Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Safe Finder - jakto usunąć załanczam logi

rafow78 04 Maj 2016 12:18 645 3
  • CControls
  • Pomocny post
    #2 04 Maj 2016 12:51
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    Task: C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-1.job => C:\Program Files\HD-V2.2V10.10\HD-V2.2V10.10-codedownloader.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-11.job => C:\Program Files\HD-V2.2V10.10\36303d59-83ec-4e7c-a064-e4efc6000609-11.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-2.job => C:\Program Files\HD-V2.2V10.10\36303d59-83ec-4e7c-a064-e4efc6000609-2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-3.job => C:\Program Files\HD-V2.2V10.10\36303d59-83ec-4e7c-a064-e4efc6000609-3.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-4.job => C:\Program Files\HD-V2.2V10.10\36303d59-83ec-4e7c-a064-e4efc6000609-4.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-5.job => C:\Program Files\HD-V2.2V10.10\36303d59-83ec-4e7c-a064-e4efc6000609-5.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
    2016-05-01 17:17 - 2016-05-01 11:37 - 02088448 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Logic Handler\set.exe
    2016-05-01 17:17 - 2016-05-01 17:16 - 00934400 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Quotenamron\Quotenamron.exe
    2016-05-01 17:17 - 2016-05-01 17:17 - 00257536 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Quotenamron\Bluefan.dll
    HKU\S-1-5-21-1078081533-115176313-527237240-500\Software\Classes\.exe: exefile => <===== UWAGA
    HKU\S-1-5-21-1078081533-115176313-527237240-500\Software\Classes\exefile: <===== UWAGA
    () C:\Documents and Settings\All Users\Dane aplikacji\Logic Handler\set.exe
    () C:\Documents and Settings\All Users\Dane aplikacji\Quotenamron\Quotenamron.exe
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    Winlogon\Notify\TPSvc: TPSvc.dll [X]
    HKU\S-1-5-20\...\Run: [RocketDock] => "C:\Program Files\RocketDock\RocketDock.exe"
    HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
    HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    HKU\S-1-5-18\...\Run: [RocketDock] => "C:\Program Files\RocketDock\RocketDock.exe"
    HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32




    HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DANEAP~1\Quotenamron\Bluefan.dll => C:\Documents and Settings\All Users\Dane aplikacji\Quotenamron\Bluefan.dll [257536 2016-05-01] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1078081533-115176313-527237240-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=...HitachiXHTS722080K9A300_080711DP0B80DQH2BG6CX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...XHTS722080K9A300_080711DP0B80DQH2BG6CX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...XHTS722080K9A300_080711DP0B80DQH2BG6CX&q={searchTerms}
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...IUEgzTCIZgmB_ZEcUmE4FjVtCLS-2TiFQHnT2ZBkgGss,,
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...IUEgzTCIZgmB_ZEcUmE4FjVtCLS-2TiFQHnT2ZBkgGss,,
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    HKU\S-1-5-21-1078081533-115176313-527237240-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...IUEgzTCIZgmB_ZEcUmE4FjVtCLS-2TiFQHnT2ZBkgGss,,
    HKU\S-1-5-21-1078081533-115176313-527237240-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    HKU\S-1-5-21-1078081533-115176313-527237240-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    HKU\S-1-5-21-1078081533-115176313-527237240-500\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&...XHTS722080K9A300_080711DP0B80DQH2BG6CX&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1078081533-115176313-527237240-500 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1078081533-115176313-527237240-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&...XHTS722080K9A300_080711DP0B80DQH2BG6CX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1078081533-115176313-527237240-500 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lVOHQtyXme8TaU1yQDfJ2AW_QswjWouh44bP8,&q={searchTerms}
    BHO: Brak nazwy -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=...HitachiXHTS722080K9A300_080711DP0B80DQH2BG6CX
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\findit.xml [2016-05-04]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-10-10]
    FF HKLM\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files\RelevantKnowledge\firefox => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\begmby4h.default\extensions\faststartff@gmail.com => nie znaleziono
    CHR HKLM\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
    OPR Extension: (Sync Login Flow) - C:\Documents and Settings\Administrator\Dane aplikacji\Opera Software\Opera Stable\Extensions\plimopelmdneikoknbgpopffpbmlhgpa [2014-10-10]
    R2 backlh; C:\Documents and Settings\All Users\Dane aplikacji\Logic Handler\set.exe [2088448 2016-05-01] () [Brak podpisu cyfrowego]
    R2 Quotenamron; C:\Documents and Settings\All Users\Dane aplikacji\\Quotenamron\\Quotenamron.exe [934400 2016-05-01] () [Brak podpisu cyfrowego]
    R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 gfiark; system32\drivers\gfiark.sys [X]
    S1 sbaphd; system32\drivers\sbaphd.sys [X]
    S2 sbapifs; system32\drivers\sbapifs.sys [X]
    2016-05-01 17:17 - 2016-05-04 11:47 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Quotenamron
    2016-05-01 17:17 - 2016-05-01 17:17 - 06494208 _____ C:\Documents and Settings\Administrator\Dane aplikacji\agent.dat
    2016-05-01 17:17 - 2016-05-01 17:17 - 02279021 _____ C:\Documents and Settings\Administrator\Dane aplikacji\RonFax.bin
    2016-05-01 17:17 - 2016-05-01 17:17 - 01626652 _____ C:\Documents and Settings\Administrator\Dane aplikacji\Physlam.tst
    2016-05-01 17:17 - 2016-05-01 17:17 - 00126464 _____ C:\Documents and Settings\Administrator\Dane aplikacji\noah.dat
    2016-05-01 17:17 - 2016-05-01 17:17 - 00065232 _____ C:\Documents and Settings\Administrator\Dane aplikacji\Config.xml
    2016-05-01 17:17 - 2016-05-01 17:17 - 00018432 _____ C:\Documents and Settings\Administrator\Dane aplikacji\Main.dat
    2016-05-01 17:17 - 2016-05-01 17:17 - 00005568 _____ C:\Documents and Settings\Administrator\Dane aplikacji\md.xml
    2016-05-01 17:17 - 2016-05-01 17:17 - 00000000 ____D C:\Program Files\Common Files\Lightron
    2016-05-01 17:17 - 2016-05-01 17:17 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Quotenamrons
    2016-05-01 17:17 - 2016-05-01 17:17 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Logic Handler
    2016-05-01 17:17 - 2016-05-01 17:16 - 00934400 _____ C:\Documents and Settings\Administrator\Dane aplikacji\Physlam.exe
    2016-05-01 17:16 - 2016-05-01 17:16 - 00127488 _____ C:\Documents and Settings\Administrator\Dane aplikacji\Installer.dat
    2016-05-01 17:16 - 2016-05-01 17:16 - 00013680 _____ C:\Documents and Settings\Administrator\Dane aplikacji\InstallationConfiguration.xml
    2016-05-03 13:37 - 2014-10-10 14:17 - 00002434 _____ C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-5.job
    2016-05-03 13:37 - 2014-10-10 14:16 - 00005172 _____ C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-11.job
    2016-05-03 13:37 - 2014-10-10 14:16 - 00004482 _____ C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-4.job
    2016-05-03 13:37 - 2014-10-10 14:16 - 00004146 _____ C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-3.job
    2016-05-03 13:37 - 2014-10-10 14:16 - 00003102 _____ C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-1.job
    2016-05-03 13:37 - 2014-10-10 14:16 - 00002098 _____ C:\WINDOWS\Tasks\36303d59-83ec-4e7c-a064-e4efc6000609-2.job
    2016-05-03 13:37 - 2014-10-10 14:16 - 00000974 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
    2016-05-03 13:37 - 2014-10-09 19:30 - 00000238 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob tez pelny skan przy pomocy http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun to co wykryje.

    0
  • CControls
  • #3 04 Maj 2016 13:59
    rafow78
    Poziom 8  

    Zrobiłem jak napisałeś i na razie jest spokój,dziękuje za fachową pomoc

    0
  • #4 04 Maj 2016 14:17
    RADU23
    Moderator - Komputery Serwis

    Usuń folder C:\FRST i to wszystko.
    Safe Finder - jakto usunąć załanczam logi

    0