Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

FRST - prośba o sprawdzenie

gosia1818 01 Mar 2016 18:04 420 2
  • Pomocny post
    #2 01 Mar 2016 18:13
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {909F5248-658D-4255-AB56-5A52C0E56DD3} - System32\Tasks\Opera scheduled Autoupdate 1455901321 => C:\Program Files\Opera\launcher.exe [2016-02-22] (Opera Software)
    Task: {D2FC487F-9E86-4FD2-AFC5-90004D966C1C} - System32\Tasks\Builder Buzz => Rundll32.exe "C:\Users\Murawska Małgorzata\AppData\Local\Builder Buzz\xBin\BuilderBuzz.dll",#3 <==== UWAGA
    Task: {F0C6D930-911E-47FB-9D6D-57EC6B490C04} - System32\Tasks\Murawska MałgorzataBaldachinGravyV2 => Rundll32.exe SpirantEmptor.dll,main 7 1 <==== UWAGA
    Task: C:\Windows\Tasks\hG70yThRUPXagD7mzbedq.job => C:\Users\Murawska Ma�gorzata\AppData\Roaming\hG70yThRUPXagD7mzbedq.exe <==== UWAGA
    Task: C:\Windows\Tasks\nSvvD0ItXDrb5hB7W4Z3h6LX6.job => C:\Users\Murawska Ma�gorzata\AppData\Roaming\nSvvD0ItXDrb5hB7W4Z3h6LX6.exe <==== UWAGA
    Task: C:\Windows\Tasks\roX2ZLUfqYTJeZbFYj5TImWg7.job => C:\Users\Murawska Ma�gorzata\AppData\Roaming\roX2ZLUfqYTJeZbFYj5TImWg7.exe <==== UWAGA
    Task: C:\Windows\Tasks\U5n4DL6KPYPFbjncB.job => C:\Users\Murawska Ma�gorzata\AppData\Roaming\U5n4DL6KPYPFbjncB.exe <==== UWAGA
    Startup: C:\Users\Murawska Małgorzata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Polaris Office Sync.lnk [2015-05-20]
    ShortcutTarget: Polaris Office Sync.lnk -> C:\Users\Murawska (Brak pliku)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-318024780-2524173344-2616118907-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-318024780-2524173344-2616118907-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-318024780-2524173344-2616118907-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-318024780-2524173344-2616118907-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
    URLSearchHook: HKLM -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-318024780-2524173344-2616118907-1000 -> DefaultScope {ielnksrch} URL =
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\!35E8AC648EF729B1960E632E33687B4135E8.js [2015-10-14] <==== UWAGA
    FF ExtraCheck: C:\Program Files\mozilla firefox\35E8AC648EF729B1960E632E33687B4135E8 [2015-10-14] <==== UWAGA
    R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
    2016-02-13 20:47 - 2015-05-12 18:46 - 00000000 ____D C:\AdwCleaner
    2015-04-14 17:28 - 2015-04-14 17:28 - 0001171 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\hG70yThRUPXagD7mzbedq
    2015-04-20 15:05 - 2015-04-20 15:05 - 1246720 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\hG70yThRUPXagD7mzbedq.exe
    2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\nSvvD0ItXDrb5hB7W4Z3h6LX6
    2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\nSvvD0ItXDrb5hB7W4Z3h6LX6.exe
    2015-04-14 17:28 - 2015-04-14 17:28 - 0001171 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\roX2ZLUfqYTJeZbFYj5TImWg7
    2015-04-20 15:05 - 2015-04-20 15:05 - 1246720 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\roX2ZLUfqYTJeZbFYj5TImWg7.exe
    2015-04-14 17:28 - 2015-04-14 17:28 - 0001171 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\U5n4DL6KPYPFbjncB
    2015-04-20 15:05 - 2015-04-20 15:05 - 1246720 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\U5n4DL6KPYPFbjncB.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #3 01 Mar 2016 18:26
    Kolobos
    Spec od komputerów

    Zainstaluj: https://support.microsoft.com/pl-pl/kb/2545227

    W menadzerze urzadzen usun wszystkie:
    6TO4 Adapter
    Karta Microsoft 6to4
    isatap*

    Tutaj masz opis jak usunac szybciej wszystkie 6to4, bo widze, ze masz ich cala mase:
    https://www.elektroda.pl/rtvforum/viewtopic.php?p=15237104#15237104
    To samo mozna zrobic z isatap:
    Devcon.exe remove *ISATAP

    Nie pobieraj programow przy pomocy menadzera pobierania z dobrychprogramow.
    Ich menadzer instaluje szkodliwe oprogramowanie. Pobieraj tylko z bezposrednich linkow.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-318024780-2524173344-2616118907-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> Brak ścieżki do pliku
    Task: {909F5248-658D-4255-AB56-5A52C0E56DD3} - System32\Tasks\Opera scheduled Autoupdate 1455901321 => C:\Program Files\Opera\launcher.exe [2016-02-22] (Opera Software)




    Task: {D2FC487F-9E86-4FD2-AFC5-90004D966C1C} - System32\Tasks\Builder Buzz => Rundll32.exe "C:\Users\Murawska Małgorzata\AppData\Local\Builder Buzz\xBin\BuilderBuzz.dll",#3 <==== UWAGA
    Task: {F0C6D930-911E-47FB-9D6D-57EC6B490C04} - System32\Tasks\Murawska MałgorzataBaldachinGravyV2 => Rundll32.exe SpirantEmptor.dll,main 7 1 <==== UWAGA
    Task: {F4C86119-5B0E-46A7-BD51-C37B4901E6C0} - System32\Tasks\Opera N Sunday => C:\Program Files\Opera\launcher.exe [2016-02-22] (Opera Software)
    Task: C:\Windows\Tasks\hG70yThRUPXagD7mzbedq.job => C:\Users\Murawska Ma�gorzata\AppData\Roaming\hG70yThRUPXagD7mzbedq.exe <==== UWAGA
    Task: C:\Windows\Tasks\nSvvD0ItXDrb5hB7W4Z3h6LX6.job => C:\Users\Murawska Ma�gorzata\AppData\Roaming\nSvvD0ItXDrb5hB7W4Z3h6LX6.exe <==== UWAGA
    Task: C:\Windows\Tasks\roX2ZLUfqYTJeZbFYj5TImWg7.job => C:\Users\Murawska Ma�gorzata\AppData\Roaming\roX2ZLUfqYTJeZbFYj5TImWg7.exe <==== UWAGA
    Task: C:\Windows\Tasks\U5n4DL6KPYPFbjncB.job => C:\Users\Murawska Ma�gorzata\AppData\Roaming\U5n4DL6KPYPFbjncB.exe <==== UWAGA
    HKU\S-1-5-21-318024780-2524173344-2616118907-1000\...\MountPoints2: G - G:\AutoRun.exe
    HKU\S-1-5-21-318024780-2524173344-2616118907-1000\...\MountPoints2: {0d7233c0-ef4f-11e4-b258-00a0c6000000} - I:\LGAutoRun.exe
    HKU\S-1-5-21-318024780-2524173344-2616118907-1000\...\MountPoints2: {6851a458-b135-11e5-a7b2-0023ae2d68c3} - G:\AutoRun.exe
    HKU\S-1-5-21-318024780-2524173344-2616118907-1000\...\MountPoints2: {b1991fd8-ecfe-11e4-bd0d-00a0c6000000} - J:\SETUP.EXE
    HKU\S-1-5-21-318024780-2524173344-2616118907-1000\...\MountPoints2: {c9aeb322-eceb-11e4-8d4d-0023ae2d68c3} - G:\AutoRun.exe
    HKU\S-1-5-21-318024780-2524173344-2616118907-1000\...\MountPoints2: {c9aeb489-eceb-11e4-8d4d-00a0c6000000} - G:\AutoRun.exe
    HKU\S-1-5-21-318024780-2524173344-2616118907-1000\...\MountPoints2: {ec64aa45-0ad5-11e5-8843-00a0c6000000} - G:\AutoRun.exe
    Startup: C:\Users\Murawska Małgorzata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Polaris Office Sync.lnk [2015-05-20]
    ShortcutTarget: Polaris Office Sync.lnk -> C:\Users\Murawska (Brak pliku)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\!35E8AC648EF729B1960E632E33687B4135E8.js [2015-10-14] <==== UWAGA
    FF ExtraCheck: C:\Program Files\mozilla firefox\35E8AC648EF729B1960E632E33687B4135E8 [2015-10-14] <==== UWAGA
    R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
    2016-03-01 14:12 - 2016-03-01 14:12 - 01722368 _____ (Farbar) C:\Users\Murawska Małgorzata\Downloads\FRST (2).exe
    2016-03-01 14:12 - 2016-03-01 14:12 - 01722368 _____ (Farbar) C:\Users\Murawska Małgorzata\Downloads\FRST (1).exe
    2016-02-20 16:42 - 2016-02-20 16:42 - 00954357 _____ ( ) C:\Users\Murawska Małgorzata\Downloads\HD-Tune-12177-dp.exe
    2016-02-13 20:47 - 2015-05-12 18:46 - 00000000 ____D C:\AdwCleaner
    2015-04-14 17:28 - 2015-04-14 17:28 - 0001171 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\hG70yThRUPXagD7mzbedq
    2015-04-20 15:05 - 2015-04-20 15:05 - 1246720 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\hG70yThRUPXagD7mzbedq.exe
    2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\nSvvD0ItXDrb5hB7W4Z3h6LX6
    2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\nSvvD0ItXDrb5hB7W4Z3h6LX6.exe
    2015-04-14 17:28 - 2015-04-14 17:28 - 0001171 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\roX2ZLUfqYTJeZbFYj5TImWg7
    2015-04-20 15:05 - 2015-04-20 15:05 - 1246720 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\roX2ZLUfqYTJeZbFYj5TImWg7.exe
    2015-04-14 17:28 - 2015-04-14 17:28 - 0001171 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\U5n4DL6KPYPFbjncB
    2015-04-20 15:05 - 2015-04-20 15:05 - 1246720 _____ () C:\Users\Murawska Małgorzata\AppData\Roaming\U5n4DL6KPYPFbjncB.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/


    PS. Po co usunelas naglowki logow?

    0