Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Sprawdzenie logów FRST Bet-at-home w chrome

rtoip14 31 Paź 2016 15:42 432 5
  • #2 31 Paź 2016 16:19
    Acorus 20
    Spec od komputerów

    Odinstaluj QuickTime 7. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {550AD011-6354-40A0-8C0F-C4EEBAEC7707} - System32\Tasks\MailRuUpdater => C:\Users\Neo\AppData\Local\Mail.Ru\MailRuUpdater.exe
    Task: {FAE6FC18-2057-4048-8B73-2F252005EF7A} - System32\Tasks\InternetB => Chrome.exe hxxp://bhd4.xyz/searchs
    ShortcutWithArgument: C:\Users\Neo\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://imatiro.ru/?utm_source=startlink03&utm_content=8e28c44c896d25fe988428402c272a9f&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    MSCONFIG\Services: bykesute => 2
    MSCONFIG\Services: cucojope => 2
    MSCONFIG\Services: cybusyro => 2
    MSCONFIG\Services: dequzody => 2
    MSCONFIG\Services: dipubibu => 2
    MSCONFIG\Services: e3d27ded3c62e9a6bba9eb79d8863ea4 => 2
    MSCONFIG\Services: EasyAntiCheat => 3
    MSCONFIG\Services: EngelmannMediaFuskr => 2
    MSCONFIG\Services: EslWireHelper => 2
    MSCONFIG\Services: gukisode => 2
    MSCONFIG\Services: gyvixodu => 2
    MSCONFIG\Services: helusuty => 2
    MSCONFIG\Services: hidekoqe => 2
    MSCONFIG\Services: hirimoje => 2
    MSCONFIG\Services: insvc_1.10.0.14 => 2
    MSCONFIG\Services: IntelSecurityUseVLCforYouTube => 2
    MSCONFIG\Services: lehicewu => 2
    MSCONFIG\Services: mofysilo => 2
    MSCONFIG\Services: mrupdsrv => 2
    MSCONFIG\Services: muryroju => 2
    MSCONFIG\Services: muzaikonki => 2
    MSCONFIG\Services: myfejozi => 2
    MSCONFIG\Services: myroqole => 2
    MSCONFIG\Services: NoIPDUCService4 => 2
    MSCONFIG\Services: nvUpdatusService => 2
    MSCONFIG\Services: nyxixyzo => 2
    MSCONFIG\Services: ofiiedwerfitCntAwt.exe => 2
    MSCONFIG\Services: rowugoqo => 2
    MSCONFIG\Services: runukijezbt => 2
    MSCONFIG\Services: ryholohu => 2
    MSCONFIG\Services: sijemume => 2
    MSCONFIG\Services: SKILLAZJAIKONY => 2
    MSCONFIG\Services: WyanianOawahsid => 2
    MSCONFIG\Services: xoperoze => 2
    MSCONFIG\Services: xowijysy => 2
    MSCONFIG\Services: zedepory => 2
    MSCONFIG\Services: zehygiqo => 2
    MSCONFIG\Services: zomoxedi => 2
    MSCONFIG\Services: zytuzihu => 2
    MSCONFIG\startupfolder: C:^Users^Neo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^be64217167462ae417d8abe9d43d1e5c.exe =>
    MSCONFIG\startupfolder: C:^Users^Neo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DreamMail.lnk => C:\Windows\pss\DreamMail.lnk.Startup
    MSCONFIG\startupreg: 6684871aa1a7b96a8d80c39789bfa760 => "C:\Users\Neo\AppData\Local\Temp\Explorer.exe" ..
    MSCONFIG\startupreg: 6b38051862197df4893c1053b00d62ef => "C:\ProgramData\Trojan.exe" ..
    MSCONFIG\startupreg: 72f3fc0a8937f32933980959601fe7c7 => "C:\Users\Neo\AppData\Local\Temp\svchost.exe" ..
    MSCONFIG\startupreg: 9325cb13fa7b302ea826a218b933d42c => "C:\Users\Neo\AppData\Roaming\svchost.exe" ..
    MSCONFIG\startupreg: a1ee55a673831b738ef43715a4dcdb95 => "C:\Users\Neo\explore.exe" .
    MSCONFIG\startupreg: be64217167462ae417d8abe9d43d1e5c =>
    MSCONFIG\startupreg: bpk =>
    MSCONFIG\startupreg: c8c25c9f2310298b572ff8e2f9906425 =>
    MSCONFIG\startupreg: CoupSeek =>
    MSCONFIG\startupreg: svschot.exe => "C:\Users\Neo\AppData\Roaming\svschot.exe.exe"
    MSCONFIG\startupreg: tpuzofccbt =>
    MSCONFIG\startupreg: TweakBit =>
    GroupPolicy: Ograniczenia ? <======= UWAGA
    GroupPolicy\User: Ograniczenia ? <======= UWAGA
    FF Keyword.URL: Mozilla\Firefox\Profiles\3ffdy5q0.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7BB5...-3975-43AC-8AEA-2DDAB37F620E%7D&gp=811041
    S4 Origin Client Service; "D:\Origin\OriginClientService.exe" [X]
    S4 Origin Web Helper Service; "D:\Origin\OriginWebHelperService.exe" [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    U3 awc9qqfm; Brak ImagePath
    2016-10-30 22:17 - 2016-10-30 22:17 - 00000000 ____D C:\ProgramData\Mail.Ru
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • Pomocny post
    #4 31 Paź 2016 16:56
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    U3 auurnol6; Brak ImagePath
    2016-10-31 16:33 - 2016-10-31 16:35 - 00000000 ____D C:\AdwCleaner


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Skasuj folder C:\FRST
    To usuń ręcznie:
    C:\Users\Neo\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://imatiro.ru/?utm_source=startlink03&utm_content=8e28c44c896d25fe988428402c272a9f&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"

    0