Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Proszę o sprawdzenie logów FRST

Pcservice11 22 Wrz 2016 17:23 315 2
  • Pomocny post
    #2 22 Wrz 2016 18:16
    Acorus 20
    Spec od komputerów

    Odinstaluj Adobe Reader 9.1 MUI,SpyHunter 4. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {E81CF5C2-1CC3-4A49-B336-186A8C53FFA6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-09-22] (Enigma Software Group USA, LLC.)
    HKU\S-1-5-21-3553271151-2887774749-2388616678-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    HKU\S-1-5-21-3553271151-2887774749-2388616678-1001\...\MountPoints2: G - G:\setup.exe
    HKU\S-1-5-21-3553271151-2887774749-2388616678-1001\...\MountPoints2: {027e5a1a-6d01-11e6-9ff8-1c7508c41f3f} - F:\LGAutoRun.exe
    HKU\S-1-5-21-3553271151-2887774749-2388616678-1001\...\MountPoints2: {7d6d0579-8ae6-11e5-83d8-1c7508c41f3f} - F:\setup.exe
    HKU\S-1-5-21-3553271151-2887774749-2388616678-1001\...\MountPoints2: {df16749b-8dd1-11e5-9f27-1c7508c41f3f} - G:\setup.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.piesearch.com/?type=sc&ts=1447...&uid=a0451829-abf5-4fb6-ba67-f13a2dbe6bf5
    CHR DefaultSearchURL: Default -> hxxp://feed.safefinder.biz/?fext=true&pub...publisher=extensiondefaultap&st=ed&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> t




    CHR HKLM\...\Chrome\Extension: [iccodbepgnkhafhjajchdjkadbflkijl] - C:\Users\mirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccodbepgnkhafhjajchdjkadbflkijl.crx [2015-11-15]
    CHR HKLM-x32\...\Chrome\Extension: [iccodbepgnkhafhjajchdjkadbflkijl] - C:\Users\mirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccodbepgnkhafhjajchdjkadbflkijl.crx [2015-11-15]
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1072296 2016-09-22] (Enigma Software Group USA, LLC.)
    S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-09-22] ()
    2016-09-22 11:55 - 2016-09-22 11:55 - 00000000 _____ C:\autoexec.bat
    2016-09-22 11:53 - 2016-09-22 11:53 - 00003338 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2016-09-22 11:53 - 2016-09-22 11:53 - 00001099 _____ C:\Users\mirka\Desktop\SpyHunter.lnk
    2016-09-22 11:53 - 2016-09-22 11:53 - 00000000 ____D C:\Users\mirka\AppData\Roaming\Enigma Software Group
    2016-09-22 11:53 - 2016-09-22 11:53 - 00000000 ____D C:\sh4ldr
    2016-09-22 11:52 - 2016-09-22 11:52 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-09-22 11:51 - 2016-09-22 11:51 - 00000000 ____D C:\Program Files\Enigma Software Group
    2016-09-22 11:50 - 2016-09-22 11:50 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\mirka\Downloads\SpyHunter-Installer.exe
    2016-09-22 10:55 - 2016-09-22 11:05 - 00000000 ____D C:\AdwCleaner
    2016-09-22 09:53 - 2016-09-22 09:54 - 00604928 _____ (Reimage) C:\Users\mirka\Downloads\ReimageRepair.exe
    2016-09-22 09:49 - 2016-09-22 09:49 - 00003588 _____ C:\Windows\System32\Tasks\{592EB860-DE53-495F-BC12-52B9C0E35DF6}
    2016-08-02 00:06 - 2016-08-02 00:06 - 7129600 _____ () C:\Users\mirka\AppData\Roaming\agent.dat
    2016-08-02 00:06 - 2016-08-02 00:06 - 0067968 _____ () C:\Users\mirka\AppData\Roaming\Config.xml
    2016-08-02 00:06 - 2016-08-02 00:06 - 2279413 _____ () C:\Users\mirka\AppData\Roaming\Donstring.bin
    2016-08-02 00:05 - 2016-08-02 00:06 - 0014400 _____ () C:\Users\mirka\AppData\Roaming\InstallationConfiguration.xml
    2016-08-02 00:05 - 2016-08-02 00:05 - 0129024 _____ () C:\Users\mirka\AppData\Roaming\Installer.dat
    2016-08-02 00:06 - 2016-08-02 00:06 - 0018432 _____ () C:\Users\mirka\AppData\Roaming\Main.dat
    2016-08-02 00:06 - 2016-08-02 00:06 - 0005568 _____ () C:\Users\mirka\AppData\Roaming\md.xml
    2016-08-02 00:06 - 2016-08-02 00:06 - 0126464 _____ () C:\Users\mirka\AppData\Roaming\noah.dat
    2016-08-02 00:07 - 2016-08-02 00:07 - 0032038 _____ () C:\Users\mirka\AppData\Roaming\uninstall_temp.ico
    2016-08-02 00:06 - 2016-08-02 00:06 - 1903699 _____ () C:\Users\mirka\AppData\Roaming\Zot-Bam.tst
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #3 23 Wrz 2016 10:31
    Pcservice11
    Poziom 6  

    dziękuję , już jest wszystko ok.

    0