:30 - 2016-01-30 11:30 - 00000000 ____D C:\ProgramData\Airtostrongs
    2016-01-30 11:29 - 2016-01-31 08:09 - 00000000 ____D C:\Program Files\Common Files\0ji5gble
    2016-01-30 10:08 - 2016-01-30 10:08 - 00041472 _____ C:\Users\Legend\AppData\Local\Zottechi.dat
    2016-01-30 10:08 - 2016-01-30 10:08 - 00000187 _____ C:\Users\Legend\AppData\Local\Zottechi.exe.config
    2016-01-30 09:28 - 2016-01-31 08:08 - 00000000 ____D C:\Users\Legend\AppData\Roaming\UgaxxuUcim
    2016-01-30 09:28 - 2016-01-30 09:29 - 00000000 ____D C:\Users\Legend\AppData\Local\Tempfolder
    2016-01-30 09:28 - 2016-01-30 09:28 - 00003408 _____ C:\Windows\System32\Tasks\Fufrecfu
    2016-01-30 09:28 - 2016-01-30 09:28 - 00000000 ____D C:\Windows\system32\ado
    2016-01-30 09:28 - 2016-01-30 09:28 - 00000000 ____D C:\Users\Legend\AppData\LocalLow\Company
    2016-01-30 09:20 - 2016-01-30 09:20 - 0041472 _____ () C:\Users\Legend\AppData\Local\Mediaex.dat
    2016-01-30 09:20 - 2016-01-30 09:20 - 0000187 _____ () C:\Users\Legend\AppData\Local\Mediaex.exe.config
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Przeskanuj progr. Malwarebytes Anti-Malware https://data-cdn.mbamupdates.com/web/mbam-setup-2.1.8.1057.exe
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

    0
  • #4 11 Lut 2016 18:27
    Legend|PL
    Poziom 7  

    Przy instalacji Malwarebytes wyskakuje "Runtime Error (at 73:137)Could not call proc.

    0
  • Pomocny post
    #5 11 Lut 2016 18:38
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST(zaznacz okienko Addition).

    0