Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Reklamiarz w systemie , logi FRST do sprawdzenia

fakti 24 Sie 2016 14:23 411 1
  • Pomocny post
    #2 24 Sie 2016 19:02
    Kolobos
    Spec od komputerów

    Skad sciaganales adwcleaner? Pewnie z dobrychprogramow infekujac sobie system jeszcze bardziej?


    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {6A4B5856-BA6F-4461-8F56-7F80C01D136F} - \AION NF Saturday -> Brak pliku <==== UWAGA
    Task: {851D97EC-8647-4FCE-8D6B-EBA6B99EF63C} - \AION NF Sunday -> Brak pliku <==== UWAGA
    Task: {B9B37047-C1AF-4890-A8F0-92728EB71AF2} - \AION NS Saturday -> Brak pliku <==== UWAGA
    Task: {E6EF346F-8296-46CF-B637-72FA4B117392} - System32\Tasks\{F2B64338-F9DD-406E-AB26-B7DB6EEC15F2} => C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe [2016-07-04] (NCSOFT Corporation)
    Task: {F11FC2A7-8322-4176-9C27-86691F512263} - \AION NS Sunday -> Brak pliku <==== UWAGA
    IE trusted site: HKU\S-1-5-21-579029096-3979514184-211598372-1000\...\localhost -> localhost
    Hosts:
    (TODO: <Company name>) C:\Program Files (x86)\Corner Sunshine\CornerSunshineSvc.exe
    (TODO: <Company name>) C:\Program Files (x86)\Corner Sunshine\CornerSunshine64.exe
    HKU\S-1-5-21-579029096-3979514184-211598372-1000\...\MountPoints2: {0147f3bf-0486-11e6-be98-d8cb8a3fda42} - E:\setup.exe
    HKU\S-1-5-21-579029096-3979514184-211598372-1000\...\MountPoints2: {0f52db93-2011-11e6-bf57-d8cb8a3fda42} - F:\setup.exe
    HKU\S-1-5-21-579029096-3979514184-211598372-1000\...\MountPoints2: {f1729285-5fd1-11e6-8bdf-d8cb8a3fda42} - G:\Autorun.exe
    HKU\S-1-5-21-579029096-3979514184-211598372-1000\...\MountPoints2: {f1729290-5fd1-11e6-8bdf-d8cb8a3fda42} - E:\Autorun.exe
    HKU\S-1-5-21-579029096-3979514184-211598372-1000\...\MountPoints2: {f1729295-5fd1-11e6-8bdf-d8cb8a3fda42} - F:\
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    Tcpip\..\Interfaces\{F137D137-EEDB-4241-A1B1-8BFDC09DB83C}: [NameServer] 87.118.74.138,8.8.8.8
    ManualProxies:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    SearchScopes: HKLM-x32 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}
    FF SelectedSearchEngine: Yahoo®
    FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
    R2 CornerSunshineSvc; C:\Program Files (x86)\Corner Sunshine\CornerSunshineSvc.exe [280312 2016-08-15] (TODO: <Company name>)
    S2 lugefehuzbt; Brak ImagePath
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-13] ()
    S1 epp; \??\C:\EEK\bin64\epp.sys [X]
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    S0 ryimcwjf; System32\drivers\ovtukb.sys [X]
    2016-08-24 12:05 - 2016-08-24 13:39 - 00000000 ____D C:\AdwCleaner
    2016-08-24 12:05 - 2016-08-24 12:06 - 00000000 ____D C:\Users\Miłosz\AppData\Roaming\Corner Sunshine
    2016-08-24 12:05 - 2016-08-24 12:05 - 00000000 ____D C:\ProgramData\sozy
    2016-08-24 12:05 - 2016-08-24 12:05 - 00000000 ____D C:\Program Files (x86)\Corner Sunshine
    2016-08-11 17:44 - 2016-08-11 17:44 - 00000279 _____ C:\Users\Miłosz\AppData\Roaming\uninstall.bat
    2016-07-13 13:57 - 2016-07-13 13:57 - 7102976 _____ () C:\Users\Miłosz\AppData\Roaming\agent.dat
    2016-07-13 13:55 - 2016-07-13 13:55 - 0128512 _____ () C:\Users\Miłosz\AppData\Roaming\Installer.dat
    2016-08-21 21:48 - 2016-08-21 21:54 - 0000115 _____ () C:\Users\Miłosz\AppData\Roaming\LogFile.txt
    2016-07-13 13:57 - 2016-07-13 13:57 - 0018432 _____ () C:\Users\Miłosz\AppData\Roaming\Main.dat
    2016-08-11 17:44 - 2016-08-11 17:44 - 0000279 _____ () C:\Users\Miłosz\AppData\Roaming\uninstall.bat
    EmptyTemp:

    W FRST wybierz Napraw. Usun katalog C:\FRST po wykonaniu.

    0