Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Reklamy i wolno działający laptop

jurekl2 03 Sie 2016 15:58 783 4
  • CControls
  • #2 03 Sie 2016 16:13
    djarta
    Poziom 9  

    1. Otwórz notatnik i wklej:

    Cytat:

    CloseProcesses:
    S3 catchme; \??\C:\Users\Piotr\AppData\Local\Temp\catchme.sys [X]
    S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    R2 yahoochrometechnology; C:\ProgramData\yahoochrome\desktop65.exe [236768 2016-05-02] (YahooChrome)
    S3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [X]
    C:\ProgramData\yahoochrome
    S2 Winsere; C:\Program Files\Winsere\Winsere\Winsere.exe [316984 2016-03-23] ()
    C:\Program Files\Winsere
    R2 WdMan; C:\ProgramData\gwinpg\WFini.exe [562408 2016-07-04] (WFini LIMITED)
    C:\ProgramData\gwinpg
    R2 IhPul; C:\Users\Piotr\AppData\Roaming\TSv\TSvr.exe [475856 2016-07-04] (tsvr.com)
    R2 SSFK; C:\Program Files\SFK\SSFK.exe [131296 2016-07-01] ()
    C:\Users\Piotr\AppData\Roaming\TSv
    C:\Program Files\SFK
    R2 TDataSvr; C:\Program Files\TData\TData.exe [134344 2016-06-29] (TData.com)
    C:\Program Files\TData
    R2 ceQeekg_protect; C:\ProgramData\ceQeekg\protect\protect.exe [303000 2016-04-28] ()
    S2 ceQeekg_update; C:\Program Files\ceQeekg\ceQeekg\bin\ceQeekg_server.exe [472984 2016-04-28] ()
    R2 DeskTop_F; C:\ProgramData\desktopfind\desktop54.exe [236728 2016-03-16] (DeskTopService)
    C:\ProgramData\desktopfind
    C:\Program Files\ceQeekg
    CHR HomePage: Default -> hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    CHR RestoreOnStartup: Default -> "hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki"
    CHR StartupUrls: Default -> "hxxp://v9.com?type=hp&ts=1450677284&from=mych123&uid=toshibaxmk5056gsy_70jet6zltxx70jet6zlt&z=721a0c4f53ff6c2415a6d87g9z6w4e1q3m3mfo6b1m"
    CHR DefaultSearchURL: Default -> hxxp://search.so-v.com/web?type=ds&x=fqvs...d=2b53577f-b508-4700-941c-e0e44e89f935&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> so-v
    CHR HomePage: Default -> hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    CHR RestoreOnStartup: Default -> "hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki"




    CHR StartupUrls: Default -> "hxxp://v9.com?type=hp&ts=1450677284&from=mych123&uid=toshibaxmk5056gsy_70jet6zltxx70jet6zlt&z=721a0c4f53ff6c2415a6d87g9z6w4e1q3m3mfo6b1m"
    CHR DefaultSearchURL: Default -> hxxp://search.so-v.com/web?type=ds&x=fqvs...d=2b53577f-b508-4700-941c-e0e44e89f935&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> so-v
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-10-09]
    FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\extensions\default_newtabff@gmail.com
    FF HKLM\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\extensions\yahooprotected@gmail.com
    FF HKLM\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\extensions\arthurj8283@gmail.com
    FF SearchPlugin: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\searchplugins\bing-.xml [2016-01-28]
    FF SearchPlugin: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\searchplugins\findit.xml [2016-01-31]
    FF SearchPlugin: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\searchplugins\nuesearch.xml [2016-06-13]
    FF SearchPlugin: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\searchplugins\so-v.xml [2016-04-05]
    FF SearchPlugin: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\searchplugins\yoursites123.xml [2016-03-18]
    FF Extension: ADB Helper - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\Extensions\adbhelper@mozilla.org [2016-02-22]
    FF Extension: xRocket Toolbar - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\Extensions\arthurj8283@gmail.com [2015-12-21] [Brak podpisu cyfrowego]
    FF Extension: Bing Search - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\Extensions\bingsearch.full@microsoft.com [2015-09-27] [Brak podpisu cyfrowego]
    FF Extension: Bing Search - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-28]
    FF Extension: Default NewTab - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\Extensions\default_newtabff@gmail.com [2016-06-13] [Brak podpisu cyfrowego]
    FF Extension: Valence - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\Extensions\fxdevtools-adapters@mozilla.org [2016-02-23]
    FF Extension: YahooToolsProtected - C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6ry8zvj0.default\Extensions\yahooprotected@gmail.com [2015-12-09] [Brak podpisu cyfrowego]
    FF NewTab: hxxp://www.nuesearch.com/newtab/?type=nt&...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    FF DefaultSearchEngine: Bing
    FF SelectedSearchEngine: Bing
    FF Homepage: hxxp://wwwgoogle.pl/
    StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.nuesearch.com/?type=sc&ts=1465...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-4101958695-3862851202-1848142905-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1467...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&...TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1467...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&...TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450677284&...;z=721a0c4f53ff6c2415a6d87g9z6w4e1q3m3mfo6b1m
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450677284&...;z=721a0c4f53ff6c2415a6d87g9z6w4e1q3m3mfo6b1m
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450677284&...;z=721a0c4f53ff6c2415a6d87g9z6w4e1q3m3mfo6b1m
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450677284&...;z=721a0c4f53ff6c2415a6d87g9z6w4e1q3m3mfo6b1m
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450677284&...;z=721a0c4f53ff6c2415a6d87g9z6w4e1q3m3mfo6b1m
    HKU\S-1-5-21-4101958695-3862851202-1848142905-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&...TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT&q={searchTerms}
    HKU\S-1-5-21-4101958695-3862851202-1848142905-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.pl/
    HKU\S-1-5-21-4101958695-3862851202-1848142905-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1467...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    HKU\S-1-5-21-4101958695-3862851202-1848142905-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&...TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT&q={searchTerms}
    SearchScopes: HKLM -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT&q={searchTerms}
    SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450677284&a...0c4f53ff6c2415a6d87g9z6w4e1q3m3mfo6b1m&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4101958695-3862851202-1848142905-1000 -> DefaultScope {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4101958695-3862851202-1848142905-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-4101958695-3862851202-1848142905-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4101958695-3862851202-1848142905-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450677284&a...0c4f53ff6c2415a6d87g9z6w4e1q3m3mfo6b1m&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4101958695-3862851202-1848142905-1000 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-4101958695-3862851202-1848142905-1000\...\Run: [BingSvc] => C:\Users\Piotr\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    C:\Users\Piotr\AppData\Local\Microsoft\BingSvc
    C:\Windows\system32\*.html
    2016-07-05 10:32 - 2015-12-24 10:45 - 00000000 ____D C:\Program Files\WinZipper
    2016-07-05 09:22 - 2016-02-03 10:41 - 00000000 ____D C:\Program Files\SearchesToYesbnd
    2016-07-05 09:22 - 2015-12-09 09:34 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\TSv
    2016-07-04 17:28 - 2016-07-01 12:41 - 00000000 ____D C:\Windows\system32\_TSpm
    2016-07-04 17:28 - 2016-07-01 12:41 - 00000000 ____D C:\ProgramData\jwinpj
    2015-11-19 20:09 - 2016-03-18 16:56 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-12-24 10:43 - 2016-07-01 12:41 - 2762273 _____ (Update) C:\Program Files\SSFK.exe
    Task: {FABEA090-1301-4C9A-8D0A-9F20675732FD} - System32\Tasks\ceQeekgBrowserUpdateUA => C:\Program Files\ceQeekg\ceQeekg\bin\ceQeekg_server.exe [2016-04-28] () <==== UWAGA
    Task: {4A7A104C-9E30-4703-9B95-2B8C69C36256} - System32\Tasks\{479B4187-6B2F-475B-89B8-4B959907DF9E} => pcalua.exe -a C:\Users\Piotr\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor
    Task: {4C080CEF-4261-4AC2-84D8-87AAD5935A31} - System32\Tasks\WinTaske => C:\Program Files\WinTaske\WinTaske\WinTaske.exe [2016-03-23] () <==== UWAGA
    Task: {95F3506D-7D6D-473B-973B-29FBE66CC33A} - System32\Tasks\{8DDB910C-64DB-465B-9B8A-DB83818ABD1D} => pcalua.exe -a E:\sp50857.exe -d E:\
    Task: {06B50754-6062-4CF2-9C47-48730EAB6F9A} - System32\Tasks\ceQeekgBrowserUpdateCore => C:\Program Files\ceQeekg\ceQeekg\bin\ceQeekg_server.exe [2016-04-28] () <==== UWAGA
    Task: {2C9250CC-A91F-494D-BF15-4817656E5498} - System32\Tasks\PiotrClandestinelyReviewersV2 => Rundll32.exe PreventivenessBrazen.dll,main 7 1 <==== UWAGA
    Task: {346542D8-99A8-4EB8-9F69-235A2CBC5973} - System32\Tasks\ceQeekgCheckTask => C:\Program Files\ceQeekg\ceQeekg\bin\ceQeekg_server.exe [2016-04-28] () <==== UWAGA
    Task: {39E53537-799E-43A2-AC01-EC622CC2E4DF} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files\TXQQBrowser\Update\76905E2FE2BFE16D1A4C76BD73F574D6\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== UWAGA
    Task: {4594F3C8-42DA-4791-8E50-9905FDE6E2AD} - System32\Tasks\{8337314A-7824-479B-8F53-36C304D80FF3} => pcalua.exe -a C:\Users\Piotr\Desktop\cs16_2015.exe -d C:\Users\Piotr\AppData\Roaming\IDM
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1465...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1465...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1465...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1465...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files\ceQeekg\ceQeekg\chrome.exe (The ceQeekg Authors) -> hxxp://www.nuesearch.com/?type=sc&ts=1465...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    ShortcutWithArgument: C:\Users\Public\Desktop\fb.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1465...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    ShortcutWithArgument: C:\Users\Public\Desktop\tgb.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1465...mp;uid=TOSHIBAXMK5056GSY_70JET6ZLTXX70JET6ZLT
    CMD: netsh firewall reset
    CMD: sfc /scanfile=C:\Windows\system32\User32.dll
    EmptyTemp:

    Plik fixlist.txt umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

    2. Użyj >Adw-cleaner
    najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
    Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt

    3. Uruchom JRT. Wciśnij dowolny klawisz i czekaj, aż skończy się operacja. (UWAGA: podczas pobierania, programy mogą wskazywać, że to jest zagrożenie, proszę to zignorować). Pokaż raport.

    4. Wyczyść Firefox:
    • menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone.
    • menu Historia > Wyczyść historię przeglądania


    5. Po tych wszystkich operacjach nowy komplet logów z FRST do kontroli. Podczas uruchamiania FRST ustaw żeby ponownie wykonały się Addition.txt oraz Shourtcupy.

    0
  • CControls
  • Pomocny post
    #4 03 Sie 2016 18:55
    djarta
    Poziom 9  

    W logach jest już OK.
    Jak sytuacja ?

    0
  • #5 06 Sie 2016 14:20
    jurekl2
    Poziom 11  

    Teraz jest już wszystko ok, dzięki za pomoc.
    Pozdrawiam.

    0