Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o sprawdzenie logów FRST

mikikem 06 Paź 2016 13:42 252 2
  • Pomocny post
    #2 06 Paź 2016 13:49
    Kolobos
    Spec od komputerów

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie przegladarki.

    Wykonaj Fixlist.txt dla FRST:
    Task: {048297CB-F719-43CA-844D-3B95A1444054} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {09FE3C7B-3279-46D0-9158-E9962BF87707} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {10E5C720-73EF-48BC-9063-B4DACA72D794} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {1D807E68-5357-454D-842C-4C1ACEE82A89} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Brak pliku <==== UWAGA
    Task: {296F9590-B20F-4548-9B55-2E4B226F8573} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {4B4D288D-68E9-43AB-98F5-8C36517EE551} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {613B1FAD-4C7D-4FEA-B143-839C4CB36843} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
    Task: {644DDFA1-FEED-4A3D-B2BB-2EF2B70496F9} - \McAfee\McAfee Idle Detection Task -> Brak pliku <==== UWAGA
    Task: {80A7EC18-B589-40FC-96B9-E4D72EB6CC85} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {990CEC2C-C7A2-4DC3-A670-28ECDCBEB17A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: {A4A6E08F-364D-49F6-8D47-178E92F14E00} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {AB1CBB49-300F-4BEF-930E-18B450312DE3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {C171E756-72E9-46F5-B3CF-BEE478A8F76B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {D8123439-6A35-4450-BE73-460ADD39B064} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {DCFC5E4D-36F8-4405-818A-9E210C953945} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {F09AC7E6-25DE-4C91-A176-F514D2462B27} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA
    Task: {F1FD520F-4432-472E-B3A1-066D47EA8090} - System32\Tasks\{0DB5EAA1-871F-4F1E-B557-221FA45CD80A} => pcalua.exe -a C:\Users\Mikołaj\AppData\Local\Temp\Temp1_0004-Install_Win7_7092_04092015.zip\Install_Win7_7092_04092015\setup.exe <==== UWAGA
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
    CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=MAF237D26-D6E3-4D76-9D29-800CC10BE3F3&SearchSource=55&CUI=&UM=5&UP=SP84FD30C2-9FE4-4709-8E92-F0010C1B404D&SSPV=","hxxp://search.babylon.com/?affID=110825&tt=5212_1&babsrc=HP_ss&mntrId=143a7809000000000000001e8c5447f8","hxxp://mystart.incredibar.com/mb203?a=6PQNhtcopS&i=26","hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=5aaa6942000000000000001e8c5447f8","hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=5aaa6942000000000000001e8c5447f8","hxxp://www.amazon.com/websearch/ref=bit_bds-p13_serp_cr_us_display?ie=UTF8&tagbase=bds-p13&tbrId=v1_abb-channel-13_eb965c4d13db435992a68e41a848560d_30_39_20130301_PL_cr_sp_","hxxp://www1.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=5AAA001E8C5447F8","hxxp://www.claro-search.com/?affID=114506&tt=4612_5&babsrc=HP_clro&mntrId=6ebcf3d8000000000000001fd09ec274","hxxp://www.google.com/","hxxp://websearch.searchsun.info/?pid=724&r=2014/03/11&hid=8098903512666849757&lg=EN&cc=PL","hxxp://www.sweet-page.com/?type=hp&ts=1394581251&from=wpc&uid=ST750LM022XHN-M750MBB_S2USJ9ECA02739","chrome://newtab/","hxxp://search.babylon.com/?affID=114656&tt=5112_2&babsrc=HP_ss&mntrId=143a7809000000000000001e8c5447f8","hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=8A12689423FA269C&affID=128403&tt=120614_kms&tsp=5278","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=0E3E451CF872F4FC9A060C2CB9090DCB&v=20160421&ts=AHEqAHEpA3IqAk.."
    2016-10-01 01:02 - 2016-10-01 01:03 - 00002370 _____ C:\WINDOWS\System32\Tasks\{0DB5EAA1-871F-4F1E-B557-221FA45CD80A}
    2016-10-01 00:53 - 2016-10-06 13:12 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-10-01 00:53 - 2016-10-01 00:53 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    Nie wyglada na zainfekowany.

    0
  • #3 06 Paź 2016 14:52
    mikikem
    Poziom 6  

    Dzieki wielkie :)

    0