Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

PC Win7 - Robal made in china

jacek202 09 Mar 2016 17:39 507 2
  • #1 09 Mar 2016 17:39
    jacek202
    Poziom 5  

    Mam problem z robalem
    Przeskanowałem komputer i usunąłem co znalazły programy:
    Dr.Web CureIt!
    AdwCleaner
    Malwarebytes Anti-Malware
    Na koniec FRST i oto logi

    Proszę o przygotowanie skryptu

    1 2
  • CControls
  • #2 09 Mar 2016 18:08
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {6D045D0B-C394-4A0D-AA7D-C64B2A099C06} - System32\Tasks\Niaho => C:\PROGRA~1\GROOVE~1\Volto.bat
    Task: {B36631DA-ED69-4BF4-B34A-BC8324397B70} - System32\Tasks\{100C43B0-0479-4CDD-98F7-B21473043FD7} => pcalua.exe -a C:\Users\Szymczak-PC\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cornl
    Task: {EF7C2D39-0212-45EA-A51F-3D94FBC5D077} - System32\Tasks\Opera scheduled Autoupdate 1432543132 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-01] (Opera Software)
    HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe" /regrun
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Brak pliku
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-2085796415-3820950208-1975813225-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-2085796415-3820950208-1975813225-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF NewTab: hxxp://www-searching.com/?site=shyosffdefault...obl9465,0826c217-790e-4b0b-98d3-e37c03325c4f,,
    FF DefaultSearchEngine: Search Module
    FF SelectedSearchEngine: istartsurf
    FF Homepage: hxxp://www-searching.com/?site=shyosffdefault...obl9465,0826c217-790e-4b0b-98d3-e37c03325c4f,,
    FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc...mp;type=bl-bfr-is__alt__ddc_dss_bd_com&p={searchTerms}




    FF SearchPlugin: C:\Users\Szymczak-PC\AppData\Roaming\Mozilla\Firefox\Profiles\haogef1p.default\searchplugins\nice-.xml [2016-03-09]
    CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G39zamo...b-98d3-e37c03325c4f,&vp=ch&prd=set_ch
    CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G39zamobl9465,0826c217-790e-4b0b-98d3-e37c03325c4f,&vp=ch&prd=set_ch"

    CHR DefaultSearchURL: Default -> hxxp://mysites123.com/web?type=ds&ts=1457...=amt&uid=395049983_397234_ccdca888&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> mysites123
    S2 Byxihh; Brak ImagePath
    S2 gprotect; "C:\ProgramData\Google\update\GoogleUpdate.exe" [X]
    S2 Teiswicto; Brak ImagePath
    S2 WMModules; "C:\ProgramData\Google\update\GoogleUpdate.exe" /2 [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S1 ESEADriver2; \??\C:\Users\SZYMCZ~1\AppData\Local\Temp\ESEADriver2.sys [X]
    R1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    S1 SRepairDrv; \??\C:\Windows\GJFix\SRepairDrv [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2016-03-09 15:27 - 2016-03-09 15:27 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-03-09 13:37 - 2016-03-09 14:29 - 00000000 ____D C:\Users\Szymczak-PC\Doctor Web
    2016-03-09 12:29 - 2016-03-09 12:29 - 00003348 _____ C:\Windows\System32\Tasks\Niaho
    2016-03-09 12:28 - 2016-03-09 16:23 - 00000000 ____D C:\Users\Szymczak-PC\AppData\Roaming\Niuucd
    2016-03-09 12:28 - 2016-03-09 16:23 - 00000000 ____D C:\Users\Szymczak-PC\AppData\LocalLow\Company
    2016-03-09 12:28 - 2016-03-09 16:23 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-03-09 12:28 - 2016-03-09 12:43 - 00000000 ____D C:\Users\Szymczak-PC\AppData\Roaming\PowtJuhdey
    2016-03-09 12:28 - 2016-03-09 12:28 - 00000000 ____D C:\Users\Szymczak-PC\AppData\Local\Tempfolder
    2016-03-09 12:28 - 2016-03-09 12:28 - 00000000 ____D C:\uninst
    2016-03-09 12:22 - 2016-03-09 12:21 - 00087864 ____N (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-03-09 12:20 - 2016-03-09 15:26 - 00000000 ____D C:\Users\Szymczak-PC\AppData\Roaming\Tencent
    2016-03-08 12:46 - 2016-03-08 12:47 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Szymczak-PC\Downloads\SpyHunter-Installer.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 01 Lis 2016 10:32
    jacek202
    Poziom 5  

    Podany skrypt zadziałał.
    System śmiga elegancko.
    Dziękuję Acorus 20.

    0