Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

FRST - Prośba o analizę logów FRST.

magdaivan 22 Cze 2016 16:05 537 3
  • CControls
  • Pomocny post
    #2 22 Cze 2016 17:44
    krzychupar
    Poziom 41  

    Odinstaluj:
    sweet-page (HKLM-x32\...\sweet-page) (Version: 1.0.0.6 - ) <==== UWAGA
    Uncheckit (HKLM-x32\...\Uncheckit) (Version: 2.0.7 - EVANGEL TECHNOLOGY (HK) LIMITED) <==== UWAGA
    WinZip (HKLM-x32\...\WinZip) (Version: 2.0.29 - Winzipper Pvt Ltd.) <==== UWAGA

    Otwórz notatnik i wklej:
    Task: {0CD6F2F1-7547-4509-9CF5-F5BDAD773309} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\5683B1AB6C05FC99B75C3B329D7B8C24\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== UWAGA
    Task: {11D712C0-AF69-42A5-9E37-4E130D9A46C2} - \WinTaske -> Brak pliku <==== UWAGA
    Task: {1CC9AAF8-12D7-4F94-A2A9-1B09B0AB8984} - System32\Tasks\UncheckitTaskMN => C:\Program Files (x86)\Uncheckit\cktSvc.exe [2016-05-24] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== UWAGA
    Task: {47038CD1-3499-4936-B0F5-09A96D9A06C1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {676C0524-D835-4364-BA7B-2772471DF2D3} - System32\Tasks\UncheckitUpdateTaskDB => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe [2016-05-24] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== UWAGA
    Task: {9CBD17A2-FE83-40ED-988D-2F18B04B7F24} - \jIxmRfRCheckTask -> Brak pliku <==== UWAGA
    Task: {B07CBBAA-AAFF-4C42-8ACA-6B5AD1AF12AA} - System32\Tasks\UncheckitUpdateTaskC => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe [2016-05-24] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== UWAGA
    Task: {D5CA0862-614A-4729-B379-4C8C25B253DF} - \jIxmRfRBrowserUpdateUA -> Brak pliku <==== UWAGA
    Task: {E92414E9-ADD0-4817-A12F-994A09341F18} - \jIxmRfRBrowserUpdateCore -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\Madzia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1466...id=HGSTXHTS541010A9E680_JA100CC01MZ0UM1MZ0UMX
    ShortcutWithArgument: C:\Users\Madzia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1466...id=HGSTXHTS541010A9E680_JA100CC01MZ0UM1MZ0UMX
    ShortcutWithArgument: C:\Users\Madzia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1466...id=HGSTXHTS541010A9E680_JA100CC01MZ0UM1MZ0UMX




    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1466...id=HGSTXHTS541010A9E680_JA100CC01MZ0UM1MZ0UMX
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1466...id=HGSTXHTS541010A9E680_JA100CC01MZ0UM1MZ0UMX
    Hosts:
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1466...id=HGSTXHTS541010A9E680_JA100CC01MZ0UM1MZ0UMX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&...XHTS541010A9E680_JA100CC01MZ0UM1MZ0UMX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1466...id=HGSTXHTS541010A9E680_JA100CC01MZ0UM1MZ0UMX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&...XHTS541010A9E680_JA100CC01MZ0UM1MZ0UMX&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...XHTS541010A9E680_JA100CC01MZ0UM1MZ0UMX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...XHTS541010A9E680_JA100CC01MZ0UM1MZ0UMX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3299824220-3263185132-1157196181-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Madzia\AppData\Roaming\Mozilla\Firefox\Profiles\606utv62.default\extensions\deskCutv2@gmail.com => nie znaleziono
    S2 DeskTop_F; C:\ProgramData\desktopfind\desktop173.exe [X]
    S2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X]
    S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
    2016-06-22 15:54 - 2016-06-22 15:56 - 00000000 ____D C:\AdwCleaner
    2016-06-21 14:09 - 2016-06-21 14:09 - 00000000 ____D C:\ProgramData\YwinpY
    2016-06-16 15:24 - 2016-06-16 15:25 - 00000000 ____D C:\Program Files (x86)\l0yxbf1g
    2016-06-03 17:26 - 2016-06-03 17:26 - 00000000 ____D C:\ProgramData\jwinpj
    2016-06-03 17:25 - 2016-06-03 17:25 - 00000000 ____D C:\Program Files (x86)\TXQQBrowser
    2016-06-22 15:40 - 2016-04-14 09:29 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-05-24 16:16 - 2016-06-22 15:40 - 00000000 ____D C:\Program Files (x86)\qksee
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    1
  • CControls
  • #4 22 Lis 2016 23:02
    RADU23
    Moderator - Komputery Serwis

    Usuń folder C:\FRST i to wszystko.
    FRST - Prośba o analizę logów FRST.

    0