Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Laptop acer - zaśmiecony dysk twardy

wanio18 14 Kwi 2016 17:57 498 1
  • Pomocny post
    #2 14 Kwi 2016 18:21
    Acorus 20
    Spec od komputerów

    Odinstaluj qksee, SpyHunter 4. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {0883804F-36A1-40EB-85CE-8B3AB3B634B0} - System32\Tasks\{EDB0EE6C-8F2C-49AB-8713-4931CBC3CB9C} => pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
    Task: {25CF41E8-B1A6-441B-A2C1-45CDDFF62E3C} - System32\Tasks\LuckyBrowse => C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe <==== UWAGA
    Task: {2EDD2319-BB38-4409-869C-6BE102450BBE} - System32\Tasks\WinTsks => C:\Program Files (x86)\WinTsks\WinTsks\WinTsks.exe [2016-04-09] ()
    Task: {5B86025B-323D-45F3-AB0C-F6B66A866AED} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\662810314F56B41A12B367A10AAF542A\Update\BrowserUpdate.exe [2016-04-08] (Tencent)
    ShortcutWithArgument: C:\Users\PEPE\Desktop\Piotr - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    ShortcutWithArgument: C:\Users\PEPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    ShortcutWithArgument: C:\Users\PEPE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    Hosts:
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\Run: [aiko] => C:\Users\PEPE\AppData\Roaming\SexGameDevil\aiko.exe [85504 2013-09-18] ()
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\PEPE\AppData\Local\Temp\mdi064.dll,quardin <===== UWAGA
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\Run: [C10B33] => C:\Users\PEPE\AppData\Roaming\C10B33\317258.exe [227328 2016-03-05] ()




    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {2b4c22a5-dbe7-11e5-bed7-a4db30723af2} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {2b4c232a-dbe7-11e5-bed7-a4db30723af2} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {32e376ed-f676-11e5-bef4-a4db30723af2} - "D:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {64701b3b-391a-11e4-be82-201a066efcde} - "F:\SPE4.part1.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {98241df9-e92c-11e5-bee9-a4db30723af2} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {cddcbc3d-dccb-11e5-bedb-a4db30723af2} - "E:\AutoRun.exe"
    AutoConfigURL: [S-1-5-21-1931349674-2083586476-2277994081-1001] => hxxp://un-stop.net/wpad.dat?1593641aee7bc37f5c1cded1f155357d7699021
    ManualProxies: 0hxxp://un-stop.net/wpad.dat?1593641aee7bc37f5c1cded1f155357d7699021
    URLSearchHook: [S-1-5-21-1931349674-2083586476-2277994081-1001] UWAGA => Brak domyślnego URLSearchHook
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-1931349674-2083586476-2277994081-1001 -> DefaultScope {00AA70FC-9F34-42A8-BD5E-65403D57A56A} URL =
    BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL => Brak pliku
    FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0...BBAEURwIFIk0FA18DB0VXfWFoKB8fHHZCM1FzCE0FRFs=
    FF Extension: Quick Searcher - C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-12] [Brak podpisu cyfrowego]
    FF Extension: Cash Kitten - C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\xukvaz9a.default\Extensions\{4bae00ce-0e8d-4bc3-9705-dbce6e6f426e}.xpi [2016-03-15] [Brak podpisu cyfrowego]
    FF Extension: Quick Searcher - C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\xukvaz9a.default\Extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-12] [Brak podpisu cyfrowego]
    CHR Extension: (Quick Searcher) - C:\Users\PEPE\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ecnphlgnajanjnkcmbpancdjoidceilk [2016-04-12]
    S2 BugreportW; C:\Program Files (x86)\SpeedSearchesbnd\Bugreportauclt.exe [1622648 2016-04-09] ()
    R2 IhPul; C:\Users\PEPE\AppData\Roaming\TSv\TSvr.exe [359680 2016-04-13] (tsvr.com)
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [705688 2016-04-13] (Winzipper Pvt Ltd.) <==== UWAGA
    S4 ClickToRunSvc; "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [X]
    S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2016-04-14 07:44 - 2016-04-14 07:44 - 00001739 _____ C:\Users\Public\Desktop\qksee.lnk
    2016-04-14 07:44 - 2016-04-14 07:44 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\qksee
    2016-04-14 07:44 - 2016-04-14 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    2016-04-14 07:44 - 2016-04-14 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
    2016-04-14 07:44 - 2016-04-14 07:44 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-04-14 07:44 - 2016-04-14 07:44 - 00000000 ____D C:\Program Files (x86)\qksee
    2016-04-14 07:43 - 2016-04-14 07:43 - 00015030 _____ C:\Windows\System32\Tasks\Browser Updater Task(Core)
    2016-04-14 07:43 - 2016-04-14 07:43 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\WinZiper
    2016-04-14 07:43 - 2016-04-14 07:43 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\TSv
    2016-04-14 07:43 - 2016-04-14 07:43 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\eCyber
    2016-04-14 07:43 - 2016-04-14 07:43 - 00000000 ____D C:\ProgramData\FwinpF
    2016-04-14 07:43 - 2016-04-14 07:43 - 00000000 ____D C:\Program Files (x86)\QQBrowser
    2016-04-12 08:42 - 2016-04-14 07:43 - 00000000 ____D C:\Program Files (x86)\SpeedSearchesbnd
    2016-04-12 08:42 - 2016-04-12 08:42 - 01308672 _____ C:\Windows\csrss.exe
    2016-04-12 08:42 - 2016-04-12 08:42 - 00963232 _____ (Microsoft Corporation) C:\Windows\msvcr120.dll
    2016-04-12 08:42 - 2016-04-12 08:42 - 00177152 _____ C:\Windows\svchost.exe
    2016-04-12 08:42 - 2016-04-12 08:42 - 00114151 _____ C:\Users\PEPE\Downloads\Niepotwierdzony 816176.crdownload
    2016-04-12 08:42 - 2016-04-12 08:42 - 00082944 _____ (Open Source Software community LGPL) C:\Windows\pthreadVC2.dll
    2016-04-12 08:42 - 2016-04-12 08:42 - 00073216 _____ C:\Windows\taskmgr.exe
    2016-04-12 08:42 - 2016-04-12 08:42 - 00028819 _____ C:\Windows\decred.cl
    2016-04-12 08:42 - 2016-04-12 08:42 - 00015126 _____ C:\Windows\System32\Tasks\WinTsks
    2016-04-12 08:42 - 2016-04-12 08:42 - 00000000 ____D C:\Windows\Azart
    2016-04-12 08:42 - 2016-04-12 08:42 - 00000000 ____D C:\Users\Public\Documents\dmp
    2016-04-12 08:42 - 2016-04-12 08:42 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\FreeVPN
    2016-04-12 08:42 - 2016-04-12 08:42 - 00000000 ____D C:\Program Files (x86)\WinTsks
    2016-04-12 08:42 - 2016-04-12 08:42 - 00000000 ____D C:\Program Files (x86)\WinSvces
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pokaż nowy raport z FRST bez Addition i Shortcut.

    0