Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Niespodziewana zmiana kompozycji Win 7

dyn70 02 Lut 2017 09:20 612 8
  • #1 02 Lut 2017 09:20
    dyn70
    Poziom 3  

    Witam!
    Problem jak w temacie
    Mianowicie, po włączeniu kompa kompozycja zmieniła się z systemu areo na klasyczny windows. Wszystkie inne kompozycje są szare i nie można nic zrobić.

    Próbowałem poleceniem (services.msc) w menu start uruchomić usługę kompozycję, lecz wyskakuje mi informacja : "System Windows nie może uruchomić usługi Kompozycje na komputerze Komputer Lokalny"
    Po odstępie jednej linijki jest również podane: "Błąd 1075: Usługa zależności nie istnieje lub została oznaczona do usunięcia."

    Z góry dzięki za pomoc
    W załączniku pliki

    0 8
  • CControls
  • #2 02 Lut 2017 09:23
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj SpyHunter4.

    Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:07-01-2015 - załącz logi jeszcze raz tym razem z najnowszej wersji.

    0
  • CControls
  • #4 02 Lut 2017 09:59
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj amuleC i Traffic Exchange.

    Zgraj zakładki z Chrome i wszystko co jest Ci potrzebne bo jest zainfekowany i skrypt usunie profil.

    Cytat:

    Task: {04DDAEC7-2AD3-4DB7-BFFB-01087174C4DB} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {08FA59DE-A00C-4A9A-8223-263F59AE474C} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {24174CAD-9CDA-4C02-A02B-B08AFCA992D4} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {29C039DA-2772-4EAE-B4D6-0C9CB34E4FAA} - System32\Tasks\{E989B140-7248-4733-985E-CA948633C5C3} => pcalua.exe -a C:\Users\Pawel\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cornl
    Task: {4A9669C5-114D-4443-8FAF-522F8B754753} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
    Task: {4AC97228-A828-4D46-B863-3CBDE3EA221B} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-01-27] (Microleaves) <==== UWAGA
    Task: {59029336-9AB0-4D7F-A6BA-30B7A4B1F887} - \{81D70A49-8B84-4413-879F-03B5087792CB} -> Brak pliku <==== UWAGA
    Task: {5BFF58AB-299C-42A4-97A1-EEF8D3CCD9A8} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {68ABDD2E-EDBC-4097-AD0A-BD43AFB807A2} - System32\Tasks\{830898E8-9B34-4ED7-81B2-4653FA132D23} => pcalua.exe -a C:\Windows\SysWOW64\xRaidSetup.exe
    Task: {73056BC0-2681-48ED-8132-C08E37D9919C} - System32\Tasks\Opera scheduled Autoupdate 1428579517 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-16] (Opera Software)
    Task: {C20F796D-9C22-49B0-A983-4FEE637A40EF} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {E1E72136-A288-463E-8D15-6ED683DFF3B6} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA




    Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\...\Run: [TIDAL] => [X]
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\...\MountPoints2: {68b2a40a-de90-11e4-a825-806e6f6e6963} - E:\Run.exe
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\...\MountPoints2: {83a2cfc0-8627-11e5-adef-806e6f6e6963} - F:\AUTORUN.EXE
    ShellExecuteHooks: Brak nazwy - {6C797D5E-D3FD-11E6-BE8A-64006A5CFC35} - C:\Users\Pawel\AppData\Roaming\Cowasy\Atersosycozering.dll -> Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    SearchScopes: HKU\S-1-5-21-800930604-1012058268-2487821262-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-800930604-1012058268-2487821262-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR Profile: C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-02] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nie znaleziono>
    S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
    S2 ServiceProtector; C:\Program Files (x86)\ce05a988-17bb-46ca-bd1f-4ad72091b1071484513403\protce05a988-17bb-46ca-bd1f-4ad72091b107.tmpfs [X]
    U3 auvpapf8; C:\Windows\System32\Drivers\auvpapf8.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
    2017-02-01 21:45 - 2017-02-02 09:26 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
    2017-02-01 21:45 - 2017-02-02 09:26 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
    2017-02-01 21:45 - 2017-02-02 09:26 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
    2017-02-01 21:45 - 2017-02-01 23:28 - 00000366 ____H C:\Windows\Tasks\Traffic Exchange Updater.job
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003196 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
    2017-01-23 22:48 - 2017-01-23 22:48 - 00375464 _____ C:\unp305699221804188881.mdmp
    2017-01-23 22:48 - 2017-01-23 22:48 - 00374967 _____ C:\unp305699221805748884.mdmp
    2017-01-23 22:48 - 2017-01-23 22:48 - 00374240 _____ C:\unp305699221793580863.mdmp
    2017-01-23 22:48 - 2017-01-23 22:48 - 00372525 _____ C:\unp305699221804968883.mdmp
    2017-01-23 22:48 - 2017-01-23 22:48 - 00371815 _____ C:\unp305699221806528885.mdmp
    2017-01-23 22:47 - 2017-01-23 22:47 - 00379768 _____ C:\unp305699221345548076.mdmp
    2017-01-23 22:47 - 2017-01-23 22:47 - 00377367 _____ C:\unp305699221380804138.mdmp
    2017-01-23 22:47 - 2017-01-23 22:47 - 00376450 _____ C:\unp305699221380024136.mdmp
    2017-01-23 22:47 - 2017-01-23 22:47 - 00376338 _____ C:\unp305699221384392144.mdmp
    2017-01-23 22:47 - 2017-01-23 22:47 - 00375725 _____ C:\unp305699221382676141.mdmp
    2017-01-23 22:47 - 2017-01-23 22:47 - 00375642 _____ C:\unp305699221381740139.mdmp
    2017-01-23 09:49 - 2017-02-01 21:43 - 00000000 ____D C:\Program Files (x86)\amuleC2
    2017-01-23 09:49 - 2017-02-01 21:25 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
    2017-01-22 16:26 - 2017-01-23 13:41 - 00000000 ____D C:\Program Files\f09er35s
    2017-01-15 23:22 - 2017-01-15 23:22 - 16088672 _____ (CyberGhost S.R.L. ) C:\Users\Pawel\Downloads\CyberGhost_6.0.4.2205 (1).exe
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, uruchom go i kliknij Fix/Napraw.

    Zainstaluj sobie dodatek do przeglądarki uBlock Origin.

    0
  • #5 02 Lut 2017 10:00
    Kolobos
    Spec od komputerów

    Odinstaluj: amuleC

    Zrob kopie zakladek z Chrome, skrypt usunie profil.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Traffic Exchange (x32 Version: 2.0.0 - Microleaves) Hidden <==== UWAGA
    Task: {04DDAEC7-2AD3-4DB7-BFFB-01087174C4DB} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {08FA59DE-A00C-4A9A-8223-263F59AE474C} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {24174CAD-9CDA-4C02-A02B-B08AFCA992D4} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {29C039DA-2772-4EAE-B4D6-0C9CB34E4FAA} - System32\Tasks\{E989B140-7248-4733-985E-CA948633C5C3} => pcalua.exe -a C:\Users\Pawel\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cornl
    Task: {4AC97228-A828-4D46-B863-3CBDE3EA221B} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-01-27] (Microleaves) <==== UWAGA
    Task: {59029336-9AB0-4D7F-A6BA-30B7A4B1F887} - \{81D70A49-8B84-4413-879F-03B5087792CB} -> Brak pliku <==== UWAGA
    Task: {5BFF58AB-299C-42A4-97A1-EEF8D3CCD9A8} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {68ABDD2E-EDBC-4097-AD0A-BD43AFB807A2} - System32\Tasks\{830898E8-9B34-4ED7-81B2-4653FA132D23} => pcalua.exe -a C:\Windows\SysWOW64\xRaidSetup.exe
    Task: {73056BC0-2681-48ED-8132-C08E37D9919C} - System32\Tasks\Opera scheduled Autoupdate 1428579517 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-16] (Opera Software)
    Task: {BCC49CED-718C-4DEA-8AAC-114309478F58} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe [2017-01-22] ()
    Task: {C20F796D-9C22-49B0-A983-4FEE637A40EF} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {E1E72136-A288-463E-8D15-6ED683DFF3B6} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {FFE3B4ED-E03B-4D8A-97C1-6162216DBF94} - System32\Tasks\Nernole Core => C:\Program Files (x86)\Kikusphudoght\preqose.exe [2017-01-15] (Glarysoft Ltd)
    C:\Program Files (x86)\Kikusphudoght\
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-800930604-1012058268-2487821262-1001Core.job => C:\Users\Pawel\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-800930604-1012058268-2487821262-1001UA.job => C:\Users\Pawel\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    2017-01-22 12:22 - 2017-01-22 12:22 - 00547840 _____ () c:\programdata\winsapsvc\winsap.dll
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\...\Run: [TIDAL] => [X]
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\...\MountPoints2: {68b2a40a-de90-11e4-a825-806e6f6e6963} - E:\Run.exe
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\...\MountPoints2: {83a2cfc0-8627-11e5-adef-806e6f6e6963} - F:\AUTORUN.EXE
    HKU\S-1-5-18\...\Run: [] => 0
    HKLM\...\Providers\pw4fqc4y: C:\Program Files (x86)\Nernole Core\local64spl.dll
    ShellExecuteHooks: Brak nazwy - {6C797D5E-D3FD-11E6-BE8A-64006A5CFC35} - C:\Users\Pawel\AppData\Roaming\Cowasy\Atersosycozering.dll -> Brak pliku
    Tcpip\..\Interfaces\{E53CAA1D-0A38-43AB-9FF0-09C34AA187E4}: [NameServer] 77.234.40.79
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    HKU\S-1-5-21-800930604-1012058268-2487821262-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=14851...028&uid=ST500DM005XHD502HJ_S20BJ90D828917
    SearchScopes: HKU\S-1-5-21-800930604-1012058268-2487821262-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-800930604-1012058268-2487821262-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...;uid=ST500DM005XHD502HJ_S20BJ90D828917&q={searchTerms}
    CHR DefaultProfile: ChromeDefaultData
    CHR Profile: C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-02] <==== UWAGA
    C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nie znaleziono>
    R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [123392 2017-01-23] () [Brak podpisu cyfrowego]
    C:\Program Files (x86)\Gubed\
    S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
    R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [547840 2017-01-22] () [Brak podpisu cyfrowego]
    S2 ServiceProtector; C:\Program Files (x86)\ce05a988-17bb-46ca-bd1f-4ad72091b1071484513403\protce05a988-17bb-46ca-bd1f-4ad72091b107.tmpfs [X]
    U3 auvpapf8; C:\Windows\System32\Drivers\auvpapf8.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
    Task: {7B84CF26-3A9F-4C90-BC2B-B890CE2C11C9} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-01-22] ()
    2017-02-01 21:45 - 2017-02-02 09:26 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
    2017-02-01 21:45 - 2017-02-02 09:26 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
    2017-02-01 21:45 - 2017-02-02 09:26 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
    2017-02-01 21:45 - 2017-02-01 23:28 - 00000366 ____H C:\Windows\Tasks\Traffic Exchange Updater.job
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003196 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
    2017-02-01 21:45 - 2017-02-01 21:45 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
    2017-01-23 09:50 - 2017-01-23 09:50 - 00000000 ____D C:\Program Files (x86)\pw4fqc4y
    2017-01-23 09:49 - 2017-02-01 21:43 - 00000000 ____D C:\Program Files (x86)\amuleC2
    2017-01-23 09:49 - 2017-02-01 21:25 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
    2017-01-22 16:26 - 2017-01-23 13:41 - 00000000 ____D C:\Program Files\f09er35s
    2017-01-22 16:26 - 2017-01-22 21:11 - 00000000 ____D C:\Program Files (x86)\{3023A755-1888-41C3-B39E-DA3170C1D60A}
    2017-01-22 12:22 - 2017-02-01 21:41 - 00000000 ____D C:\Program Files (x86)\WinArcher
    2017-01-22 12:22 - 2017-02-01 21:26 - 00000000 ____D C:\ProgramData\WinSAPSvc
    2017-01-22 12:22 - 2017-02-01 21:25 - 00000000 ____D C:\ProgramData\wintools
    2017-01-22 12:22 - 2017-02-01 21:24 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-01-22 12:22 - 2017-02-01 21:24 - 00000000 ____D C:\Program Files (x86)\Gubed
    2017-01-22 12:22 - 2017-01-22 12:22 - 00003640 _____ C:\Windows\System32\Tasks\WinTOOL
    2017-01-22 12:22 - 2017-01-22 12:22 - 00003562 _____ C:\Windows\System32\Tasks\Milimili
    2017-01-22 12:13 - 2017-01-23 15:12 - 00000000 ____D C:\Program Files\pw4fqc4y
    2017-01-15 23:22 - 2017-01-15 23:22 - 16088672 _____ (CyberGhost S.R.L. ) C:\Users\Pawel\Downloads\CyberGhost_6.0.4.2205 (1).exe
    2017-01-15 21:45 - 2017-02-01 21:25 - 00000000 ____D C:\Users\Pawel\AppData\Local\AdvinstAnalytics
    2017-01-15 21:45 - 2017-02-01 21:18 - 00000000 ____D C:\ProgramData\Microleaves
    2017-01-15 21:42 - 2017-02-01 21:45 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-01-15 21:42 - 2017-02-01 21:25 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-01-15 21:42 - 2017-02-01 21:25 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-01-15 21:42 - 2017-01-15 21:43 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Microleaves
    2017-01-15 21:42 - 2017-01-15 21:42 - 00000000 _____ C:\TOSTACK
    2017-01-15 19:20 - 2017-02-01 21:25 - 00000000 ____D C:\ProgramData\Avira
    2017-01-15 19:19 - 2017-02-01 21:42 - 00000000 ____D C:\Program Files (x86)\Nernole Core
    2017-01-15 19:19 - 2017-01-15 19:19 - 00006024 _____ C:\Windows\System32\Tasks\Nernole Core
    2017-01-15 19:18 - 2017-02-01 22:00 - 00000000 ____D C:\Program Files (x86)\Kikusphudoght
    2017-01-15 19:18 - 2017-02-01 21:20 - 00000000 ____D C:\Users\Pawel\AppData\Local\Salighanebusy
    2017-01-15 19:18 - 2017-01-15 21:17 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Cowasy
    2017-01-15 21:43 - 2017-01-15 21:43 - 0023622 _____ () C:\Users\Pawel\AppData\Roaming\aliexpress.ico
    2017-01-15 21:43 - 2017-01-15 21:43 - 0099678 _____ () C:\Users\Pawel\AppData\Roaming\booking.ico
    EmptyTemp:

    W FRST wybierz Napraw.

    Odinstaluj: Traffic Exchange

    Uzyj https://www.bleepingcomputer.com/download/adwcleaner/ i usun to co znajdzie.

    Zrob pelny skan przy pomocy https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i rowniez usun to co wykryje.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.


    @Domino_2 widzisz czym sie rozni moj skrypt od tego, ktory podales? Uwazasz, ze takie "sprawdzanie" logow ma w ogole sens skoro i tak trzeba po Tobie poprawiac?

    0
  • #6 02 Lut 2017 11:14
    Domino_2
    Pomocny dla użytkowników

    @Kolobos Tak widzę i zanotowałem.

    0
  • #8 02 Lut 2017 11:41
    Kolobos
    Spec od komputerów

    Synchronizujesz ustawienia Chrome z konta google? Jezeli tak to usun dane synchronizacji:
    https://support.google.com/chrome/answer/6386691?hl=pl

    Wykoanj tez nowy Fixlist dla FRST:
    CHR DefaultProfile: ChromeDefaultData
    CHR Profile: C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-02] <==== UWAGA
    C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    U3 a8kce0nz; C:\Windows\System32\Drivers\a8kce0nz.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    2017-02-02 10:34 - 2017-02-02 10:37 - 00000000 ____D C:\AdwCleaner
    2017-02-02 10:32 - 2017-02-02 10:32 - 00000000 ____D C:\Users\Pawel\AppData\Local\AdvinstAnalytics

    0
  • #9 13 Lis 2018 11:14
    dyn70
    Poziom 3  

    Problem rozwiązany

    0