Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Logi z FRST - Przy starcie systemu wyskakuje mi bład c:\Windows\run.vbs

bono2209 28 Kwi 2016 15:52 579 7
  • Pomocny post
    #2 28 Kwi 2016 16:14
    krzychupar
    Poziom 41  

    Otwórz notatnik i wklej:
    ShortcutWithArgument: C:\Users\mateusz&paulina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    Hosts:
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKU\S-1-5-21-3292437466-3938719106-4144794845-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}
    HKU\S-1-5-21-3292437466-3938719106-4144794845-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...BliviGa-r9Fye7xmicx0za9HfBr7d7Uiotb4n8uvlwQ,,,,
    HKU\S-1-5-21-3292437466-3938719106-4144794845-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}
    HKU\S-1-5-21-3292437466-3938719106-4144794845-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}




    SearchScopes: HKU\S-1-5-21-3292437466-3938719106-4144794845-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3292437466-3938719106-4144794845-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}
    S2 Vewhyamg; "C:\Users\mateusz&paulina\AppData\Roaming\QedyiGesa\Paglag.exe" -cms [X]
    2016-04-28 15:36 - 2016-04-28 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-04-28 15:21 - 2016-04-28 15:21 - 00000418 __RSH C:\ProgramData\ntuser.pol
    2016-04-28 14:12 - 2016-04-28 15:36 - 00001798 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-04-28 11:34 - 2016-04-28 14:12 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-04-28 11:34 - 2016-04-28 11:34 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-04-28 11:25 - 2016-04-28 11:25 - 00000000 ____D C:\uninst
    2016-04-28 10:50 - 2016-04-28 10:50 - 06494208 _____ C:\Users\mateusz&paulina\AppData\Roaming\agent.dat
    2016-04-28 10:50 - 2016-04-28 10:50 - 01626777 _____ C:\Users\mateusz&paulina\AppData\Roaming\Zonin.tst
    2016-04-28 10:50 - 2016-04-28 10:50 - 00126464 _____ C:\Users\mateusz&paulina\AppData\Roaming\noah.dat
    2016-04-28 10:50 - 2016-04-28 10:50 - 00126464 _____ C:\Users\mateusz&paulina\AppData\Roaming\lobby.dat
    2016-04-28 10:50 - 2016-04-28 10:50 - 00072717 _____ C:\Users\mateusz&paulina\AppData\Roaming\Freshex.tst
    2016-04-28 10:50 - 2016-04-28 10:50 - 00065568 _____ C:\Users\mateusz&paulina\AppData\Roaming\Config.xml
    2016-04-28 10:50 - 2016-04-28 10:50 - 00054272 _____ C:\Users\mateusz&paulina\AppData\Roaming\ApplicationHosting.dat
    2016-04-28 10:50 - 2016-04-28 10:50 - 00018432 _____ C:\Users\mateusz&paulina\AppData\Roaming\Main.dat
    2016-04-28 10:50 - 2016-04-28 10:50 - 00005568 _____ C:\Users\mateusz&paulina\AppData\Roaming\md.xml
    2016-04-28 10:50 - 2016-04-28 10:50 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
    2016-04-28 10:50 - 2016-04-28 10:50 - 00000000 ____D C:\Users\mateusz&paulina\AppData\Roaming\Mozilla
    2016-04-28 10:50 - 2016-04-28 10:50 - 00000000 ____D C:\ProgramData\Quoteexs
    2016-04-28 10:50 - 2016-04-28 10:50 - 00000000 ____D C:\ProgramData\CloudPrinter
    2016-04-28 10:50 - 2016-04-28 10:49 - 00934400 _____ C:\Users\mateusz&paulina\AppData\Roaming\Zonin.exe
    2016-04-28 10:50 - 2016-04-28 10:49 - 00934400 _____ C:\Users\mateusz&paulina\AppData\Roaming\Freshex.exe
    2016-04-28 10:49 - 2016-04-28 10:49 - 00848437 _____ C:\Users\mateusz&paulina\AppData\Roaming\U-lab.bin
    2016-04-28 10:49 - 2016-04-28 10:49 - 00127488 _____ C:\Users\mateusz&paulina\AppData\Roaming\Installer.dat
    2016-04-28 10:49 - 2016-04-28 10:49 - 00015840 _____ C:\Users\mateusz&paulina\AppData\Roaming\InstallationConfiguration.xml
    2016-04-28 10:48 - 2016-04-28 10:48 - 00735232 _____ C:\Users\mateusz&paulina\Downloads\Crack Setup.exe.iso
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #3 28 Kwi 2016 16:19
    Acorus 20
    Spec od komputerów

    Wejdz do katalogu C:\Program Files (x86)\MPC Cleaner\ i uruchom uninstall.exe z prawami administratora.
    Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    ShortcutWithArgument: C:\Users\mateusz&paulina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    Hosts:
    HKLM\...\Run: [cpuminer] => C:\Users\mateusz&paulina\AppData\Roaming\cpuminer\cpm.exe [1417216 2016-03-31] ()
    HKLM\...\Run: [WINCOMSVL] => "C:\Program Files (x86)\mobilepcstarterkit\wincom_SVL.exe"
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
    HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe [344155 2016-04-27] ()
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKU\S-1-5-21-3292437466-3938719106-4144794845-1001\...\RunOnce: [Uninstall C:\Users\mateusz&paulina\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mateusz&paulina\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
    HKU\S-1-5-21-3292437466-3938719106-4144794845-1001\...\RunOnce: [Uninstall C:\Users\mateusz&paulina\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mateusz&paulina\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
    HKU\S-1-5-21-3292437466-3938719106-4144794845-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}
    HKU\S-1-5-21-3292437466-3938719106-4144794845-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...BliviGa-r9Fye7xmicx0za9HfBr7d7Uiotb4n8uvlwQ,,,,
    HKU\S-1-5-21-3292437466-3938719106-4144794845-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}
    HKU\S-1-5-21-3292437466-3938719106-4144794845-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3292437466-3938719106-4144794845-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3292437466-3938719106-4144794845-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...y3SaJmuBFK_kaei4KS5X98S7xYD3ykHOmgRYnzOg,,&q={searchTerms}
    R2 Wuleoux; C:\Users\mateusz&paulina\AppData\Roaming\Retbykj\Retbykj.exe [174944 2016-04-28] ()
    S2 Vewhyamg; "C:\Users\mateusz&paulina\AppData\Roaming\QedyiGesa\Paglag.exe" -cms [X]
    R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [65344 2016-04-28] (Windows (R) Win 7 DDK provider)
    R1 {8aba2929-3d93-42fa-a897-27a387ab0426}Gw64; C:\Windows\System32\drivers\{8aba2929-3d93-42fa-a897-27a387ab0426}Gw64.sys [48744 2016-04-27] (StdLib)
    2016-04-28 15:21 - 2016-04-28 15:21 - 00000418 __RSH C:\ProgramData\ntuser.pol
    2016-04-28 15:21 - 2016-04-28 15:21 - 00000000 ____D C:\Users\Public\Thunder Network
    2016-04-28 15:21 - 2016-04-28 15:21 - 00000000 ____D C:\Users\mateusz&paulina\AppData\Roaming\UPUpdata
    2016-04-28 15:21 - 2016-04-28 15:21 - 00000000 ____D C:\ProgramData\Thunder Network
    2016-04-28 15:21 - 2016-04-28 15:21 - 00000000 ____D C:\Program Files (x86)\badu
    2016-04-28 14:42 - 2016-04-28 14:42 - 00000000 ____D C:\Users\mateusz&paulina\AppData\Local\tuto_monetize_220160428
    2016-04-28 14:42 - 2016-04-28 14:42 - 00000000 ____D C:\Users\mateusz&paulina\AppData\Local\tuto_monetize_120160428
    2016-04-28 11:26 - 2016-04-28 11:26 - 00000000 ____D C:\Users\mateusz&paulina\AppData\Roaming\gplyra
    2016-04-28 11:26 - 2016-04-28 11:26 - 00000000 ____D C:\Users\mateusz&paulina\AppData\Roaming\cpuminer
    2016-04-28 11:25 - 2016-04-28 11:30 - 00000000 ____D C:\Program Files\Lihxosagec
    2016-04-28 11:25 - 2016-04-28 11:25 - 00027456 _____ C:\Windows\system32\Drivers\bsdpf64.sys
    2016-04-28 11:25 - 2016-04-28 11:25 - 00026944 _____ C:\Windows\system32\Drivers\bsdpr64.sys
    2016-04-28 11:25 - 2016-04-28 11:25 - 00000000 ____D C:\Users\mateusz&paulina\AppData\Roaming\Retbykj
    2016-04-28 11:25 - 2016-04-28 11:25 - 00000000 ____D C:\Users\mateusz&paulina\AppData\LocalLow\Company
    2016-04-28 11:25 - 2016-04-28 11:25 - 00000000 ____D C:\Users\mateusz&paulina\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-04-28 11:25 - 2016-04-28 11:25 - 00000000 ____D C:\Users\mateusz&paulina\AppData\Local\Tempfolder
    2016-04-28 11:25 - 2016-04-28 11:25 - 00000000 ____D C:\uninst
    2016-04-28 11:24 - 2016-04-28 14:11 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
    2016-04-28 11:24 - 2016-04-28 11:24 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    2016-04-28 10:52 - 2016-04-27 19:04 - 00048744 _____ (StdLib) C:\Windows\system32\Drivers\{8aba2929-3d93-42fa-a897-27a387ab0426}Gw64.sys
    2016-04-28 10:50 - 2016-04-28 10:50 - 06494208 _____ C:\Users\mateusz&paulina\AppData\Roaming\agent.dat
    2016-04-28 10:50 - 2016-04-28 10:50 - 01626777 _____ C:\Users\mateusz&paulina\AppData\Roaming\Zonin.tst
    2016-04-28 10:50 - 2016-04-28 10:50 - 00126464 _____ C:\Users\mateusz&paulina\AppData\Roaming\noah.dat
    2016-04-28 10:50 - 2016-04-28 10:50 - 00126464 _____ C:\Users\mateusz&paulina\AppData\Roaming\lobby.dat
    2016-04-28 10:50 - 2016-04-28 10:50 - 00072717 _____ C:\Users\mateusz&paulina\AppData\Roaming\Freshex.tst
    2016-04-28 10:50 - 2016-04-28 10:50 - 00065568 _____ C:\Users\mateusz&paulina\AppData\Roaming\Config.xml
    2016-04-28 10:50 - 2016-04-28 10:50 - 00054272 _____ C:\Users\mateusz&paulina\AppData\Roaming\ApplicationHosting.dat
    2016-04-28 10:50 - 2016-04-28 10:50 - 00018432 _____ C:\Users\mateusz&paulina\AppData\Roaming\Main.dat
    2016-04-28 10:50 - 2016-04-28 10:50 - 00005568 _____ C:\Users\mateusz&paulina\AppData\Roaming\md.xml
    2016-04-28 10:50 - 2016-04-28 10:50 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
    2016-04-28 10:50 - 2016-04-28 10:50 - 00000000 ____D C:\Users\mateusz&paulina\AppData\Roaming\Mozilla
    2016-04-28 10:50 - 2016-04-28 10:50 - 00000000 ____D C:\ProgramData\Quoteexs
    2016-04-28 10:50 - 2016-04-28 10:50 - 00000000 ____D C:\ProgramData\CloudPrinter
    2016-04-28 10:50 - 2016-04-28 10:49 - 00934400 _____ C:\Users\mateusz&paulina\AppData\Roaming\Zonin.exe
    2016-04-28 10:50 - 2016-04-28 10:49 - 00934400 _____ C:\Users\mateusz&paulina\AppData\Roaming\Freshex.exe
    2016-04-28 10:49 - 2016-04-28 10:49 - 00848437 _____ C:\Users\mateusz&paulina\AppData\Roaming\U-lab.bin
    2016-04-28 10:49 - 2016-04-28 10:49 - 00127488 _____ C:\Users\mateusz&paulina\AppData\Roaming\Installer.dat
    2016-04-28 10:49 - 2016-04-28 10:49 - 00015840 _____ C:\Users\mateusz&paulina\AppData\Roaming\InstallationConfiguration.xml
    2016-04-28 10:48 - 2016-04-28 10:48 - 00735232 _____ C:\Users\mateusz&paulina\Downloads\Crack Setup.exe.iso
    2016-04-28 09:44 - 2016-04-28 11:25 - 00065344 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\cherimoya.sys
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Przeskanuj progr. Malwarebytes Anti-Malware https://data-cdn.mbamupdates.com/web/mbam-setup-2.1.8.1057.exe
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
    Pokaż nowy raport z FRST bez Addition i Shortcut.

    0
  • Pomocny post
    #5 28 Kwi 2016 16:59
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    CHR HomePage: Default -> search.mpc.am
    CHR StartupUrls: Default -> "search.mpc.am"
    CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
    CHR DefaultSearchKeyword: Default -> mpc safe search
    2016-04-28 15:57 - 2016-04-28 15:59 - 00000000 ____D C:\AdwCleaner


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Reset Chrome: https://support.google.com/chrome/answer/3296214?hl=pl

    0
  • #6 28 Kwi 2016 17:02
    bono2209
    Poziom 2  

    Zrobione. Cos jeszcze czy to juz wszystko?

    0
  • #8 28 Kwi 2016 17:11
    bono2209
    Poziom 2  

    Zrobione:)Dziekuje serdecznie

    0