Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Pomóżcie z C:\Documents błędem oraz amuleC nie działają wczesniejsze logi :-(

qr 05 Mar 2017 12:30 510 7
  • CControls
  • Pomocny post
    #2 05 Mar 2017 13:03
    krzychupar
    Poziom 40  

    Odinstaluj:

    PC Cleaner Pro
    amuleC (HKLM\...\{19539992-061C-4E8B-9053-07B175303AF4}) (Version: 1.0.1 - amuleC) <==== UWAGA
    SecurityUtility (HKLM\...\SecurityUtility) (Version: - ) <==== UWAGA
    StarBurn Version 12r10 (Build 0x20090901) (HKLM\...\StarBurn_is1) (Version: - Rocket Division Software) <==== UWAGA
    WinZip (HKLM\...\WinZip) (Version: 2.3.14 - Winzipper Pvt Ltd.) <==== UWAGA
    YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    CloseProcess:
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\Dropbox.exe /autoplay => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\Dropbox.exe /wiacallback => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    Task: C:\windows\Tasks\Browser Updater Task(Core).job => C:\Program Files\TXQQBrowser\Update\4EC192094560B2072897EE2F245E5E7D\Update\BrowserUpdate.exe <==== UWAGA




    Task: C:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\windows\Tasks\Opera scheduled Autoupdate 1447253434.job => C:\Program Files\Opera\launcher.exe
    Task: C:\windows\Tasks\RNKQFIPENZ1.job => C:\Documents and Settings\All Users\Dane aplikacji\SecurityUtility\SecurityUtility.exe <==== UWAGA
    ShortcutWithArgument: C:\Documents and Settings\mp\Menu Start\Programy\Internet Explorer.lnk -> C:\Program Files\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14847...0812&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    ShortcutWithArgument: C:\Documents and Settings\mp\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...1024&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    ShortcutWithArgument: C:\Documents and Settings\mp\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\opera.lnk -> C:\Program Files\Opera\36.0.2130.65_0\opera.exe (Opera Software) -> hxxp://www.mylucky123.com/?type=sc&ts=147...1024&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    ShortcutWithArgument: C:\Documents and Settings\mp\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Skrót do chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=147...1024&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14847...0812&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    ShortcutWithArgument: C:\Documents and Settings\All Users\Pulpit\Internet Explorer.lnk -> C:\Program Files\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14847...0812&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    Hosts:
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\Control Panel\Desktop\\Wallpaper ->
    HKLM\...\Run: [AirCardEnabler] => [X]
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\...\MountPoints2: {6f6e2f61-f43d-11e1-8f9a-00235471de3e} - F:\AutoRun.exe
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\...\MountPoints2: {7b7d1a2f-2efc-11e2-90b7-00235471de3e} - G:\NokiaPCIA_Autorun.exe
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\...\MountPoints2: {b8bc0a11-d020-11e1-8ef9-de4f803d1c68} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\...\MountPoints2: {ffa51358-d257-11e6-9c27-00235471de3e} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BitLockerToGo.exe
    IFEO\MRT.exe: [Debugger] C:\ProgramData\behae\Gubed.exe -Yrrehs
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.attirerpage.com/?type=hp&ts=14...0627&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.attirerpage.com/search/?type=ds&am...p;uid=ST9250320AS_5SW0L329XXXX5SW0L329&q={searchTerms}
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.attirerpage.com/?type=hp&ts=14...0627&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.attirerpage.com/search/?type=ds&am...p;uid=ST9250320AS_5SW0L329XXXX5SW0L329&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1993962763-1957994488-682003330-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...p;uid=ST9250320AS_5SW0L329XXXX5SW0L329&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1993962763-1957994488-682003330-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...p;uid=ST9250320AS_5SW0L329XXXX5SW0L329&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    FF Homepage: C:\Documents and Settings\mp\Dane aplikacji\Mozilla\Firefox\Profiles\6uajvhhn.default -> hxxp://www.mylucky123.com/?type=hp&ts=147...1024&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku]
    StartMenuInternet: FIREFOX.EXE - c:\program files\mozilla firefox\firefox.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=819e8552b2709f982e15437g7z0q9o5oaqcc8w7zcq
    CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1462263544&from=86490503&uid=st9250320as_5sw0l329xxxx5sw0l329&z=819e8552b2709f982e15437g7z0q9o5oaqcc8w7zcq"
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Brak pliku
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => Brak pliku
    CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll => Brak pliku
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Brak pliku
    CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => Brak pliku
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll => Brak pliku
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll => Brak pliku
    CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\WINDOWS\system32\npDeployJava1.dll => Brak pliku
    StartMenuInternet: Google Chrome - c:\program files\google\chrome\application\chrome.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    StartMenuInternet: (HKLM) Opera - c:\program files\opera\opera.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    StartMenuInternet: (HKLM) Opera.exe - c:\program files\opera\opera.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    StartMenuInternet: (HKLM) OperaStable - c:\program files\opera\launcher.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    R2 Gubed_WMI; C:\Program Files\Gubed_WMI\Gubed_WMI.exe [110080 2016-12-26] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 InterHop; C:\Program Files\InterHop\InterHop.exe [486912 2016-10-31] () [Brak podpisu cyfrowego] <==== UWAGA
    S3 iThemes5; C:\Program Files\Common Files\Services\iThemes.dll [455168 2017-02-08] () [Brak podpisu cyfrowego] <==== UWAGA
    S3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [X]
    S2 ed2kidle; "C:\Program Files\amuleC\ed2k.exe" -downloadwhenidle [X] <==== UWAGA
    R2 GubedZL; C:\Program Files\Gubed\GubedZL.dll [X]
    S2 EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [X]
    S4 IntelIde; Brak ImagePath
    S3 NETw5x32; system32\DRIVERS\NETw5x32.sys [X]
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
    S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    2017-02-21 17:33 - 2017-02-21 17:34 - 00000000 ____D C:\ComboFix
    2017-02-21 17:33 - 2017-02-21 17:33 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\CF1627.exe
    2017-02-21 17:31 - 2017-02-21 17:31 - 00000000 ____D C:\windows\ERDNT
    2017-02-21 17:31 - 2017-02-21 17:31 - 00000000 ____D C:\Qoobox
    2017-03-04 19:44 - 2015-09-07 12:44 - 00000440 _____ C:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
    2017-03-04 13:44 - 2015-09-07 12:44 - 00000440 _____ C:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
    2017-02-21 17:41 - 2016-11-21 10:43 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #3 05 Mar 2017 13:13
    Acorus 20
    Spec od komputerów

    Odinstaluj amuleC, SecurityUtility,StarBurn Version 12r10 (Build 0x20090901),WinZip, YAC(Yet Another Cleaner!). Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\Dropbox.exe /autoplay => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\Dropbox.exe /wiacallback => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1993962763-1957994488-682003330-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll => Brak pliku
    Task: C:\windows\Tasks\Browser Updater Task(Core).job => C:\Program Files\TXQQBrowser\Update\4EC192094560B2072897EE2F245E5E7D\Update\BrowserUpdate.exe <==== UWAGA
    Task: C:\windows\Tasks\RNKQFIPENZ1.job => C:\Documents and Settings\All Users\Dane aplikacji\SecurityUtility\SecurityUtility.exe <==== UWAGA
    ShortcutWithArgument: C:\Documents and Settings\mp\Menu Start\Programy\Internet Explorer.lnk -> C:\Program Files\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14847...0812&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    ShortcutWithArgument: C:\Documents and Settings\mp\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...1024&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    ShortcutWithArgument: C:\Documents and Settings\mp\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\opera.lnk -> C:\Program Files\Opera\36.0.2130.65_0\opera.exe (Opera Software) -> hxxp://www.mylucky123.com/?type=sc&ts=147...1024&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    ShortcutWithArgument: C:\Documents and Settings\mp\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Skrót do chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=147...1024&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14847...0812&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    ShortcutWithArgument: C:\Documents and Settings\All Users\Pulpit\Internet Explorer.lnk -> C:\Program Files\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14847...0812&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    Hosts:
    HKLM\...\Run: [AirCardEnabler] => [X]
    IFEO\MRT.exe: [Debugger] C:\ProgramData\behae\Gubed.exe -Yrrehs
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mp\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll -> Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.attirerpage.com/?type=hp&ts=14...0627&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.attirerpage.com/search/?type=ds&am...p;uid=ST9250320AS_5SW0L329XXXX5SW0L329&q={searchTerms}
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.attirerpage.com/?type=hp&ts=14...0627&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.attirerpage.com/search/?type=ds&am...p;uid=ST9250320AS_5SW0L329XXXX5SW0L329&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1993962763-1957994488-682003330-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...p;uid=ST9250320AS_5SW0L329XXXX5SW0L329&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1993962763-1957994488-682003330-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...p;uid=ST9250320AS_5SW0L329XXXX5SW0L329&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    FF Homepage: C:\Documents and Settings\mp\Dane aplikacji\Mozilla\Firefox\Profiles\6uajvhhn.default -> hxxp://www.mylucky123.com/?type=hp&ts=147...1024&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    FF SearchPlugin: C:\Documents and Settings\mp\Dane aplikacji\Mozilla\Firefox\Profiles\6uajvhhn.default\searchplugins\amisites.xml [2016-11-11]
    FF SearchPlugin: C:\Documents and Settings\mp\Dane aplikacji\Mozilla\Firefox\Profiles\6uajvhhn.default\searchplugins\mylucky123.xml [2016-10-10]
    StartMenuInternet: FIREFOX.EXE - c:\program files\mozilla firefox\firefox.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=819e8552b2709f982e15437g7z0q9o5oaqcc8w7zcq
    CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1462263544&from=86490503&uid=st9250320as_5sw0l329xxxx5sw0l329&z=819e8552b2709f982e15437g7z0q9o5oaqcc8w7zcq"
    StartMenuInternet: (HKLM) Opera - c:\program files\opera\opera.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    StartMenuInternet: (HKLM) Opera.exe - c:\program files\opera\opera.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    StartMenuInternet: (HKLM) OperaStable - c:\program files\opera\launcher.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    R2 InterHop; C:\Program Files\InterHop\InterHop.exe [486912 2016-10-31] () [Brak podpisu cyfrowego] <==== UWAGA
    S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participações Ltda)
    S3 iThemes5; C:\Program Files\Common Files\Services\iThemes.dll [455168 2017-02-08] () [Brak podpisu cyfrowego] <==== UWAGA
    S2 Kyubey; C:\Documents and Settings\mp\Dane aplikacji\Kyubey\Kyubey.exe [115200 2017-03-03] () [Brak podpisu cyfrowego]
    S2 winsaber; C:\Program Files\WinSaber\WinSaber.exe [877272 2016-10-08] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 WinSAPSvc; C:\Documents and Settings\mp\Dane aplikacji\WinSAPSvc\WinSAP.dll [184832 2017-02-27] (TODO: <Company name>) [Brak podpisu cyfrowego]
    S3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [X]
    S2 ed2kidle; "C:\Program Files\amuleC\ed2k.exe" -downloadwhenidle [X] <==== UWAGA
    R2 GubedZL; C:\Program Files\Gubed\GubedZL.dll [X]
    S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    2017-03-01 18:49 - 2017-03-01 18:49 - 00000000 ____D C:\Documents and Settings\mp\Dane aplikacji\Kyubey
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan(Skanuj) i później Cleaning(Oczyść).
    Pokaż nowy raport z FRST bez Addition i Shortcut.

    0
  • CControls
  • #4 05 Mar 2017 14:02
    qr
    Poziom 12  

    dzieki, nie ma tego..

    ale musialem jeszcze zachować na wszelki wypadek StarBurn Version bo mam obrazy plyt w toku..

    Wszystko chyba działa jak trzeba w logach..

    PRzy czym odpala się tylko starsza wersja AdwCleaner 3.018

    i po załadowaniu systemu zmienia się widok windows xp z klasycznego na "windows xp"

    myślicie ze to ma związek? bo to małe piwo z tym co było wcześniej

    Program antywirusowy ESET wystarczy na przyłosć żeby tego uniknąć?

    0
  • Pomocny post
    #5 05 Mar 2017 14:15
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    CloseProcesses:
    () C:\Program Files\Explorer\iedvutils.exe
    () C:\Program Files\Firefox\bin\FirefoxCommand.exe
    () C:\Documents and Settings\mp\Dane aplikacji\adhad\UvConverter.exe
    () C:\Program Files\Firefox\bin\FirefoxUpdate.exe
    () C:\Program Files\Gubed_WMI\Gubed_WMI.exe
    (Trend Corp.) C:\Documents and Settings\mp\Dane aplikacji\setup1\TSvr.exe
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\...\Run: [HandyWebExtractor] => "C:\Program Files\Millepah\HandyWebExtractor\HandyWebExtractor.exe"
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\...\MountPoints2: {6f6e2f61-f43d-11e1-8f9a-00235471de3e} - F:\AutoRun.exe
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\...\MountPoints2: {7b7d1a2f-2efc-11e2-90b7-00235471de3e} - G:\NokiaPCIA_Autorun.exe
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\...\MountPoints2: {b8bc0a11-d020-11e1-8ef9-de4f803d1c68} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html
    HKU\S-1-5-21-1993962763-1957994488-682003330-1003\...\MountPoints2: {ffa51358-d257-11e6-9c27-00235471de3e} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BitLockerToGo.exe
    FF Homepage: C:\Documents and Settings\mp\Dane aplikacji\Mozilla\Firefox\Profiles\6uajvhhn.default -> hxxp://www.mylucky123.com/?type=hp&ts=147...1024&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    FF Extension: (adaware ad block) - C:\Documents and Settings\mp\Dane aplikacji\Moonchild Productions\Pale Moon\Profiles\lv7s186f.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2017-02-14]
    FF Extension: (Downloads in Tab) - C:\Documents and Settings\mp\Dane aplikacji\Moonchild Productions\Pale Moon\Profiles\lv7s186f.default\Extensions\downintab@max.max.xpi [2016-10-13]
    FF Extension: (SimilarWeb) - C:\Documents and Settings\mp\Dane aplikacji\Firefox\Firefox\Profiles\6uajvhhn.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2016-09-25] [Brak podpisu cyfrowego]
    FF Extension: (FF Adr) - C:\Documents and Settings\mp\Dane aplikacji\Firefox\Firefox\Profiles\6uajvhhn.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2016-09-19] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Documents and Settings\mp\Dane aplikacji\Firefox\Firefox\Profiles\6uajvhhn.default\searchplugins\searchinme.xml [2016-09-19]
    StartMenuInternet: Google Chrome - c:\program files\google\chrome\application\chrome.exe hxxp://www.startpageing123.com/?type=sc&t...0302&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    R2 Archer; C:\Program Files\WinArcher\Archer.dll [760320 2017-02-10] () [Brak podpisu cyfrowego]
    R2 bilibili; C:\Program Files\bilibili\bilibili.dll [128000 2017-02-14] () [Brak podpisu cyfrowego]
    C:\Program Files\WinArcher\
    R2 CommandHandler; C:\Program Files\Firefox\bin\FirefoxCommand.exe [272768 2016-09-18] () [Brak podpisu cyfrowego]
    R2 Convxxxx; C:\Documents and Settings\mp\Dane aplikacji\adhad\UvConverter.exe [376832 2017-02-06] () [Brak podpisu cyfrowego]
    R2 FirefoxU; C:\Program Files\Firefox\bin\FirefoxUpdate.exe [610688 2016-09-18] () [Brak podpisu cyfrowego]
    R2 Gubed_WMI; C:\Program Files\Gubed_WMI\Gubed_WMI.exe [110080 2016-12-26] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 GubZL; C:\Program Files\Gub\GubZL.dll [122880 2017-02-09] () [Brak podpisu cyfrowego]
    R2 iedvutils; C:\Program Files\Explorer\iedvutils.exe [64184 2017-01-18] ()
    R2 IhPul; C:\Documents and Settings\mp\Dane aplikacji\setup1\TSvr.exe [205520 2016-09-18] (Trend Corp.)
    S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [19984 2015-11-18] ()
    R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\windows\System32\DRIVERS\iSafeNetFilter.sys [67288 2016-05-19] (Elex do Brasil Participações Ltda)
    S2 EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [X]
    S3 NETw5x32; system32\DRIVERS\NETw5x32.sys [X]
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
    2017-03-02 18:49 - 2017-03-02 18:50 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\hadha
    2017-02-24 20:39 - 2017-02-24 20:39 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\gjcfj
    C:\Program Files\Elex-tech\
    2017-02-23 19:04 - 2017-02-23 19:05 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\haeha
    2017-02-21 18:44 - 2017-02-21 18:48 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\fibfi
    2017-02-21 17:47 - 2017-02-21 17:47 - 00000000 ____D C:\Program Files\cvbs2
    2017-02-21 17:33 - 2017-02-21 17:34 - 00000000 ____D C:\ComboFix
    2017-02-21 17:31 - 2017-02-21 17:31 - 00000000 ____D C:\Qoobox
    2017-02-14 21:23 - 2017-02-14 21:23 - 00000000 ____D C:\Program Files\bilibili
    2017-02-14 21:22 - 2017-02-14 21:22 - 00000000 ____D C:\Program Files\cvbs1
    2017-02-14 19:00 - 2017-02-14 19:03 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\jcfic
    2017-02-13 17:16 - 2017-03-05 13:34 - 00000000 ____D C:\Documents and Settings\mp\Dane aplikacji\WinSAPSvc
    2017-02-08 20:49 - 2017-02-08 20:49 - 00000000 ____D C:\Program Files\cvbs0
    2017-02-08 19:47 - 2017-02-08 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\icfib
    2017-02-08 17:45 - 2017-02-08 17:47 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\fjcfi
    2017-02-06 16:26 - 2017-02-06 16:26 - 00000000 ____D C:\Documents and Settings\mp\Dane aplikacji\adhad
    2017-02-06 12:48 - 2017-02-06 12:48 - 00000000 ____D C:\Program Files\Gub
    2017-03-05 13:38 - 2017-01-12 16:38 - 00000316 _____ C:\windows\Tasks\WinTOOL.job
    2017-03-05 12:03 - 2016-12-27 10:37 - 00000000 ____D C:\Program Files\Gubed
    2017-02-21 17:41 - 2016-11-21 10:43 - 00000000 ____D C:\AdwCleaner
    2017-02-20 19:49 - 2016-11-10 13:24 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\WinSAPSvc
    2017-02-15 20:49 - 2017-01-12 16:38 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\wintools
    2017-02-09 18:01 - 2017-01-19 17:01 - 00000000 ____D C:\Program Files\MIO
    2016-06-30 07:07 - 2016-06-30 07:08 - 2774265 ____C (Update) C:\Program Files\SSFK.exe
    EmptyTemp:


    Widzac ile zostalo do kasacji, zamiesc nowe logi z FRST po wykonaniu, razem z addition.

    0
  • Pomocny post
    #7 05 Mar 2017 17:44
    Kolobos
    Spec od komputerów

    Odinstaluj:
    amuleC
    Skaner on-line mks_vir

    Fixlist.txt dla FRST:
    AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
    Task: C:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\windows\Tasks\Opera scheduled Autoupdate 1447253434.job => C:\Program Files\Opera\launcher.exe
    HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [171520 2008-04-14] (Microsoft Corporation)
    FF Homepage: C:\Documents and Settings\mp\Dane aplikacji\Mozilla\Firefox\Profiles\6uajvhhn.default -> hxxp://www.mylucky123.com/?type=hp&ts=1477927...rhop1024&uid=ST9250320AS_5SW0L329XXXX5SW0L329
    EmptyTemp:

    W FRST wybierz Napraw. Usun katalog C:\FRST i to wszystko.

    W Firefox w profilu 6uajvhhn.default zmien strone domowa ze szkodliwej mylucky na inna.

    0
  • #8 05 Mar 2017 18:30
    qr
    Poziom 12  

    dzięki wygląda że chyba dobrze poszło..

    0