Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

brak uprawnień administratora / nie działa hamachi / niemoc odblokowania portów

ProFarT 20 Mar 2016 13:26 720 5
  • #1 20 Mar 2016 13:26
    ProFarT
    Poziom 7  

    Witam,

    Od pewnego czasu zaobserwowałem dziwne rzeczy związane z moim PC.

    a)Wydaje mi się, że nie mam pełnych praw administratora na komputerze. Wprawdzie mogę używać tej funkcji zazwyczaj, ale na przykład, gdy chcę edytować ustawienia Zapory - opcja jest nieaktywna.

    b)Nie mogę zainstalować Hamachi (nie może połączyć się z silnikiem hosta), przy próbie reinstalacji wyskakuje błąd, który informuje o braku klucza

    c)Nie mogę odblokować portów. Wszystko w routerze wpisane, ip dodane, port także - a i tak jest on zablokowany.

    d)* Miałem również problemy z Chrome'm - nie mogłem ustawić go jako domyślną przeglądarkę, żaden link 'kliknięty' nie odtwarzał się. Jednak problem ustąpił po przeskanowaniu Dr.Web'em.

    Dodaję logi z FRST, gdyby ktoś w wolnym czasie mógłby je przejrzeć - byłbym bardzo wdzięczny.

    Pozdrawiam, ProFarT

    0 5
  • CControls
  • Pomocny post
    #2 20 Mar 2016 13:48
    krzychupar
    Poziom 40  

    Odinstaluj:
    Gameo (HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\Gameo) (Version: 0.14.1 - IronSource Ltd.) <==== ATTENTION!

    Otwórz notatnik systemowy i wklej:
    Task: {2998FB34-336E-4552-B524-22F36D5DBE5E} - \ShopperPro No Task File <==== ATTENTION
    Task: {42F71E8C-147C-46E2-8706-4AF5B31F1DE3} - System32\Tasks\Opera scheduled Autoupdate 1385823219 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-14] (Opera Software)
    Task: {49B8286D-FEB5-4D6E-B1E4-80F5F40A4E41} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2415\jsdrv.exe <==== ATTENTION
    Task: {B21D51F6-8275-4BCC-96B8-E2079648A52A} - System32\Tasks\{39749FE6-91C0-4854-BC98-E363440EE08B} => pcalua.exe -a C:\Users\user\Downloads\pbsetup\pbsetup.exe -d C:\Users\user\Downloads\pbsetup
    Task: {BB673775-9915-42DE-8D4A-75331666EA20} - System32\Tasks\AmiUpdXp => C:\Users\user\AppData\Local\23538\Updater.exe <==== ATTENTION
    Task: {FFF77301-BFC7-44C2-BFB2-8E2757636102} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
    Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\user\AppData\Local\23538\Updater.exe <==== ATTENTION
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\MountPoints2: {212f32cf-86f9-11e5-a401-bc5ff4a20058} - H:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\MountPoints2: {2a287ffa-dc6c-11e5-8850-bc5ff4a20058} - H:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\MountPoints2: {2cc9cb11-14c2-11e3-bab4-806e6f6e6963} - E:\ASRSetup.exe
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\MountPoints2: {890e4cba-193a-11e3-8079-bc5ff4a20058} - F:\thpsk3.exe
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\MountPoints2: {ce1199a3-30d2-11e3-906e-bc5ff4a20058} - G:\setup.exe
    AppInit_DLLs-x32: C:\Users\user\AppData\Local\DProtect\eBP.dll => "C:\Users\user\AppData\Local\DProtect\eBP.dll" File Not Found
    AppInit_DLLs-x32: ,C:\Users\user\AppData\Local\DProtect\eBPSD.dll => "C:\Users\user\AppData\Local\DProtect\eBPSD.dll" File Not Found
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617910...amp;GUID=00000000-0000-0000-0000-000000000000
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617910...amp;GUID=00000000-0000-0000-0000-000000000000
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&ts=...XWD10EZRX-00L4HB0_WD-WMC4J004192241922&q={searchTerms}




    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&ts=...XWD10EZRX-00L4HB0_WD-WMC4J004192241922&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=1449...uid=WDCXWD10EZRX-00L4HB0_WD-WMC4J004192241922
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=1449...uid=WDCXWD10EZRX-00L4HB0_WD-WMC4J004192241922
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&ts=...XWD10EZRX-00L4HB0_WD-WMC4J004192241922&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&ts=...XWD10EZRX-00L4HB0_WD-WMC4J004192241922&q={searchTerms}
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%...JQavbeK9Wy73PRPq0iMIcyr4soUWcwKZIjxXwHXze1Qh9
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=1449...uid=WDCXWD10EZRX-00L4HB0_WD-WMC4J004192241922
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursites123.com/web/?type=ds&...XWD10EZRX-00L4HB0_WD-WMC4J004192241922&q={searchTerms}
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2056360871-1730695740-3980796417-1000 -> DefaultScope {ielnksrch} URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2056360871-1730695740-3980796417-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-2056360871-1730695740-3980796417-1000 -> {ielnksrch} URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    FF NewTab: C:\ProgramData\Quotenamrons\ff.NT
    FF DefaultSearchEngine: yoursites123
    FF SelectedSearchEngine: yoursites123
    FF Homepage: C:\ProgramData\Quotenamrons\ff.HP
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kegdldmohomdaelnepdpbkdhfemobdgl] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - https://clients2.google.com/service/update2/crx
    StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe http://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZRX-00L4HB0_WD-WMC4J004192241922
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [682240 2016-02-16] (Winzipper Pvt Ltd.) <==== ATTENTION
    S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
    S2 WSModules; C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe [X]
    S3 gkernel; \??\C:\Users\user\AppData\Local\Temp\gkernel.sys [X]
    S1 ppfd_vt_1_10_0_22; system32\drivers\ppfd_vt_1_10_0_22.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2016-03-20 13:14 - 2016-03-20 13:14 - 06493696 _____ () C:\Users\user\AppData\Roaming\agent.dat
    2016-03-20 13:14 - 2016-03-20 13:14 - 01622056 _____ () C:\Users\user\AppData\Roaming\Indigoit.tst
    2016-03-20 13:14 - 2016-03-20 13:14 - 00774144 _____ () C:\Users\user\AppData\Roaming\Indigoit.exe
    2016-03-20 13:14 - 2016-03-20 13:14 - 00400445 _____ () C:\Users\user\AppData\Roaming\FreshString.bin
    2016-03-20 13:14 - 2016-03-20 13:14 - 00127488 _____ () C:\Users\user\AppData\Roaming\Installer.dat
    2016-03-20 13:14 - 2016-03-20 13:14 - 00126464 _____ () C:\Users\user\AppData\Roaming\noah.dat
    2016-03-20 13:14 - 2016-03-20 13:14 - 00065232 _____ () C:\Users\user\AppData\Roaming\Config.xml
    2016-03-20 13:14 - 2016-03-20 13:14 - 00018432 _____ () C:\Users\user\AppData\Roaming\Main.dat
    2016-03-20 13:14 - 2016-03-20 13:14 - 00014256 _____ () C:\Users\user\AppData\Roaming\InstallationConfiguration.xml
    2016-03-20 13:14 - 2016-03-20 13:14 - 00005568 _____ () C:\Users\user\AppData\Roaming\md.xml
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • Pomocny post
    #3 20 Mar 2016 14:04
    Acorus 20
    Spec od komputerów

    Odinstaluj Gameo, WinZip. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {2998FB34-336E-4552-B524-22F36D5DBE5E} - \ShopperPro No Task File <==== ATTENTION
    Task: {3744968B-2E1F-44F5-ABC6-890EFA619B44} - System32\Tasks\crxbroBrowserUpdateUA => C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe
    Task: {3BA6F0E5-F030-4346-94C5-B404CA127E58} - System32\Tasks\crxbroBrowserUpdateCore => C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe
    Task: {42F71E8C-147C-46E2-8706-4AF5B31F1DE3} - System32\Tasks\Opera scheduled Autoupdate 1385823219 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-14] (Opera Software)
    Task: {437398F9-9783-4D43-A9C3-8E7775C4D78F} - System32\Tasks\crxbroCheckTask => C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe
    Task: {49B8286D-FEB5-4D6E-B1E4-80F5F40A4E41} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2415\jsdrv.exe <==== ATTENTION
    Task: {A0F537CE-B27A-4FB5-B757-FCB716AB4C09} - System32\Tasks\SPBIW_UpdateTask_Time_323638393539343437322d5b5b4a346c4123452a5a556c => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
    Task: {BB673775-9915-42DE-8D4A-75331666EA20} - System32\Tasks\AmiUpdXp => C:\Users\user\AppData\Local\23538\Updater.exe <==== ATTENTION
    Task: {FFF77301-BFC7-44C2-BFB2-8E2757636102} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
    Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\user\AppData\Local\23538\Updater.exe <==== ATTENTION
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\Run: [Gameo] => C:\Users\user\AppData\Roaming\Gameo\gameo.exe [42482176 2015-07-04] ()
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\MountPoints2: {212f32cf-86f9-11e5-a401-bc5ff4a20058} - H:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\MountPoints2: {2a287ffa-dc6c-11e5-8850-bc5ff4a20058} - H:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\MountPoints2: {2cc9cb11-14c2-11e3-bab4-806e6f6e6963} - E:\ASRSetup.exe
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\MountPoints2: {890e4cba-193a-11e3-8079-bc5ff4a20058} - F:\thpsk3.exe
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\...\MountPoints2: {ce1199a3-30d2-11e3-906e-bc5ff4a20058} - G:\setup.exe
    AppInit_DLLs-x32: C:\Users\user\AppData\Local\DProtect\eBP.dll => "C:\Users\user\AppData\Local\DProtect\eBP.dll" File Not Found
    AppInit_DLLs-x32: ,C:\Users\user\AppData\Local\DProtect\eBPSD.dll => "C:\Users\user\AppData\Local\DProtect\eBPSD.dll" File Not Found
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&ts=...XWD10EZRX-00L4HB0_WD-WMC4J004192241922&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&ts=...XWD10EZRX-00L4HB0_WD-WMC4J004192241922&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=1449...uid=WDCXWD10EZRX-00L4HB0_WD-WMC4J004192241922
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=1449...uid=WDCXWD10EZRX-00L4HB0_WD-WMC4J004192241922
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&ts=...XWD10EZRX-00L4HB0_WD-WMC4J004192241922&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&ts=...XWD10EZRX-00L4HB0_WD-WMC4J004192241922&q={searchTerms}
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%...JQavbeK9Wy73PRPq0iMIcyr4soUWcwKZIjxXwHXze1Qh9
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=1449...uid=WDCXWD10EZRX-00L4HB0_WD-WMC4J004192241922
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursites123.com/web/?type=ds&...XWD10EZRX-00L4HB0_WD-WMC4J004192241922&q={searchTerms}
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2056360871-1730695740-3980796417-1000 -> DefaultScope {ielnksrch} URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2056360871-1730695740-3980796417-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-2056360871-1730695740-3980796417-1000 -> {ielnksrch} URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...97ZWTnSq4V4ULOyVMRi9IzU9Cm-6wPdhIwl0TK&q={searchTerms}
    FF NewTab: C:\ProgramData\Quotenamrons\ff.NT
    FF DefaultSearchEngine: yoursites123
    FF SelectedSearchEngine: yoursites123
    FF Homepage: C:\ProgramData\Quotenamrons\ff.HP
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\75w2l3ik.default-1431510998307\searchplugins\delta-homes.xml [2015-12-01]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\75w2l3ik.default-1431510998307\searchplugins\findit.xml [2016-03-20]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\75w2l3ik.default-1431510998307\searchplugins\omniboxes.xml [2015-12-06]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\75w2l3ik.default-1431510998307\searchplugins\yoursites123.xml [2015-12-24]
    FF Extension: Default NewTab - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\75w2l3ik.default-1431510998307\Extensions\default_newtabff@gmail.com [2015-12-24]
    FF Extension: YahooToolsProtected - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\75w2l3ik.default-1431510998307\Extensions\yahooprotected@gmail.com.xpi [2015-11-24]
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\75w2l3ik.default-1431510998307\extensions\default_newtabff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\75w2l3ik.default-1431510998307\extensions\yahooprotected@gmail.com
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2056360871-1730695740-3980796417-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kegdldmohomdaelnepdpbkdhfemobdgl] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - https://clients2.google.com/service/update2/crx
    StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe http://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZRX-00L4HB0_WD-WMC4J004192241922
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [682240 2016-02-16] (Winzipper Pvt Ltd.) <==== ATTENTION
    S2 WSModules; C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe [X]
    S3 gkernel; \??\C:\Users\user\AppData\Local\Temp\gkernel.sys [X]
    S1 ppfd_vt_1_10_0_22; system32\drivers\ppfd_vt_1_10_0_22.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2016-03-20 13:14 - 2016-03-20 13:15 - 00000000 ____D () C:\Users\user\AppData\Local\Gameo
    2016-03-20 13:14 - 2016-03-20 13:15 - 00000000 ____D () C:\ProgramData\Quotenamron
    2016-03-20 13:14 - 2016-03-20 13:14 - 06493696 _____ () C:\Users\user\AppData\Roaming\agent.dat
    2016-03-20 13:14 - 2016-03-20 13:14 - 01622056 _____ () C:\Users\user\AppData\Roaming\Indigoit.tst
    2016-03-20 13:14 - 2016-03-20 13:14 - 00774144 _____ () C:\Users\user\AppData\Roaming\Indigoit.exe
    2016-03-20 13:14 - 2016-03-20 13:14 - 00400445 _____ () C:\Users\user\AppData\Roaming\FreshString.bin
    2016-03-20 13:14 - 2016-03-20 13:14 - 00127488 _____ () C:\Users\user\AppData\Roaming\Installer.dat
    2016-03-20 13:14 - 2016-03-20 13:14 - 00126464 _____ () C:\Users\user\AppData\Roaming\noah.dat
    2016-03-20 13:14 - 2016-03-20 13:14 - 00065232 _____ () C:\Users\user\AppData\Roaming\Config.xml
    2016-03-20 13:14 - 2016-03-20 13:14 - 00018432 _____ () C:\Users\user\AppData\Roaming\Main.dat
    2016-03-20 13:14 - 2016-03-20 13:14 - 00014256 _____ () C:\Users\user\AppData\Roaming\InstallationConfiguration.xml
    2016-03-20 13:14 - 2016-03-20 13:14 - 00005568 _____ () C:\Users\user\AppData\Roaming\md.xml
    2016-03-20 13:14 - 2016-03-20 13:14 - 00002397 _____ () C:\Windows\SysWOW64\findit.xml
    2016-03-20 13:14 - 2016-03-20 13:14 - 00001892 _____ () C:\Users\user\Desktop\Play Sparta - War of empires.lnk
    2016-03-20 13:14 - 2016-03-20 13:14 - 00001742 _____ () C:\Users\user\Desktop\Gameo.lnk
    2016-03-20 13:14 - 2016-03-20 13:14 - 00001728 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
    2016-03-20 13:14 - 2016-03-20 13:14 - 00000172 _____ () C:\Users\user\Desktop\Play Games Online.url
    2016-03-20 13:14 - 2016-03-20 13:14 - 00000172 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
    2016-03-20 13:14 - 2016-03-20 13:14 - 00000000 ___HD () C:\Users\user\AppData\Roaming\GoldenGate
    2016-03-20 13:14 - 2016-03-20 13:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
    2016-03-20 13:14 - 2016-03-20 13:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Gameo
    2016-03-20 13:14 - 2016-03-20 13:14 - 00000000 ____D () C:\ProgramData\Quotenamrons
    2016-03-20 12:42 - 2016-03-20 12:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\EurekaLog
    2016-03-06 15:15 - 2016-03-06 15:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\WinZiper
    2016-03-06 15:15 - 2015-11-04 11:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\eCyber
    2015-09-02 19:48 - 2015-09-02 19:48 - 0613255 _____ (CMI Limited) C:\Users\user\AppData\Local\nsn27C8.tmp
    2015-09-02 21:11 - 2015-09-02 21:11 - 0613255 _____ (CMI Limited) C:\Users\user\AppData\Local\nsu54A6.tmp
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • Pomocny post
    #5 21 Mar 2016 11:36
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2000-01-01] (Realtek Semiconductor)
    AppInit_DLLs-x32: C:\Users\user\AppData\Local\DProtect\eBP.dll => Brak pliku
    AppInit_DLLs-x32: ,C:\Users\user\AppData\Local\DProtect\eBPSD.dll => Brak pliku
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR DefaultSearchURL: Default -> hxxp://feed.safefinder.biz/?fext=true&st=ed&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> SafeFinder
    S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
    S3 gkernel; \??\C:\Users\user\AppData\Local\Temp\gkernel.sys [X]
    2016-03-21 11:08 - 2016-03-21 11:10 - 00000000 ____D C:\AdwCleaner
    2016-03-21 11:14 - 2015-05-07 10:06 - 00000000 ____D C:\Users\user\Downloads\FRST-OlderVersion
    2016-03-20 13:56 - 2013-09-29 18:43 - 00000000 ____D C:\Users\user\Doctor Web
    2016-03-20 13:15 - 2016-03-20 13:15 - 0032038 _____ () C:\Users\user\AppData\Roaming\uninstall_temp.ico


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #6 21 Mar 2016 12:15
    ProFarT
    Poziom 7  

    Dziękuję za pomoc :)

    0